ACLU's Mobile Privacy Developer Challenge

An anonymous reader writes "Privacy groups announced a mobile privacy developer challenge yesterday. The competition, Develop for Privacy, challenges mobile app developers to create tools that help ordinary mobile device users understand and protect their privacy. It's sponsored by the ACLU of Northern California, the ACLU of Washington, and the Tor Project, with the assistance of the Ontario Information and Privacy Commissioner's Office. Submission deadline is May 31, 2011. The winner will be announced in August 2011 at an event in Las Vegas, coinciding with the DEFCON and Black Hat security conferences."

Not Gonna Work

[WrongSizeGlass]

Unfortunately there are people involved in the ownership of these mobile devices (aka users). When users are involved security is always inconvenient, an obstacle or even a nuisance. People want security via magic, not actual implementation of secure and common sense practices.

Re:Not Gonna Work

[16384]

Unfortunately there are people involved in the ownership of these mobile devices [...]

Unfortunately you don't really own a smartphone, even one that isn't tied down to a contract and paid big bucks to carry around. The phone doesn't obey to you instead obeys to the manufacturer, to google, to the app developers, etc. It keeps sipping information and reporting it back to headquarters, and it's blocked in such a way that bypassing that is not practical.

I was surprised to find that android phones *require* a google account, or that a iPod Touch requires being connected with iTunes to start. A HTC Desire comes with lots of widgets running in the background that you can't turn off (and it's even worse on Android 2.2, Froyo) and the terms of service clearly states they may collect data on you (duh!). Many apps requires far more permissions than they should, so after a while you either give up and ignore the permission requests or don't use any of them.

Mobile privacy? Is there such a thing?

Re:Droid Does

[Z00L00K]

True to some extent - but even if it does request something like internet access - what is it doing with my internet access? How much traffic will it generate? It may produce a humongous amount of traffic raising my phone bill to astronomical figures. This applies to everyone not on an unlimited agreement or as soon as international roaming occurs.

The question is sometimes like "Hey I need a hammer" - no real reason why the hammer is needed.

And if it wants to access your contacts - which part of the contact information is it going to access - and why. Maybe it's an app for chess and it allows you to do network chess with a friend.

I wish android let me *control* app access

[SuperBanana]

Here's a suggestion for anyone that's listening: Android tells you what access an application wants, and aside from minor problems like there being obscure reasons for why the program needs access to "make calls" (often this just means the program wants to be able to tell if you're *in* a phone call or not and behave appropriately), this is reasonably handy.

However, my main objection: you don't get to see this information in the marketplace, so you can't make a purchase decision based on it...and worse, you can't *control* what access a program gets. For example, a lot of programs request "coarse" location information, which is enough to tell where you are within a few blocks. I don't want my backgammon program to know my location, and I wish I had the ability to tell the Android OS "no, that's not OK".

It's an all-or-nothing approach that leaves me often feeling like my arm is twisted into accepting the app, often because there are no alternatives for the functionality I want...