Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Concerns With Android and iPhone Apps

Posted by timothy on from the wouldn't-exactly-say-I've-been-missing-it dept.

carre4 writes "The Wall Street Journal has come out with an article where they examine 101 popular smartphone apps and show that 56 of them transmit various types of information including unique phone IDs, age, gender, postal codes, and location to ad companies. The article also includes responses from infringing app makers and talks about the pressure that some developers feel to share even more information, like Max Binshtok, creator of the DailyHoroscope for Android, who has been encouraged by ad-network executives to transmit users' locations."

17 of 116 comments (clear)

  1. Isn't there anything like sourceforge for android? by splerdu · · Score: 4, Interesting

    Se we can download source and built it ourselves?

  2. What's the world coming to by tsa · · Score: 2

    Aren't there laws against these practices?

    --

    -- Cheers!

  3. Ugh by alvinrod · · Score: 4, Insightful

    Sorry to burst your bubble, but most developers like to eat, which means that commercialization of software comes in at some point, whether that's advertising, support, or something else. Limiting the selection of software to only non-free (as in beer) software would result in a lot less software being available (or made in the future), which isn't exactly helpful for end users either. FOSS has gone a long way to make the world a better place, but it's not a be-all, end-all solution.

    1. Re:Ugh by migla · · Score: 2

      >FOSS has gone a long way to make the world a better place, but it's not a be-all, end-all solution.

      Sure it is. We're just not there yet.

      --
      Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
  4. Re:Powers by Anonymous Coward · · Score: 2, Insightful

    Yeah, you have fun with that crap. I prefer to use the device instead of auditing every packet and process it produces.

  5. Re:Information security? by icebike · · Score: 2, Insightful

    This is actually a good Idea.

    The problem is that giving that level of snooping capability to one app pretty much makes it available for other apps, and you can see how that would get out of hand pretty quickly with one app data mining another and sending back encrypted data later.

    Perhaps a better method would be for Android/IOS to find a way to lock down access to specific items of data in the phone. If you want to deny an app from reading your phone number or IMEI you can just uncheck a box and it can't even call the APIs that do that. You might end up killing off app functionality, but at least you would know when some game decided ti email your addressbook to china or something.

    This pretty well has to be solved at the system level rather than at the level of a watchdog app.

    --
    Sig Battery depleted. Reverting to safe mode.
  6. Re:Isn't there anything like sourceforge for andro by beakerMeep · · Score: 2

    For the Android OS there is: The Android Open Source Project

    However, as far as I understand it, there are some hurdles with regards to building a ROM depending on the phone you have. Some have locked bootloaders / proprietary drivers.

    For apps, there is a lot of stuff on GitHub, but as someone else already posted that requires the dev to have shared the code.

    If you root your device a good firewall is DroidWall

    --
    meep
  7. Re:In other news by Anonymous Coward · · Score: 3, Funny

    It was uncovered today that your toilet analyzes your stools and sends the results to your proctologist. If you cannot afford a proctologist, one will be provided to you...

    unless you live in the US. in which case, your shit's out of luck

  8. So why buy an android or jobsian phone? by Rhodri+Mawr · · Score: 2

    ...when you could have a Nokia N900?

  9. Re:BlackBerry Permissions by SilentChasm · · Score: 2

    Android does. It will display a list of things it needs to access, like device state/network access/ability to turn off autosuspend/etc. Ebook readers for example need to be able to prevent the screen from turning off. Messaging apps need network access. Etc. They are usually inflated from what you think the app should need though. Some are just insane with the permissions they want.

  10. Data from Article by scruffy · · Score: 5, Informative
    Here is a list of the apps and the information they send about you. Explanation of the columns and numbers are on the bottom of this message. The extra annoying text is to get around the GDF lameness filter.

