ACLU's Mobile Privacy Developer Challenge

An anonymous reader writes "Privacy groups announced a mobile privacy developer challenge yesterday. The competition, Develop for Privacy, challenges mobile app developers to create tools that help ordinary mobile device users understand and protect their privacy. It's sponsored by the ACLU of Northern California, the ACLU of Washington, and the Tor Project, with the assistance of the Ontario Information and Privacy Commissioner's Office. Submission deadline is May 31, 2011. The winner will be announced in August 2011 at an event in Las Vegas, coinciding with the DEFCON and Black Hat security conferences."

Every man has his price...

[puterg33k]

Let us not forget this.

Droid Does

The Droid's permissions feature is a good step in this direction. Before you install a program, the program informs you exactly what kind of access it will have to your phone. For example, you know something is wrong if a chess application asks to see all of your contact information.

Re:Droid Does

[Z00L00K]

True to some extent - but even if it does request something like internet access - what is it doing with my internet access? How much traffic will it generate? It may produce a humongous amount of traffic raising my phone bill to astronomical figures. This applies to everyone not on an unlimited agreement or as soon as international roaming occurs.

The question is sometimes like "Hey I need a hammer" - no real reason why the hammer is needed.

And if it wants to access your contacts - which part of the contact information is it going to access - and why. Maybe it's an app for chess and it allows you to do network chess with a friend.

Re:Droid Does

You know... five years ago, the level of granular control Android offered was essentially considered impossible and never expected soon. Yet it has many shortcomings. If it did not, it would still be pending release, all these past few years.

Re:Droid Does

[LibRT]

I couldn't agree more with your post, Z00L00K - I have an Android tablet and when I install a game or some other application and it tells me it wants internet access, I'd love to know exactly why it needs that access. If it is only for occasional updates, I'd much rather the option to decline the internet permission and manually check for updates. I don't consider myself an unsophisticated user, but nearly every app I've wanted to install asks permission for something which on the face of it ought to be unnecessary for the app to function in its intended way (well, intended from my perspective, maybe not so much from the app developers' perspective).

Re:Droid Does

[thetoadwarrior]

Google have made a nice short clear screen warning you of everything but no one pays attention to it and it's just yet another screen to click through to get the app you want. I suspect if you asked people what their apps were doing they wouldn't have a clue. Of course it's no longer Google's problem and it's the idiot user who opted to completely ignore the warnings.

Re:Droid Does

let out your innate linux geek. most android devices do support iptables. is it that different being on a phone that you lose all curiosity? if you won't stoop so far as to waste a day fucking around with netfilter modules then I'd say you really don't care enough about privacy.

Re:Droid Does

[hedwards]

There's a reason for that. The screen isn't really that clear. Any app which has advertising is going to need to access the network. Whether it's sending back information or just downloading it isn't indicated on the screen. A app which includes the ability to place a call from within it is warned the same way whether you have to manually agree or not. Same goes for location data, they tell you that it's going to use it, but there's no way of knowing whether or not it's required for the app or advertising. A GPS app for instance would need to access the GPS, but you've got absolutely no way of knowing what the app is going to do with it.

In the best case you can look at the app and wonder why a game is needing to make phone calls, but much beyond that and you don't actually know anything. Google definitely needs to make it so that you can require confirmation for certain actions like placing calls, it's not realistic to have such a requirement for everything an app could do, but certain things really need to have the user sign off each and every time, or at least default to that.

Re:Droid Does

[WorBlux]

Has anybody else noticed that almost all of the problems of Andriod devices arise out of closed source, proprietary, and non-free applications? The first round of problem dealt with jails, secret hardware interfaces and modules that left people unable to update to newer kernels and thus newer android versions. The second round of problems deals with malicious code that you have no practical power to change or examine. If applications were open-source the few people who cared could remove all this crap and distribute patches or modified versions, If you value you're freedom, don't use non-free programs on your device. Unfortunately I don't know of anybody is actually making something like this.

Re:Droid Does

[Miamicanes]

Actually, it's worse. Android maintains an arbitrary distinction between "coarse" location invariably meaning "network/tower-based", and "fine" location invariably meaning "GPS-based". The problem is, lots of Android phones have GPS that's basically dysfunctional indoors (*cough* entire Samsung Galaxy S family with official firmware), and network-based location doesn't work in places where you might have no 3G signal, but have wi-fi (like a foreign country with roaming disabled). In reality, Android's location services should make use of all sources of location information available to it, but blur and dither it to reduce its accuracy when the user requests "coarse" location.

Oh, and god help anyone with a tablet. Network location service doesn't exist unless you buy an outrageously overpriced tablet tied to a 2-year 3G contract, and you can count the number of Android devices that ship with kernels with Bluetooth HID and SPP compiled in on a single hand, with fingers to spare... so unless it comes with GPS, you can forget about using it with an external bluetooth GPS module.

Re:Droid Does

[99BottlesOfBeerInMyF]

You make a very good point. I'd like to see a hybrid system that combines the sandboxes that are now ubiquitous and the permissions/ACLs for each app; with a curated system where software is tested and vetted by a security professionals that, using the ACL determine if the app is using those permissions in a reasonable way in real world use. Ideally, I'd like ratings of apps provided by multiple parties and I'd like to apply different weights to the input from different sources. I'd like the availability of these security ratings to be an open, capitalist market. It is fine if the device maker and/or the phone service provider wants to provide ratings, but I want be able to easily add a ratings "feed" from an open community effort and a 'for pay' security company with experience making viral detection software.

In my mind, this is the perfect storm for application of modern software security technologies and I'd like to see it both for mobile and desktop computing. It would get rid of much of the need for locked down app stores and still provide the same level of security that those stores provide. Sadly, Google is really the only company I could see being in a position to pull it off and also having a good profit motive for doing so. And I just don't see them as capable of putting together that slick and well architected solution that includes good usability testing for end users. They're great at building tech, but seem pretty poor at getting that cool tech usable and implemented well by the time it reaches the general public. Rather, I suspect most companies will punt and put together a curated Apple-like store solution.

Re:Droid Does

[Tacvek]

Actually, it's worse. Android maintains an arbitrary distinction between "coarse" location invariably meaning "network/tower-based", and "fine" location invariably meaning "GPS-based". The problem is, lots of Android phones have GPS that's basically dysfunctional indoors (*cough* entire Samsung Galaxy S family with official firmware), and network-based location doesn't work in places where you might have no 3G signal, but have wi-fi (like a foreign country with roaming disabled).

First to address that last point: I've never had a problem with wifi-only positioning, except for it being imprecise. However it may not work at all if there are no access points in range for which Google has location data.

As for your general point:

Honestly, there is a bit of an issue.

For example while GPS works in my dwelling, it provides a position fix no more accurate (albeit more precise) than the coarse location, when I have both Wifi and Phone enabled.

It turns out that due to the number of WiFi points in range of my dwelling, a WiFi only fix gives data with an uncertainty of a yard or two. However, Google has erred on the side of caution and artificially increases the circle of uncertainty by a substantial amount. The end uncertainty with both Cell and Wifi is 5-10 times that of GPS, despite the center of the circle actually being just as accurate.

With the phone off (coarse location using only WiFi), the circle of uncertainty increases by a factor of 2, despite zero change in the identified position.

With no WiFi, I get a a very coarse position, which cannot even positively identify which two suburbs I live right on the edge of.

I actually find how "fine" the cell+WiFi coarse position is to be a bit unsettling, as it would positively identify my apartment complex!

In reality, Android's location services should make use of all sources of location information available to it, but blur and dither it to reduce its accuracy when the user requests "coarse" location.

