Why Users Don't Trust Mobile Apps

Wow by 0123456 · 2011-04-29 03:43 · Score: 5, Insightful

It's almost as though downloading random apps from the Internet to run on a device you use for personal information might be a bad idea.

Re:Wow by chemicaldave · 2011-04-29 03:50 · Score: 1

Lets be honest, there's no accountability on the part of mobile app developers. Before you download an Android app it asks for permission to use certain features, but the developers aren't required to say how they'll use those features, or what they'll do with it. The markets that distribute these apps should be obligated to compel developers into disclosing what their apps do with your information.
Re:Wow by Anonymous Coward · 2011-04-29 03:55 · Score: 1

Do you really think half the users even know what all the technobabble you're asking for even means? The reality based on what I've seen and heard from others is that if you're upfront about what you do with data and permissions people get spooked and don't want the app even if it's harmless, but if you don't say a word about it then people don't even give it a second thought and happily download the app.
Re:Wow by Zumbs · 2011-04-29 04:00 · Score: 1

But they actually have to say that they use those features. This allows a user to make a much more informed choice of installation than I get on my Windows 7 computer. If an app needs access to something, I do not think that it should, I just pass it up. So single player game + internet access = no-no.

--
The truth may be out there, but lies are inside your head
Re:Wow by tripleevenfall · 2011-04-29 04:02 · Score: 4, Insightful

The thing is, they CAN'T be upfront about how free apps get converted into revenue. All these "markets" (facebook, etc.) revolve around harvesting consumer data.
People don't want their information harvested, and will say "No" to that if confronted honestly.
But that blows the trend we've seen in recent years where you can use software for free that we used to walk into a store and buy in a box for $50.
Will we go back to the $50 model, or will people surrender privacy in exchange for "free"?
Re:Wow by Cwix · 2011-04-29 04:06 · Score: 1

I have a hard time imagining alot of these places actually make 50 dollars per person. Some maybe, most.. I'd hazard a guess of no. So because I'm going to guess that ad based revenue might only be 5 or 10 dollars a person per program, I'd be glad to purchase most of the software I needed for 15. Developers get a little bit extra, and I don't have my private data scraped and sold off to the highest bidder. Win-win in my book.

--
You are entitled to your own opinions, not your own facts.
Re:Wow by Anonymous Coward · 2011-04-29 04:07 · Score: 0

Apps announce a desire for very coarse-grained permission levels, but they don't let you announce on a fine-grained level what they do or why they do it. Take this one for example:
"Phone Calls: read phone state and identity"
What does that even mean? Pretend that you're an average shmoe for a moment. Would you have any idea what an app could possibly want with this permission? And if the app author were to disclose that they need your UID for verification purposes and that the "read phone state" part of it is just something that they *have* to declare even though they aren't using it, would you understand or appreciate the nuance?
Re:Wow by h4rr4r · 2011-04-29 04:13 · Score: 4, Insightful

I take the third option.
I don't pay for the linux kernel, so far Mr. Torvalds has not stolen nor leaked my Credit Card data. I buy Crossover from Codeweavers, the folks who make Wine just to support Wine. I use Wine instead though, and still Alexandre Julliard has not sold my private details to scammers and advertisers.
I could go on, but you see where I am going. You are putting forward a false dichotomy. None of the above come in a $50 box and still my information is not sold to every scumbag with a marketing degree.
Re:Wow by h4rr4r · 2011-04-29 04:16 · Score: 1

The average schmo has access to google so lets check. Lo and Behold:
http://www.womenwithdroids.com/2011/03/deciphering-permissions-read-phone-state-and-identity/
An article written to explain just this to the average Dick and Jane.
Re:Wow by badran · 2011-04-29 04:17 · Score: 1

They do not need to get 50 USD from each person, as 10x if not 100x number of people will use the free app as opposed to pay for it.
Re:Wow by tripleevenfall · 2011-04-29 04:17 · Score: 1

Well, as soon as we get the Year of Linux on the Desktop out of the way I'm sure the whole world will adopt this model.
(insert obligatory snoot about "It's been on MY desktop since 199x!") :)
Re:Wow by Missing.Matter · 2011-04-29 04:23 · Score: 1

That website sounds like a support group for women with a disease called droids.
Re:Wow by h4rr4r · 2011-04-29 04:24 · Score: 1

Obligatory snoot about "It's been on MY desktop since 199x!
I suggested as an alternative, not as the only choice. If you want to go another route then go for it, but pay cash and/or privacy your choice.
That reminds me, GOG has witcher without DRM, better go see if it runs in wine.
Re:Wow by slapout · 2011-04-29 04:30 · Score: 1

Several developers do. But what's to keep them from lying?

--
Coder's Stone: The programming language quick ref for iPad
Re:Wow by traindirector · 2011-04-29 04:32 · Score: 1

But what's to keep them from lying?
The ability to remove permissions you aren't comfortable with.
Except, oh wait, they decided users shouldn't have that ability.
Re:Wow by Anonymous Coward · 2011-04-29 04:40 · Score: 0

$50 is an arbitrary sum. They'd sell it at $200 if you'd pay that much. One of the big benefits to Facebook right now is that no-one really knows the value of data. The market speculation and IPO reflect that.
It's sad that people undervalue personal data, especially when identity theft can take a user for tens of thousands of dollars at a time (car purchase?). Is Facebook worth THAT much to you??
Re:Wow by Anonymous Coward · 2011-04-29 04:44 · Score: 0

http://www.womenwithdroids.com/2011/03/deciphering-permissions-read-phone-state-and-identity/

That website sounds like a support group for women with a disease called droids.

I had a similar thought, except it was more like Rule 34 vs Portal 2.
Re:Wow by Tetsujin · 2011-04-29 05:02 · Score: 1

Well, as soon as we get the Year of Linux on the Desktop out of the way I'm sure the whole world will adopt this model.
(insert obligatory snoot about "It's been on MY desktop since 199x!") :)
You must be really happy - you posted a really standard troll, and anticipated the easily-predictable response. Wow, you've really got an amazing understanding of Slashdot.

--
Bow-ties are cool.
Re:Wow by Cwix · 2011-04-29 05:05 · Score: 1

If there cant be a happy medium where I get to keep my privacy, and the developers get fair compensation, then I'm not interested. I'm not the only one either, more and more people are not interested.

--
You are entitled to your own opinions, not your own facts.
Re:Wow by tlhIngan · 2011-04-29 05:16 · Score: 2

Do you really think half the users even know what all the technobabble you're asking for even means? The reality based on what I've seen and heard from others is that if you're upfront about what you do with data and permissions people get spooked and don't want the app even if it's harmless, but if you don't say a word about it then people don't even give it a second thought and happily download the app.
It's partly why the Android model isn't that great, either. It's good to enumerate and require the services presented, but after using it a little while, its deficiencies start showing.
1) If the app demands extra data not in the APK, it means it needs external storage permissions and internet access. (I kinda miss the iOS method where you download it all self-contained, sans DLC of course, but getting a 200MB file and it has everything).
2) Users don't read dialogs. As tech people we should know this. Even if it's a highly inofrmative dialog like "Could not write file - the disk is full. Please delete something and try again" the user will still ask for support even though they're able to solve the problem themselves.
3) Dialogs get in the way. As part of 2, they'll make a beeline for whatever gets them to their goal the fastest. If your app really wants to do something bad, I suggest not enumerating just the permissions you need, but every permission you can request. Somewhere between the third and forth permission item they'll just get bored and scroll and tap "install". It's human nature.
4) If the user likes apps, they'll probably just blindly click Install anyways without bothering with permissions. After all, that dialog is just another step during app install People just get very mechanical and do things from muscle memory.
5) Users want to get things done. Installing/deleting/maintenance tasks are chores and get in the way of getting things done. If they want the app, anything you throw in the way just annoys and they'll dismiss it without reading.
It's the reason why few people read EULAs (see 3 and 4), people get called over to handle some stupid task request (2) and the like.
It's an annoying reality of the world and it really makes things like alerts/popups/etc. utterly worthless and makes it difficult to impossible to design things to get the user informed. iOS's notification system is broken in that way (it pops up and screws up your current task). Doing a deny-by-default just ends up with users getting frustrated when the app constantly complains it needs access to something, etc (see Vista) - devs just make it so anything useful is blocked until some permission is granted (even if that permission is orthogonal to pupose - e.g., request access to SMS while connecting to a server).
Hell, I thought the Android system was cool, and miles better than the iOS method. Then I realized that half the time I'm tapping Install without looking over the permissions either.
Re:Wow by nschubach · 2011-04-29 05:40 · Score: 1

What if you had the ability to select permissions? (or globally deny everything permission to your contacts, etc.)
Google has stated that it does not intent to allow user control of privacy. It expects the application developers to determine what they need and "only take one cookie"
There have been countless posts on the issue tracker, but the primary one they keep pointing to is marked: WorkingAsIntended
Some folks in the thread have written letters to their representatives, others mostly complain in the thread and Google just shrugs it off. Personally, I think this needs to be brought to the front of the issues and resolved.

--
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Re:Wow by gfxguy · 2011-04-29 06:01 · Score: 1

Yup... I think about what the application does and what it needs to know. I wanted a CNN app, for example, and the app created by the folks at CNN wants to read my phone's identity. Why? There's an app created by the android team, and all it asked for was net access... guess which one I installed.
I wanted a dictionary... Dictionary.com's app wanted to track my location... I found another dictionary app that just wanted net access. Guess which one I installed.
I've only had a "smart" phone for about a month, and I'm already shaking my head at what developers are trying to get away with.

--
Stupid sexy Flanders.
Re:Wow by jedidiah · 2011-04-29 06:34 · Score: 1

> It's almost as though downloading random apps from the Internet to run on a device you use for personal information might be a bad idea. ...except mobile apps (at least on the iThing) are supposed to be "curated".

--
A Pirate and a Puritan look the same on a balance sheet.
Re:Wow by AliasMarlowe · 2011-04-29 06:43 · Score: 1

If there cant be a happy medium where I get to keep my privacy, and the developers get fair compensation, then I'm not interested. I'm not the only one either, more and more people are not interested.
Have you tried Privacy Blocker? It claims to be able to strip code for certain accesses from apps. I have not tried it, so don't know whether they're just blowing foam or not.

--
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Re:Wow by Voyager529 · 2011-04-29 07:30 · Score: 1

In fairness, every ad supported app requires network access for downloading apps. If you take that away, we as consumers like it as it's a quick and dirty ad blocker, but the advertisers and ad-supported app developers would get the short end of that particular stick.
I think the best compromise is on-demand permissions akin to what SuperUser does every time I start Wireless Tether or MyBackup Root - prompts me once root permissions are requested, giving me an accept/deny/remember my choice interface.
Re:Wow by Anonymous Coward · 2011-04-29 07:49 · Score: 0

You're right. Some people would just ignore the permissions and install, but this doesn't make it a bad model. For the people that really care and are cautious it could be very useful to get these permission dialogs. I admit that I do ignore these dialogs sometimes, but the reason isn't because they're an inconvenience. The main problem is that they don't tell me anything useful.
Re:Wow by aix+tom · 2011-04-29 08:08 · Score: 1

Then what is the buzzword/motto for that market model?
Communism: "From each according to his ability, to each according to his need"
Capitalism: "Expand or die"
Optimal Free Market: "Let's make an acceptable product for an acceptable price for acceptable wages"
Mobile Apps: "Let's screw those dolts!!!"
Re:Wow by Anonymous Coward · 2011-04-29 08:38 · Score: 0

Before you download an Android app it asks for permission to use certain features, but the developers aren't required to say how they'll use those features, or what they'll do with it.
So, you don't trust the developer's permissions, but you trust them to tell you how an application will be used?
Here's an over-the-top example: "Full Internet Access"; would a developer ever tell you that it was also needed to download exploit code to root the device and bypass other permissions?
Or another: (the SMS permissions) + "Full Internet Access"; the developer says "I'm going to forward your incoming messages to an email account of your choosing instead of "I'm planning to SMS bomb my ex's phone one day".
Or another: "Write Settings"/"Write Secure Settings"; the description for those is so generic that I have to assume an app could do anything else by simply modifying the settings that prevent if from doing so.
So what keeps the developer from simply lying to you about what the application does?
Re:Wow by Anonymous Coward · 2011-04-29 09:41 · Score: 0

Right, the real question is: why should users trust mobile apps?
Re:Wow by bingoUV · 2011-04-30 23:44 · Score: 1

In fairness, every ad supported app requires network access for downloading apps
Actually, not exactly. App doesn't need to access the network itself, it just calls google's API. Google's API implementation then needs network access. So disabling network access works just fine even if they have to show Android ad framework supported ads.
Only to implement their own ad framework, each app needs its own network access. I don't think that is a good idea anyway.

--
Bingo Dictionary - Pragmatist, n. A myopic idealist.

It's not just data on the phone, Watson by trifish · 2011-04-29 03:44 · Score: 2

People might worry about their data stored in their mobile phones, but what worries me more is that they forget about the built-in microphones and cameras.

Big deal by tripleevenfall · 2011-04-29 03:45 · Score: 5, Insightful

I see this as having a huge impact for the market for apps and what kinds of apps can be developed.

The situation is developing where users don't want to give apps access to anything on the phone other than the data pipe, except for maybe a mapping application or something with an obvious need. This is really going to limit where apps can go.Because of the sins of Apple (and others), people don't trust the platform as much as they used to.

Instead of being a device we voluntarily turned over information to in order to expand its role in our life, we are starting to see it as something that needs to be reigned in, controlled, watched like a hawk.

Formerly people happily used Windows and IE to bring the internet into their lives. Now these are items you don't trust, you run several other programs on top to police them, etc.

It's really a shame that this greed for personal information to sell has set back the role that palmtop tech may otherwise have headed toward in our lives.

Re:Big deal by tripleevenfall · 2011-04-29 03:49 · Score: 1

Personally, I was on the brink with smartphones anyway. I have owned blackberry, android, and iphone devices. Most recently, an iphone.
The privacy issues combined with the huge data plan expense, bandwidth caps - and the fact that most of the time I'm near PCs anyway - these things just made it feel like there are better things I can do with that $30-40 a month.
The fact that I was able to go back to a dumbphone while selling my iphone online for what I paid for it, 6 months later, was helpful too.
Re:Big deal by Anonymous Coward · 2011-04-29 03:53 · Score: 0

Sold it for what you paid for it? Are you including the monthly plan fees? Just because you got the thing for $200 doesn't mean that's all you paid, you paid more every month.
I buy my phones outright and use prepaid plans. I have a smartphone but only pay for data when I want or need it. I pay $10 per year to keep my phone active.
Re:Big deal by tripleevenfall · 2011-04-29 03:55 · Score: 1

By "sold for what I paid for it" I mean I conducted a transaction whereupon someone paid me an amount of currency that was roughly the same as the amount of currency I paid the carrier to give me the phone in the first place.
Re:Big deal by Kuukai · 2011-04-29 04:01 · Score: 1

I don't think so. Everyone I know regularly uses all sorts of Android apps that require permissions they don't need. Last I checked you can't even find a free Japanese input program or even an emulator on the marketplace that doesn't require internet access. And at least one of these isn't much more than a privacy-invasive wrapper of gpl code. There was that article a while back about how the vast majority of apps send back user information, and with this as the norm there's often nothing a user can do except port their own apps. What we really need is more effort on the developer side to release clean free apps, but unfortunately there's little personal benefit to doing that.

--
Sendou Wave Kick!!
Re:Big deal by tripleevenfall · 2011-04-29 04:05 · Score: 1

Exactly - there's no benefit to a company in developing a nice, free, safe application. Either they need ad revenue, or people have to start paying for software again.
Re:Big deal by mangu · 2011-04-29 04:16 · Score: 1

It's really a shame that this greed for personal information to sell has set back the role that palmtop tech may otherwise have headed toward in our lives.
It's not only palmtop tech that has been affected. Back in 1994 I read an article in a magazine about comet Shoemaker-Levy 9. I found the author's email and wrote him with some questions, he promptly answered me. These days I doubt my email would have got past his anti-spam.
Re:Big deal by Kuukai · 2011-04-29 04:18 · Score: 0

Except the thing that annoys me is that in many cases this software exists and is free, it's just not ported or in the store. There's no reason to pay for it, but this choice doesn't reach end users. I'm sure the FOSS community will adapt sooner or later to the app store model, but I wonder if by that point anyone will be dumping their favorite app for the more private and ad-free equivalent.

--
Sendou Wave Kick!!
Re:Big deal by Anonymous Coward · 2011-04-29 04:22 · Score: 0

And the problem with allowing internet access is that you give up all information on the sdcard, since all apps have the ability to read that by default. Any pictures you take with the camera (including the gps coordinates if they are in the metadata) are readable by all apps since they can read the sdcard, even if they don't have camera or gps permissions.
This is all caused by the fact that android uses fat32 for the sdcard instead of a real linux filesystem.
Re:Big deal by tepples · 2011-04-29 04:25 · Score: 1

I buy my phones outright and use prepaid plans. I have a smartphone but only pay for data when I want or need it. I pay $10 per year to keep my phone active.
Which U.S. carrier[1] offers such a prepaid plan? And do you buy your phones outright from the carrier or elsewhere? If from the carrier, are its phones locked down like AT&T Android phones, where a customer has to register with AT&T as a developer in order to get the ADB drivers that will let the customer sideload?
[1] I'm assuming U.S. because it's the biggest developed market that uses a currency whose symbol is $.
Re:Big deal by h4rr4r · 2011-04-29 04:29 · Score: 1

T-mobile I think has a data only when you want it plan. I know they sell uncrippled phones outright as well.
Re:Big deal by h4rr4r · 2011-04-29 04:31 · Score: 1

I suggest you then sell the GPL code and a non-privacy invasive wrapper. Then you can make a $1 each and provide a needed service.
Re:Big deal by h4rr4r · 2011-04-29 04:33 · Score: 1

So port it yourself or pay someone to do it.
The FOSS community adapt to the app store model?
Are you fucking insane? They invented it. An app store is just a shiny frontend to a rather poorly done repository.
Re:Big deal by slapout · 2011-04-29 04:34 · Score: 1

I don't think you can blame Android for the fact that most sdcards come preformatted for fat32.

--
Coder's Stone: The programming language quick ref for iPad
Re:Big deal by Cajun+Hell · 2011-04-29 04:42 · Score: 1

Exactly - there's no benefit to a company in developing a nice, free, safe application. Either they need ad revenue, or people have to start paying for software again.
Or people have to stop thinking of "companies" as where you get commodity software. How much do you pay for a kernel these days? (Or a media player or web browser or text editor or file manger?) These things are worth a lot but it wouldn't even occur to me to buy them; you don't get these things from "companies," you get them from the repository without thinking how/if they were originally funded.
It's understood that if your software is generic enough that pretty much everyone in the world has a use for it, then whatever development costs it had are amortized down to nearly $0 per user. So it's either going to be subsidized by someone like Red Hat's customers who needed it before it was readily available, or it's written/maintained by amateurs who have the freedom to concentration on its functionality without having to worry about how that functionality may conflict with making a profit.
Everyone knew this already. It's just that when the iPhone came out, some people tried to live in denial. Some were lucky because their users had forgotten, so a few people made money selling through Apple's store. At the time, tiny PCs were viewed as novel where maybe all the inevitable economic rules wouldn't really be inevitable. But now everyone is getting reminders of how real life works, so if the application you want isn't Free Software, and if you didn't pay real money for it, then it is almost certainly spyware/malware.
Spyware/malware is what you should expect to find in a $0.99 app store. If it's not Free and it's not expensive, then it sucks.
Ask anyone who steps out out of a 2007 time capsule, and he might not know this, his eyes full of stars and his mind clouded by idealistic delusions. But ask the guy who stepped out of the 2006 time capsule, and he does remember it. Ask the newbie Linux user who migrated from one of the proprietary desktops, and he'll be amazed that you even asked something so blindingly obvious, right before he starts preaching to you.
Fortunately, we're on our way back to the 2006 software market, and we'll have 2011 hardware to run it on, when we get there. ;-)

--
"Believe me!" -- Donald Trump
Re:Big deal by cheeks5965 · 2011-04-29 05:00 · Score: 0

There was that article a while back about how the vast majority of apps send back user information
link?

--
-- Flame me and I will happily flame you back. Bring it!
Re:Big deal by Anonymous Coward · 2011-04-29 05:08 · Score: 1

No, but I can blame Android for not even giving me the choice of formatting an sdcard to a real filesystem, or even letting me format it myself and insert it into my phone. It rejects anyting that isn't fat32, and that is Android's fault.
Re:Big deal by slapout · 2011-04-29 06:03 · Score: 1

I can understand being given the choice. But I can also understand them not wanting a situation where a customer gets upset because they can't take the card from their phone and plug it into their Windows machine and access their files.

--
Coder's Stone: The programming language quick ref for iPad
Re:Big deal by gfxguy · 2011-04-29 06:21 · Score: 1

Really? I didn't know that... many applications ask for permission to write to the SD card, so I assumed that ones that don't can't.

--
Stupid sexy Flanders.
Re:Big deal by jedidiah · 2011-04-29 06:39 · Score: 1

...the real problem here being the fact that those that run "app stores" are jack*ss control freaks and they set up their terms of service specifically to keep Free Software out.
So you immediately lose the software do-gooder crowd that might provide software for free without it being some scam.
What you are left with are varying degrees of amoral scum.

--
A Pirate and a Puritan look the same on a balance sheet.
Re:Big deal by Kuukai · 2011-04-29 06:43 · Score: 1

I honestly wasn't aware of that because I haven't tried yet. What restrictions are at play in Google's marketplace?

--
Sendou Wave Kick!!
Re:Big deal by Anonymous Coward · 2011-04-29 07:16 · Score: 0

Sure. Go on the market and install "Text Edit" by Paul Mach. Before you install it, hit menu and go to permissions. Market will say it requires none.
Now install it, go back home, then Menu->Settings->Applications->Manage and then click on "Text Edit"
Scroll to the bottom and look at the permissions. "modify/delete SD card contents" and "read phone state and identity" are active for this app. They are active for all apps, even if they don't ask for it.
So you give an app internet access, and you have given it permission to upload your phone number, serial number for your phone, and your entire picture collection and god knows what else, to some sleazy server god knows where.
I very rarely give apps access to use the internet. I don't care if it needs it "just for ads". I don't feel safe, and for good reason.
Re:Big deal by h4rr4r · 2011-04-29 07:16 · Score: 1

The only one I can find is the entry fee. There is lots of GPL software available in the market.
Re:Big deal by mlts · 2011-04-29 07:45 · Score: 1

Even if it had to be turned on by some obscure switch, I would love to have a "real" filesystem on the SD card.
Even better: Put a LUKS layer down, and ask for the encryption key when the device boots (perhaps with the option of having a keyfile that can be backed up). This way, if someone steals the phone, a remote kill of just the OS would render the SD card inaccessible.
Heck, for more firepower, have a service that can back up the SD card to Dropbox, encrypting all data with a typed in passphrase or keyfile. This way, assuming the user remembers his/her passphrase and has a safe backup of the keyfile, the device can completely restore itself from remote, with zero data stored on the remote site that isn't encrypted.

Shazam! This makes me one Angry Bird! by Maxo-Texas · 2011-04-29 03:47 · Score: 2

I'm just a Cube Runner and I don't have a degree in Physics but I don't want some stranger to Take Me to My Car by reading my location file.

Yelp! I'm going to have Words with Friends and dance the Fandango if they have been sharing my information. I may use Device Locater but I don't want others to. Siri ously. They can build their own Empire and Tunein to their own location data but not mine!

--
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.

Perspective by Anonymous Coward · 2011-04-29 03:48 · Score: 0

I'm too young to remember, but surely data breaches with computers, when they were new, were met with the same reaction? Smartphones came to the forefront less than five years ago. I'm personally pretty surprised this issue didn't arise sooner.

How about this? by killmenow · 2011-04-29 03:48 · Score: 2

"If you're developing apps that use customers' mobile data..."

How about not writing mobile apps that store user's data?

Very few apps need to store user data. Companies aren't using the data because the apps need it. Their ad stream needs it. Which reminds me: if you're not paying for a product/service (google, facebook, slashdot, reddit, etc.) you're not the customer...you're the product.

Re:How about this? by h4rr4r · 2011-04-29 04:39 · Score: 1

Which reminds me: if you're not paying for a product/service (google, facebook, slashdot, reddit, etc.) you're not the customer...you're the product.
So who exactly is the customer of Debian? Wine? XFCE? LibreOffice?
That wide brush might be useful for painting a house, but what you are trying to do now requires a little more detail work.
Re:How about this? by Draek · 2011-04-29 07:09 · Score: 1

But even if you are paying for a product/service (cable TV, movies, portable devices with 'exclusive' stores, etc) you may still be the product rather than the customer, it just may be harder to realize at first.

--
No problem is insoluble in all conceivable circumstances.

Subsidized by privacy invasions by TaoPhoenix · 2011-04-29 03:49 · Score: 1

Old & Busted: Shareware
New Hotness: Low Orbit Privacy Cannons

Why are we simultaneously whining about threats to national security and purposely tricking users into leaking sensitive info?

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine

Re:Subsidized by privacy invasions by geekoid · 2011-04-29 03:54 · Score: 1

I don't know who the 'we' is you talk about. I do know that the Feds are taking this seriously and have a committee to study it. The first meeting is next week.

--
The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
Re:Subsidized by privacy invasions by Attila+Dimedici · 2011-04-29 04:01 · Score: 1

OOh, they have a committee to study it, now that's what I call taking it seriously. Will it be like Obama's blue ribbon panel to study the deficit? You know, the one whose suggestions he ignored? BTW, this is in no way unique to Obama, when some problem that politicians don't want to tackle becomes of concern to voters, they generally appoint a committee to "study it". Then when the committee releases their findings, the politicians will try to ignore them.

--
The truth is that all men having power ought to be mistrusted. James Madison
Re:Subsidized by privacy invasions by TaoPhoenix · 2011-04-29 04:06 · Score: 1

... In May 2011. Really.
It's WWII's Loose Lips Sink Ships problem, except this time we think the enemy is Terrorists.
These data sharing patterns were emerging some seven years ago, just after the trauma of the Dot Com Bust wore off.
For priorities, compare their response to privacy leaks by sneaky corps to their response to wikileaks when their own backyard was leaked. Will that meeting address the Sony disaster?

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine

I know /. is tracking me by ackthpt · 2011-04-29 03:53 · Score: 1

Why shouldn't everyone else?

--

A feeling of having made the same mistake before: Deja Foobar

Wrong Wrong Wrong by Anonymous Coward · 2011-04-29 03:53 · Score: 0

This article is just wrong. People will give up almost everything about them on FB to be able to plant a crop or raise a barn or do a hit on a rival gangster. Have you ever looked at some of the information the random apps capture(or have access to?). It’s the same practice but to turn on a flashlight or get a game that goes blip blip blip. Give them a toy for Free and they will open their lives to you in an instant.

Who is in control? by kent_eh · 2011-04-29 03:55 · Score: 1

Is it possible that people are discovering that life isn't all roses and sunshine inside the walled garden?

Perhaps people actually like to be able to have some amount of control over the things that bought and paid for?

I wasn't sure this day would ever come. I think I'll go and celebrate with a nice walk to a neighborhood restaurant.
Seriously, I'm pleased if this is really what is happening.

--

---
"I can't complain, but sometimes still do..." Joe Walsh

No they aren't (more concerned about privacy) by SuperKendall · 2011-04-29 03:56 · Score: 1, Insightful

When every week seems to bring another news story about a data breach resulting in the theft of customer data, customers are growing increasingly jealous of their privacy

Project much? As long as you aren't losing CC data, people are as unconcerned as they ever were. The rapid growth of Facebook is exhibit A, and enough to close that argument down.

Not that app makers should not strive to protect a users privacy anyway, but it's a very small (yet vocal) minority of people that are attempting to paint this as a Big Issue.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley

Firewall needed? by edxwelch · 2011-04-29 03:57 · Score: 1

Maybe if Apple and Google incorperated a firewall it would fix thing. Most apps don't need to connect to the internet, so the firewall would disable apps from connecting to internet on a case by case basis.

Re:Firewall needed? by Anonymous Coward · 2011-04-29 04:04 · Score: 0

Google does. Applications need to specifically be granted permissions to access data services.
Apple, on the other hand... well... let's just say that their phones explicitly send your location back to Apple as a method of building a map of wi-fi hotspots. And this feature isn't being removed in the next iOS update.
In fact, based on patents that surfaced thanks to the whole iPhone tracking debacle, it appears that Apple intends to track their users even more closely.
But at least that information will be sent off to the mothership and won't reside on the phone, so the sheeple are happy...
Re:Firewall needed? by traindirector · 2011-04-29 04:22 · Score: 1

Google does. Applications need to specifically be granted permissions to access data services.
Except you can't remove internet permission from something that requests it, even though that would be so simple it hurts . You know what I call that? Google fail.
Sure, it's better than Apple, but what kind of a bar is that? It is still far from good, and would be so simple to fix
Re:Firewall needed? by Cajun+Hell · 2011-04-29 04:45 · Score: 1

You don't just need a network firewall; with the modern mobile platforms you really need an API / IPC firewall. And it should come with optional honeypots too.

--
"Believe me!" -- Donald Trump
Re:Firewall needed? by h4rr4r · 2011-04-29 04:46 · Score: 1

You can, it just is not idiot easy. There are firewalls for android, and iptables is available as well.
Re:Firewall needed? by Anonymous Coward · 2011-04-29 04:46 · Score: 0

PLEASE copy Blackberry in this regard.
BB will let you set security for just about every aspect of the phone to different levels: "Deny/Prompt/Allow".
An app wants to use the camera? Prompt
An app wants to access contact list? Deny
An app wants access to [website]? Prompt
(etc)
The list is app-specific, so you could grant trusted applications more privileges.
This is the only thing keeping me on BB.
Letting developers dictate app security is a broken model. (see Windows)
Re:Firewall needed? by traindirector · 2011-04-29 04:57 · Score: 1

It requires a root-able, rooted device running a compatible kernel. Why should you have to turn to a bunch of guys you don't know on a forum somewhere to provide such a basic and important feature?
What does it say about the state of mobile security when it is rational to trust people on an android fan forum to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?
Re:Firewall needed? by h4rr4r · 2011-04-29 05:05 · Score: 1

You don't have to go trusing them. It is a linux kernel, compile your own.
You don't even need root to do that, just the ability to flash a kernel onto the device.
What does it say about the state of mobile security when it is rational to trust people on an android fan forum to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?
That it is exactly the same as the desktop?
Re:Firewall needed? by traindirector · 2011-04-29 05:20 · Score: 1

You don't have to go trusing them. It is a linux kernel, compile your own.
You don't even need root to do that, just the ability to flash a kernel onto the device.
You shouldn't need to void your warranty for this protection.

That it is exactly the same as the desktop?
I will give you that. Although it is much easier for an application to extract your personal information on a phone.
I can tell you would argue that we shouldn't expect more from companies, and I agree.
But shouldn't we demand it anyway, especially when it is possible and would be so easy for them to do?
Re:Firewall needed? by Anonymous Coward · 2011-04-29 05:31 · Score: 0

What does it say about the state of computer security when it is rational to trust individuals to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?
FYFY. It's an old question, and the answer people came up with was, "It says that personal computer tech is finally democratized. Big names have no extra weight."
Re:Firewall needed? by h4rr4r · 2011-04-29 06:03 · Score: 1

I completely agree with all your points. There are a couple options here to get what you want; Use "FREE" software, sunshine being the best disinfectant, or use regulations.
Otherwise it is foolish to expect any other outcome.

Re:Smartphone by TaoPhoenix · 2011-04-29 03:58 · Score: 1

Burn the Contract Break Fee and then do a prepaid plan.

The point of a Smart Phone is the features and the "boring" apps like the calculator, and the nicer rendering in Safari. I despised my dumbphone with a passion - I don't call anyone much.

"Apps" themselves are brilliant - people often only have 7 must-use features and don't need $80 programs to cruise through their day.

Also Apple made the entire industry wake up and pay attention to UI for once.

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine

cloudyness by solsang · 2011-04-29 03:59 · Score: 1

the biggest breach lately is by far the sony playstation, in the cloud the place with most personal data is now facebook, in the cloud the personal emails are in typically in the cloud documents and address books are going to the cloud fast while a phone may get stolen or lost, the big things are on the net an easy solution about mobile devices are to have the data be wiped when away from the user, and then just pull what is needed back when the user is close chrome laptop is one example of this, and new phones could be made the same way, could easily respond to an rfid chip in the clothes or purse

Sunshine solves all. by kurt555gs · 2011-04-29 04:02 · Score: 1

Makes a good point for GPL licensed software, now doesn't it?

--
* Carthago Delenda Est *

Re:Sunshine solves all. by The+Moof · 2011-04-29 05:04 · Score: 1

Nah. An open source app can collect just as much data as a closed source one. Average users won't do a code review (and, honestly, most tech savvy users won't either). Even with a code review, I'm sure that some programmers can get creative with the methods so they aren't so easily detected.

O SHUT THE FUCK UP !! by Anonymous Coward · 2011-04-29 04:05 · Score: 0

Who the fuck are you lecturing ?? Go to the fucking supermarket and 100x more is captured and stored on your doings. You are a fucking idiot is what you are !!

Android permissions by traindirector · 2011-04-29 04:07 · Score: 4, Insightful

Android already has a great permissions system by which an application is granted permission to access functions of the phone and the Internet connection on a fairly granular level.

However, even though they have already implemented this system that could allow the user to control what an application can do on her device, Google has chosen to restrict the end user from obtaining greater privacy and security by restricting an application's permissions. Through the user interface, one must either grant all permissions to an application or choose not to install the application--a single permissions cannot be removed.

There is a small argument to be made that this makes things easier for developers, but how hard is it to gracefully handle not having certain permissions? For many features like GPS and Internet connectivity, Android could simply respond as if they are turned off if permission is denied. Some members of the Android development team have tried to spin the lack of user permission settings as a benefit to the user with the argument that "if users can disable permissions arbitrarily, then developers will have no incentive to minimize the amount of permissions they declare their applications need, and the average user will be less secure". This is the only somewhat rational explanation I have gleaned from there responses, and while there might be a small bit of merit to that and certain developers might really believe that, I think on the whole it is misguided.

I believe Google's real goal is to make sure the user has no control over permissions, only a binary install / not install, because they're an advertising company with an interest in your data being sold. They continually ignore this permissions issue even though they have acknowledged it is among the top Android security complaints.

Re:Android permissions by tripleevenfall · 2011-04-29 04:19 · Score: 1

For what it's worth, Blackberry has a much more granular permissions system.
But it doesn't seem to base its revenue model on the same things.
Re:Android permissions by h4rr4r · 2011-04-29 04:26 · Score: 1

That and it has a terrible OS, horrible user interface and in general sucks.
Heck the OS is so bad they bought QNX, just so they could have an OS that did not suck.
As to their revenue model, I believe they base that on selling your private information to dictators and despots instead of advertisers.
Re:Android permissions by traindirector · 2011-04-29 04:30 · Score: 1

As to their revenue model, I believe they base that on selling your private information to dictators and despots instead of advertisers.
In that case it's not selling. It's simply the price of doing business in India, China, Pakistan, the U.S., etc.
Re:Android permissions by lonelytrail · 2011-04-29 04:40 · Score: 1

+1
It certainly seems I should be able to allow a few of the things they want to access, but not all, and do it at the OS level.
The developers will just have to level up their gracefulness to handle being disallowed.

To install or not to install is not the right (or only) question.

There must be a better way. One question is whether anyone who makes money off of this cares what is right or wrong and that includes Google. it's all about how much money they can make off us.
Re:Android permissions by Anonymous Coward · 2011-05-01 07:46 · Score: 0

Ha, so much more uninformed anger.

"Required" Apps and Permissions by Anonymous Coward · 2011-04-29 04:11 · Score: 0

I am one of those "very jealous" users of my privacy (as I am guessing many other Slashdot users are as well). One of my biggest concerns are apps like Facebook or the Twitter app on the Android phone which get full-blown access to your device - AND THERE'S NOTHING YOU CAN DO ABOUT IT. Short of rooting my phone and removing the apps (which, in and of itself presents another security issue), these apps are automatically installed, get full access, and cannot be removed.

I like the Android platform, but this is one thing in particular that I cannot stand.

Re:"Required" Apps and Permissions by h4rr4r · 2011-04-29 04:52 · Score: 1

Rooting does not present another issue if you do it correctly. Root the phone then flash the OS back on without the apps you do not want.
I would just recommend going right to CM7 if your phone is supported though.

Give the users control. by egburr · 2011-04-29 04:11 · Score: 1

How about the smartphone OS developers providing more granular control to the users to allow/restrict apps' access to specific functions?

--

Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.

Re:Give the users control. by tepples · 2011-04-29 04:41 · Score: 1

What would motivate an end user to learn how to operate such granular controls?
Re:Give the users control. by Anonymous Coward · 2011-04-29 09:36 · Score: 0

Cyanogen's on it!

People trush FF Plugins by rsilvergun · 2011-04-29 04:13 · Score: 1

and they trust the app store. You just need a trusted central authority reviewing everything. My Firefox Plugin has a binary component in it to make the MP3s, so every time I submit a new version it takes a week or two to show up on Mozilla's site, but the awesome thing is they review it for me so that my users don't worry I'm trying to pull a fast one.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/

Re:People trush FF Plugins by thePowerOfGrayskull · 2011-04-29 04:59 · Score: 1

I agree, but there's a difference of scale here; and add that there's no source code available to the reviewers for most apps. There is only so much that they can do when they have thousands of apps and updates to get through every day.

You have no choice if you want to use it by traindirector · 2011-04-29 04:15 · Score: 2

Lets be honest, there's no accountability on the part of mobile app developers. Before you download an Android app it asks for permission to use certain features, but the developers aren't required to say how they'll use those features, or what they'll do with it.

And what's worse is that despite having a fairly granular permissions system, the end user is totally denied any ability to selectively remove permissions. Want to remove Internet access from an application that doesn't need it? Tough luck--Google knows what's best for you.

And then they try to say they don't add this because 90% of users wouldn't use it. So? Bury it deep down in a menu somewhere that only people that really care will find it. The fact is it would be simple, but Google just doesn't want the user to have this power over her device.

See more from me on this below.

Re:You have no choice if you want to use it by h4rr4r · 2011-04-29 04:22 · Score: 1

All that would change is free apps would check if you gave it the permissions it wanted and if not tell you to enable them. I suspect paid apps would as well, many of those still sell data if they can.
Google is still an advertiser first and foremost. Microsoft nor Apple will pass up this "free" money either.
Re:You have no choice if you want to use it by traindirector · 2011-04-29 04:28 · Score: 1

All that would change is free apps would check if you gave it the permissions it wanted and if not tell you to enable them. I suspect paid apps would as well, many of those still sell data if they can.
If an app told me it needed a permission when I tried to use that permission, that would be a great improvement. Then I would have some more information on which to make the decision of whether to grant it.
If an app on start-up complained about every permission it didn't have with no explanation as to why it needed it, that would be great as well, as I would instantly know it's an app I don't want.
Re:You have no choice if you want to use it by BradleyUffner · 2011-04-29 04:57 · Score: 1

Lets be honest, there's no accountability on the part of mobile app developers. Before you download an Android app it asks for permission to use certain features, but the developers aren't required to say how they'll use those features, or what they'll do with it.
And what's worse is that despite having a fairly granular permissions system, the end user is totally denied any ability to selectively remove permissions. Want to remove Internet access from an application that doesn't need it? Tough luck--Google knows what's best for you.
And then they try to say they don't add this because 90% of users wouldn't use it. So? Bury it deep down in a menu somewhere that only people that really care will find it. The fact is it would be simple, but Google just doesn't want the user to have this power over her device.
See more from me on this below.
A decent improvement would be if the "full internet access" permission made the developer declare the addresses it wanted to access, and then only allowed access to those sites. It's not perfect, but it's better than what we have now.
I would love to be able to deny a permission to an application, but that would really break the free app model. Fixing that properly by letting the app see if the permission was denied at runtime would also fix that, but that would be a nightmare for backwards compatibility.
Re:You have no choice if you want to use it by Zan+Lynx · 2011-04-29 05:24 · Score: 2

Why would the app even know?
"I'd like a network socket please."
"Sorry, the user is not connected to the network."
"I'd like the Contact List please."
"Sure! Here it is, all 0 contacts."
"I'd like to send a text message."
"Ok! Message sent." (to /dev/null!)
These things could be done by custom ROMs and I'd be surprised if they're not already being done by somebody.
Re:You have no choice if you want to use it by h4rr4r · 2011-04-29 05:38 · Score: 1

Because then you refuse to run when you can't connect to the network, No contacts is also a dead give away. What you really need is to fake access to a very slow network connection, one that corrupts data too. Contact lists and stuff like that would need to also be fake not empty.
This would take lots of development on top of the standard, not sure any rom does this.
Re:You have no choice if you want to use it by nschubach · 2011-04-29 05:45 · Score: 1

Cyanogen is working on it or has a solution. I have not followed it as close as the main issue because Cyanogen is something very few have (relative to the core Android build) http://code.google.com/p/cyanogenmod/issues/detail?id=2814

--
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Re:You have no choice if you want to use it by Zebedeu · 2011-04-29 06:13 · Score: 1

Because then you refuse to run when you can't connect to the network
Yes, but then the user at least has the chance to get suspicious. "Why does this solitaire game require network so badly that it won't even let me play a game?"

What you really need is to fake access to a very slow network connection, one that corrupts data too
That would result in the same problem. The rogue app would simply fail if it couldn't communicate properly with its server.
For all solutions you can think off, there will be a check which will be possible to make from within the app.
I think the best way to do ensure security is to do it like old J2ME did it: every time an app needs to do something which is considered privileged, a message pops up to the user asking if he allows it, with a checkbox to allow it permanently for that app.
Of course that's not foolproof, but it'd go a long way towards securing your smartphone.
Re:You have no choice if you want to use it by h4rr4r · 2011-04-29 06:27 · Score: 1

Sure, but we want a check that fails based on probably real life scenarios not the user killed your permissions.
Re:You have no choice if you want to use it by Draek · 2011-04-29 06:59 · Score: 1

And then they try to say they don't add this because 90% of users wouldn't use it. So? Bury it deep down in a menu somewhere that only people that really care will find it. The fact is it would be simple, but Google just doesn't want the user to have this power over her device.
No, Google merely knows that people bitch much less when they can't do something on their device than when they can, but in a manner that's not entirely straightforward at first. Weirdly enough.
Compare and contrast OSX with Linux for a clear example.

--
No problem is insoluble in all conceivable circumstances.
Re:You have no choice if you want to use it by Anonymous Coward · 2011-04-29 07:08 · Score: 0

I suspect that selective permission removal is the main reason why most developers avoid Blackberrys. It's an equally capable platform as any other smartphone, but nobody makes apps for it. I mean, you can't make your app rely on ads (Internet permission you can simply turn off), etc. I think Google did this to strike a balance between users and developers. As a user, I would vote with my "feet" -- install a competing application and spread the news in the comments / social media.
P.S. Applications can do whatever it wants to with your information once it's gotten access to it (either by default-on, or no permissions at all so all get access to it). It's time-consuming and laborious work to reverse-engineer compiled code. This is why there isn't any enforcement for the developers to do with the provided permission. You literally have to trust them not to do the wrong thing with it... All platforms have had apps "with hidden functionality" make it on to there platform (save, it would seem, RIM)
Re:You have no choice if you want to use it by traindirector · 2011-04-29 07:25 · Score: 1

I suspect that selective permission removal is the main reason why most developers avoid Blackberrys. It's an equally capable platform as any other smartphone
Is it really? I haven't tried to develop for it, but something tells me that's not the case.

I mean, you can't make your app rely on ads (Internet permission you can simply turn off), etc.
Sure you can. You can include pre-selected ads in your APK. With updates, you can move them in and out of rotation. What you can't do it collect, exploit, and sell users' personal information. This isn't about advertising in any traditional sense--it's about selling knowledge of you and your activities, which is quite different.

I think Google did this to strike a balance between users and developers.
Maybe that's how they see it, but there is no balance here. Giving all the power to the developer and none to the user is by no accurate description a balance.

ETF included or not? by tepples · 2011-04-29 04:19 · Score: 1

the amount of currency I paid the carrier to give me the phone in the first place.

That would be $200 to start the contract and $350 to terminate it early. Are you including the ETF in the effective price of the phone or not?

Re:ETF included or not? by tripleevenfall · 2011-04-29 06:36 · Score: 1

I didn't terminate it early. I switched to a dumbphone. Removing the data plan does not void the contract.

Not only privacy by wcrowe · 2011-04-29 04:20 · Score: 1

Not only is privacy an issue, there is the fact that the app may be nonexistent when you go to use it.

--
Proverbs 21:19

Which U.S. prepaid smartphone carrier? by tepples · 2011-04-29 04:21 · Score: 1

Burn the Contract Break Fee and then do a prepaid plan.

Which U.S. prepaid smartphone carrier do you recommend? I looked at Verizon's prepaid plans, and some of them were more expensive than contract plans. Is the Samsung Intercept on Virgin Mobile USA any good?

Re:Which U.S. prepaid smartphone carrier? by LoganDzwon · 2011-04-29 05:42 · Score: 1

my AT&T plan sans data and txt is $33/month. If I switched phones to a non-iphone it would still be $33/month + txt
Re:Which U.S. prepaid smartphone carrier? by nabsltd · 2011-04-29 05:46 · Score: 1

I looked at Verizon's prepaid plans, and some of them were more expensive than contract plans.
You cannot get an unlimited data plan with any of Verizon's "pay for what you use" prepaid plans. Since you must have a unlimited data plan for any smart phone (if you want data at all), you effectively can't have a smart phone on a true prepaid plan on Verizon.
The "prepay for a month of up to X minutes" plans are really just like the contract plans without the contract, so you can get unlimited data with those. Even if they are less money, you'd have to pay about $350 more for the smart phone without a contract, so they'd better save you at least $15/month over a contract.
Re:Which U.S. prepaid smartphone carrier? by gfxguy · 2011-04-29 06:15 · Score: 1

My Virgin Mobile plan is $25/month for unlimited data and text messages, and 300 minutes call time (you can pay more to get more call time, but I don't talk on the phone for more than a couple of hours a month).
I have the LG Optimus V.

--
Stupid sexy Flanders.
Re:Which U.S. prepaid smartphone carrier? by TaoPhoenix · 2011-04-29 06:48 · Score: 1

AT&T GoPhone.
You even get a free Meatloaf Commercial to watch!
http://www.youtube.com/watch?v=o5YMVO7-8ns
I'm not sure about the terms ("unlimited talk and text") in the ad mean, but I just paid for $100 in minutes. The point of the $100 pack is that they have the longest expiration (I want to say a year but I forget.)
The point was that since it was an iPhone and I was already on AT&T anyway, I just gambled that the fewest hassles would be staying in carrier. The "store" rep at the mall warned that weird things might happen with this semi-unsupported move, but it took, and here I am.
The real point is if you have type of call known to be really long, like family, you offload that onto something else. (I did mine on a Magic Jack on a sandboxed laptop.) Then those minutes can last you some three months, and you save some $800 per year because you do your "net stuff" in a wi-fi zone.

--
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Re:Which U.S. prepaid smartphone carrier? by Anonymous Coward · 2011-04-29 17:57 · Score: 0

virgin mobile. $150 bucks for a med/low end Android (Samsung Optimus V)
the $25 a month (no contract) for 300 minutes talk, unlimited messages, unlimited data
(plus trivial to enable wifi hotspot - no rooting, just an app to expose the setting
to turn it on/off

Well, let's see a device that can.... by gestalt_n_pepper · 2011-04-29 04:24 · Score: 1

1) Report your location
2) Perform any financial transaction
3) Scan UPC and other computer codes
4) Has a camera, sometimes front and back
5) Can pick up sound and conversation

and... (Drumroll please) report all this back to a central authority anonymously. The ghost of Stalin must be green with envy. And the best thing is, the people actually pay for this themselves!

What next, a site that compiles all personal information of all suspected subversives, er, "friends" and the people those "friends" are connected to?

No, wait...

--
Please do not read this sig. Thank you.

Re:Well, let's see a device that can.... by Desler · 2011-04-29 04:54 · Score: 1

4) Has a camera, sometimes front and back
Oh noes, not A CAMERA!!!! Except for your first one, which happens even with a dumbphone as cell towers will log your location, all of the other things are optional features that you don't have to use if you don't want to. You can choose to use those features or not. It's not as if someone is forcing you to do so.
Re:Well, let's see a device that can.... by nschubach · 2011-04-29 06:01 · Score: 2

5) Can pick up sound and conversation
Except for your first one, which happens even with a dumbphone as cell towers will log your location, all of the other things are optional features that you don't have to use if you don't want to.
http://www.zdnet.com/news/fbi-taps-cell-phone-mic-as-eavesdropping-tool/150467
How do I not use that feature?

--
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.

Open Mobile Platform by Anonymous Coward · 2011-04-29 04:30 · Score: 0

Could someone please build an open mobile platform? I know, I know, you say the US federal gov. won't let us because they want to spy domestically. I'd just really love a mobile device that ran linux, and was mine. That is to say, not some jack-off phone with a protected boot loader and onboard encryption chip which the manufacturer claims is for my protection. We all know that drill, you want control. And not Android which I'm rapidly growing weary of. I'm tired of the screen ... "This app wants to sift through your bank account, tax returns and your wife's panty drawer. Would you like to allow this? Please select: ."

Re:Open Mobile Platform by Desler · 2011-04-29 04:55 · Score: 1

Been there, done that. It was called OpenMoko and it went down in flames due to lack of consumer interest.

Near PC != near Internet by tepples · 2011-04-29 04:30 · Score: 1

and the fact that most of the time I'm near PCs anyway

When I'm on the bus to or from work, I'm near a PC (my laptop), but this PC doesn't have Internet access. Some people subscribe to mobile broadband for exactly this use case.

AT&T-Mobile by tepples · 2011-04-29 04:32 · Score: 1

T-mobile

I don't want to rely on a plan that AT&T will more likely than not cease to offer once it completes its acquisition of T-Mobile USA.

Re:AT&T-Mobile by h4rr4r · 2011-04-29 04:35 · Score: 1

I totally agree, I just wanted to answer your question.
I would rather stick with verizon at this point than risk that T-mobile will become AT&T. I would really consider moving to a regional carrier rather than AT&T if it came down to it.

There are three stores on my Archos 43 by tepples · 2011-04-29 04:36 · Score: 1

in many cases this software exists and is free, it's just not ported

How easy would it be to port a substantial application from Windows to Android? As I understand it, a lot of the toolkits on which an application relies might themselves not be ported.

or in the store

There are three stores on my Archos 43 Internet Tablet: AppsLib, which came with it; Android Market, which I installed with ArcTools; and Amazon Appstore, which I installed by downloading its .apk. The stores have different criteria for inclusion and different overheads on each developer's part. Which store are you referring to?

Re:There are three stores on my Archos 43 by h4rr4r · 2011-04-29 04:49 · Score: 1

He surely means from linux to android. From windows to android would be such a huge changes as to practically be a total rewrite of all but the most basic applications. Even from linux to android it will at the very least have to be ported to java or invoked with java and use the NDK.
Re:There are three stores on my Archos 43 by Kuukai · 2011-04-29 05:06 · Score: 1

Additionally there are Android apps (for instance OpenWNN, which handles the Japanese input I mentioned), that already exist, that are free, and are included with some distributions but not available on the Market as anything but "enhanced" bloatware. Yes when I have some time I'll be happy to distribute it myself (I already said "do it yourself" is an option), my point is that this hasn't been done, instead there are multiple repackagings.

--
Sendou Wave Kick!!

Which real Linux file system for Windows? by tepples · 2011-04-29 04:38 · Score: 1

This is all caused by the fact that android uses fat32 for the sdcard instead of a real linux filesystem.

Which in turn is caused by the fact that Windows out of the box is incapable of mounting "a real linux filesystem" on the USB flash drive that an Android device emulates.

On what basis? by thePowerOfGrayskull · 2011-04-29 04:56 · Score: 1

On what basis does he think that consumers are starting to care more about privacy? A few comments on some apps?

In reality... the awareness simply isn't there. The all-or-nothing approach taken by Android doesn't help much: because you have to grant every requested permission or deny the app entirely, android installer is simply another form of windows UAC: it encourages people to click 'yes' without considering the consequences. You might have some vocal minority speaking out against excessive permissions requests, but most are just going to click through so they can get to play with their dancing bunnies, flying farm animals, or whatever else catches their fancy.

Unfortunately, the piecemeal approach taken by RIM isn't much better: consumers can get prompt for almost every specific permission the application requires -- but there's really little detailed explanation of how those permissions might get used.

Ideally we'd see RIM's fine-grained permissions combined with Android's detailed explanations -- and still get the same result of automatically allowing ;)

Until users get burned by privacy issues, they're not going to pay attention to them.

Privacy is a personal responsibility first by Mad+Leper · 2011-04-29 04:59 · Score: 1

Consumers should first be made more aware of their own culpability in privacy violations. Many mobile users compulsively send out their personal information through multiple Social Media apps without any care as to who might be on the receiving end.

And any policies or controls that may be placed on mobile devices to protect these people from themselves will inevitability be disabled and circumvented if it in any way inconveniences them from getting their Twitters or Foursquare updates out to the public.

Like... Google itself? by joh · 2011-04-29 05:03 · Score: 1

Since I learned that AdMob sends my location data tagged with the Unique Device ID of my phone to Google, I'm very much wondering if even Google has actually realized that there may be problems with that approach. WP7 sends the very same data that the iPhone saves into its local database right home to Microsoft, also with the Unique Device ID.

It's not just the apps, really.

Is there an app to manage permissions? by Anonymous Coward · 2011-04-29 05:32 · Score: 1

Has anyone written an app for android that let's the user set permissions?

Right now I'm using the app Droidwall (free and excellent) to firewall all apps except for the handful that I want to be able to phone's data/wi-fi connection - such as FireFox. This is obviously not the same as permissions management, but it's better than nothing. Any other suggestions?

Cyanogenmod 7.1 by traindirector · 2011-04-29 05:41 · Score: 2

These things could be done by custom ROMs and I'd be surprised if they're not already being done by somebody.

It's not in any ROMs yet, but a patch is being considered for inclusion in Cyanogenmod 7.1 [javascript required]. Here's the related issue thread.

It will be great if this is included in custom ROMs, but I strongly feel one shouldn't need to void the device warranty for this simple, important, easy-to-implement feature. Google has no (good) reason for failing to include this in AOSP, and this is becoming more apparent by the day.

Re:Cyanogenmod 7.1 by h4rr4r · 2011-04-29 05:48 · Score: 1

Yes they do have a good (for them) reason. Google is an advertiser, this will hurt them.
What we really need is a law stating that this does not void the warranty. A Moss Magnuson act for phones.

Permission Blocker by traindirector · 2011-04-29 05:55 · Score: 1

Has anyone written an app for android that let's the user set permissions?

One exists: Permission Blocker. Though it likely still has bugs and there hasn't been an update from the developer for a while.

I've tried it personally, and it works as described, although it doesn't seem to read packages XML perfectly (it failed to list the permissions for Firefox, though all other applications on the test device listed their permissions, which could be disabled). It requires root access and a reboot after each change. Denying some permissions forces applications to Force Close because they don't know how to deal with the denial from Android.

The Cyanogenmod team is taking the more complicated and functional route of providing acceptable responses applications will accept for denied permissions. A patch has been submitted [javascript required] that might be included in Cyanogenmod 7.1. Looks like there was a lot of activity just three days ago.

Miami call girls by Anonymous Coward · 2011-04-29 06:13 · Score: 0

Miami call girls
Animal House is Miami's premier Escort Agency. Our Miami Escorts are ready to show you a great time! Our Miami escort agency offers the customer an option for an hour visit, or a full day's visit to enjoy all that South Florida has to offer. Start your day off right with a breakfast at one of our well known restaurants like the Courtyard Grill, or Big Pink and then head for South Beach. http://www.animalhouseescorts.com/

You need to develop a policy... by countertrolling · 2011-04-29 06:22 · Score: 1

*UGH*! such naivete...

Networked devices are insecure, and those insecurities will be exploited. That's all that needs to be said. Everything else is pure bullshit..

--
For justice, we must go to Don Corleone

Re:Shazam! This makes me one Angry Bird! by Anonymous Coward · 2011-04-29 06:32 · Score: 0

I hope you are killed soon. Dismemberment might not be enough. Maybe a thousand papercuts so you can bleed out, and shortly before you expire, then dismembered with a chainsaw.

Free has no Credit Card Number by Kamiza+Ikioi · 2011-04-29 06:46 · Score: 1

People paid for the Playstation Network. They walked into a store and paid a LOT more than $50 for a box. I don't hear any of them lauding the uber awesome privacy of pay-vs-free.

Free doesn't include your credit card number. How's that for privacy?

--
I8-D

Sigh. Citation please. by gilgongo · 2011-04-29 07:17 · Score: 1

TFA has no evidence what-so-evar to back up its claim that people don't trust mobile apps any more or less than they do any other type of app (hell, even freakin' MS Office asks if you want to supply "anonymous data" to Redmond). Well, unless they're saying that "prominent lawmakers" == consumers.

This is just some random journo opinion. You'd have thought it would have maybe fired up Surveymonkey or something for some attempt at a citation.

--
"And the meaning of words; when they cease to function; when will it start worrying you?"

Traditional advertising vs. what is happening now by traindirector · 2011-04-29 07:47 · Score: 1

In fairness, every ad supported app requires network access for downloading apps [ads?]. If you take that away, we as consumers like it as it's a quick and dirty ad blocker, but the advertisers and ad-supported app developers would get the short end of that particular stick.

Or we could, you know, go back to a traditional thing called advertising, and the developer could include some ads in the APKs that don't require internet access. As opposed to what's going on now, or in other words "compile lots of your personal information and activities in a database in order to profile you and sell the data and results to the highest bidder". There's quite a difference, but I think the common person sees the ad as an annoyance rather than the privacy minefield being planted behind it.