    A B C D E F IPhone App the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 0.03 Seconds Pro the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 Age My Face the quick brown fox jumped over the lazy dog
    2 2 0 2 2 0 Angry Birds the quick brown fox jumped over the lazy dog
    2 0 0 2 2 0 Angry Birds Lite the quick brown fox jumped over the lazy dog
    1 0 0 2 2 0 Aurora Feint II: Lite the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 Barcode Scanner (BahnTech) the quick brown fox jumped over the lazy dog
    2 0 0 0 0 2 Bejeweled 2 the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Best Alarm Clock Free the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Bible App (LifeChurch.tv) the quick brown fox jumped over the lazy dog
    0 0 0 0 0 0 Bump the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 CBS News the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 0.03 Seconds the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Dictionary.com the quick brown fox jumped over the lazy dog
    2 0 0 0 1 0 Doodle Jump the quick brown fox jumped over the lazy dog
    1 0 0 1 1 0 ESPN ScoreCenter the quick brown fox jumped over the lazy dog
    1 1 0 1 0 0 Facebook the quick brown fox jumped over the lazy dog
    0 0 0 0 0 0 Flashlight (John Haney Software) the quick brown fox jumped over the lazy dog
    0 0 0 1 2 0 Fluent News Reader the quick brown fox jumped over the lazy dog
    1 0 1 2 0 1 Foursquare the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Fox News the quick brown fox jumped over the lazy dog
    2 0 0 2 0 0 Google Maps the quick brown fox jumped over the lazy dog
    1 0 2 2 2 0 Grindr the quick brown fox jumped over the lazy dog
    2 0 0 1 2 0 Groupon the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 Hipstamatic the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 iJewels the quick brown fox jumped over the lazy dog
    0 0 0 0 0 0 iLoveBeer: Zythology the quick brown fox jumped over the lazy dog
    1 0 0 1 2 0 Medscape the quick brown fox jumped over the lazy dog
    1 0 1 2 2 0 MyFitnessPal the quick brown fox jumped over the lazy dog
    1 0 0 1 1 0 Netflix the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 NYTimes the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Ninjump the quick brown fox jumped over the lazy dog
    0 0 2 2 2 0 Pandora the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Paper Toss the quick brown fox jumped over the lazy dog
    0 0 0 0 0 0 PerfectPhoto the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Pimple Popper Lite the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Pumpkin Maker the quick brown fox jumped over the lazy dog
    0 0 0 0 1 0 RedLaser the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 Ringtone Maker the quick brown fox jumped over the lazy dog
    2 0 0 0 2 0 Ringtone Maker Pro the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Shazam the quick brown fox jumped over the lazy dog
    2 0 0 2 2 0 Talking Tom Cat the quick brown fox jumped over the lazy dog
    1 1 2 2 2 1 TextPlus 4 the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 The Moron Test the quick brown fox jumped over the lazy dog
    0 0 0 0 2 0 The Moron Test: Section 1 the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 Tips & Tricks: IPhone Secrets Lite the quick brown fox jumped over the lazy dog
    2 0 0 2 0 0 TweetDeck the quick brown fox jumped over the lazy dog
    0 0 0 0 1 0 WSJ Mobile Reader the quick brown fox jumped over the lazy dog
    0 0 0 2 2 0 The Weather Channel the quick brown fox jumped over the lazy dog
    0 0 0 0 0 1 WhatsApp Messenger the quick brown fox jumped over the lazy dog
    1 0 0 2 2 0 Yelp the quick brown fox jumped over the lazy dog
    1 0 0 0 0 0

  11. Re:I think many people suspected this by GIL_Dude · · Score: 3, Informative

    Don't forget that Assisted GPS (A-GPS) requires network access: http://en.wikipedia.org/wiki/Assisted_GPS. Some of these folks may have just been trying to get you a correct fix faster by using A-GPS. Unfortunately, you can't tell from the Android permissions screen as you will just get things like "network access" which can be used for any purpose - benign, nefarious, or anything in between. I don't know what the answer is to this, but I know I would prefer to be able to tell the app what sites / services it could access.

