More Than 25% of Android Apps Know Too Much About You

CowboyRobot writes "A pair of reports by Juniper and Bit9 confirm the suspicion that many apps are spying on users. '26 percent of Android apps in Google Play can access personal data, such as contacts and email, and 42 percent, GPS location data... 31 percent of the apps access phone calls or phone numbers, and 9 percent employ permissions that could cost the user money, such as incurring premium SMS text message charges... nearly 7 percent of free apps can access address books, 2.6 percent, can send text messages without the user knowing, 6.4 percent can make calls, and 5.5 percent have access to the device's camera.' The main issue seems to be with poor development practices. Only in a minority of cases is there malicious intent. The Juniper report and the Bit9 report are both available online."

Know too much?

Or know too little?

Oh wait, that's the users and designers.

Re:Know too much?

It's alright, anyone paranoid enough about android security threats should really be more worried about finding the wireless hidden cameras installed all around them. If you've stayed at a hotel, odds are good someone's seen you nude.

Re:Know too much?

[Applekid]

If you've stayed at a hotel, odds are good someone's seen you nude.

In that case, I'm glad I'm ugly as sin, and hope I've blinded them. :)

Re:Know too much?

Lookin' in my windows? Joke's on you, mothrafoka!

Re:Know too much?

[camperdave]

If you've stayed at a hotel, odds are good someone's seen you nude.

If they've seen me nude... well, I hope they're quick to pick up braille. Of course, the mental trauma alone would be devastating.

Re:Know too much?

[Beardo+the+Bearded]

I actually pose a navigation hazard with my shirt off.

I went to Belize in August, and while I wasn't the only Caucasian there, when they said "they white guy" I knew who they meant.

If only!

[Joehonkie]

If only there were some way for me to tell which permissions an app will use when I install it!

Re:If only!

If only there were some way to know what permissions the app really needed to do its job!

If only you didn't have to slog through 15 different flashlight apps before you find one that doesn't want access to your address book!

Re:If only!

[PoopManners]

It's a problem with Android, basically. Poop.

Re:If only!

[rvw]

If only there were some way for me to tell which permissions an app will use when I install it!

I've created one Hello World app, just to see how it works. I've followed directions, didn't do anything to snoop around. The result is that it needs Phone ID somehow. I suspect that many app programmers do nothing to snoop around, but automatically request more permissions than actually needed, probably because the programming IDE does this automatically.

Re:If only!

[TheRaven64]

Okay, so if I'm looking for an app, how do I search Google Play saying I want to find one that doesn't require the permission to access my address book or the contents of my SD card? You get shown the permissions right before you download an app, but you don't ever get told why an application needs these permissions.

Re:If only!

[h4rr4r]

You don't. Torch, Done.

What Google should do is let me search for apps by permissions. I also wish they would let me never see a freemium app again. I have zero interest in them.

Re:If only!

Disagree. It's a problem with humanity. Android does a good job of warning you that your flashlight app will send your contact list to the universe.

Re:If only!

[h4rr4r]

Actually a lot of decent apps have a why in the description of the app.

If it does not seem like it should need it and they fail to explain it don't install it.

Still better than on the PC, where any application can read any of your files.

Re:If only!

[tepples]

In what way do you find the permission issue better with any specific mobile operating system other than Android?

Re:If only!

[Scutter]

If only there were some way to selectively allow or deny permissions to an app instead of the all-or-nothing approach currently employed.

Re:If only!

[agentgonzo]

Given Android will now (I think - I've got an iPhone so can't be sure.... ssshhhhhhhh! Don't tell anyone) tell you what permissions the app will access, why isn't there the ability to just configure android to refuse to pass those details on to the app at the OS level?

I know I'm going into dangerous territory here by praising Facebook for their security (ssshhhhh!!!!) but when you add 'apps' to facebook, it will tell you what it is wanting to access but facebook gives you the ability to deny access to this information from the app. I would have thought it shouldn't be too hard for android to do this at the API level (and just return null or 'denied' or something) so that you can still pick which flashlight app you want to use, but tell the OS not to pass your address book onto it even if the app wants your details

Re:If only!

[berj]

On iOS I can choose *after* installation to allow or disallow certain activities.

So.. for example.. I can allow an application access to my calendar but not to my contacts or photos.

If a GPS application wants access to my contacts and location I can let it.. but if it asks for access to my photos and bluetooth sharing I can disallow it.

It's quite nice, actually.

Android is a "take it or leave it" system. Which I suppose is great for the app developers.. but not so much for users.

Re:If only!

[jareth-0205]

I've created one Hello World app, just to see how it works. I've followed directions, didn't do anything to snoop around. The result is that it needs Phone ID somehow. I suspect that many app programmers do nothing to snoop around, but automatically request more permissions than actually needed, probably because the programming IDE does this automatically.

Can you not just use the ANDROID_ID which doesn't require any permissions?

Re:If only!

[e065c8515d206cb0e190]

Still better than on the PC, where any application can read any of your files.

Maybe you should blame it on your OS.

Re:If only!

[TheGratefulNet]

permissions are vague. I can't know what the hell they plan to do!

what I'd want is a watcher that gives pop-ups or some notification and STOPS THE APP until I let it thru. very very fine grained permit/deny and also a lot of all info that is captured and sent.

until the apps are more transparent (they are anything but, now!) I refuse to run most android 'store' apps or anything else.

the whole market is fucked up; the protection model is bullshit and there's no audit ability for users to feel confident that this or that app is not doing funny shit behind the owner's back.

the permissions model is quite stupid by design. another google design failure, designed by engineers and not designed FOR users who are non-tech and simply want to know what the app is DOING.

there also isn't a standard default firewall on unrooted android. again, I have no trust in android when I have to go around it and root it just to have a firewall and user filters or ACL's.

the whole model needs a serious rewrite. not saying the apple model is any better, but android is quite immature in how it DOES NOT protect the user or give them any real info to go on. the only thing you have now is 'trust us' and, well, I just don't!

vista annoyed users with the popups but I do think that some level of that is needed, here. WHEN an app tries to do things that fit some trigger, show me! show me what and when and where. keep logs of it. let me query the logs and study how good or bad this app is. let me run it in 'hobble mode' so that it, by default, does not get access to anything. let me trust it over time and relax restrictions as it gets my trust.

the whole model is all wrong. sorry, but it seems no one was thinking of the users, here. and users are getting screwed by not having true visibility into the (often) evils that 'flashlight apps' do.

Re:If only!

[h4rr4r]

How are they vague? They have plain english descriptions.
Torch:
Hardware controls: Take pictures and videos
System Tools: prevent phone from sleeping.

If you can't read plain english you don't need a smartphone. A user who can't do that will just OK anything it ever asks for watcher or not.

Why do you need a firewall if you don't leave ports open willy nilly?

Re:If only!

[h4rr4r]

There are aftermarket ROMs that do that. CM is one.

There are tools that actually do one better, they let you give apps fake data. Let that stupid game have a GPS, one that shows you out in the Atlantic.

Re:If only!

> what I'd want is a watcher that gives pop-ups or some notification and STOPS THE APP until I let it thru. very very fine grained permit/deny and also a lot of all info that is captured and sent.

That only works for the tiniest subset of users. Most users would simply learn to click on absolutely any pop up and confirm. Dancing pigs problem, blah blah blah. Security cannot depend on an informed user when in fact most users are uninformed and technically ignorant. Not that there's anything wrong with being uninformed and technically ignorant, it's a fucking phone that people try to use to get tasks done.

Re:If only!

[Simon+Brooke]

If only you were able to selectively revoke permissions you thought an application didn't need!

I mean, when I install an app, I'd like to be shown a list of permissions it wants, just as I am now, and then I'd like to go through that list and toggle some off... and if the app can still run without those things, it should install anyway (and not do the things I've told it not to do). Surely that ain't rocket science!

Re:If only!

[h4rr4r]

What OS are you using?

Short of using SELINUX or apparmor, which I do use this is the normal behavior. Windows will allow any application running as a user to access that users data, OSX is the same.

Re:If only!

[SternisheFan]

Android 4.2 has better security, still, I want full control over 'permissions' without having to root my device. Below I've pasted from Computerworld's story/blog by J.R. Raphael:

"Accompanying the system is a new and improved app permissions screen --the screen that shows up anytime you install an app from outside of the Play Store. The new Android 4.2-level screen is cleaned up and far easier to read than what we've seen in the pas And last but not least, Android 4.2 has an added behind-the-scenes feature that alerts you anytime an app attempts to send a text message that could cost you money. If an app tries to send an SMS to a known fee-collecting short code --a number that'd automatically bill your carrier when it receives a message --the system jumps in and alerts you to the action. You can then opt to allow or deny the process." http://m.blogs.computerworld.com/android/21259/android-42-security?mm_ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fhl%3Den%26tbo%3Dd%26site%3D%26source%3Dhp%26q%3Dandroid%2B4.2%2Bpermissions%26oq%3Dandroid%2B4.2%2Bpermissions%26gs_l%3Dmobile-gws-hp.12...20503.38452.0.40420.25.21.0.4.4.0.395.3872.0j16j3j2.21.0.les%253B..0.0...1ac.1.9qZIAZUfHXE

Re:If only!

[rvw]

I've created one Hello World app, just to see how it works. I've followed directions, didn't do anything to snoop around. The result is that it needs Phone ID somehow. I suspect that many app programmers do nothing to snoop around, but automatically request more permissions than actually needed, probably because the programming IDE does this automatically.

Can you not just use the ANDROID_ID which doesn't require any permissions?

Yes! Well to be honest I wouldn't know - but I suppose you do. This app does nothing but display the text Hello World. So it doesn't need any permissions. Still the app requests them. I'm an unexperienced android app developer, don't know this alternative, and I suppose I'm not the only one.

Re:If only!

[berj]

On iOS I can choose *after* installation to allow or disallow certain activities.

So.. for example.. I can allow an application access to my calendar but not to my contacts or photos.

How do you know that, by the time you disable the permission, the app hasn't already uploaded your info to their servers?

because (sensibly) by default apps have no such permission. I get asked if I want to allow the action the very first time.

Android is a "take it or leave it" system. Which I suppose is great for the app developers.. but not so much for users.

Except, with Android, I can root my phone and do whatever the heck I want with it.

And what about those of us that don't want to bother with such things? I don't build my own computers. I don't jailbreak my iDevices.. I don't tinker with my car.. I don't mod my fridge. If I have to immediately start hacking my device in order to get the security I want then it's not really much good to me.

Re:If only!

[TimeOut42]

That is just plain silly. How many support calls do you think they dev would get when a paranoid user denies access to the internet for a twitter client. Come on, this is nothing but FUD; all operating systems access stuff; most mobile OS will tell you what it is going to do. If you don't like the permissions it is request, then don't install the app.

Most of your 'free' software, even the apps that don't use the internet, are ad-supported, which does need the internet. If you don't like that, then purchase the full app or again, don't install it.

Finally, I have to agree with the statement in the article that many of the permissions that are used are just poor development practices. For example; maybe the dev was testing storing data on the SD card, decided not to do it, but failed to remove the permissions from the manifest. The app would show that it still needs access to the SD card, but the program never actually uses.

Another way to help protect yourself; don't always run as root -- amazing how many of the people here complain about the permissions, then essentially give every app full permissions to their phone. These are the same people that use the same password on every site and run their PC OS as root too.

Re:If only!

[h4rr4r]

Fine don't do those things, but then you are probably on the wrong website. You can stay, but don't be surprised when people tend to think those things are the norm. For many here they are.

Re:If only!

[h4rr4r]

Who gives every app root?
Is there even a common android su that does not ask the user?

Re:If only!

[CanHasDIY]

If only there were some way to selectively allow or deny permissions to an app instead of the all-or-nothing approach currently employed on a non-rooted phone.

FTFY. If your phone is rooted, use Permissions.

Re:If only!