And it's an endless path that just pushes itself onward, too. The personal demographic-targeted ads devalue the traditional ads. The geo-targeted demographic-targeted ads devalue the plain targeted ads. The geo-domestic-targeted ads that analyze and report your network of friends and contacts push the value of others further toward 0. And so on.

There's a limit to what the "value" of an ad can be, and as we develop new ways to make them more personally invasive, we only create a little more "value"--what we mostly do is render the traditional ads worthless, in such a way that they are no longer profitable enough to support anything.

Who cares? by david_thornley · 2011-04-29 08:05 · Score: 1

Yes, some people have filed a class action suit against Apple, and a few Senators have been asking questions. That may put people off for now.

Wait six months, and see if there's any remaining distrust in the general population. Once the media has been quiet about the issue for two weeks (and /. is not media in this sense), people will stop forgetting about the fuss. It's all rather abstract, and most people aren't good at foregoing convenience for abstract reasons. Other people will think it's been dealt with (and Apple is updating iOS so it doesn't retain location information like that, so there's some truth to that).

We're talking about people who don't understand the issues and the technology. People who fall for "click on this" or "install this toolbar" offers all the time. Why do you think they'll care about this as much as industry analysts do?

--
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes

I Don't Like Mobile Apps... by rshol · 2011-04-29 08:52 · Score: 1

...because I can't block the ads in them like I can in my browser (Mercury Browser on iPhone).

Re:I Don't Like Mobile Apps... by spliffington · 2011-04-29 11:39 · Score: 1

If your phone is jailbroken SBadblock will block ads across all applications... Sadly you don't have very much GUI control over the "host" file. But you can edit it via terminal. Just a couple jailbroken exculsives are savvy it and will not run an app unless it's disabled. It only takes two clicks to toggle it and these apps a 1/100.

Ahem! by assertation · 2011-04-29 09:50 · Score: 1

You need to develop a policy that places secure, ethical, and appropriate handling of user data at the core of your application development process.

Before you go ahead and violate it anyway...

Web based APPS by rajji · 2011-04-29 10:36 · Score: 1

I also don't any application as they may be sending my phone data to any third party server just like APPLE/ANDROID. I always like web based application which can be access from any phone or PC. Even you loose your phone but your data is maintain at the server. Currently, I'm already using such a web based application http://fonet.mobi/ which has lots of feature like sign sing-on to linkedIn, google Buzz, facebook, twitter etc, maintain your contacts, mini blog, bookmarks, rss feeds etc etc...I can't describe all the features .. its worth to check it out. They may not have very nice interface like iphone but its works very well on many phone.

It's people like you that screw it up for.... by sgt_doom · 2011-04-29 11:14 · Score: 1

....those Linden LaRouche types, always hanging around the downtown street corners, waiting for those rubes who either take them seriously or believe they are actually a political party (matching campaign financing funds scam -- when you check of funds for presidential campaigns on the tax forms, because the LaRouche party qualifies as a political party they receive at least $30 million every four years).

Then there's the "Save the Children" bunch (ever check out their directors????? 'nuff said on that one). And how about the Red Cross, structured as a global money laundering operation (how many pennies per ever one thousand donated are actually used???) and what can you say when their director meets several times a year with Henry Kissinger, Richard Perle and David Rockefeller???? (Not my kind of people, that's for sure!)

Microsoft ENTIRE app & dev suite vs Linux by Anonymous Coward · 2011-04-29 11:57 · Score: 0

Microsoft's DOWN TO 5 UNPATCHED SEC. VULNS IN THE ENTIRE MS PRODUCT LINE YOU USE TO DO BUSINESS ONLINE: (& 3.5x less unpatched security vulnerabilities than Linux has, no less, in its "latest/greatest", albeit KERNEL ONLY (makes a difference, read on)):

---

Vulnerability Report: Microsoft Office 2010: (04/29/2011)

http://secunia.com/advisories/product/30529/?task=advisories

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft SQL Server 2008: (04/29/2011)

http://secunia.com/advisories/product/21744/

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (04/29/2011)

http://secunia.com/advisories/product/17543/

Unpatched 0% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft Exchange Server 2010: (04/29/2011)

http://secunia.com/advisories/product/28234/

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft SharePoint Server 2010: (04/29/2011)

http://secunia.com/advisories/product/29809/

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft Internet Explorer 9.x: (04/29/2011)

http://secunia.com/advisories/product/34591/

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft Visual Studio 2010: (04/29/2011)

http://secunia.com/advisories/product/30853/?task=advisories

Unpatched 17% (0 of 6 Secunia advisories)

---

Vulnerability Report: Microsoft DirectX 10.x:
(04/29/2011)

http://secunia.com/advisories/product/16896/

Unpatched 0% (0 of 3 Secunia advisories)

---

Vulnerability Report: Microsoft .NET Framework 4.x
(04/29/2011)

http://secunia.com/advisories/product/29592/

Unpatched 0% (0 of 3 Secunia advisories)

---

Vulnerability Report: Microsoft Silverlight 4.x: (04/29/2011)

http://secunia.com/advisories/product/28947/

Unpatched 0% (0 of 0 Secunia advisories)

---

Vulnerability Report: Microsoft XML Core Services (MSXML) 6.x:(04/29/2011)

http://secunia.com/advisories/product/6473/

Unpatched 0% (0 of 4 Secunia advisories)

---

Vulnerability Report: Microsoft Windows 7: (04/29/2011)

http://secunia.com/advisories/product/27467/?task=advisories

Unpatched 8% (5 of 59 Secunia advisories)

AND, of those 5 vulnerabilities, yes... 2 are still "remote". HOWEVER, they have EASY work-arounds (basic "don't be stupid" stuff everyone OUGHT to practice & be aware of).

They can be avoided by not just downloading & running "anything" etc. (being utterly stupid in other words, or just ignorant (which in the case of a child, I could excuse (not an adult)).

I.E.-> "NO PROBLEMO!"

&

3.5x LESS THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE (toss on the rest of what goes into a Linux distro? That # goes "up, Up, UP & AWAY...", bigime, "increasing that lead, that Linux has", lol, in more unpatched known sec

Can this be improved with an Android mod? by Anonymous Coward · 2011-04-29 19:59 · Score: 0

So if Google won't help us solve our issues with the lack of fine-grained permissions, why not take it into our own hands?

Has anybody written a mod for a (rooted) Android phone that will
- allow the user to install apps that require "full internet access," but ensure that those apps get no real access outside certain URLs (and log access for accountability)
- allow the user to install apps that require GPS, but ensure that those apps receive no real GPS data
- allow the user to install apps that require SD card access, but ensure that those apps have no access outside a certain sandbox directory
- cameras etc etc etc

Toss on 2 more MS "enterprise class" apps by Anonymous Coward · 2011-04-30 00:11 · Score: 0

Just for "good measure" (both ZERO/0 unpatched KNOWN security vulnerabilities also):

---

Vulnerability Report: Microsoft Forefront Endpoint Protection 2010: (04/29/2011)

http://secunia.com/advisories/product/34343/

Unpatched 0% (0 of 1 Secunia advisories)

---

Vulnerability Report: Microsoft Virtual PC 2007:

http://secunia.com/advisories/product/14315/

Unpatched 0% (0 of 1 Secunia advisories)

---

Nuff said, in addition to my 1st post here -> http://mobile.slashdot.org/comments.pl?sid=2114448&cid=35981128

APK

Re:Traditional advertising vs. what is happening n by Voyager529 · 2011-04-30 05:31 · Score: 1

You're arguing two points. An ad that tracks user data beyond the intent of the app (e.g. Google Nav needs to know where I am as a core component of its functionality, as does FourSquare [not that I use it]) is a bad thing. Traditional ads are a good thing, as is keeping them relevant. No sense in advertising a movie that's no longer in theaters, or rolling out new apps just for the sake up updating the ad packages, or making the APKs triple the size for the sake of bundling ads. Streaming ads from an ad server is an acceptable practice for a program that is free.

I agree with the fact that devaluing traditional ads is a bad thing, as is the extremely targeted ads that seem to be the growing trend. My point is more that network access to pull generic ads or coarsely targeted ads (i.e. a free SSH client advertising Rackspace or Kace given the inherent demographic that would download an SSH client in the first place) is acceptable to me. Making it possible for those devs to lose their revenue like this is not, but neither is the scenario you paint.

Slashdot Mirror

Why Users Don't Trust Mobile Apps

153 comments