  12. Re:Isn't there anything like sourceforge for andro by asnelt · · Score: 2, Informative
    I'm not aware of a repository but there are three lists of Android free software apps that I know of.

    Le Wiki Koumbit: https://wiki.koumbit.net/AndroidFreeSoftware

    The Replicant for Android list: http://trac.osuosl.org/trac/replicant/wiki/ListOfKnownFreeSoftwareApps

    The Wikiperdia list: http://en.wikipedia.org/wiki/List_of_Open_Source_Android_Applications

  13. Laws of reality by SuperKendall · · Score: 4, Informative

    The article stated:

    "One iPhone app, Pumpkin Maker (a pumpkin-carving game), transmits location to an ad network without asking permission."

    That is flat out impossible. I am an iPhone developer; there is no way for an application to obtain user location without the user being prompted if that is OK.

    It makes the rest of the conclusions very suspect to me. Just how would an app get age and gender? Again I cannot think of a way that is even possible on an iPhone without being asked; no-where on my iPhone is my birthday or age stored.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Laws of reality by R3d+M3rcury · · Score: 4, Insightful

      The problem is, there is no way to know what the information is being used for.

      I've never used Pumpkin Maker and the description doesn't mention anything about it's capabilities. However, suppose I include a "feature" which will display a background depending on the time of day and your location. So if it's after sunset, it will be dark outside. Of course, for me to know if it's sunset, I need to know your location since sunset varies depending on where in the world you are.

      Thus, Pumpkin Maker needs my location. So it comes up and says, "Would you like to allow Pumpkin Maker to access your location?" Makes sense--it needs to know my location so that it can display the appropriate background. Of course, it doesn't mention that while it's showing your appropriate background, it's sharing your location with it's advertisers.

      Gender would be easy to come by--just ask. After all, it's a fun game for kids and we want to identify the kid with the appropriate pronoun. Or we ask for a name and send that off--after all, we want to identify your pumpkin as "Bob's Pumpkin" or "Sally's Pumpkin" initially, right? Then something on the backend figures out that "Bob" tends to be a boy's name and "Sally" tends to be a girl's name. "Pat" will confuse it, of course...

      Age? Again, you could just ask. You have a collection of add-ons for your pumpkin and you want to filter for age-appropriateness. After all, we don't want small children adding pumpkin boobies or penises. That would be sick and wrong and we're a good company that Thinks of the Children.®

      So the game collects all of this information for a good reason but it never says, "Hey, you mind if I ship it off to advertisers?"

      Again, I've never used this App. I don't know much about it. But these are some ways you could get the information.

    2. Re:Laws of reality by R3d+M3rcury · · Score: 2, Interesting

      Oh, I agree, there isn't one.

      Part of the problem, though, comes from the iPhone zealots--and, to a lesser degree, Apple--who claim that Apple's App Store makes your private information nice and secure. After all, they'll claim, look at all those nasty apps on Android that transmit your personal information. iPhone users don't have to worry about that because Apple checks all of these things and makes sure that you're safe.

      So if Apple can't stop an App like Pumpkin Maker from transmitting personal information, what is the advantage to the customer of having a sole-source App Store? Isn't Apple just providing "security theatre" by implying they can do things that they obviously cannot?

  14. No. by SuperKendall · · Score: 2

    Can it get access to Facebook app's info? For age, sex and more info?

    No, app sandbox.

    Can it get the cell tower ID or some other non-obvious metric identify location?

    Not in the API and therefore would be rejected. You also cannot get the SSID of the WiFi you are on nor any WiFi around you.

    As I said, I'm an app developer. I know the sneaky ways you could try and do something, and what is possible. Gender is not even stored anywhere. Location is just not possible with the restrictions the app store has in place (and they are scanning now for any use of private symbols).

    Not to mention they are ALSO monitoring outbound connections from apps now as part of review.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley