Slashdot Mirror
Fifth of Android Apps Expose Private Data
WrongSizeGlass writes "CNET is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mail and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."
I tend to expose private data after a fifth of scotch.
5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything
Emphasis mine. I'm not saying it's right that this could occur, but I operate under the assumption that anything I do online or with my phone is not private.
I think it's rather foolish to assume otherwise.
Living With a Nerd
And you are notified when installing in red letters exactly what the application has access to.
News flash: 100% of your pc applications have access to your file system!
My Evo tells me before I install an app what it will be able to do, I assume it works the same for all Android phones. It's hard to get worked up over an app that can access personal data, when you were told in big red letters that this app can access personal data, and you clicked ok anyway.
A fifth of applications rely on *permissions* that you, the user, must explicitly grant when you install them, that *allow* them to access private information.
That does not mean they do access that information, or put it to any sort of untoward use. Android practically screams at you when you install applications that need a bunch of permissions. Generally, sure, you ignore that if it just says "Read/write SD card" for example. But if something suspiciously asks for lots and lots of permissions, you might say to yourself "gee, this looks a little funny".
If 10,000 other people have installed it and everybody rates it 5-stars and there are no issues mentioned with it on the web, you can probably guess that it's not doing anything nasty with your information.
But the fact that Android extremely explicitly warns you about these permissions means that the only issue in my mind is there should be a more intense distinction in the UI between permissions like "Read/write to SD card" that lots of apps need, and "Access my contacts" or "Send text messages" which only a smaller number of apps need.
Otherwise, this is basically a hatchet job.
Which apps require the BRICK permission, and do any of those conceal their intent from the user?
Whenever you install an application on Android, you're given a list of permissions the application wants to have in order to run, including accessing your data and making phone calls. You have to explicitly agree to this list before the app is installed. Is CNET saying that a fifth of Android apps can get your data, despite those permissions not appearing in the list? Because if they're not, this is a pointless "Well, duh" story: the user was told what the application is doing. If they just breeze through and click "OK" when that's clearly inappropriate (i.e., a tip calculator really shouldn't be requesting access to your call log), that's their damn problem.
Dislike the Electoral College? Lobby your state to join the National Popular Vote Interstate Compact.
Err --
Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags. What this study (presumably) did is just check which apps have which flags set.
Thing is, when you-the-user install an app, you're told exactly which flags it has set, and given the opportunity to confirm or deny. In short -- if you're installing a lighter-flame gadget which says it's allowed to read your address book and connect to the Internet, and you click "OK", you deserve exactly what you get.
(Also -- misbehaving developers can, and sometimes do, have their signing keys revoked).
Yes, by God lets not have users decide whether or not we can install an app that accesses our own data.
Corporations know far more about what's appropriate for my data than I ever could...
1. So because something has the ability to do something, that means that it DOES do it?
Logic. Submitter fails it.
2. When installing apps that have the ability to expose private data, the OS explicitly tells you beforehand and asks if you're sure.
While unscientific, everybody I know with an Android phone takes these warnings seriously. Yes, you still have the dancing bunnies problem, but in my experience most people don't expect a phone to work like a desktop, and the security awareness is higher as a result.
Congratulations on a flamebait article though.
Cock sucking faggots! - Sent from my Android -
It would have been funny if you has said "Sent from your Android"
Wrong.
It still looks bad.
As stated over and over here, you get warned in *BOLD RED LETTERS* "this app will want access to..." before you install. according to the article's posting, iPhone doesn't warn you.
there has been quite a few apps I declined to install because... why does a little game want access to my call history? [Cancel Install]
if (it != oneThing) it = another;
From the summary:
5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."
Err, the mobile user was explicitly informed of this BEFORE the software is install. Don't believe me? Check this screenshot http://www.taosoftware.co.jp/en/android/wakeupcallmaker/img/wakeupcallmaker_install.png
I guess someone has an axe to grind against Android (hint, hint) just because there were stories earlier about the iPhone revealing the exact location of the users to applications and ads.
This space for rent.
Yeah I'm sure that walled-garden approach will filter out applications that expose your private data, like Facebook.
Oh. Wait...
This report is hardly independent. If you ignore the CNET reporter looking for controversial pulp to post on a blog you'll find that this report comes from smobilesystems, a little-known mobile security company who conveniently have a new piece of Android security software to sell that will stop all these non-existent rogue spyware apps. You can argue all you want that users install these apps with full knowledge and consent. They know that it's BS; they just want to use FUD to convince the unwary and paranoid that their software (which if it actually does anything, probably just checks the installed apps against a package name blacklist) will keep them safe from an imaginary raging torrent of malware on the Android platform.
And behold, a command prompt and he who sat upon it, his name was shutdown and -h 3:11 followed with him
if the apps have access to sensitive information, it's because the app requested the information and the user granted it. every android app must declare the set of permissions it requires, and that list is presented to the user *before* they install the app.
also, as other posters have pointed out, the fact that an app has access to sensitive data does not mean it exposed the data.
"Suddenly the walled garden approach where apps go through an approval process doesn't seem so bad."
Yes, it does seem so bad. If it were just a question of certain apps being "approved," but users still having the option to install whatever they wanted, you might have a point (e.g. the repositories model for Linux distros). What Apple does is to say, "No, you cannot install that program, even if you want to, just because we said so! HAHAHAHA! No political cartoon apps for you!"
Palm trees and 8
The "Android Marketplace" does a couple things automatically that solve this - without a walled garden approach. 1) when you install an app via the marketplace it TELLS YOU what the app has access too 2) User rating will inform users whether the app is worthless and 3) there is a report malware feature in the marketplace to inform Google to investigate the app. In other words - often the market can determine what stays and what doesn't.
This is just more FUD against Android - all platforms have this exact same issue - even Apple (more than once I've read about an app that was approved and everything collecting data against Apple's own TOS - good example of this is that company that told us all about iPhone OS 4 metrics they collected from Apple's own development phones).
... for Chatroulette?
No left turn unstoned.
The CNET interpretation of the study is bogus. It counts every app requesting full call permissions as potential spyware phoning home, and every app requesting full address book access as potential data-collecting trojan. Following this reasoning, every Windows program -- which can do pretty much anything with the Data on your PC data -- dangerous piece of potential malware.
Android apps may request permissions only in bundles. Just because an app requests, say, full address book access for updating some address data, doesn't mean it spys on your contacts. It doesn't even mean it actually uses the granted API calls at all.
So they are trying to patent software.
Yeah. Here's to hoping when the Supreme Court FINALLY releases a decision on Bilski v Kappos, that "pending" status is changed to "no way in hell" status.
Living With a Nerd
The story is a PR plant by one of Apple's minions. They are taking a big negative with the iPhone, (no access to some phone functions) and turning it into a win for Apple.
To be fair, Apple's minion doesn't hire the story out and then attempt to sell it to the media. A few weeks ago Jobs claimed the Droid was a porn magnet or something like that... This is just more of the same ideological offensive.
The way this works is Apple's PR people go around making the case for their product, in those discussions are carefully constructed factoids like "their apps *can* do Bad Things (TM) with your private data!" Then some enterprising writer fills in the rest of the FUD perfectly willing to blow-up the half-truth in exchange for a closer seat in the Jobs Reality Distortion Field.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I wanted to install an app that managed sms, and it asked for permission to access my messages!
It goes without saying that I immediately canceled the installation.
If you actually RTFAs' source, you'll see that this smobile systems company is using these statistics to try and sell a dependency checker.
Also, I saw no mention that these 'leaks' are derived from sources other than what the user allowed.
In short, Not news.
"Our goal each year should be to increase the number of goals we set for ourselves!"
It dose seem bad. You are just too used to having someone else take care of you. Stand up for yourself.Take responsibility and enjoy freedom
Why is it so hard to only have politicians for a few years, then have them go away?
The whitepaper that they referenced is really pretty objective, it makes all the same points that commenters are making here (despite trying to sell you their brilliant new malware detector). A reporter reads it, uses a line or two from it, and makes a scary story. I have to give them credit for linking it the original source, though, sometimes you have to go digging through Google to find out how much they're really telling you.
I was using my Android today, and I discovered that it was exposing a huge amount of private data. Basically, it was transmitting a digital copy of all sounds that it picked up from its microphone, to some remote party. I couldn't believe this. More amazingly, it was triggered very simply: just dial a phone number and hit Talk. Sometimes it even occurred when I hit Talk just after the phone beeped. Nothing more was necessary. I can't believe they let this slip through.
Dear AC,
I submitted this story because I found it interesting, not because I agreed with its conclusions nor those of the 'threat report'. I also attempted to submit the 'iOS/Safari gives away your location' story yesterday but I had the same source/URL as someone who had already submitted it so it was rejected. Keep in mind I only passed along the link and copy & pasted content from the CNet story. If you think someone is being biased you should point an anonymous finger at CNet or the folks at smobilesystems. You should have submitted your decent review as a submission rather than just dropping it in a post.
Are all security vulnerabilities being exploited? Of course not. That's true for Android, Linux, Apple and even Microsoft. Had they changed the name from 'Android' to 'Apple' you would have been standing on your anonymous soapbox deriding Apple for it. Yes, Android alerts users and requires their approval when these apps are installed just like Apple alerts users and requires their approval before any location data is provided to an app. Does it mean that either or both platforms are insecure because they can provide this type of information when the user blindly agrees? Yes and no. If the app uses it for the wrong purpose then yes. Can and 'do' are completely separate things. The same holds true for Windows when it asks if it's OK for an app to run, etc.
I've submitted plenty of stories (my favorites were 20 Worst Superheroes and Tactical-Nuclear-Penguin-Beer, about half of which have been accepted. That doesn't mean I endorse them, it only means I thought others might find them interesting too.
Though I did give an iPad to my web design's kids for 'half Christmas' it doesn't make me biased. My posts are usually opinionated but fair, usually pro Linux, pro or anti Apple (depending on the subject) and usually (but not always) anti Microsoft. Though I'm sure you already know that if you're following my posts enough to quote from them.
80% of Android apps not working as designed.
Granted, the average Android user is a step above the average Facebook user, BUT, that's pretty much exactly what Facebook apps do and the majority of users click right on through. While we might wish that the general public understood the most basic tenets of information security, they don't, and the Android marketplace is, after all, for (predominantly) the general public (or at least the business side of it, which is only slightly better when it comes to IS).
...in particular. They're just selling anti-malware software for smartphones. They'll be glad to sell you protection for your RIM, WinMo, or Symbian phone, too. They're also glad to point out the danger you're in with those phones, too - lacking their product.
"National Security is the chief cause of national insecurity." - Celine's First Law
Fear, Uncertainty & doubt is all this article is doing
http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt.
As many people have pointed out the security permissions model in android is very good.
you cant have fantastic apps without allowing them access to other data.
And so thats why the security permission authorization screens are there.
Its so dumb this article, because you cant have your cake and eat it too.
It pisses me off when journalists write a piece like this LL because it gets headlines.
Hey CNet, get a life and stop taking backhanders from Apple or Microsoft. Just a ridiculous article in the first place.
Unfortunately it looks like this article has already set off a bit of a firestorm in twitterspace, and I doubt that many of those people actually read the report and understood it. That would take more time than is allowed to post 140 characters.
The more I read about Android and iApple OS, the more I like my Blackberry :)
Most of the apps I have on Android (and I have a LOT installed) have very few or no permissions they don't need.
The one permission that crops up randomly is coarse GPS positioning, for the ability to embed location targeted ads to support their free app.
- Michael T. Babcock (Yes, I blog)
I find myself becoming desensitized to these warnings... Especially if I am updating, rather than installing for the first time. I used to make sure the "features/warnings" matched up with my expectations of the App; now, I either don't care, or it's a case of- "I don't think it means what you think it means"
The fault is on me. But it's an easy habit to slip into.
Then obviously, for the greater good of all, we should forbid every Android App from reading the adress book, or GPS data, or sim data. This would result in a new concept, I will name it the DumbPhone. It would be perfectly safe for the average Joe as the only app able to run on it would be fart generators and minesweeper. We don't let anybody play with dangerous explosives, or drugs because they might harm themselves or other people ; why should we let anybody use dangerous Smartphones ?
Studies have shown that 99.5% of users click on OK boxes without reading the 15 pages of material that clicking OK makes them agree to. I conducted that study this morning while reading these posts, so it is well researched. This is clearly a problem, and I have no idea what the solution, in the larger sense, could be. Apple has the advantage in that their customer base is mostly composed of people who like to do what they are told and are not interested in finding the boundaries of what they can do and extend beyond those (another well researched study field of mine...), therefore Apple has been able to place significant constraints on what their users can do without too much backlash. By purposely limiting their available market to those, they have been very successful and are making a ton of money. That is not a strategy of world domination, in terms of market share, but it is financially rewarding. Not a bad strategy.
I think you'd surprised to find that to most private data NO apps have ANY access on the iPhone... They're mostly limited to their own data and to the net and there are only very few APIs to access anything else. Android may be cautios and transparent, but iOS is paranoid.
In the long run I very much doubt that the "flagging and informing" of Android helps here. It's good for shifting the responsibility over to the user ("You clicked OK after all, you dumb fuck!"), nothing more. The difference between Google and Apple is that Google thinks this is enough and Apple doesn't. I have not made up my mind yet about who's right. But I know one thing: Half of the population is beyond average intelligence.
But when I download an app which has functionality related to accessing the content of my e-mails, making phone calls or sending text messages without my intervention, it's usually a good idea to allow them to do so. Besides, you always know what the app can and cannot do before you install it. You don't even have that kind of privilege on your computer. You install new software and you just trust that the developers did everything right, even though, in practice, the software can do just about anything on your computer.
The whitepaper examines the permissions apps request, not the actions apps perform.
Sadly requested permissions are not nearly as good an indicator for potential threats as one might think. In my own app, for example, I require the permission to read contact data - there is a use-case for that. However, that in no way implies that the app e.g. harvests email addresses for a spam service. Which it easily could, with that permission.
Why because 100% of apps have that access?
The BB security model is a total nightmare, their OS is even worse with all its apps eating ram all the time.
This is why the OS should let us manage these kinds of situations in a more graceful manner.
Instead of having the choice of "allow app location info" or "don't install app" there should be a third choice - "install the app, but feed it bogus location info" - ditto for internet access or accessing contact info/etc.
Ditto for running services - the OS should have an option to tell the app the service is running fine, and not run the service.
Too much of android amounts to telling the user that the app misbehaves and asking them to accept it, or not use the app.
there has been quite a few apps I declined to install because... why does a little game want access to my call history? [Cancel Install]
Browsing the android market I've been struck by the sheer number of free apps which offer nothing but girly pictures. I'm not about to try installing any of them, but I can't help wondering what permissions they would ask for as they install.
If they don't contain malware, then what's the point in them existing? Displaying a set of more or less pornographic images isn't a triumph of the coder's art, and they don't seem to do anything which you can't do anyway with the in-built web browser. You find dozens and dozens of such apps from the same few suppliers. I ask myself, "What's in it for them?"
Yeah, same here. Froyo might help since it has an option to update all your apps which don't have permission changes. Then you can verify permissions once when you first install and aren't bothered with it again for updates unless the update requests new permissions.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
99.9% of desktop apps can do whatever they want. They can read your emails. They can determine how much seti data you've processed. they can find out everything you type. They can capture video of your desktop and stream it to africa.
People want their phones to be computers. You are taking no more or less risk with a phone than you do with a computer. The app market is ripe for social engineering attacks right now, but i highly doubt there is more risk than on the desktop.
People are complaining that someone has access to contacts and emails, but people are also scrambling to give all that information to google through gmail, voice, and wave.
Android does a good job of listing everything an application has access to when you install it. Sometimes there are some head-scratchers in there. It would be nice if developers were in the habit of explaining why they need access to certain things or maybe even if the Android market gave developers a specific spot to write out justification for their API usage (with a buyer-beware warning of course).
or else!
The summary and article seem biased (although the article does mention the iPhone app store too).
All of the apps on Android tell you what they have access to and there might be a good reason for it.
The summary makes it seem bad that applications know where you are but that might be a central part to the application (foursquare, google maps, google sky maps, yelp etc.
Also, a lot of ad supported apps need location to serve you regional advertisements.
This is hogwash.
99% of the Android users assume that since they've gotten the phone from their mobile provider whom they somewhat trust, and the phone came preloaded with the Android market app, that they can trust Android Market as much as they trust their mobile provider.
And what happens if that user has already installed the app by the time Google decides to remove it from the marketplace? They've still got the malware... Which they falsely trust is not malware.
Its not a triumph of the coder's art, but it does help to put food on the coder's table.
In Soviet Russia, private data exposes yo
@&no carrier
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
User rating is pretty easy to game, especially if you don't actually look at the comments. Last app I installed, there were dozens of spam comments, all giving the app 5 stars. And while the Report Malware feature is nice, it does require that said user was intelligent enough to notice the app was malware in the first place.
They are phones after all, designed first to make calls, then texts, then data. The whole premise is to send data in wireless form about you to someone else. If you don't want that, then don't install app X on your phone. Easy as pie!
6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
The time to tell a user that something is trying to do something is when its trying to do something, not just when installing the app. There should be a way for the user to run an app, and then when it attempts to access private data, have the OS pop up a window alerting the user, and giving them the option to allow or deny access.
Her previous article (posted the previous day, for chrissakes!) is all about an iPhone app that has some of the same permissions as the ones that are "security risks" on the Android: Good Technology boosts iPhone security controls http://news.cnet.com/8301-27080_3-20008232-245.html?tag=mncol;title This is about an app that can REMOTELY WIPE your iPhone! On an Apple, that INCREASES security. On an Android, that could REMOTELY BRICK your phone. Wow.
Anyone in the business that read CNET is surely a bad professional, sometimes even in the ethical sense. A bad magazine, that thrives on FUD to sell.
Grey's Law: Any sufficiently advanced incompetence is indistinguishable from malice.
At least Android warns you about that before you install the app; on the iPhone the only warning you ever get is about location. Given how many of these apps seem to have good ratings, I guess most people just don't care.
I tried one battery monitor app that did not present privacy warnings, and it basically worked, but it sucked the battery flat in less than an hour. Apparently it was written to run continuously, rather than periodically. I guess for now you don't get a good battery monitor without giving up your privacy.
The security warnings would be much better if instead of just being warnings, the user had the option to install the app but deny it access to the things you don't want it to use (the way location works on the iPhone).
You still get stuff in and out through the display and buttons. Best to leave it turned off; then it is fairly secure.
Not if he gives it away for no charge.
Which means, more a more apps will start to request all the permissions, because everyone was ignoring the install warning anyway. slippery slope and all that.
It would have been better if the phone scans the application for which library/system calls it makes during install and show a warning what it actually does (and make a permission list of that, so that programs that rewrite their code won't be able to get access anyway), instead of letting the developer decide the permission list himself.
Or do like apple and warn (the first time) when an application uses a functionality, and allow the user to allow and deny a certain functionality, while keeping the rest of the program functional without that feature. Or better, do both.
it does if they sell the information the "Free girly pic" app collects.
if (it != oneThing) it = another;
Nice job, keeping this ad from being viraled onto /. there, firehose readers...
Comment removed based on user account deletion
Which brings us back to the point which I made originally.
...receive your private data from Google.
--- What?
Comment removed based on user account deletion
I missed the whole iPhone craze by staying in the walled-in world of RIM. I'm about to upgrade to an Android handset, and I'm not seeing what this app madness is all about. I downloaded a few applications for the blackberry, but I found that most of the ones that I wanted were web services, and it was much easier to access those websites from the browser. (OK, in many cases the standalone applications offered a better interface, but I found it more convenient to just do everything in the browser)
What applications do you really need beyond those that come pre-installed on an Android phone?
I'm considering the HTC Evo right now -
Can get my email? check
Makes phone calls? check
Has a web browser? check
Has a decent camera for grabbing a quick picture of something? check
Maybe I'm not like most users, but I don't intend to use my phone beyond what features are included by default. All of my iPhone toting friends have a bunch of apps installed, but rarely use any of them. (virtual dog whistle? golf scorekeeper?)
So any app that want's to access sensitive or private information or incur expensive charges must be designed to include features that might require permissions to convince users to OK those security rights. That limits potentially malicious apps to the category of useful apps as opposed to lighter flames or fart apps.
Users look at granting permissions with as much detail a they do clicking through license terms. They just don't bother to download the sources, check each line of each file for potential bugs or maliciousness, and build the apps from the downloaded and vetted source. Most simply assume the permissions granted will be used for the stated or implied feature requirements. Most normal software use is based on trust. The user trusts that the developer uses the powers granted in a trustworthy manner.
Android developers are always trustworthy. Thats why we rarely have malware, viruses or security exploits based on the developer misleading users. Steve Jobs lives in that alternative universe where some software developers might be tempted to misuse the permissions users click through. I live in that somewhat paranoid universe, too. I don't want to grant permissions to big name corporations who limit their ethics to "Don't be Evil." Evil is a line in the sand way beyond "Nasty" or merely "Bad". It probably includes lots of "Illegal" or "Unethical".
As you noted, the google model is nothing more than blame-shifting, just like MS's UAC. When compared to Apple's walled garden from a security perspective there isn't even a question as to which is better. The margin could be debated, and whether that margin is significant, but Apple's vetted application approach is far more useful security than a user vetted. User's click bad links in email, provide credentials on email request (the return on phishing is absurdly high), so on and so forth.
Outside of the question of the security merits of Apple's approach is the bigger question of is it "better" for the user. The difficult part here is to define "better". This is where I see it being an open question. There is a secondary, and even more important, question as well: do the users even care? Someone brought up smartphones with applications and they new of the iphone and android. windows mobile didn't even get honorable mention, security, walled gardens vs blame-the-user didn't matter. What *did* matter was if there were apps for X, where X was to assist what the person did.
Normal people don't actively care about security, or about how the apps get to their phone, they just care about what apps *do* get to their phone.
thoromyr
99% of the Android users assume that since they've gotten the phone from their mobile provider whom they somewhat trust, and the phone came preloaded with the Android market app, that they can trust Android Market as much as they trust their mobile provider.
They CAN trust Android Market as much as they trust their mobile provider... which is to say either "unfounded trust", or "not at all".
Personally I'd far rather be notified ahead of time rather than when it happens. Configurable may be better, but at a certain point people start complaining about things being too complex. In my opinion both approaches have their strong and weak points.
It might not be a reasonable example, but in my head I have a scenario where some poor sap is frantically playing a game, nearing the climactic finale, and a dialog pops up asking, "allow app to access your bank account? Allow/Deny". How many people would just frantically clear the dialog and continue with the game?
You're correct that the iPhone doesn't warn you.
But the reason is that a normal iPhone app can't.
Call history is not available to apps. Ever. So there's no warning.
SMS history and ability to send/recieve/edit messages are also not available.
Existing mail and mail accounts are not available.
Whether you think any of these should be accessible is a different topic entirely.
As far as I know, what is available is the following: ... the camera roll folder.
1) Address book access.
2) Location (a permission dialog appears when this info is requested, so even if you don't want to allow the app to know, you're supposed to still be able to use the rest of the app)
3) a sandboxed folder, essentially a per-app home directory. No app can access outside that folder except...
4)
Thanks for the link.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Suddenly the walled garden approach where apps go through an approval process doesn't seem so bad.
Except that Apple can't review/audit applications for security; they simply do not have the resources, and they can't even get much simpler criteria right.
If only there was some phone manufacturer that did this.
On iPhone, every application is a threat to your privacy. On Android, on the other hand, you can safely install any application that doesn't need permissions that cost you money or access your private data. In different words, on Android, 80% of applications on Android are totally safe by this survey and the remaining 20% are no more dangerous than on any other platform. On iPhone, 0% of your applications are safe, and 100% are dangerous.
Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags.
Older phone operating systems use that technique; it isn't very effective.
Android actually sandboxes the application, ensuring that the permissions it requests are the only permissions it actually gets. Signing on Android is not used for verifying permissions but for "establishing trust relations" between multiple applications--making sure that if you call Jack's Barcode Reader, you actually get that application, not an impostor.
Of course, iPhone/iOS doesn't have either kind of permission system; on iPhone/iOS, you have to cross your fingers that Apple's review process somehow catches evil applications. Of course, given how shoddy and haphazard that process is, that's not a good bet to take.
