Slashdot Mirror
Many More Android Apps Leaking User Data
eldavojohn writes "After developing and using TaintDroid, several universities found that of 30 popular free Android apps, half were sharing GPS data and phone numbers with advertisers and remote servers. A few months ago, one app was sending phone numbers to a remote server in China but today the situation looks a lot more pervasive. In their paper (PDF), the researchers blasted Google saying 'Android's coarse grained access control provides insufficient protection against third-party applications seeking to collect sensitive data.' Google's response: 'Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"
They finally get to the part I care about, which is the list of apps they tried. Look at page 9 of their paper in PDF format.
This is not the penguin you're looking for.
"We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"
How exactly is one supposed to do this? What is the process for building trust vis-a-vis apps when the only protection you receive from your service provider is "don't walk into dark alleys you don't trust"?
Not only the ability to display what permissions an app requests, but the ability to deny the use of those features on a per feature basis for each app.
For instance, an app may request internet access (cellular radio or wifi), the user should be able to choose to limit that to just wifi or even turn off connectivity for that app all together.
It is hard enough to know if I should trust my child, and I raised him. He doesn't
tell me much. App developers tell me less, and some of them are devious. This is not
a good security model. And Google knows better.
What a bunch of fluff. The relevant developers don't care about "best practices" or any other voluntary standard. And how the f*** are users supposed to establish trust in certain apps? The platform does not significantly monitor an application's ongoing behavior, nor is anyone performing serious code-reviews or blackbox testing. Google COULD HAVE set up profiling tests similar to those run in TFA, but didn't.
For ONCE would a company please admit that they reduced privacy in order to provide the dumbed-down usability needed to capture market share and attract developers?
FATMOUSE + YOU = FATMOUSE
All apps have access to r/w your sdcard, and to get your identity (esn/imei/meid/phone number). Once you give an app permission to access the internet, your identity and sdcard contents are public.
Google needs to fix this. Don't believe me? Install a file manager app. Most won't ask for permission to access the sdcard, but they will be able to. Some permissions are granted without the app asking for it.
Are you sure? In the app I wrote I had to explicitly request access to these in the application's manifest file, or get an error.
Being able to know where you are and when isn't personal information?
"For every complex problem, there is a solution that is simple, neat, and wrong." - H.L. Mencken
No, the problem is gold-rush developers. With a platform like the iPhone, or Android, you have a sudden perception among developers that they can get rich from relatively simple apps. This leads to the '200 fart apps' problem, and it also leads to a massive incentive to get things to market before the competition, which causes a complete lack of QA in the release process.
There is no simple solution to this, the only thing to do is wait for the platforms to mature.
I am TheRaven on Soylent News
It's a perfectly cromulent word comprising of:
Pre, from the Latin prae meaning before, in front
evasive, meaning tending or seeking to evade
This submission was accepted prevasively to editing it.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
Rather than a blanket "you can send anything you want anywhere you want/you can send nothing to anywhere" switch, a finer-grained constrained set of permissions may be the way to go. Specifically:
And if an app provider doesn't like the light shone on their activities... that's a pretty good indicator right there.
Everybody gets what the majority deserves.
it also leads to a massive incentive to get things to market before the competition, which causes a complete lack of QA in the release process.
In the iOS world any app can try to read the GPS but the user is presented with a dialog asking for permission to do so. If it's an annoyance you can turn apps' permissions on or off individually in the Location options.
From what I've read, Apple's review process runs apps through some pretty funky things looking for naughtiness.
The odd piece slips through, of course, but I doubt it's half the popular programs as it sounds like it is for Android.
Trolling is a art,
And in other news, smartphone security sucks. News at 11.
The world's burning. Moped Jesus spotted on I50. Details at 11.
...after all, many more users are leaking Android app data.
Can i buy your phone? serious question. Must accept sim cards and be 3g.
He doesn't have a phone for you to buy. He's a "magical! revolutionary!" fanboi troll.
Don't take it personally, but I'm not going to read your pithy response to my post.
"This is OnStar. You appear to be traveling at a high rate of speed after stopping at a bank. Do you require police assistance?"
^ this.
This is the value of the App Store that geeks/developers consistently underrate. Apple's walled garden provides a barrier to entry that helps to reduce the risk of ending up with a fart app that's also downloading your private banking information to China.
Google's free-for-all Marketplace is a real risk to Android's long term success because it sets up Android phones to become the must-see destination for viruses, mal-ware, and other shady operations. How long do you think it's going to be before having an Android anti-virus application is a practical requirement? What the uber-geek sees as the positive benefits of the Android eco-system (freedom and unlimited choices) are in fact NEGATIVE attributes to most of the rest of the mobile phone consuming populace. It's sorta like Android is the Linux of mobile phones...oh wait.