The difference is that Cell+WiFi positioning information uses almost zero additional power on a device, because the phone already has the cell tower, and list of nearby access points as a consequence of having those features enabled. From there, all it takes is a quick query to Google, and you get positioning information. On the other hand, the GPS chip in most Android phones draws more power than any other single component expect possibly the screen. Therefore, you really don't want to be running it to get only a "coarse" location.

Not Gonna Work

[WrongSizeGlass]

Unfortunately there are people involved in the ownership of these mobile devices (aka users). When users are involved security is always inconvenient, an obstacle or even a nuisance. People want security via magic, not actual implementation of secure and common sense practices.

Re:Not Gonna Work

[commodore64_love]

There ought to be a list somewhere, perhaps a popup as soon as you turn-on your computer/phone, which lists those "common sense" practices. Otherwise people won't know.

BTW I had a family member send a 5000 dollar check to Prince Nabubu in Nigeria, because he thought he'd won a lottery. People like that need a list to tell them, "No you do not send money to strangers."

- "Prince Nabubu never Told you the Truth. *I* am your scammer." ;-)

Re:Not Gonna Work

Can you let me have an email address for your gullible family member? I had a similar experience and I'd love to share it with them. Thanks!

Re:Not Gonna Work

[16384]

Unfortunately there are people involved in the ownership of these mobile devices [...]

Unfortunately you don't really own a smartphone, even one that isn't tied down to a contract and paid big bucks to carry around. The phone doesn't obey to you instead obeys to the manufacturer, to google, to the app developers, etc. It keeps sipping information and reporting it back to headquarters, and it's blocked in such a way that bypassing that is not practical.

I was surprised to find that android phones *require* a google account, or that a iPod Touch requires being connected with iTunes to start. A HTC Desire comes with lots of widgets running in the background that you can't turn off (and it's even worse on Android 2.2, Froyo) and the terms of service clearly states they may collect data on you (duh!). Many apps requires far more permissions than they should, so after a while you either give up and ignore the permission requests or don't use any of them.

Mobile privacy? Is there such a thing?

Re:Not Gonna Work

[grumbel]

That is basically nothing more then a popular myth set into the world by people to lazy to implement proper security measures, as proper security measures is what makes things easy to use, not hard. Good security measures add transparency and accountability and gives the user control, instead of handling things like a magic black box where everything can happen with no way to know what and how.

That of course doesn't mean that user education isn't necessary, some things can't be fixed by software/hardware, such as the user manually giving out his data, but you certainly can design a software system that doesn't give any random app full access to your whole address book or other private data (and no, a simple "Wanna give full access [Yes] [No]" is not a proper solution).

Re:Not Gonna Work

[Microlith]

These devices usually have pretty good security policies. The problem comes from the fact they're almost universally applied against the user, and not for the user. IE it's not "how do we keep the system safe from outside snoopers, or rogue applications," it is "how do we keep the user out of the sensitive segments, but ensure the software they run can snoop necessary information."

Re:Not Gonna Work

[Miamicanes]

> proper security measures is what makes things easy to use, not hard.

Amen. My job involves application security, and the biggest single problem I see is that most developers have no real understanding of what they're trying to defend against or why, and when told they have to make an application "more secure", their usual reaction is to make it as awkward and user-unfriendly as they can on the theory that it somehow makes the application more secure. Most of the time, their misguided efforts end up making matters even worse.

Case in point: an account gets locked out because too many attempts have been made to log in with invalid credentials. OK, fine. That's good. What's NOT good is giving the user some response like, "The server is having problems, please try again later." 1) by displaying that different message, they've just let the attacker know that something significant has happened, and that if the attacker was blindly trying usernames and passwords, he's probably just found a valid username by locking it out. 2) By telling the user to "try later", you're giving them false hope that the problem will somehow resolve itself on its own. If a user's account has been compromised, the LAST thing you want him to do is to forget about it until "later". You want him to call the helpdesk NOW. The ONLY case where intentionally lying to the user might be acceptable is if you're dealing with access to something EXTREMELY sensitive whose security is backed up by real-world people with guns who are going to come running to investigate moments after the user sees the "system error" lie (in which case the user, if legitimate, will have someone right there to assist him immediately anyway).