[Syphonius]

Then you may have done it wrong (or whatever example you followed was wrong). The default IDE (Eclipse with the ADK plugin) does not generate permissions into the manifest. They all go in manually. If your Hello, World required extra permissions then they were most likely added by accident or you are using some uncommon IDE/plugin.

Re:If only!

On iOS I can choose *after* installation to allow or disallow certain activities.

So.. for example.. I can allow an application access to my calendar but not to my contacts or photos.

How do you know that, by the time you disable the permission, the app hasn't already uploaded your info to their servers?

Android is a "take it or leave it" system. Which I suppose is great for the app developers.. but not so much for users.

Except, with Android, I can root my phone and do whatever the heck I want with it.

Is Apple still bricking jailbroken iShinys?

1. By default no app has access to your info unless you approve it at runtime. If the app queries the data store (either before permission has been granted or after permission has been refused) iOS / OS X just returns nil/NULL
2. Apple has never deliberately bricked jailbroken devices although some jailbreaks have not worked with upgrades and have "bricked" the iDevice. Of course, it's nearly impossible to permanently brick an iDevice as you can always revert to official iOS.

Re:If only!

[Minderbinder106]

CM was one. CM7 had this feature but it was taken out for CM9/CM10. It's too bad, it was a great feature.

Re:If only!

[CastrTroy]

I would like the ability to send fake data to apps. I should be able to configure apps so that when they ask for my contact data, they get a fake list. The apps think they are working, but they aren't. Same goes with access to the SD Card. They think they are getting direct access to the SD card, but really they would just get their own little dedicated subfolder. Everything that they have access to should be able to be swapped out with a fake version. This combined with a network firewall (possibly allowing and disallowing different protocols, hosts, and ports from specific apps) would make it quite a bit easier to control what applications have access to.

Re:If only!

[blogan]

What was the target SDK level? Older levels were always given access to phone ID, but in newer levels, it had to be specifically requested. For backwards compatibility, older apps targeted to the older levels would request that permission. Solution would be to have a newer target level, but not necessarily change the minSDK level.

Re:If only!

You need the phone ID if you use an old SDK. This has been fixed though if you ask for a recent version.

Re:If only!

[h4rr4r]

That ability already exists with apps and in some roms.

Adding it to AOSP would be neat though.

Re:If only!

[h4rr4r]

That sucks, I run CM7 on my D1. I am currently running stock on my GN. So I was not aware.

Re:If only!

[rossdee]

WTF is the point of a "Flashlight App' anyway?
Do you really need a program to turn your $250 tablet into a $10 flashlight?

Mote - I am a flashlight-o-holic since I work nights

Re:If only!

[Bogtha]

Given Android will now (I think - I've got an iPhone so can't be sure.... ssshhhhhhhh! Don't tell anyone) tell you what permissions the app will access

The very first release of Android did this, it's been in Android all along.

why isn't there the ability to just configure android to refuse to pass those details on to the app at the OS level?

Probably because it's simpler all round to just assume that if the app is running it has permission. Fewer moving parts. It's not in the user's best interests though.

Re:If only!

[Jeng]

Here is vague.

full Internet access: Allows the app to create network sockets.

The main question I have is Why does it need internet access? And that is not answered.

Re:If only!

[jeffmeden]

If anything it punishes developers who want to "kitchen sink" their permissions and then get bit by users who refuse to install their app because the permissions look sketchy. I (and i suspect most other informed Android users) look at permissions before deciding to buy/install, and that is a big factor. The bonus of this is that I avoid installing apps that are almost certainly a waste of space anyway. How many shitty flashlight apps does one really *need*?

Re:If only!

[h4rr4r]

Torch does not.
What application are you talking about?
A free one probably wants to display adds, I suggest you buck up and spend $1 on the version that does not.

Re:If only!

[jeffmeden]

And what about those of us that don't want to bother with such things? I don't build my own computers. I don't jailbreak my iDevices.. I don't tinker with my car.. I don't mod my fridge. If I have to immediately start hacking my device in order to get the security I want then it's not really much good to me.

You are completely missing the point. If you are holding an android device in your hand then, much like an iPhone, it is already secure. If you choose to install a shitty app, that's on *you* and just because the OS or the ghost of Steve Jobs doesn't step in and smack your hand, that doesn't mean the only way to maintain security is to "immediately start hacking". Security first, shitty flashlight apps second. That should be the workflow. If it's too much to grasp, then sure stick with your iPhone.

Re:If only!

[h4rr4r]

Why would I want to carry two devices?
My GN is always in my pocket, why not use it as a flashlight?

Re:If only!

We're talking about Android permissions in general, not one app, as well as what apps do, not what they probably do.

Re:If only!

[Applekid]

I always have a hearty laugh when someone who obviously has never used a system (Android, in this case) complains about an issue that doesn't actually exist. It's like they live in a land of make believe.

Anyway, one thing I would like to see in Android functionality is being able to treat install permissions as toggles. For example, Fart Application 9328 wants to access my speaker. Check yes. Also wants to access my location. Check no.

You can get there is a clumsy way, on a rooted phone running Permissions Denied. You reach into each applications' permissions and can turn off the ones you don't like. Sometimes this causes applications to error out rather ungracefully, but if the app isn't going to work with some unrelated overreaching permission I'm not going to suddenly change my mind and grant it back. I might swear a little at apps that refuse to deal with not having the privacy-invading features it doesn't really need, but it's really quid-pro-quot I suppose for free apps. Tell you what, also, I'm just going to skip by that developer's other apps if I can remember. Paid apps? F that S, I'm not even going to buy them at all to try filtering out permissions, despite the refund policy on the Play store.

While I'm wishing for OMG PONIES, also, if an app has an update that wants to add permissions, and I refuse to update it, I'd really like to be able to block the reminders to update. Oh? This Stopwatch application now wants internet access? How about NO. So now that we've established I'm not going to opt in for advertising when I don't need any of the new features, how about you quit telling me about the updates?

Was going to link, but I now realize Permissions Denied used to have a free version but now it's paid only, which sucks. All the more reason to get such a valuable feature baked in to the system.

Re:If only!

[jeffmeden]

permissions are vague. I can't know what the hell they plan to do!

what I'd want is a watcher that gives pop-ups or some notification and STOPS THE APP until I let it thru. very very fine grained permit/deny and also a lot of all info that is captured and sent.

How's this for fine grained: When an app isn't installed, it does nothing. When an app is installed, it does what it says it will do in the permission list (which has a particularly thorough amount of detail). Is it really a requirement of a phone ecosystem that you be able to install whatever shitty app you feel like with no chance that it will do something you dont want it to? If it is, then yes stick with your iPhone. If you *can* be bothered to do some simple reading before installing your 6th fart app, then maybe you can make your way through the Android ecosystem (as many other seem to be enthusiastic to do).

Re:If only!

[DarkOx]

True but it could be easily made so that apps still work if you don't give them certain permissions without altering the API. Just warn the user there may be degraded functionality.

System -> prevent -> sleep - if the app lacks permission succeed but ignore the call
Get contacts -> succeed but return an empty record set to the app as if the user has no contacts.

are examples. You could do this without breaking existing applications and users could decide for themselves if their flashlight app really needs to access the network.

Re:If only!

[Voyager529]

LBE Privacy Guard. Still free, and still allows denial of permissions to apps on a rooted phone.

Re:If only!

[scot4875]

Except that's not actually the case.

On Android, an application can ask for access to GPS, but you don't have to turn it on. (Obviously it would be better to deny it to that app specifically) Similarly you can disable bluetooth, though that's not one that many malicious apps have much use for. (It's all about the data; photos and bluetooth don't really get you much useful data.)

And even though there's a generic permission for allowing access to accounts (for calendar, etc), upon first request you have to specifically grant access to the account that the app wants. They don't just get free run over all of your accounts simply by being installed.

It certainly isn't perfect, but iOS doesn't have anywhere *near* the advantage that you claim it does in this area -- particularly since most of those features you list are brand new and were completely lacking up 'til iOS 6.

--Jeremy

Re:If only!

[retchdog]

uh, how the hell would that work? answering that question automatically would be impossible, and having the developer tell you would be pointless since you don't trust him anyway.

Re:If only!

[rwv]

What Google should do is let me search for apps by permissions.

This is a great idea... I've frequently searched through one application or game after the other searching for acceptable permissions. A "Yelp" App might have a reason for knowing my Coarse GPS location and will obviously need an Internet Connection. Many games with ads obviously need an Internet Connection... but what they hell are they doing trying to plot my location? While I'd except that a lot of Paid Games shouldn't be pinging servers for anything... so No Internet Connection.

I'd be curious is this shifted the market closer towards "Programs that Cost Money that Respect Our Privacy".

I also wish they would let me never see a freemium app again.

There is a special place in Hell for games that cost $0.00 but allow you to add charges during normal usage.

Re:If only!

Check out your Manifest file, it might have been added automatically. Also, if you're targeting a version older than Donut and installing it on a later version of Android, it will automatically mark your app as requiring it.... I suppose because it was an unprivileged instruction back in the day and in order to maintain compatibility it won't surprise your app with nulls where it's not expected, whether you actually make the calls or not.

Re:If only!

I think the accent is on why an app for that.

You should just use webapp for that, as webapps are path to crossplatform future.

I'd recommend this neat browser flashlight app called about:blank.

Re:If only!

[Applekid]

Actually a lot of decent apps have a why in the description of the app.

If it does not seem like it should need it and they fail to explain it don't install it.

Still better than on the PC, where any application can read any of your files.

Even if they explain it, consider the possibility they're lying. Unless you look and understand the source, you're just not going to ever really know.

Re:If only!

[SuperMooCow]

I always have a hearty laugh when someone who obviously has never used a system (Android, in this case) complains about an issue that doesn't actually exist. It's like they live in a land of make believe.

You mean like 99% of the people who comment on anything made by Apple, or used something made in the Mac OS 9 era?

Yeah, I laugh at those trolls too.

Re:If only!

[DarkOx]

I rather think you are missing the point. One of the an operating system should do is provide useable and effective access controls so that I can run other software with a correct level of isolation.

The system must enforce security. I can't know what every application is going to do. Even if it was all open source who has time read and understand the code to everything they use? If my platform can't enable me to prevent an application for seeing and doing things I don't want while still leaving it functional (within reason) its failing.

Re:If only!

[whoop]

Ask the developer. There are links to their web site and email on most apps' pages. Some devs are cool and include it in the app's description. But all this comes down to the developer. They should know and be able to tell you what the app specifically does with one of the permissions.

Of course, the dev could say "It connects to the Internet to verify your purchase license" but still secretly transmit you're top-secret personal data to a scrupulous third party.

So, just stick to open-source apps that you are able to audit all the code. Or just make your own. You cannot trust anyone these days. Then again, you have weigh that vs the convenience of having a ready-made app do what you want out of it. I cannot say I personally have poured over GCC's code to know it isn't sending my source code to some server in China. But, I trust the community enough that if that were to be found of some program, all hell would break loose on them. Apps have been found to do stuff like this (people running network sniffers and the like), and I feel the response was appropriate from the community and Google in identifying, pulling from the store, and when severe enough, automatically wiping it from people's phones.

The decision is yours. Hyper-paranoia and do it yourself, or ask the developer and decide if you trust them. The Android system is striking a balance between flexible enough to give you a starting point to the needed permissions, any more strict and you run into the Vista-style annoyance that it becomes futile. Any less, and you don't know what's going on ever.

Re:If only!

[TheGratefulNet]

not only send them fake data but trigger based on it. if they use the fake data, you should find out about it.

mailing lists used to (still probably do) sell you lists and there are fake trigger entries that will tell them that you've used the list. if you have not paid to use it more than once, they can know simply by the fake entry (theirs) being sent to, by you.

ie, we should treat each app as rogue and untrusted until it proves itself. and continues to.

this is why I think the whole concept of how android 'secures' things is all wrong. right from google's POV since they really don't want you to have THAT much control over things (like blocking all of doubleclick, etc). but wrong for most of us.

each app should be given a fake layer of interface and, via the user's control, given access to real data IF they want to or see a benefit to.

that's control. that's a user friendly (and not supplier friendly) platform. I hope there is such a thing, one day.

Re:If only!

[L4t3r4lu5]

Given Android will now ... tell you what permissions the app will access, why isn't there the ability to just configure android to refuse to pass those details on to the app at the OS level?

This is a feature of Cyanogenmod. You can revoke permissions in a granular fashion; There's no knowing how it will affect the app's performance, and you do so at your own risk obviously. For all others, there's LBE Privacy Guard which will prevent access to contacts, messages, location, and data services on a per-app basis.

Re:If only!

How's this for fine grained: When an app isn't installed, it does nothing. When an app is installed, it does what it says it will do in the permission list (which has a particularly thorough amount of detail).

That's specifically not fine-grained. That's all-or-none, which is the coarsest of coarse-grained. Are you deliberately trying to sound like an ignorant ass?

Re:If only!

[Sir_Eptishous]

Since "smartphones" are essentially high powered computers with a phone attached, all sorts of tinkering or modification can happen, and is encouraged, similar to tinkering or modification on pc's, cars, etc;

There are pros and cons to both the "safe" iOS world and the "scary" Android world. Since you chose Apple, you chose safe. That is your choice, and no, you don't have(and probably wouldn't want to) to mod your phone.

The beauty of the Android platform is the ability to mod it, giving users a more customized and knowledgeable experience with their phone. Considering the expense of smartphones and data plans, it is only logical to think someone who paid that kind of dough for their "phone" would want to make sure their "phone" is safe from nefarious elements. To assure such safety on the Android platform takes more time and skill, however the safety benefits are greater than one could achieve on an iOS device.

Re:If only!

[Sir_Eptishous]

The system must enforce security. I can't know what every application is going to do. Even if it was all open source who has time read and understand the code to everything they use? If my platform can't enable me to prevent an application for seeing and doing things I don't want while still leaving it functional (within reason) its failing.

I agree with your sentiment, but with most things in life(and in tech) there are trade-offs. If you don't want to take the time to config your droid correctly and just want something that(you think) is safe, stick with Apples benevolence.

Re:If only!

[CanHasDIY]

How do you know that, by the time you disable the permission, the app hasn't already uploaded your info to their servers?

because (sensibly) by default apps have no such permission. I get asked if I want to allow the action the very first time.

Okay, just making sure I understand what you're saying - you install an app on iOS, but it's totally dead in the water (i.e., no permissions to actually do anything) until the user actually engages the app for the first time, at which point it goes through the things it wants to do point-by-point, giving the user the option to not allow certain permissions, while allowing others?

Assuming the above is indeed what you're trying to say, can you cite a source for this? And when I say "source," I mean actual technical details, not some marketing drone's blog post that boils down to "I work for Apple, trust me on this."

Re:If only!

[CanHasDIY]

Except, with Android, I can root my phone and do whatever the heck I want with it.

And what about those of us that don't want to bother with such things?

Then you play with the hand (or in this case, device) you're dealt, and your complaints about how much that particular hand sucks will likely fall on many, many deaf ears.

Re:If only!

[tlhIngan]

If only there were some way for me to tell which permissions an app will use when I install it!

You do realize that Android has been making it progressively harder? In ICS, the big fat "INSTALL" button is located at the top (instead of the bottom) so users can quickly tap Install, Install and never see the permission list.

Plus, a lot of permissions get grouped under "Other permissions" so you have to tap that in order tlo see the full permission list, so at best you see a few major permissions, and the rest are socked away.

Finally - Dancing Pigs. Users want to run the app, permissions list be damned. They click through the permission list like it was some EULA. They aren't going to read it.

Re:If only!

Yeah, yeah, and there's no way of enforcing that the given reason why a permission is needed is actually what the app will use it for. Nothing is stopping the developer from lying.

Personally, if I don't trust the developer I don't trust any explanation they might state for why the app needs a given permission.

Demanding that developers explain why their apps need certain permissions does not provide security - it only provides the feeling of security (which is not the same).

Re:If only!

[lister+king+of+smeg]

the platform is perfectly secure you simply granted access to things you shouldn't it like saying that prisons are incapable of keeping felons from escaping, after you handed each prisoner a master key and told the wardens to let them leave.

the problem lies with the developers for demanding to many permissions and the user for granting them

Re:If only!

[h4rr4r]

I tried that one and my camera flash did not come one, only the screen which is not bright enough nor the same as what the apps do.

Any other stupid ideas?

Re:If only!

[drinkypoo]

In other words, you're a shitty wannabe dev?

So, like 99% of the people uploading apps, then?

Re:If only!

[drinkypoo]

I've got Fake GPS, and I placed it near town center. I've got a fake camera, which is supposed to let me pick pics out of a folder; I installed it because my device doesn't have a camera, and I want to be able to install apps that require one for no good reason, like Photoshop. (Camera functionality should be a separate app...)

Re:If only!

Apple has never "bricked jailbroken iShinys," you numb cunt.

If you decide to hack your phone and install a bunch of non-standard software on it, and then try to apply a standard update from Apple on it, don't be surprised if your system responds strangely - an install procedure is only as good as the known baseline it's being installed on top of, and if you're too stupid to understand that, you should probably stick to sucking your thumb and playing with the 10 large buttons on front of your mom's 10 year old Nokia feature phone.

Re:If only!

Isn't IOS a "take it or leave it" system, with its walled garden approach? Buy from the iTunes store or you're SOL. Use Apple's hardware or you are SOL.

Re:If only!

[JasterBobaMereel]

An app that asks for access to your addressbook when it does need to does not get installed on Android, on Apple you install it then block it ...?

I like the take it or leave it, an app that asks too much is not installed and so cannot do anything,

on Apple you install it ban it from some things, then much much later discover what else it was doing?

Re:If only!

transmit you're top-secret personal data to a scrupulous third party.

If they're scrupulous, why would I care if they got my data?


PRO TIP: Don't use "big words" if you can't even manage simple grammar without getting it wrong.

Re:If only!

SEAndroid is for you.

Re:If only!

[JazzLad]

There is a special place in Hell for games that cost $0.00 but allow you to add charges during normal usage.

Is that with the child molesters and people that talk at the theatre?

Re:If only!

Finally - Dancing Pigs. Users want to run the app, permissions list be damned. They click through the permission list like it was some EULA. They aren't going to read it.

Yeah, and this kind of user would also click "Allow" on any pop-up the app might present during run-time to ask for any permissions.

Re:If only!

[rwv]

There is a special place in Hell for games that cost $0.00 but allow you to add charges during normal usage.

Is that with the child molesters and people that talk at the theatre?

Not to mention the people who see a long line of cars waiting to exit a highway and think it's okay for them to stay in normal traffic until the last possible minute before merging into the exit lane.

Re:If only!

[Jessified]

It seems to me that the ability to send messages to premium services should be disabled by default, and you should have to enable it manually by contacting your provider.

For my part, I've called my provider to inform them that I will not be paying for any such services (roaming, long distance etc) so they should disable those services from their end. If a charge comes up, I reference that conversation and it's their problem. No charge has come up.

Re:If only!

[MagusSlurpy]

A large part of the problem is that Android groups permissions together too much. Why is "read phone state" bundled with "phone identity?" A game doesn't need to identify me if all it wants to do is let me know a call is coming through.

Re:If only!

[MagusSlurpy]

I will hack* anything except my phone - it's too important. I can't afford to fuck it up and be out of touch with the world for a few days until I either unbrick it or get a new one.

*Well, attempt to hack - never claimed to be any good.

Re:If only!

[JazzLad]

Yeah, but Shepherd Book didn't mention those jerks ;)

Re:If only!

The newer JB market notification does something like that.

It tells you how many new updates (in the big text) with a smaller count of total updates (just above the icon).

It might be non-permission change counts vs permission change counts -- I've never really looked (and yes, I have about 5 applications that I'm not updating due to permission creep.)

Re:If only!

You'll be surprised as to how often applications will crash because of some seemingly innocuous change.

Prevent Sleep? The application isn't expecting to be inoperative and skips a timed check-in even 5 seconds. Developer happens to code so that it uses the last digit of the clock to toggle something. Oops! Crash!

And yes, there are a lot of lazy developers out there.

Re:If only!

Yes. It does so *NOW*. For the past 4 years, you've been distributing your contacts to the ether. What about your other information?

Also, if nobody bothers reading Android permissions (which are in plain english as well) and considering APL's target market (mostly ignorant people unaware there are better things; see 99% of their "OMG REVOLUTIONARY" features -- voice assistant app that you could have bought for $5 on all older devices, a high resolution display -- finally, after 4 years of CGA resolution!, etc.)

Plus, who needs applications to rape your privacy when the parent company is doing so already? Try disabling ad-targeted advertising. It's not even on your device -- it's on some opt-out website somewhere (and it's specified in the user agreement somewhere, probably on page 80 or some crap like that)

Considering how greedy and user-hostile they've been, I would not trust my data to them.

Re:If only!

[Samantha+Wright]

You've hit the nail on the head. It's Church-Turing impossible to guarantee knowledge in advance of what the program will or will not do, beyond what API calls it's allowed to make.

Re:If only!

From what I understand, lower than Android 1.5 did NOT have a "phone state and identity" permission. If you target your Android application to 1.5 or lower, then it will automatically add in that permission for backwards compatibility.

Target your application to a higher version and this requirement disappears.

Re:If only!

[Samantha+Wright]

ie, we should treat each app as rogue and untrusted until it proves itself. and continues to.

When does that occur, exactly?

Re:If only!

[IndustrialComplex]

That only part of the problem.

Some programs DO need access to some sensitive information. For example, a text messaging application obviously needs to be able to send text messages. However, such a program should NOT be sending text messages without me knowing it. (or accessing the internet, etc)

What I want, is the ability to 'flag' certain accesses such that if a program attempts to send a text message, it is either logged, or I am notified of the action. I'd then be able to know if an app which rightfully does need that permission, is using it in an unacceptable manner.

For example: One app requests permission to access my contact information. Normally that is a flat rejection on my part. However, the app developer made the statement in the app description that the app will only access the contacts if the user activates a specific feature. Currently however, I do not know of a way to verify that the app would behave and ONLY access the contacts upon user initiation. It has the permission, it currently doesn't 'need' to ask again, and that's what bugs me.

There are plenty of other apps which have a legitimate need to access the internet, gps data, etc. But most of them don't need that data ALL the time.

Anyone know of a way to control, or at least monitor that behavior? I know I could always run some sort of network sniffer for internet connections, but for things internal to the phone like contacts, or data access, I don't know how that would work.

Re:If only!

That's the problem: you don't know what developers are doing with the permission on any platform. Even with an advanced computer science degree, you can't know what the app is doing with the information unless you decompile the program and go over it with a fine-tooth comb.

Remember a flashlight application that had tethering functionality built in? Or Charlie Miller's stock tiger that used a privilege escalation bug for a remote command-and-control stock ticker? Yeah, those two passed by the app censors on the fruity platform.

It's a matter of trust.

Re:If only!

[Jeng]

Oh big whoop, all he forgot was an un-

Only idiots give PRO TIP bullshit responses.

Re:If only!

[aztracker1]

I don't load most apps that require internet access, or for that matter contacts etc... there are few exceptions, but those are for apps that are related to the permissions they are asking for. I'm doubly leery when an app doesn't auto update, usually indicates a permission change.

Re:If only!

[farble1670]

A large part of the problem is that Android groups permissions together too much.

there's not an easy solution to that. android permissions a compromise between being not fine grained enough and too fine grained. if there are more fine grained, users have a massive list of permissions to slog through. if they are not fine grained enough, users are unable to determine why or if the app actually needs that permission.

Re:If only!

[farble1670]

did you know that for almost all the permissions that must be requested by an android app, iOS just allows any app full access with no warning to the user whatsoever? those after-installation popups are reserved for a few special things ... as they'd have to be, since the user would get extremely annoyed if there were popups for the each of the fine-grained permissions that an android app can request.
 

Re:If only!

[farble1670]

If a charge comes up, I reference that conversation and it's their problem. No charge has come up.

that's good that it has not come up, because if you think referencing previous conversation with a support rep is going to help, i have a bridge to sell you.

Re:If only!

[farble1670]

I rather think you are missing the point. One of the an operating system should do is provide useable and effective access controls so that I can run other software with a correct level of isolation.

my god. both platforms enforce security. that isn't even in question. the only reason you are seeing the stats in TFA is because android makes permissions explicit in the manifest where they can be read by any 3rd party. and of course android enforces those permission, if you accept them. if you don't accept them, then the app does not get installed.

Re:If only!

[retchdog]

well, yeah, that too, eventually. but even just rigorously characterizing every possible "reason" a human being might be interested in would be pretty much impossible. it's one of those problems that is not even possible to state formally, let alone solve.

Re:If only!

[Rexdude]

You want to root your phone and install LBE Privacy Guard.. This will alert you the moment an app tries to access private data (contacts, SMSes, GPS location, network location etc) and you can allow or deny the action permanently or temporarily.

I root my phone just for this and AdAway, which puts an adblocking hosts file.

Re:If only!

[Jessified]

lol true true but thankfully we are starting to see more competition in wireless in BC. unsurprisingly, wireless companies are working a bit harder to keep customers.

bell, rogers, telus, their subsidiary companies fido, kudo etc. plus some newcomers like Wind Mobile, who are really shaking things up. it's amazing what a little competition can do.

Re:If only!

[Creepy]

Sadly, I've avoided many apps for just that reason. I've rejected hundreds of apps because they want access to stuff they don't need. A game that needs full phone access? Nuh uh, no way.

Re:If only!

[Creepy]

Not that most users would know what that really means, anyway. As a developer who has dealt far too long with programmer-speak, I know it means stuff like in a call, receiving a call, etc, but my wife would think it meant it needed to know she was in Kansas when in Kansas.

Re:If only!

If only there were some way to revoke privileges you didn't want the app to use.

Re:If only!

[retchdog]

also, that's a bit overbroad of a statement. static program analysis is a real field with real results. the church-turing thesis is just about not being able to predict halting on all programs. it could very well be the case that a lot of practical programs belong to a subclass that can be "solved," although of course determining membership in that subclass may not be computable. for a kind of silly example, if i want to determine the property "this program halts within 5 instructions on any standard input of length 4," i can in this case either brute force it or use a finite-state abstraction to model the code. the severe time bound of this property is, of course, what makes it doable.

Re:If only!

[berj]

I didn't say Android devices aren't secure. I said they don't provide the security I want -- namely fine grained control over application access permissions. Was that too much to grasp?

Re:If only!

[berj]

Close.

The first time an app wants to access my contacts a popup comes up and says something to the effect of "App A wants access to your contacts. Allow? Deny?" or "App B wants to access your location. Allow? Deny?"

That choice is remembered but can be changed in the settings:

http://cultofmac.cultofmaccom.netdna-cdn.com/wp-content/uploads/2012/06/privacy.jpg (iPad)

http://cultofmac.cultofmaccom.netdna-cdn.com/wp-content/uploads/2012/10/Privacy-iOS-6.jpg (iPhone).

I can't give you any further cites beyond the fact that that's how my phone and iPad work. I'm sure they're out there if you care enough to look.

Re:If only!

[AmiMoJo]

Sounds annoying. I just want to see what permissions an app wants and decide at install time if they are acceptable, otherwise I won't even waste my time with it. I certainly don't want it popping up permission requests while I am using it, I can just do all that up-front.

Re:If only!

People keep falling down stairs because they are texting while walking. Clearly this is the fault of the stairs, they should not place such high expectations of intelligence on those stupid humans.

Re:If only!

[Samantha+Wright]

Right, which is why I said 'guarantee'. The problem gets profoundly worse when you're dealing with a program that has an obscured region outside of scrutiny, i.e. a photo app that uploads to a server, or a phonebook app that receives instructions to place calls or text messages in response to a remote command (e.g. because it uses a web-based interface). Coding practices and the buzzword power of the web are so abysmal these days that I don't think static analysis would be reliable more than half the time. (Although I have an iOS device, not an Android. Maybe developers actually stick to Java there instead of relying unnecessarily on web browser controls so much.)

Re:If only!

[Amitz+Sekali]

Why does this app need permission for Full network access and Read phone status and identity?

Re:If only!

So what you're saying is it's a trust the app issue.

How is this different from any program on any computer ever?

Re:If only!

[psiclops]

is Australia it would. although, here - when he had that conversation with his provider they usually would have actually blocked them.

Source: used to work for a telco handling complaints. we got complaints of this very nature.

Re:If only!

[MagusSlurpy]

But your wife probably doesn't check app permissions anyway - generally the only people that do are the people that care (and therefore know about) security.

Re:If only!

[TheSeatOfMyPants]

In Linux, we can also set files to owner-only read access & run iffy apps with an alternative user account -- no SELinux required. I don't know how easy or feasible that would be under Windows or OS X, however.

Re:If only!

[Rexdude]

It has a firewall component, probably for that. Phone state and identity, not sure.

Re:If only!

[psiclops]

i generally won't install any app that needs more than 5 or so different permissions so that's pretty much a max of 5 popups i would see in the lifetime of using each app.

i'd kind of prefer if stock android did this, even better would be sending apps fake info so they didn't know what was disabled and couldn't 'punish' users for disabling permissions. i read somewhere above that other roms allow the fake info thing. i just haven't bothered putting CM on my s3 yet.
 

Re:If only!

[psiclops]

if it doesn't auto-update due to permission changes, you can see the new permissions it requires before deciding to update

Re:If only!

Did you see the huge list of permissions LBE Privacy Guard requires itself? Without any explanation if why it needs them in a language I can read.

Re:If only!

[wolja]

If only there were some way for me to tell which permissions an app will use when I install it!

If only there was a way to tell which permissions Google is forcing on the app developers.

Basically just like apple if you want to use apps you need to allow inappropriate permissions. Why games are allowed to read my phone state is beyond me.

Google released a new slew of spy ware type permissions about six months ago. Every single app now uses them in preparation for this "ambient" advertising they've promised.

Re:If only!

[metaforest]

Google would ban an app that GAVE YOU CONTROL OF THE LEAK.

Apple... Google.... all of it! Just gonna lead to a rape of your privacy rights. No corporation is going to listen to the custie when they get moar monies from raping you than they got selling you the stupid shit in the first place.

You paid for it.... you screamed for freedom and you got freedom.... now you get to pay for it.... with obfuscation, lies, damn lies, and statistics.

All ya all fanbois bought it hook line and sinker.

Re:If only!

Smartphone thieves love to see the light from a flashlight to help know where to swipe when grabbing the phone from a distracted unsuspecting victim. Personally, I'll use a two dollar flashlight and keep my $600 phone in my pocket. My two dollar flashlight illuminates smartphone thieves and my knife politely stabs them, telling them to not grab my phone. lol.

Sometimes using two devices is beneficial. Which would you rather lose? Keep in mind that things can be dropped, etc.

Re:If only!

[masterjames]

if you dont want to root your devices that is fine but you will have to take what they give you. if you dont want to do the work then you dont get the prize. that should be the slogan of life. you dont get something for nothing. apps are the same way. if you arent willing to look around and find the way that accomplishes the goal you have then you will have to deal with the adds and the services that you dont want. you say you are an ios fan thats great but i for one am glad that an alternative exists along side such a device that we can tinker with. being able to tinker with it may not be for everyone but its part of the fun for many of us.

Privacy apps - LBE

[rvw]

I've installed LBE Privacy control and it blocks unnecessary permissions for many apps. Why does a keyboard need internet access? The only thing I'm concerned about... What does LBE know, and what does it share?

Re:Privacy apps - LBE

LBE Privacy Guard requires a rooted phone. That's nice for geeks but it's not a solution for everyone.

Re:Privacy apps - LBE

[blogan]

The keyboard might be pulling down certain language dictionaries,hence the need for Internet access.

Re:Privacy apps - LBE

[h4rr4r]

The developer should say that in the description then.

You should still be suspicious since he could just lie. If it needs new dictionaries it should get them via an application update.

Re:Privacy apps - LBE

> If it needs new dictionaries it should get them via an application update.

Conversely I'd prefer it if an alternative keyboard didn't come as a 45MB package including every dictionary it could feasibly include for a hundred languages I don't speak, but instead came as a light 800KB download and lets me pull down the languages I'd like from its settings page. For which it would need Internet access.

Re:Privacy apps - LBE

I personally swear by LBE Privacy Guard, as I use it on all my Android devices.

Wearing my tinfoil hat, I do have a concern about a free product from China that requires root and handles all the vital security info on a device.

Re:Privacy apps - LBE

[h4rr4r]

So then install CyanogenMod. It has this sort of functionality by default.

Re:Privacy apps - LBE

[TimeOut42]

Excellent, run your phone rooted so when you do sideload a malicious app it will have full access to your phone.

Re:Privacy apps - LBE

[rvw]

I personally swear by LBE Privacy Guard, as I use it on all my Android devices.

Wearing my tinfoil hat, I do have a concern about a free product from China that requires root and handles all the vital security info on a device.

Same here! I really like this app. I've tried several of these privacy apps, and most are a hassle to work with. This one is easy and user friendly. I trust it in limiting other apps, and I see many notifications in the status bar about apps trying to get certain info. But do they have a hidden agenda somehow? Then again, what will it bring them, needing root access, and then a user who knows what to do. It's not that hundreds of millions of people will install this app, like the Facebook app. But if they want to snoop, they have a really nice target group: pro users!

Re:Privacy apps - LBE

So you should burn the space [on a space limited device] for every possible language dictionary for a keyboard just so it only pulls them when doing a full update?
No, how it's done is selecting additional dictionaries in settings and the app would download just those ones.
Thus it would need internet access.

Re:Privacy apps - LBE

[h4rr4r]

Oh noes 45MB! of my 32GB of storage. How ever will we manage. It would take seconds to download that information over LTE, seconds!

Or maybe market intents and separate play market apps for each dictionary would work just fine.

Re:Privacy apps - LBE

[h4rr4r]

What 100MB max? Oh noes!

Or here in good design land we keep those dictionaries in separate apps and use the google market to get them.

Re:Privacy apps - LBE

[h4rr4r]

After it asks for su. How about you just don't approve it?

Or maybe leave root off unless you need it at that moment.

Re:Privacy apps - LBE

CyanogenMod is an aftermarket firmware. That's nice for geeks but it's not a solution for everyone.

Android should come with privacy permissions that Grandma can use. Users shouldn't have to install aftermarket anything, root anything, or do a handstand just to keep their data safe.

Re:Privacy apps - LBE

A keyboard uses internet access for the text to speech capabilities.

Re:Privacy apps - LBE

There comes a point where if you're going to be this paranoid then you shouldn't be online at all.

To use the example, keyboard apps. Most keyboards are backed by reputable companies that have little to gain and a lot to lose if they exploit users' privacy.

Not only that - the way android works, even if the keyboard didn't have internet access, it can still access data from other apps made by the same vendor, so all you need is some other app with internet access and your data could still be exported.

If we are at the point where we can't trust a single thing on our phones, then the malware creators have already won.

Only If you Allow Them?

[mrpacmanjel]

I have an S3 and downloaded a few apps. Before installation you're told what permissions the app wants on your device.

E.g. the Facebook app seems to want every permission it can get it's grubby hands on thus I've chosen not to install it.

Unless app developers are using workarounds.

Funnily enough it is no surprise that many of the "free" apps seem to want the most permissions.

Re:Only If you Allow Them?

[rvw]

I have an S3 and downloaded a few apps. Before installation you're told what permissions the app wants on your device.

E.g. the Facebook app seems to want every permission it can get it's grubby hands on thus I've chosen not to install it.

Unless app developers are using workarounds.

Funnily enough it is no surprise that many of the "free" apps seem to want the most permissions.

For facebook I use Firefox. Works great although maybe a bit less fluent, and no worries that it will upload my contact list.

Re:Only If you Allow Them?

Honestly, why do you care? Facebook just wants those permission for it's features. Mark zuckerburg isn't rubbing his hands together mumbling "mrpacmanjel, I have you now!"

The whole concept of this article is flaimbait. 25% of android apps don't know shit about me, I've got maybe 30 apps out of hundreds of thousands. Minuscule.

Re:Only If you Allow Them?

[bickerdyke]

Funnily enough it is no surprise that many of the "free" apps seem to want the most permissions.

I never was surprised by that because ad-financed apps need the most dangerous permission: unlimited internet access.

Fine grained options

[photonic]

They should add more fine-grained permission, so that for example an application would only require 'access to add-server' instead of full network access. And please make some clear policy that gets enforced, i.e. applications that do ask more permissions than they need get banned until the problem is fixed.

Re:Fine grained options

So what you want is an iPhone right?

Re:Fine grained options

[h4rr4r]

Not if he wants to know what his apps are doing.

iPhone has no mechanism for that at all.

Re:Fine grained options

[tuppe666]

So what you want is an iPhone right?

Apps the send details about you include Facebook, Twitter, Foursquare, Instagram and LinkedIn heard of any of these!

Re:Fine grained options

[errandum]

The difference is, if an iPhone does that, there is nothing you can do, since it might be happening behind your back.

If you see your flashlight app uses the internet or GPS, you can skip it.

Re:Fine grained options

[tepples]

No. An iPhone would cost $297 extra for a developer certificate that covers the three-year life of the device, and that's assuming that I switch to a Mac on my next computer purchase.

Re:Fine grained options

The only way to catch things going on with an iPhone is to install Firewall IP and PMP, then watch the dialogs pop up. You will be surprised at how many tracking/behaviorial monitoring/ad slinging/"experience enhancement" sites most apps connect to routinely.

I encountered an app that would do statistics on a picture. Said app actually uploaded the picture to a website, then pulled values back from that instead of calculating from the app itself.

iOS 6 guarding the contacts and photos is a step up. However, the only thing protecting iOS 6 is Apple's brutal and rigorous gatekeeping. If that slips, it will be a field day for exploiters.

It would be nice if Google would start a tier of their Play Store and actively vet some apps. Android has some semblance of security, and with an active gatekeeper, could be very secure.

Re:Fine grained options

[chihowa]

A bit OT, but the one thing I really miss after ditching my iPhone and getting a Galaxy Nexus is Firewall IP. (For those who haven't used it), it was an egress firewall that would prompt (and save the results) for all connections by app/server/port. It was great for blocking an app's unnecessary network connections (pulling ads, phoning home, doing fuck knows what) while allowing the necessary connections to be made.

All of the firewalls on Android seem to only allow you to block all connections or none. Is there a Firewall IP-like app for Android that I missed?

Re:Fine grained options

[skandalfo]

The J2ME security model did this. You would start a photo-manager midlet and you would have to authorize access in a nagging pop-up form for each single directory in the path to the photo you were going to see and then for the photo file itself. This was totally horrendous, and I prefer the security model in Android to that.

Moreover, it's difficult to make any automated system *understand* what a program is actually doing. If you just give permission to an app for connecting to a specific server for downloading the weather forecast, it could be using that same connection to funnel any data (for which it has access) away.

The more interesting approach to actually controlling access in a useful way is the way in which intents work in Android, actually. See Locale, for instance, for which you can get plugins downloaded as independent apps. The main program and the plugins communicate via a well-defined intent-based protocol. Each plugin will get different (and thus limited) permissions, as they need. The location plugin will access the GPS, a messaging one might need SMS or account access. You can enable/disable/install/uninstall them as needed, providing fine and sensible control.

To some extent, the same thing happens with the share menu, at a much more coarse level.

iPhone apps just sue you

[gelfling]

for using iPhone apps.

Re:iPhone apps just sue you

[rvw]

for using iPhone apps.

Iphone apps just use you

FTFY! ;-)

You know nothing, Jon Snow

[MatrixCubed]

It's unfortunate that apps' knowledge of you is granted with a nebulous single-screen laundry list and OK button, similar to the click-through EULAs of what seems to be a bygone era.

Yesterday's legal violation is today's privacy violation.

Re:You know nothing, Jon Snow

[h4rr4r]

Each one has a nice explanation next to it, like so:

Hardware Controls: Take pictures and Videos

System Tools: prevent phone from sleeping.

If you cannot be bothered to read the simple english explanations you are beyond all help.

Re:You know nothing, Jon Snow

[tuppe666]

It's unfortunate that apps' knowledge of you is granted with a nebulous single-screen laundry list and OK button, similar to the click-through EULAs of what seems to be a bygone era.

Yesterday's legal violation is today's privacy violation.

Its nothing like an EULA which is many pages of legal mumbo-jumbo and is resigned to restrict your rights they are even stop class-action lawsuits. That is very different from a small list that identifies the access right of the program. I agree this method is less than perfect , but it is nothing like the draconian EULA.

Re:You know nothing, Jon Snow

[GIL_Dude]

You make it sound simple. It does, indeed, look simple. But when an app wants to "Read Phone State" - is that so that it can quickly get out of the way when the phone rings or is it so that it can send your phone number (and the numbers of the people who call you) to a remote server? Some actions that it could take by acting on "Phone State" data would be things users would want, other thing it could do would be things users definitely don't want. For example, a game I saw on TWiT.tv's show "All About Android" called "Flow Free" requires this:

READ PHONE STATE AND IDENTITY
Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.

So is it going to store my phone number in a database somewhere? Is it simply going to avoid trying to send data if a phone call is active? We, as users, have no way of knowing. And, if they made the permissions even more granular, we would never be able to successfully wade through all of them. I need someone smarter than me to fix the design. But the design as it exists today is largely useless.

Re:You know nothing, Jon Snow

[h4rr4r]

You bitch that this is not granular enough and that more granularity would be too hard. So you are pretty much fucked. No amount of design can fix your disinterest.

Welcome to life.

Re:You know nothing, Jon Snow

[tepples]

If all applications with a user interface are expected to modify their behavior when a call is active, then applications shouldn't need a permission to detect this.

Re:You know nothing, Jon Snow

You'd run into this problem on any platform. Once you say "yes, ok" to any permission, the application can go upload it somewhere and share it all over the world.

You'd have to disassemble the application in order for you to figure out what it's doing -- and even then, things can be obscured so it's harder to notice.

Re:You know nothing, Jon Snow

Get an iPhone. They are for babies.

Re:You know nothing, Jon Snow

As with the camera/flash led, the access required to make a call should be separate from that required to detect a call in progress, which should be separate from any feature that can record call audio.

Some of this may be kinda separate, but it just is not very clear. This is simple $hit from a security/privacy perspective.

The problem with common sense is that it is not all that common.

 

What we need is name and shame

[e065c8515d206cb0e190]

We need a website listing apps and what persmissions they require vs use.

Developers will start paying attention when their apps are publicly shamed.

Re:What we need is name and shame

Already done. In fact Google even put it together for us! Check it out.

Re:What we need is name and shame

[AmiMoJo]

You mean like the Google Play web site, which lists every app and what permission it requests?

Lets Mention Apple

[tuppe666]

Lets have a little balance

http://www.huffingtonpost.com/2012/02/15/iphone-privacy-app-path-facebook-twitter-apple_n_1279497.html?ref=mostpopular

Facebook, Twitter, Foursquare, Instagram all send email addresses and phone numbers to their local servers.

The whole thing blew up and ended up with US congressmen sending letters to Tim Cook. This was feburary this year

"This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."

Butterfield and Waxman then quote parts of Apple’s iOS developer website which states that Apple provides a comprehensive collection of tools and frameworks for storing, accessing and sharing data. It is then questioned whether Apple requires apps to request user permission before transmitting data about a user."

Re:Lets Mention Apple

Yes, because the four apps in your link are equivalent in scope to the 100,000 apps mentioned for Android....

Re:Lets Mention Apple

[Bogtha]

Lets have a little balance

Facebook, Twitter, Foursquare, Instagram all send email addresses and phone numbers to their local servers.

All of these companies have both official iOS apps and official Android apps, and the ones I've used on Android have definitely accessed my contacts. In fact, Facebook made headlines by fucking up the email addresses in the address books of Android users recently.

But yes, let's have a little balance by directing the blame for the actions of these particular companies solely at Apple.

Re:Lets Mention Apple

Social Networking does not require an app.

Use MeatSpace. Anything else is just "Anti-Social Networking".

I wish for optional capabilities

[blogan]

I wish I could use "optional" permissions. If the user doesn't want to give me access to something, that's fine. But if you want to integrate a whiz-bang feature that requires SMS, you either scare off people or have to make a separate app.

Re:I wish for optional capabilities

[h4rr4r]

Some ROMs allow users to disable certain permissions.

I would love to see that in AOSP. If an app needs advertising to survive and the user blocks networking it can check for that and just refuse to run until the user enables it. That is the best of both worlds, you can get the permissions you need and I can decide if you really need them.

Re:I wish for optional capabilities

Or instead of implementing SMS in you app you create an intent to send SMS and hand it over to the OS, which will preview the SMS to the user and ask for permission to send it, which does not require the app itself to have permission to send SMS. Not good enough?

You have no idea on iPhone Apps

You really don't. I trust andriod better this way.,

Yeah

[errandum]

That study is irrelevant. Most of those apps don't know that because they need to, but because they are free and the averts do.

Do the same study on payed apps. For example, GPS location access is not present on any of the games I bought so far.

Android permission rationales

[tepples]

You get shown the permissions right before you download an app, but you don't ever get told why an application needs these permissions.

Ideally an application's description would contain something like a privacy policy that describes what it does with each permission. For example:

• Internet: Used to synchronize data with other devices on which you have installed this application.
• Internet: Used to submit high scores.
• Internet: Used to complete installation over Wi-Fi (500 MB download).
• Internet: Used to download messages from sponsors that keep this application free.
• SD card: Used to export and import your data for use with offline PC applications.
• SD card: Used to store large data on pre-4.0 phones.
• Phone state: Used to delay large syncs until Wi-Fi becomes available, to save you money on your data plan.
• Phone state: Used to pause the game/video/music when you receive an incoming call.

I've already seen several applications on Google Play whose descriptions have permission rationales like this near the end.

Re:Android permission rationales

[camperdave]

Of course, you only have their word that they are only doing what they say they are doing. Part of the android system should be a block/permit window whenever an app tries to do anything restricted.

Re:Android permission rationales

[nedlohs]

Because you should just trust what the ap says? Why would a developer lie after all.

Rationale for Internet permission on IME

[tepples]

Why does a keyboard need internet access?

An input method might need Internet access to download autocorrection dictionaries for multiple languages, or to download messages from sponsors to keep the application free for you to use.

I just got an android and it's plain scary.

[Jartan]

The way things are setup on stock android is a nightmare. The supposed "Walled Garden" doesn't even exist. Android doesn't have malware/viruses because "legit" apps can walk right in and do whatever they want. Want to steal all your users contacts and use them for spam? There's a built-in API for that.

I was trying to download a widget for screen brightness and 99% of the free ones wanted internet access permissions. It was just absolutely atrocious.

The only redeeming feature is how easy it is to root and fix.

Re:I just got an android and it's plain scary.

[godrik]

I know I will be criticized for that, but if you want one, you can write one! It is not hard to make a widget for android. Of course, there might already be an OSS app to do that. Look in the list of fdroid.

Re:I just got an android and it's plain scary.

[Hatta]

Like usual, everything is better when it's open source.

Re:I just got an android and it's plain scary.

[h4rr4r]

Or you could just not install any applications that ask for those permissions is that so hard?

99% of the brightness widgets want internet access? Sounds like you just found a new winning idea. Make one that does not.

Re:I just got an android and it's plain scary.

Free apps tends to want to show you ads. And for that they need internet.

Android tells you this so you can choose not to install them.

But I guess you want the free, but not pay with the viewing of ads.

Re:I just got an android and it's plain scary.

Free apps want internet access to feed you ads so they can have money to make free apps.

If you want a screen brightness app pay for it by reading ads or paying the developer or do it yourself is developer time should be free.

Re:I just got an android and it's plain scary.

[L4t3r4lu5]

The way things are setup on stock android is a nightmare. The supposed "Walled Garden" doesn't even exist. Android doesn't have malware/viruses because "legit" apps can walk right in and do whatever they want. Want to steal all your users contacts and use them for spam? There's a built-in API for that.

I was trying to download a widget for screen brightness and 99% of the free ones wanted internet access permissions. It was just absolutely atrocious.

The only redeeming feature is how easy it is to root and fix.

What I read: "HURRR Technology is scawy! Everyone should be nice and not try and make money from harvesting my person information! I just HAVE to have $SuperCrappyGame but don't want to give them my contact list; How dare they ask for it?!"

Android was never a "walled garden"; It was "How you want it." If you want to be hand-held through everything, buy an iPhone.

Take some responsibility for yourself and your technology and don't install apps which require excessive permissions. You're told, explicitly, what access the app will have prior to installation; Installing the app is informed consent that you agree to those permissions. It's Hobson's Choice, but at least we're not talking about drinking water or food; You can make do without a screen brightness widget.

Re:I just got an android and it's plain scary.

The way things are setup on stock android is a nightmare. The supposed "Walled Garden" doesn't even exist. Android doesn't have malware/viruses because "legit" apps can walk right in and do whatever they want. Want to steal all your users contacts and use them for spam? There's a built-in API for that.

I was trying to download a widget for screen brightness and 99% of the free ones wanted internet access permissions. It was just absolutely atrocious.

The only redeeming feature is how easy it is to root and fix.

I use lots of FORMATTING and get very excited when my favorite OS is criticized!?

If you saw me in person you would "be scared of me" because I rant and flail when you just mention trigger-words?!

Run away! Someday I will "have a stroke" but until then I will continue feeding my deep rage about people who question even in the slightest or most constructive way the OS I live for. ARRRRRRRRRRRR!

Re:I just got an android and it's plain scary.

The supposed "Walled Garden" doesn't even exist.

The entire point of Android is the absence of the Walled Garden. Get an iPhone and leave us alone.

Re:I just got an android and it's plain scary.

[MobyDisk]

Or you could just not install any applications that ask for those permissions is that so hard?

Yes, but that actually takes a lot of work! It makes a 30 second procedure and makes it a 10 minute procedure. You have to look through each application's permissions to do it. Instead, those applications just simply shouldn't be on the market. And people should stop giving them 5 stars. But one should at least be able to limit the search criteria.

Re:I just got an android and it's plain scary.

[LodCrappo]

The supposed "Walled Garden" doesn't even exist

It better not! I buy my Android devices specifically to avoid the walled garden BS.

Re:I just got an android and it's plain scary.

[thegarbz]

I was trying to download a widget for screen brightness and 99% of the free ones wanted internet access permissions. It was just absolutely atrocious

99% of those internet access requests are for serving adds. The question is how much damage can an app do if you grant it internet access. So a flashlight app wants internet access and course GPS location. *YAWN* wake me when they want access to my files, contact info, phone ID, stored messages, or anything other than the usual "Hello Mr Adserver, I'm here, send me ads" that for some reason all of you are getting horrendously freaked out over.

A name for this

[Inf0phreak]

I really like the name that phk (of FreeBSD and Varnish fame) came up with for permissions required for apps like that: chernobyl bits.

It has a really nice ominous and "this is wrong and you shouldn't do it" ring to it.

Re:A name for this

Cell Phones do have a lot of Radio Activity.

Chernobyl bits is definitely a great name. As far as people go, fix em or let them nuke themselves.

Versus desktops?

[Eric+Coleman]

That operating systems like iOS and Android even give someone the ability to see that certain permissions are required, and by the compliment, that there are permissions that are not required, is a step in a good direction. That granularity feature is absent in desktop applications--essentially all permissions are granted by default. For all I know pkunzip could have been keeping track of all those file_id.diz it encountered in order to build a profile of me, then dialing some BBS to upload the statistics to. That might seem implausible, but since there was no central authoritative repository to download pkunzip, it came from a BBS. That BBS could have replaced it with its own custom version for tracking.

The larger point is that desktop programs could have been doing for years what people are worried about with tablet and phone applications.

That said, it still creeps me out to see a solitaire game needing access to my address book. Maybe this is a case of "out of sight, out of mind."

Re:Versus desktops?

[godrik]

I typically run untrusted applications on my machine under a different user account (firefox is one of them) which can not access anything in from my "real" user account. It is easy to set up!

Language packs as applications

[tepples]

Then perhaps the developer should submit each dictionary as a separate application. The user would install the specific language's dictionary as an application, and if that application detects that the IME is not present, it would direct the user to install the IME from Google Play Store using a market intent.

I'm going to start carrying 2 phones

[TheGratefulNet]

one that is the smartphone (portable computer) and that will not have sms, cell service, address book, etc. rooted and firewalled and monitored.

2nd phone would be a dumb phone that has no networking at all in it, simply just to send and receive voice calls.

until there is a hard boundary (enforced, like a true barrier) between the soft apps and things that can cost you money (dialing out, stealing your contact list or local data), it just does not seem worth it to bundle all your stuff into one box.

sure, its convenient but the trust model is not good enough.

more and more, I just leave the smartphone home and use it as a wifi only device. at least I know that no sms BS is coming thru and no outgoing calls or wan connects could ever happen that would be costly or info-leaking.

seriously, I'm demotivated to invest more of my personal info on a box that I have less and less control over.

Re:I'm going to start carrying 2 phones

[tepples]

That sounds like what I've chosen to do: carry an Android PDA and a prepaid dumbphone. I pay per year what a lot of smartphone customers pay per month.

Re:I'm going to start carrying 2 phones

[GodfatherofSoul]

A phone and a PDA. The year 2002 called; it wants it's inconvenient tech model back.

Re:I'm going to start carrying 2 phones

[L4t3r4lu5]

There is no trust; Every app comes with a manifest of permissions required, and you're given the option to install the app, or not install the app. Complaining about data charges when you've installed $SuperCrappyGame when it asked you for mobile network access is just moronic.

A smartphone is meant to be convenient; It's not as good at gaming as a handheld console, not as good at web browsing or work duties as a desktop, not as good at taking pictures as a dedicated camera, the same for GPS navigation, music and video playing, eBooks etc. Not everybody wants to carry devices for all of those uses all of the time, though.

Re:I'm going to start carrying 2 phones

do that too. I did not do it conciously but I change my mobiles less often than the general public (I recall T39 from Ericsson served me 8 years) and bought tablet recently but I could not convince myself to use my real mail account or use it even for buying stuff on internet. I guess it also helps that typing things with the sorry excuse for a keyboard is just so painful that I do not. So they can see where and what pr0n I watch but that is it.As for phones I do not see the point of having one smarter than meself

Re:I'm going to start carrying 2 phones

[TheGratefulNet]

but a TRUE AIR GAP between the phone and the pda buys us a whole lot of peace of mind.

compartmentalism is a concept that the 'gee whiz' generation is quickly forgetting.

to their detriment. and everyone who uses 'fully integrated' solutions.

Re:I'm going to start carrying 2 phones

[GodfatherofSoul]

I did this for a while with a Palm Tungsten C with my Razr and it sucked. There's simply too much overlap between use cases to make it convenient.

Re:I'm going to start carrying 2 phones

[thegarbz]

Here's an original thought, don't install apps that request access to SMS or address book? Seriously I actively struggled to find normal apps that do request access to these features.

The vast majority of complaint are for free ads accessing GPS and internet. Well no kidding, how else are the free apps supposed to serve you location aware adverts? So what if you have unrestricted access to the web, providing you can't access the rest of the phone go nuts.

The Android system gives you exactly the kind of sandboxing that you're after.

Bizzare headline

100% of smartphone apps know nothing about me, except the ones that I've made myself.

DroidWall

[brouiller]

I root all of my Android devices and install the DroidWall app. It allows me to block network access to any app regardless of whether you give them permissions when installing. It's allowed me to download and use many apps that I would otherwise not have used because they wanted network access. It even lets you decide if you want to block the app on WiFi, cell data, or both.

Re:DroidWall

[pongo000]

Avast does this as well.

Re:DroidWall

[jrmech]

So then developers who take the time to develop apps and make their money on ads get nothing for their development work? And you're proud of this?

Re:DroidWall

[brouiller]

So then developers who take the time to develop apps and make their money on ads get nothing for their development work? And you're proud of this?

Indeed. I use NoScript and AdBlock in my browsers too! *gasp*

Re:DroidWall

[Solandri]

You can block/allow network access on an app-by-app basis. If the permissions on the app indicate it's not delving into my private info but it needs network access to show ads, I can always give it network access. OTOH if the app needs network access for ads, but also requires all sorts of unnecessary permissions like my contact list and location, I have no qualms about blocking it.

Re:DroidWall

[TheGratefulNet]

the point is: you should not have to root (void warranty!) your phone to control its network access.

are there 'firewalls' for each hardware device and setting? if not, then firewall checking is only one thing that needs to be done to make apps safe.

Re:DroidWall

[thegarbz]

So why are you so petrified about apps accessing the internet?

What OTHER permissions do these apps have to access things on your phone that you're so afraid of getting out? As someone who's played with app development before you can't so much as look at a file system without requiring additional permissions from android.

Why are you so afraid of an app accessing the internet yet you're likely right now giving companies like Microsoft or Google who have quite a track record with user privacy access to ALL of your system and internet right now?

Partitioned storage

[tepples]

Oh noes 45MB! of my 32GB of storage.

Phones running Android 2.x (FroYo or Gingerbread) are likely to be partitioned with 512 MB for apps and the rest for SD card. Only by 4.x (Ice Cream Sandwich) did Android phones switch to MTP for PC file transfers so that they don't need a separate partition that can be unmounted while the phone is connected to the PC.

It would take seconds to download that information over LTE, seconds!

LTE is for burst transfers, not for sustained transfers. Assuming a cap of 5 GB per month, a 45 MB download takes up about 6 hours of your cap (45 / 5000 * 30 * 24 = 6.48).

Re:Partitioned storage

[h4rr4r]

If you are running 2.x I feel for you. That device should be replaced by now.

LTE is for all the time, that is why I have an unlimited plan. Even if not 45MB is still not enough to worry about. On my Wifi it would take even less time than over the LTE.

Re:Partitioned storage

[TheGratefulNet]

If you are running 2.x I feel for you. That device should be replaced by now.

you are volunteering your personal back yard for landfill space? great. give me the address so I can dump my 'useless stuff that still happens to function' there.

do you hear what I'm saying? I bet you don't.

But why does the application need this permission?

[tepples]

But why does a particular application need to 'take pictures and videos' if it's not primarily a camera application or to 'prevent phone from sleeping'? Better yet, why does the application need 'full Internet access'?

Possible vs. easy

[tepples]

But how easy is it, under operating systems that come on home PCs sold in retail stores, to set up applications under multiple user accounts to display windows on the same screen? Secure won't get used unless secure is easy.

Re:Possible vs. easy

[wbo]

Under windows you just need to launch the application using the runas command that has been built into the OS since at least Windows 2000 (possibly as far back as some versions of NT, not sure.)

Also UAC introduced in Vista and later allow applications to run at a special reduced privileged level which gives them a set of permissions below a normal user account which prevents them from accessing many parts of the user's profile. IE, Chrome, and later versions of Acrobat will run in reduced privileged mode by default. However last I checked Firefox doesn't support this feature and always runs with the same permissions as the user that launched it.

Re:Possible vs. easy

[godrik]

"But how easy is it, under operating systems that come on home PCs sold in retail stores"

I do not use inferior operating systems :)
Actually, that would be even easier to implement in windows than in linux becasue you have finer grain ACLs available. It is just a matter of interfacing.

Re:Possible vs. easy

[tepples]

Under windows you just need to launch the application using the runas command that has been built into the OS since at least Windows 2000

Since when do installer tools make it easy to ensure that applications are always run as a particular user?

Re:But why does the application need this permissi

[h4rr4r]

How do you think you get access to the flash?
How much clearer can prevent phone from sleeping?

Torch does not need full internet access.

Connection between video and flash

[tepples]

How do you think you get access to the flash?

I didn't immediately see the connection between "take pictures and videos" and use of the flash. Perhaps Android should introduce a finer-grained permission "operate camera flash", and have "take pictures and videos" imply this.

Re:Connection between video and flash

[Red_Chaos1]

A small handful of the apps available actually explain this to you, which i thought was a nice touch. They actually go down the list of permissions required and say why it is they need them.

Re:Connection between video and flash

Since the camera is a sensitive issue for a lot of people and the flash is commonly used as an led flashlight it would make sense to separate these two things somehow. Finer grain is a good idea, at least for this case. Likely for many other cases. Too many things are linked together. Separation is better for security, but give people both options.

This could go the opposite way and a trustworthy camera app could provide a flashlight feature more accurately reflecting the true nature of the device.

A lot of this subtle crap is psychology tending to favor advertisers and/or app developers. It's the subtlety that is pretty annoying. Like a big crappy TV commercial.

Underpowered client device

[tepples]

I encountered an app that would do statistics on a picture. Said app actually uploaded the picture to a website, then pulled values back from that instead of calculating from the app itself.

An iPhone 3GS or iPod touch 4 might not have enough memory to complete the calculation or enough CPU power to complete the calculation in a reasonable time. It's for the same reason that Siri uploads compressed audio instead of attempting speech to text directly on the device.

Force close

[tepples]

Denying permissions to applications that expect those permissions would cause the applications to force close when Android throws a SecurityException. How do you think force closing like this would improve the user experience?

Re:Force close

[h4rr4r]

Sounds like shitty application design.

Try and catch a really neat you should check them out. How would your crap application handle a device that totally lacks whatever you are trying to access?

Asking on behalf of family members

[tepples]

Fine don't do those things, but then you are probably on the wrong website.

As CronoCloud has repeatedly told me, Slashdot users tend to be extreme edge cases. People who ask questions as if they are on the wrong web site might be asking on behalf of family members or co-workers who are clearly outside Slashdot's core demographic.

Re:Asking on behalf of family members

[berj]

Or. you know.. maybe I get enough of fiddling with tech 8 hours a day (and more) at work. At home I just want to use what I've got in a way that I want without resorting to backflips.

Whose hands is my data?

[camcorder]

I'm afraid of big corps than small application developers for giving my data. If a small company, or an independent developer gets my data and use it without my permission and that harms me, I can sue that guy or small company and probably protect myself. A painful process but doable.

On the other hand, I'm helpless against a big corp. I don't think there's any difference, since it includes profit and big corps can make more money out of it, in a way that big or small company can do with my personal data. Major problem is I can't fight with a big corp. I won't be able to have a energy and money to protect myself. They will do whatever they could do and I would be helpless.

It's important to educate people about the importance of their privacy, so there will be a common uprising against the big corps in case they do evil. People ignorantly trust big companies. They will accept any kind of pop-up, or warning you'd put and install their applications. Though they have no idea what could they do and what kind of power they have with these data after they get a big harm. There must be thousands of families or lifes ruined because of irresponsibility of privacy protection of facebook or google. Even I personally know couple of people affected by those. But I haven't heard any case these companies paid for their wrongdoings.

Re:Whose hands is my data?

[UnderCoverPenguin]

But I haven't heard any case these companies paid for their wrongdoings.

Pay the victim? Probably not. Paid their lawyers. Most certainly.

Some carriers are still selling 2.x phones

[tepples]

If you are running 2.x I feel for you. That device should be replaced by now.

Some U.S. carriers are still selling 2.x phones, especially carriers that operate on models other than subsidy. See for example Intercept, Chaser, Optimus Slider, Optimus Elite, and Triumph.

LTE is for all the time, that is why I have an unlimited plan.

Provided you happen to live in one of the major cities that has unlimited LTE.

On my Wifi it would take even less time than over the LTE.

Which may mean a trip to the restaurant.

Re:Some carriers are still selling 2.x phones

If you're buying a 2.x phone, you shouldn't expect to run most applications anyway. I mean, most of those phones are $150 or cheaper OFF CONTRACT.

You should be glad you're getting 80% of high-end Android's capabilities, and you're already at 100% of most other mobile smartphone OSes - even on 2.x.

Permissions related to hardware features

[tepples]

How would your crap application handle a device that totally lacks whatever you are trying to access?

It would rely on having been blocked from installing. Android apps can state that a permission is required or that a permission is required unless the hardware doesn't support it. If a permission is required and the hardware doesn't support it, Android blocks it from installing. I have seen this with newer versions of the ZXing Barcode Scanner on my Archos 43 Internet Tablet, which requires the "landscape" permission that Archos mistakenly left out of its AOSP build. The same happened when I tried to install the official build of this scanner on my Nexus 7 which has a front camera but no rear camera. I had to download the "LearnPad Scanner" and "Nexus 7 Camera Launcher" applications, which are rebuilt to allow use of a front camera. So the only permissions that the user can disable without risking a force-close are features that 1. depend on hardware and 2. have been specified as optional.

Countries with no paid apps early on

[tepples]

A free one probably wants to display adds, I suggest you buck up and spend $1 on the version that does not.

The problem here is that Google launched Android phones in some countries before it launched availability of paid apps in those countries. So in order to reach users in those countries, developers had to make their applications ad-supported. This has led to an expectation on Android that applications would be ad-supported.

Apps need permissions to work

[nomad-9]

The problem I see is that, in order for most apps to do something useful. For example, if you develop an SMS app, besides permissions on reading/writing/editing/sending messages, you will need access to contacts data, phone state and identity. Looks scary, but no SMS/MMS app can function properly without these.

I've been developing a few Android apps and they almost all require some type of "unsafe" permissions to run...except one (a small puzzler game).

Similarly, many apps need internet permissions. You can still look at what the app does, and try to determine if it really needs all the permissions it is asking. But since the problem lies in how do the app creators use those permissions beyond their declared "privacy policy", the only reasonable solution I see, is to install a monitoring app for network access, as suggested by some posters...provided the app itself isn't spying on you...

Re:Apps need permissions to work

[UnderCoverPenguin]

For example, if you develop an SMS app, besides permissions on reading/writing/editing/sending messages, you will need access to contacts data, phone state and identity. Looks scary, but no SMS/MMS app can function properly without these

The app itself should not need to know about Phone State.* The OS's SMS_API support should be able to queue messages and hold them until the state allows sending. Ideally, the SMS_API should allow the app to specify Cell Only, WiFi Only or Either, then only send queued messages when the appropriate connection is available (and via the appropriate connection).

As for Identity, an app could maintain it's own identity. Not as convenient, but some people would be willing to make this trade off. Of course, over a cell connection, the network is going to know the ESN of the phone that sent the message. I suppose SMS-over-WiFi would also have the ESN, but for other IM protocols, that could be avoided. (This assumes the OS itself doesn't unnecessarily leak personal information)

Likewise, an app could maintain its own contacts data. Again, less convenient, but some people would be willing to make the trade off.

* For apps that want to pause while a phone call is in progress, the OS could handle that for apps that request being paused.

Re:Apps need permissions to work

[MobyDisk]

Granted, but this is only a part of the problem. Go search for a flashlight app on Android that supports using the flash LEDs, but doesn't require internet access or your contact list. I know from doing this last week with some friends, that you will be about 2 or 3 screens down before you find one. That's not reasonable.

Re:Apps need permissions to work

[thegarbz]

Similarly, many apps need internet permissions.

Internet access by itself isn't scary at all. It's only a problem when combined with other permissions granted by the phone.

CyanogenMod no more... dissenting opinion on CM

[tota]

This was the reason number one why I used to recommend CM, unfortunately this feature has been dropped in CM9, apparently the developers' time is better spent making yet another media player and yet another file manager.

I understand that some of those devs may need funding for their work and that the media player can generate some income, but I think CM has lost its roots: it was about empowering the user and giving a stock Android experience, now I'm not sure what it is.. but I don't care for those apps, I want stable (and if possible timely) releases that put me in control, if I want apps I will go to the market for that.

Cancel or Allow?

[tepples]

Part of the android system should be a block/permit window whenever an app tries to do anything restricted.

How did the public react to Cancel or Allow when Microsoft introduced UAC in Windows Vista?

Patents last too long

[backslashdot]

Patents last way too long 20 years from the filing date is what it says .. but if the patent office takes long to approve it then you get to tack on that time too. There are still patents on HDTV that were filed in the 1990s that have not even been issued yet! When they get issued they will get about 18 or 19 years from the issue date.
Companies deliberately delay the approval of their patents to take advantage of this loophole. The loophole was made for pharmaceuticals (FDA approval can take a decade), but tech companies are taking advantage of it too. Couple that with the fact that you can now patent stuff that other people invented before you thanks to the change from FI to FITF .. the patent system is a joke

Angry Birds knows if you've been naughty or nice..

You know what permissions to allow a program by reading the ToS, (Terms of Service),
and I may be one of the few people that does this. The ToS will send you to their Privacy Policy
which is really what you need to read (Privacy Policy trumps the ToS).

With a Cell Phone or Tablet you have no control over your system, unless rooted which
I for one required, while I allow permissions, I also block them (HOSTS file).
(To the Anonymous Coward who showed me how to slip a HOSTS file through a rooted phone - thanks again)

The two most important permissions to me are superuser and Full internet access.
Allowing Tracking to me it's exactly dangerous but to me very close.

Using Angry Birds (rovio.com) is an example of abusing the full internet access permission:

Angry Birds Privacy Policy: http://www.rovio.com/Privacy
they use www.flurry.com for analytics

Flurry.com also has a privacy policy: http://www.flurry.com/privacy-policy.html
That you are agreeing to when you agree to Angry Birds:

Both parties (Angry Birds, Flurry-analytics) use web beacons
http://en.wikipedia.org/wiki/Web_bug to track everything you do while accessing
the network via your unrooted device.

Flurry.com knows when and who (you, your spouse, kids or which friend) checked
their email last from your Internet connection/router/WiFi. As they do collect identifiable information.

rovio.com also send "some" collected data out of country , other countries
aren't required to supply ToS's - so you no clue what's to become of that.
X-plorer is a good example using both of my important permissions and not one word
of how they handle data or if they even collect it, or if they are going to upload a program my way.

All of the above is unacceptable to me, it's beyond tracking and into following "for personalized ads".
The Target store for one may very well know your daughter is pregnant before you.
http://science.slashdot.org/story/12/02/17/1927229/how-companies-learn-your-secrets

The above is the norm for what the Cell Phone, Tablet, and such. On PC's one (I at least)
would never install something with those conditions. Games from the android stores
have some of the worst ToS I've ever read. While Angry Birds is a good example
ASTRO file manager reads the same way.

How is that NOT Vague

[SuperKendall]

Hardware controls: Take pictures and videos

So you downloaded a flashlight, it's claiming it needs to "take pictures and video" and you are still claiming the explained need for that is not vague? How is an average non-technical user supposed to know that Torch needs to "be able to take pictures" because that's the API used to access the camera flash LED???

I mean the app could just as easily also be recording everything they do when it runs.

If you can't read plain english you don't need a smartphone.

Revised: If you cannot program you SHOULD NOT run Android.

Right direction, needs improvement

[symbolic]

I personally believe that the Android security model is a step in the right direction, but what it should do is allow the user to determine which of the permissions they will *allow* an app to use, not simply tell the user which permissions the app is *going* to use. This means that apps will need to be written slightly differently, but it may also mean that they will need to work harder to justify the permissions they need.

That is how it behaves, sort of

[SuperKendall]

Okay, just making sure I understand what you're saying - you install an app on iOS, but it's totally dead in the water (i.e., no permissions to actually do anything) until the user actually engages the app for the first time, at which point it goes through the things it wants to do point-by-point, giving the user the option to not allow certain permissions, while allowing others?

You don't really understand it, but you are on the right track.

The application when you start it has no ability to access protected resources (Address Book and location and photos are protected). Network access is not a protected resource, but since it has no ability to see any of your data yet that does not matter.

Now you stated "go through the things it wants to do point by point" on launch. No, that would be stupid. How could the user know yet what made sense to allow? That is BTW the biggest problem I have with Android, it's insane to think a user CAN know up front what permissions make sense for any application, even a flashlight.

So then what happens is that as you use the application, it asks for permission as the need to access a resource comes up. So only within the app do you ask to use your contacts for something, would it bring up an alert asking if it was OK for that application to use your contacts. Only when the app was ready to make use of location would you be asked if the app should be allowed to see your location - and so on.

can you cite a source for this?

Well you could just ask any iOS users or developers since it's the way every app works. But here is just one of many stories.

Re:That is how it behaves, sort of

[CanHasDIY]

Thanks, very informative response.

can you cite a source for this?

Well you could just ask any iOS users or developers since it's the way every app works.

Anecdote != fact. C'mon, man, you know that.

But here is just one of many stories.

Yea, about that... according to your link, it appears the behavior you refer to of asking users for access per-permission is a brand new feature only available in iOS6, which was released in September of this year. So, prior to 2 months ago, iDevices had the same security issues you've implied are exclusive to the Android platform (not to mention, as not every iDevice can be updated to iOS 6, there will be many out there that still contain this flaw).

More than a bit disingenuous, if you ask me.

Re:That is how it behaves, sort of

[farble1670]

The application when you start it has no ability to access protected resources (Address Book and location and photos are protected). Network access is not a protected resource, but since it has no ability to see any of your data yet that does not matter.

network isn't a protected resource? since it's a service that can cost me real money if it's abused, it should be. what if the app starts downloading a huge database file locally to the device, over my network connection?

btw, on android, access to the network must be granted with a permission. +1 android.

Re:That is how it behaves, sort of

[SuperKendall]

Yea, about that... according to your link, it appears the behavior you refer to of asking users for access per-permission is a brand new feature only available in iOS6, which was released in September of this year. So, prior to 2 months ago, iDevices had the same security issues

Only for address book and photo data. Location (and the ability to push to the device) have always been protected the same way. The model was always sound, they just needed to add more data items to it - and they have.

Re:That is how it behaves, sort of

[SuperKendall]

network isn't a protected resource? since it's a service that can cost me real money if it's abused, it should be.

It doesn't need to be when apps have limited access to that resource when in the background. An app can only use so much data, and apps that abuse cellular data resources are in fact flagged in review.

All apps should have network access. It's a smart phone. I find it pointless to even ask that question.

Re:That is how it behaves, sort of

[berj]

I agree about this. I would love to be able to control how and when an app can access my data network (eg. Cell only, Wifi only, Both, None).

Re:That is how it behaves, sort of

[psiclops]

Anecdote != fact. C'mon, man, you know that.

no it doesn't, but it is still evidence. evidence being the thing that you use to determine if something is factual or not.

it appears the behavior you refer to of asking users for access per-permission is a brand new feature only available in iOS6, which was released in September of this year.

in security current features are more important than previous trends. in fact the only real purpose of previous trends is to help gauge unknown potential threats. unless you're trying to decide whether to by a pre-3GS iPhone ot an original iPad (so in other words devices that are no longer sold) then security flaws in pre-iOS6 are of little relevance.

iOS6 permissions settings are a good feature and one that i hope comes to stock android soon.

that being said - i've personally never had a problem with security in android. the fact that it tells me before installing an app what settings it uses has been good enough for me.

Re:That is how it behaves, sort of

[psiclops]

>

All apps should have network access. It's a smart phone. I find it pointless to even ask that question.

most of the apps i have shouldn't need network access - emulators(no online multiplayer), various games, flashlight, alarm clock, screen transparency.
others only require network access for features that some people may not care about (camera, music player, other games e.t.c.) and liter versions wouldn't need it.

i could think of features to add that may use network (uploading photos when picture is taken,identifying objects in pictures e.t.c.)

the opportunity cost of decision fatigue

[epine]

Or you could just not install any applications that ask for those permissions is that so hard?

Yes, absolutely, this is harder than it looks. Pay attention much? The problem is related to the phenomena of Decision fatigue.

Every time I go back to the Crap Store, my searches come up with applications I've already reviewed and rejected. Applications that in fact violate my express policy over which invasive permissions I'm willing to concede (let's not call it "grant") relative to the benefits derived.

Here's how it ought to work. Once I decide that messing with my address book is totally verboten, I should never again see an application listed in my app searches that requires this permission. I barely even know that such applications exist. The most I'll accept is "1520 search results screened out by your security profile".

People don't hold up well having to make the same decision day after day, week after week. Even if you succeed by force of will it's costing you a mental resource that could have be used instead to, for example, negotiate a better mortgage on your house or serve fewer years in prison.

Do You Suffer From Decision Fatigue?

My inability to define half the applications at the Crap Store by rote as candy-coated virii is a travesty of actualized self-determination.

"Modify/Delete USB storage contents"

Such permissions are much too broad! An app should be limited to a specific directory be the default, if it needs to have file access at all. For many just being able to save and store their own configuration status is completely sufficient.

At least Android has choices

[Control-Z]

Many many apps want far too many permissions. But if you firewall the app it doesn't really matter what it knows, it won't be talking to the Internet.

What I'd really like to see in Android is apps running in a sandbox and you being able to deny specific permissions for any app (with the caveat that may break the app, but so be it.)

With iOS all the permissions and spying is behind the scenes so as not to confuse or concern the user.

Just a troll

[SoftwareArtist]

This is complete nonsense. It does not mean "many apps are spying on users." It means those apps have permissions which could let them spy on users if they wanted to. In other news, 100% of Windows apps have the ability to spy on users, because Windows doesn't have a fine grained permissions model like Android does. Does that mean 100% of Windows apps "are spying on users?" No, and it doesn't mean Android apps are either.

Re:Just a troll

It means that they could if they want to. That is the problem that needs correction.

Many apps are storing various statistical data about users. This is a definite problem for those who like privacy. We have very little privacy as it is, let us keep the very small bit that we can actually have and someday maybe we can have more. Never will we have true privacy, but every little bit helps. Excess advertising hurts in the long run. We'll see.

Not as bad as it sounds

[slapout]

Some apps, like dialer apps, do need access to your contacts so they can display them to you.

Windows programs have full access to your data.

[llzackll]

99% of windows programs have almost full control of and access to almost all data on your computer. Why are people not concerned with that? I think just the fact that Android has such a permissions model is what causes more paranoia.

Do you trust the privacy policy of a web site?

[tepples]

Ideally an application's description would contain something like a privacy policy that describes what it does with each permission.

Because you should just trust what the ap says?

Do you trust the privacy policy of a web site? Do you trust that an online shopping site won't hand your credit card number to people who would abuse your identity?

Why would a developer lie after all.

To avoid being investigated, tried, and convicted of fraud.

Re:Do you trust the privacy policy of a web site?

[nedlohs]

Do you trust the privacy policy of a web site?

Of course not.

Do you trust that an online shopping site won't hand your credit card number to people who would abuse your identity?

Not really, that is after all why I use a credit card that for which charges are easily disputed and numbers easily changed. And why I buy things from sites that haven't done such things in the past over new sites if the prices aren't too much higher.

To avoid being investigated, tried, and convicted of fraud.

Because "Used to submit high scores" is so legally binding, you could never say include an identifier to track the high score as well as the score itself without going to jail.

Someone needs to design and build the UI

[tepples]

Secure won't get used unless secure is easy.

It is just a matter of interfacing.

Exactly. Until someone comes out with a user interface to build those ACLs that a proverbial grandma could use, those ACLs won't get used. But don't look to Microsoft to make a tool for securing desktop applications any time soon, as Microsoft has been busy monopolizing the distribution of WinRT applications.

Adware is the problem

[Rexdude]

If you ignore for a moment that Android was bought over by Google whose raison d'etre is advertising, it's ironic that adware has become so acceptable on Android when it's synonymous with spyware on Windows and is flagged as such by decent antivirus programs.

Most of the ad supported Android apps ask for internet access in order to display ads. The problem is you have no idea what else they're doing with that internet access. I would be very leery of something like a task manager that's ad supported..something with sufficient privileges to kill processes and yet be able to do who knows what with its internet permission.
Rooting and installing an adblocking hosts file, (or using AdAway which automates the process) is one solution, but then it deprives the app devleoper of ad revenue (for something that's otherwise free).

Seems like Google ought to separate the permission for displaying ads from that for internet access - so if your app wants to show ads, it should only be allowed to connect to Google's ad servers and do nothing else. At least that way one has peace of mind that one's ad supported contact list manager isn't surreptitiously transmitting one's phonebook somewhere.

Dropbox permissions

Why does Dropbox android app need permission to read and write to the phone account list AND CHANGE THE ACCOUNT PASSWORD????

Fuck off and fuck you

I am well within the specifications of the core slashdot community and my response to you is: fuck you, and fuck off.

I have an android phone. Yes, I know I can root it and get the functions that I expect from this type of device.

No, I don't hack my phone, or my car, or my fridge and I don't want to. I spent my day knee deep in he PC and server and frankly I just want my phone to WORK.

More importantly, if there is even a 1 in 100 chance that this $500 device I have on a 2 year contract is going to be bricked then I am not going to risk it.

When it is out of contract and I have a new phone? sure. but guess what, what do I do it my new phone doesn't have this required functionality and your response is the same?

Fuck you.

If this is not fixed by the time I get a new phone then it is highly like I will buy an iphone. Yes. For app permissions control over everything else.

DroidWall requires root

Which really sucks. Not blaming droidwall here.

When you registered on Slashdot

[tepples]

Do you trust the privacy policy of a web site?

Of course not.

If you do not trust the privacy policy of any web site, then when you provided your e-mail address to Slashdot when creating the "nedlohs" account, what made you think Slashdot wasn't going to sell your e-mail address to spammers?

And why I buy things from sites that haven't done such things in the past over new sites if the prices aren't too much higher.

What criteria would you use to determine the trustworthiness of a relatively new web site if a product that you want is available for sale only from that site, such as directly from the manufacturer?

Re:When you registered on Slashdot

[nedlohs]

If you do not trust the privacy policy of any web site, then when you provided your e-mail address to Slashdot when creating the "nedlohs" account, what made you think Slashdot wasn't going to sell your e-mail address to spammers?

I used an email I only use for signing up for such things and never actually read (well other than to look for a password reset email when I forget a password).

What criteria would you use to determine the trustworthiness of a relatively new web site if a product that you want is available for sale only from that site, such as directly from the manufacturer

I tend to do a quick search for scam reports and then take the risk. Credit cards are disposable anyway.