I enjoyed the EVO vs. iPhone YouTube video as much as anyone but more than a funny rip on Apple, it's also a perfect demonstration of how a lot of the technical community doesn't get it. Android's popular because the iPhone is hard to get and it's a pretty respectable facsimile of an iPhone, not because it has more WIFIs and GBs than Apple. When rogue apps start to make Android painful to use and own expect consumers to start looking for The Next Big Thing (tm).
I felt that the utilitization of the word prevasive added an element of loquatiatory verbosity to an otherwise diphractic article.
I don't get it, why is this being positioned as an Android problem? Last I checked, iPhone apps aren't even required to tell you what data they use in the first place -- is there an iPhone equivalent to the "uses internet access", "uses coarse location services" page that the Android Market displays to you? There's a ton of iPhone, Blackberry, Parlm, etc apps using advertising support, which is what the vast majority of this article is finger-pointing.
Nobody, at any marketplace service, is going to have time to do a code review of everything that gets submitted. Even console games -- which have a months-long and intensely painful approval process the likes of which you've never seen -- don't do code review. The very concept is ridiculous, there's way too much code and way too many people involved. You're going to have to trust your developers folks, and make use of the user-ratings tools if you don't.
Android's model of showing you what special access the software uses is about as good as I think you can get in the real world without learning to use a packet sniffer. RIM's ability to disable individual types of access is cool as well, but if the software needs it to function (or says it does) I'm not sure how the user is supposed to be in a position to use it intelligently. To avoid these sort of data harvesting problems, they'd have to somehow psychically know that the contact manager they're trying out uses that internet access for more than the occasional ad serve, and how would they know that?
The headline doesn't really match the contents of the paper as far as I can tell.
For example, "Evernote" is listed in the paper for:
1) Taking pictures with the camera
2) Recording audio with the microphone
3) Determining your location
And for transmitting this data to its servers.
These functions are, however, exactly what the application is designed for. You take notes (including snapshot notes and voice notes) and upload them to your account. When you launch the app, there are big buttons for "take a snapshot note" , "take an audio note", etc. Geo-tagging via the location APIs can be disabled from the Settings page, but this is another core advertised feature of the product.
So this is a bit like making it into Slashdot by discovering that a mail client transmits text that you type (and your email address!) to a mysterious "SMTP" server. ... on the INTERNET!"
Headline: "Researchers discover nefarious 'e-mail' application leaking your data
This is the value of the App Store that geeks/developers consistently underrate.
That's because a lot of geeks and developers don't need Apple to tell them what not to install, they're typically capable of figuring that out on their own. If a simple card game asks for fine-grain location information or full internet access, that should be a red flag to anyone paying attention.
Maybe it's just the case that Android is for "power users" and Apple is for everyone else, but the value that you see in Apple's store is simply not needed by a lot of the people who buy Android devices, and in fact becomes a negative.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
> When rogue apps start to make Android painful to use and own expect consumers to start looking for The Next Big Thing (tm).
Yeah, it'll be like when everyone stopped using Windows and Microsoft was forced out of the OS busi....oh wait...
sorry to piss on the fanbois flames spouting "iPhones walled garden is much safer" and other such uninformed crap
the iPhone App Stores dirty secret is its worse, much worse
http://www.slashgear.com/iphone-spyware-debated-as-app-library-phones-home-1752491/
http://gadgets.boingboing.net/2009/04/13/pinch-media-statisti.html
One of the reasons that BB's are so popular with the corporate crowd - despite lacking some of the "nifty" features of other phones - is that they're really good on security. BES allows the corp to do a lot of things to a lost/stolen/etc phone. The data on the handset is supposed to be encrypted, and can easily be reset or wiped. Most apps have varying levels of security that *ASK* the first time (to access the internet, or whatever) whether they should be allowed a one-time or consistent access to various permissions.
I don't see why Android couldn't use a similar model, as it does this for "root" (su) access when it's unlocked. Just keep a small DB listing what apps are allowed to access what features. The problem with the current coarse controls is that they don't really say what access is needed for. Sure, a VOIP app might need your phonebook for making calls, and internet access to do so. How about a game needing internet access to update high-scores (just deny that part if you don't trust the app not to send important data home), or the almighty "can change data on the storage card" access...
Eh - malicious devs aren't retarded. If you are going to write code that does something bad, you'll hide it in an app that would also need that level of access.
For example - if I want to write an app that will secretly send text messages from your own to a premium text service that will cost you $9.99 per text - I wouldn't stick it into a card game app. I'd stick it into an app that claims to do something novel or useful with text messages. Like an app that takes your boring text message and translates it into ebonics, or leet speak or whatever.
If you code it in such a way that, it won't send out the premium texts until after a particular date - say 3 months after you write it; if it's a half-way decent app, you'd have plenty of time to build a user base with decent ratings.
I don't doubt that you're right or that Android will continue to be popular with the technically savvy. The risk for Android is that it puts Linux's chaos and complexity front and center in the mobile phone market and ends up burning out customers because people are overwhelmed with choices and malware. (Is it the year of the Linux desktop yet?)
Let's face it: Apple doesn't police the App Store out of some Machiavellian power trip or pure altruism, they do it to protect their brand identity (and therefore their ability to demand a premium for their products). That it also happens to be a nice benefit for their customers is just a happy side-effect.
Google's abdicated this role in the Marketplace and I think that's dangerous for the long term viability of Android as a mobile platform. Google isn't acting like it believes it has to care, but it should.
If Nokia weren't so culturally opposed to anything they didn't invent themselves this would be a grand opportunity for them: adopt Android and build a walled garden for Android in the Apple style. A variety of cutting edge phones, with high end features, global support from multiple carrier partners AND a protected/policed app store? It would be a game changer for both Android and Nokia, but they'll never do it. (Look up in NIH syndrome and you'll get a redirect to Nokia's home page.)
This is the value of the App Store that geeks/developers consistently underrate. Apple's walled garden provides a barrier to entry that helps to reduce the risk of ending up with a fart app that's also downloading your private banking information to China.
This could also lead to a false sense of security, which is also massively underrated. Apple can't possibly catch all software flaws. Indeed iOS4 was jailbreaked by a vulnerability in PDF code, leading to a simple website visit to gain root access to your phone. Which was a little scary to think what might have happend if that vulnerbaility was in the hands of a malicious party.
Android won't need anti-virus because it is very robust security model. It is linux after all, which is largely virus and malware free. The design of the OS is even more robust than desktop linux. With the exception of rooted phones, viruses would find it very difficult to propogate let alone do any real damage.
The occasional malicious app that steals some userdata is about all that can go wrong. For now.
The value of the Apple App store is Apple has done some of the thinking for you. Unfortunately this means iOS users will install everything without ever stopping to consider security. This is dangerous to have a user base completely ignorant of security matters and Apple is demonstrably guilty of keeping it's users in the dark as much as possible. Androids prompt for permissions is a rather good way of making people stop and think about the app you are about to install, and I believe this kind of thing is the correct initial approach. User education is 90% of the problem with security on digital platforms.
In practice, both iOS and Android have problems with malware already, and it's hard to say one has more of a problem than the other. Frankly, neither approach to app security is ideal therefore both platforms will be constantly fighting malware. Android could do with a lot more quality control - at very least stop neglecting the market, the moderation system for comments and ratings needs updating. Nothing beats weeding out bad apps by a good feedback system.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
The majority of the general cell phone using population is always going to be ignorant of security, and is always going to want someone else to deal with it.
iOS is also quite secure by design. It is based on a real UNIX that also has very few wild viruses. iOS has had a couple of bad remote exploits in it's existence, both of which were fixed pretty fast. Android (just like Linux and any other OS) has some too. Fixing them in Android might actually be problemmatic as many carriers seem to take the view that os upgrades are optional. Both systems are inherently as vulnerable to trojans as anything else. The difference is, Apple does a pretty thorough job of prescreening, and doesn't let you install pretty.scr that your friend emailed you. Google doesn't. And tossing your users out to look after their own security doesn't work. Otherwise Windows would be the safest OS.
Google is going to have to step up before something bad and widespread happens. If they don't, someone else, probably the carriers, will do it for them. And if you think Apple is repressive, you've clearly forgotten what (popular) cell phones were like before the iPhone.
http://en.wikipedia.org/wiki/Mac_OS_X: "Mac OS X (pronounced /mæk o s tn/ mak oh es ten)[6] is a series of Unix-based operating systems and graphical user interfaces...."
http://arstechnica.com/apple/news/2007/08/mac-os-x-leopard-receives-unix-03-certification.ars: Mac OS X Leopard receives UNIX 03 certification
Oh, and mustn't forget:
http://en.wikipedia.org/wiki/Computer_virus: "As of 2006, there are relatively few security exploits targeting Mac OS X (with a Unix-based file system and kernel)."
Well, you're right about something, one of us should have done his research before commenting.
I think the flaw is it asks too late, and you can't block any of them to still use the App.
IE I wanted a app to track car maintenance and MPG, I find the one that looks best, best reviewed...
Now it comes up and says it wants phone, and internet access...
Not needed for what I wanted, but what do I do now?
Look for another, buy, install, and wait to see if it is worse?
Would be nice if google also disclosed that in the app market before choosing,
then maybe developers would explain what they used the connections for...
I'll grant you the facts that:
but you CAN view which features an application needs before buying/installing/running it.
This will let you review what privileges an app will have if you install it without requiring you to buy, install, and find out the hard way.
If you have a problem with the app needing access to your fine GPS location (probably for adverts) instead of coarse Geo-IP location
or receive an SMS, you could now avoid downloading this app (or buying it if it weren't free).
If you scroll down, there's usually a section for further clarification on specific features requested.
Disclaimer: I neither own nor am I affiliated with any application in the Android Market.
* - My phone is 1 year old and runs Android 2.1, which (I believe) introduced the new Android Market.
For reference, some older phones have 1.5/1.6, & the newest is 2.2.