So, how would you make the login more user-friendly WITHOUT creating new vulnerabilities? Easy: here's the response you give when someone attempts to log in with an invalid username, a valid username with invalid password, or a valid username & password that have been locked out:

"The username and password you entered is not associated with a user account, or the account might have been disabled due to excessive failed login attempts. Please try again. If you believe your account might have been locked out, please call 888-999-2222 for assistance."

There. Isn't that much nicer? You aren't revealing whether or not the account is valid or what went wrong, but you're making sure the user understands that lockout is a possibility if he screws up too many times, and you're telling him who to contact NOW if he thinks it's locked out. You've made it crystal-clear to him that IF the account is locked out, he can retry forever and won't be getting back in, so if he thinks it HAS been locked out, he might as well call RIGHT NOW and get it over with. There's no need to lie to the user, waste his time, piss him off, or ultimately delay communication that someone might be trying to compromise user accounts. You're respecting the value of his time, and telling him how to get in touch with somebody who can solve his problem NOW (or at least explain why it can't be solved now). Note the exact phone number, and not vague instructions like "contact your network administrator" or "call the helpdesk". Why? For one thing, assuming the user even has the slightest idea WHO to call, he probably doesn't know the damn phone number. Too many programmers get the wacky idea that they're somehow enhancing security by making it harder to get in touch with someone who can fix the problem. In reality, the opposite is true. Real users don't know, and don't care. Attackers, on the other hand, will do hours of research to find out.

Re:Not Gonna Work

[PCM2]

Please try again. If you believe your account might have been locked out, please call 888-999-2222 for assistance.

Of course, then you open the system to social engineering, even by strangers who don't have access to the company phone book -- and as we've seen time and again, humans are often a lot easier to hack than machines.

Re:Not Gonna Work

[Miamicanes]

You're assuming that there's actually a company phone book that a legitimate user would have ready access to. Quick... where's YOUR company phone book? Does it even exist in printed form, or (like most companies), is it all "online" now? Chicken, meet egg. Kafka's sitting on the bench over there, simultaneously groaning and laughing. And if it DOES exist in printed form, what's the likelihood that a remote employee at a hotel (or family member's house) with his laptop actually has a copy with him right then? No, "supposed to have it according to policy" doesn't count. When push comes to shove, statistically "nobody" will have it with them.

The truth is, real users NEVER know who to get in touch with, because until something goes wrong, they literally don't bother or care. Worse, most of the time, real users will get frustrated, say 'fuck it', and abandon the login attempt LONG before motivated attackers will. Printing the contact info on the back of something won't help, because it's the last place the user will look. Really. They've looked at it hundreds of times, but they didn't "see" it, because it didn't matter to them, it faded into the background noise and became effectively invisible. When crunch time comes, they won't even bother to look there, because they "know" it's not. If it were, they'd remember seeing it (so they theorize). The only way to ensure that a user with potentially-compromised account calls IMMEDIATELY is to make sure he knows beyond doubt that it's a possibility, and to put the number right in front of the user's face where he can't ignore it.

If anything, concealing the contact info opens the door to inverse phishing attacks. When a corporate user can't connect and has no idea who to call, guess where he's going to go first to try and find out? Google. Yes, Google. All the attacker needs is a reasonable-looking web site that looks suitably outsourced to India and VoIP service for a toll-free number, and our example pissed, frustrated corporate user will voluntarily spill his guts and tell the nice person who answers the phone whatever he wants to know. I know, because I've dealt with situations where it happened.

At the end of the day, would you feel safer a) making it easy for both attackers AND legitimate users to get in contact with security helpdesk staff with extensive training that includes hours of role-playing to recognize and deal with social engineering attempts, or b) hoping an employee who was forced to watch a lame, pompous, self-congratulatory exercise in legal masturbation posing as a "security training video" doesn't get misled into calling an attacker and spill his guts to someone staffing the phone lines for an organized crime syndicate?

Re:Not Gonna Work

Unfortunately, you are correct.

It looks like I'll be stuck on Windows Mobile 6.5 forever.

oh you uninformed user

You are trusting that the permissions of the device OS is actually going to protect you? Wrong. That is just spin and illusion. Every one of these devices have published cracks and exploits. In addition, many of the online services like Google and Facebook out and out sell your online data - they think they own it! The best privacy is 1) not to use the device; 2) use the device and put in as little of your private data as you can; 3) use the device and put in as much incorrect data as you can -- or a combination of these strategies.

After seeing just how much of my private data can be mined online, I have been developing several fake profiles with bogus names, birthdates, residences and so on. What I cannot protect, I just don't give out the correct info as much as I can.

Glad someone is looking at online privacy. Finally a cause supported by the ACLU I can actually think about and not get violently ill. Hope they can make some headway, but as has been pointed out, users are their own worst enemy as far as online usage and privacy are concerned. They give out way too much without thinking.

AC

Re:oh you uninformed user

[JonySuede]

Finally a cause supported by the ACLU I can actually think about and not get violently ill.

what do you have against the freedom to be blasphemous ?
what do you have against protection against unwarranted search or interrogation ?
what do you have against the freedom to burn a flag ?

Re:oh you uninformed user

thankfully, for the paranoid such as I, most Android apps are so simple that you can disassemble and read them to completion in a matter of 5-20 minutes. I spend several days every week simply reading swaths of x86 assembly code and it still takes me hours to perform a top-level analysis of most desktop programs I encounter. once I dig deeper then I'm looking at days to weeks. it's almost trivially easy by comparison to manually verify every 3rd-party app that runs on your phone. you're probably looking at < 24 hours.

Re:oh you uninformed user

[WorBlux]

Trivially easy to learn x86 code? And what good does this do for anyone except you, if you can't legally re-redistribute any modifications you make?

Re:oh you uninformed user

the Android apps I was writing of are running plain Dalvik byte code, far more easy to learn than x86. most programmers wouldn't even need to study it. very few apps make use of the NDK, so you don't usually need to learn ARM assembly. I never said x86 was easy, though it's not hard either.

And what good does this do for anyone except you, if you can't legally re-redistribute any modifications you make?

WTF? I mentioned it was for checking for malicious apps on your own phone, not making modifications. though if you do want to mod them, smali is generally capable of reassembly.

there are also various ways of modifying apps on Android that don't require redistribution of derivative code. your app can copy the 3rd-party's package at runtime, patch the binary, and then load it (reinstalling it would pose problems, e.g. lack of signing, permissions).

Re:Users!

[TaoPhoenix]

The Clu Application wants access to all your other programs. Pay no attention to the Align To Grid feature enabled automatically.

Communists

By submitting you grant them a royalty free perpetual license to distribute, modify, and have anal relations with your source code.

Basically: Work your tail off, give them your source code, and in exchange they might give you a plaque. Yay! No cash. No funding to help distribute the app. No investment. Nadda. This is par for the course for the government of Ontario.. but the ACLU?

Reminds me of Che Gueveras Cuba where everyone was expected to 'volunteer'.

I wish android let me *control* app access

[SuperBanana]

Here's a suggestion for anyone that's listening: Android tells you what access an application wants, and aside from minor problems like there being obscure reasons for why the program needs access to "make calls" (often this just means the program wants to be able to tell if you're *in* a phone call or not and behave appropriately), this is reasonably handy.

However, my main objection: you don't get to see this information in the marketplace, so you can't make a purchase decision based on it...and worse, you can't *control* what access a program gets. For example, a lot of programs request "coarse" location information, which is enough to tell where you are within a few blocks. I don't want my backgammon program to know my location, and I wish I had the ability to tell the Android OS "no, that's not OK".

It's an all-or-nothing approach that leaves me often feeling like my arm is twisted into accepting the app, often because there are no alternatives for the functionality I want...

Re:I wish android let me *control* app access

[hey]

Its in the market. Take a look again.

For example:
https://market.android.com/details?id=com.google.android.stardroid
and click on the PERMISSIONS tab.

Re:I wish android let me *control* app access

[Nailer235]

In the Droid Market, you view the application's requested permissions immediately before you download the application. If you don't like the permissions, don't download the application. There is no application that you "must have," and there is no arm-twisting. Personally, if an application has permissions that I find questionable, I don't download the application.

Re:I wish android let me *control* app access

The android market prompting you with what features a program is requesting access to is a good first step. But really only a baby step. Ideally you should be able to select an installed application and check or uncheck in a simple GUI what resources it has access to. By default an application would have access to whatever resources you OK'ed when in installing it from the market place.

This type of approach would provide a easy way for a non-technical end-user to make some intelligent security decisions. Sure today I can root my phone and setup firewall rules to prevent an application from accessing the internet, but is the average user going to do that? Should they have to root their phone to implement better security?

Re:I wish android let me *control* app access

[alostpacket]

While you're correct, the one permission you speak of has to do with any app wanting to support Android 1.5 devices. Because they never had such a permission, if you say your app wants to support Android 1.5, the "Read phone state and Identity permission" is added automatically.

Source: http://www.zdnet.com/blog/burnette/whats-new-in-android-16-donut-part-2-developer-features/1369?pg=3

I wrote some info about how important the various permissions are also here:
http://alostpacket.com/2010/02/20/how-to-be-safe-find-trusted-apps-avoid-viruses/

Darwin's Solution

[Nailer235]

It's not easy to spurn an interest in security in people that are apathetic to the matter. Why not let them get viruses, and then learn how much of a pain in the butt it is to get rid of them? Wouldn't that provide some future-incentive?

Re:Darwin's Solution

[WorBlux]

Because even then, they won't notice. They'll just blame the OS or the hardware, and wonder why someone keeps buying a flat screen TV with their credit card every week. Nobody should trust a mobile device with financial information, especially if you routinely download and run programs from random, unproven developers.

You're both right...

The users see security as an obstacle. The users are the manufacturer, google, the telecom provider, and the app developer. The person walking around with the phone is a mere peripheral.

Re:Droid Does: Blame Shifting

[WarmNoodles]

Mod the parent up. The droid permission feature should render in plain text to the user, all data it wants to access on the device before it accesses it. And not a vague black box functional description of the data, but the actual data rendered in plain text.

Hmm With who is the data actually share with is a large un answered permission question isn't it. Would you be just as happy to share your data with some ISP where the registrant was from Nigeria, or with a Chinese server farm or an Intellus Spokio database? So then the next question is What are they going to do with the data and why do they need it. I don't seem to ever have seen the permission system have a Programmers justification for requested data section.

What would you do if one of your kids friends asked to go through your financial records, sleep over and borrow the car for a road trip, would you be so flippant about saying sure, here you go?

All my points above point out that the Droid permission feature set as currently implemented is really just about shifting blame to the user from the Platform.

A more detailed analysis of the application, who will use the data, what for and most importantly setting an expiration for "The user data" after it leaves the mobile device is needed. Clearly no one can say what is or is not dont with the data once it's sent. The whole Droid platform is devoid of software or designs to receive and manage the user data in a permitted data center according to the stipulations of the user.

Meaning the first time you let an app have your data, you may be deeply screwed and have no way to know for years how much you will play for using any app on the platform.

are smartphones really not owned by user?

[KWTm]

Unfortunately you don't really own a smartphone, even one that isn't tied down to a contract and paid big bucks to carry around. The phone doesn't obey to you instead obeys to the manufacturer, to google, to the app developers, etc. It keeps sipping information and reporting it back to headquarters, and it's blocked in such a way that bypassing that is not practical.

Is this true, especially with unlocked phones? Do any others among you fellow Slashdotters agree with this? I don't feel that way with my N900, but I realize that it is probably an exception among smartphones.

The reason I ask is because I hope to replace my N900 with something similar, not from Nokia, when I can. Unfortunately right now the N900 is unique in its openness and power, which means there's no alternative if I want a phone that can run Bash (as root), Python (running portable PyQT desktop apps), and Vim (and make phone calls from within Vim via DBUS). The N900 actually is quite bad in a number of ways, mostly in terms of its operating system software, but nothing else comes close.

I have my hopes on the Rumoured Samsung Linux Phone (RSLP) when it comes out, hopefully later this year, but the parent comment has me wondering whether there will be some sort of lockdown just because it's a smartphone (with the N900 being an exception) or whether any geekphone with root shell (assuming the RSLP has one) will give me the same freedom as Nokia's creation.

Come to think of it, my previous phone, an unlocked Treo 650 (the newest available that could come unlocked from Palm, which is why I didn't get the Treo 700 or newer), did have a rather frustrating lack of apps, especially FOSS. The backup application, BackupMon, was proprietary and made me very nervous about potential failure blocking my access to critical backups.

How is the Palm Pre in this respect? Any scripting languages, or do I need to get a SDK just to program my phone to read from a text file and dial the phone number within? What about Android --is the fact that it's "obeys just the app developers" a philosophical abstraction, or would it create an obstacle for someone who wants to script the phone? E.g. I'm pretty sure Vim runs on Android, but can it dial a phone number via a shell command (DBUS, for example)? Is the Nexus One open in this regard --should I buy one from eBay?

Thanks for any insight any of you can give. This is the smartphone equivalent of asking, "I want to buy a computer and then install Linux --which computer system should I get?"

Re:are smartphones really not owned by user?

[16384]

Android OS is linux, so a root-friendly Android phone could be an option. I don't know if you can bypass the google account requirement, but if you install a firewall on the (rooted) phone you can control what gets network access or not. I particularly dislike the fact that google wants to sync all your contacts and get all your phone numbers, etc. For me that is going too far.

Most Android apps will require full net access, mostly to show you ads, but some want to know your location as well, and it's a all or nothing proposition, you either accept giving all the permissions the app asks an run it, or you don't install it at all, there's no finer control of access privileges.

Maybe someone more knowledgeable could give more insights? It might be a good idea to hold on to that N900, even if you are missing out on a large ecosystem of apps.

I just found a recent slashdot article that you should read: http://mobile.slashdot.org/story/11/01/06/1344223/Smartphones-For-Text-SSH-Use-Re-Revisited

iPod Touch and iTunes

[snowwrestler]

I believe the iPod Touch requires the client app of iTunes to sync, backup, and update the device, but it does not require an Apple ID or connection to the iTunes online store. You won't be able to buy music or apps without that, but if you're ok with that, I believe you can use the iPod Touch without sending any personal info to Apple.

Re:iPod Touch and iTunes

[tlhIngan]

I believe the iPod Touch requires the client app of iTunes to sync, backup, and update the device, but it does not require an Apple ID or connection to the iTunes online store. You won't be able to buy music or apps without that, but if you're ok with that, I believe you can use the iPod Touch without sending any personal info to Apple.

You have to associate the iPod Touch with an iTunes account, actually. But there's nothing to say you can't create a fake account with fake information. And you can buy apps and music still if you buy iTunes cards with cash (they're going for 20% off at times - I'm seeing $10 off $50 card offers retail!), again, though a fake iTunes account.

Little Snitch (mobile) ?

[An+anonymous+Frank]

Where are the interactive firewall apps?