Just because half the people in the US don't wear safety belts doesn't mean we should remove them from our cars or that they aren't effective.
Android has the same mechanisms for security that iPhone has: application review, ratings, and developer banishment. In addition, Android has something that neither iPhone nor other major systems have: capabilities-based sandboxing. That's a really good thing. Having the permission system on Android doesn't hurt you, it just gives you an extra layer of security if you choose to use it.
And your assumption that "the general public" doesn't understand it when the installer says "this application may cost you money because it can send text messages" is wrong in my experience. Several non-technical friends and relatives of mine have gotten Android phones and they all have been paying attention to this.
I think you'd surprised to find that to most private data NO apps have ANY access on the iPhone...
There are clearly APIs to access contact data, send text messages, determine your location, and make Internet connections. In principle, any application can use those.
They're mostly limited to their own data and to the net and there are only very few APIs to access anything else.
And how do you think they are "limited"? What do you think is doing the "limiting"? And how do you, as a user, find out whether the Tetris clone you just downloaded is sending $10 text messages to a for-pay text message service?
The answer is that on iPhone, you can't. There is nothing limited about it. The OS isn't designed to do this and there is no way in which you, the user, could be informed of any restrictions.
The only thing that potentially could "limit" these things is a thorough code review by Apple, where Apple determines which APIs an application invokes and whether that is a reasonable match for the functions that the application performs. However, the idea that Apple can perform such security audits on tens of thousands of Objective-C programs is ludicrous.
In the long run I very much doubt that the "flagging and informing" of Android helps here. It's good for shifting the responsibility over to the user ("You clicked OK after all, you dumb fuck!"), nothing more. The difference between Google and Apple is that Google thinks this is enough and Apple doesn't.
Totally wrong. Android sandboxes the apps. If the app doesn't request permission to use services that cost you money, it can't invoke such services; if the app doesn't request permission to access your phone book, it can't access it. That's a fundamental piece of technology that is just missing from iOS. It's a huge deficiency in iOS.
As you noted, the google model is nothing more than blame-shifting, just like MS's UAC.
Totally wrong. Google sandboxes applications, meaning it enforces these permissions at the OS level. And the permissions are clear and simple enough that normal people usually understand them. On iPhone, in principle, any application can read almost any data and invoke for-pay services.
When compared to Apple's walled garden from a security perspective there isn't even a question as to which is better.
Apple's "walled garden" is a fiction; Apple doesn't have the resources to do meaningful security audits on the software it approves. Anybody who wants to can sneak malware into their Objective-C programs and activate it at some point in the future. Even with full source code, Objective-C is such a flexible language that a clever programmer can hide pretty much anything. And Apple wouldn't know about it until it gets user complaints. But since there is no sandboxing or permission system, and no way to install security software on the iPhone, it may be a long time before anybody notices what's going on. So, not only is Apple's own review process nearly meaningless against a determined hacker, user-based vetting is far less effective on the iOS platform.
The only way to enforce permissions is through sandboxing. Apple's "walled garden" is a joke from a security point of view. iOS has just about the worst security model of any phone OS.
Maybe y'all could to or at least provide an update.
I guess the truth hurts, doesn't...
You can moderate all you want, the facts remain. Android has an effective security architecture that protects users from hostile applications, while iPhone merely has the whims and quick review by the App Store review team to protect users from fraud and invasion of privacy.
All Android apps installed from the App store tell you exactly what they are requesting access to. So, if you download a game and it says it can make phone calls you may want to think twice about installing it.
Flipping the option to download unsigned apps from outside the marketplace is also a user's choice on most Android handsets. Although, some carriers have disabled this feature (HTC Aria from AT&T for example).
Basically, they have put the responsibility in the user's hands; not in the hands of a large corp that makes the decisions for you. If you want to play in a sandbox and have somebody watch over you and hold your hand; buy an IPhone. If you want to have more control over handset, get an Android.
S
It seems too obvious that this should be done by default, exactly for TFA's reason.
...you install them.
Long story short? Don't install stuff with access to the whole phone just because you want yet another Abducted!-clone.
Users would just shot down the parts needed to serve ads, and all those free apps would disappear from the market.