More Than 25% of Android Apps Know Too Much About You
CowboyRobot writes "A pair of reports by Juniper and Bit9 confirm the suspicion that many apps are spying on users. '26 percent of Android apps in Google Play can access personal data, such as contacts and email, and 42 percent, GPS location data... 31 percent of the apps access phone calls or phone numbers, and 9 percent employ permissions that could cost the user money, such as incurring premium SMS text message charges... nearly 7 percent of free apps can access address books, 2.6 percent, can send text messages without the user knowing, 6.4 percent can make calls, and 5.5 percent have access to the device's camera.' The main issue seems to be with poor development practices. Only in a minority of cases is there malicious intent. The Juniper report and the Bit9 report are both available online."
If only there were some way for me to tell which permissions an app will use when I install it!
I've created one Hello World app, just to see how it works. I've followed directions, didn't do anything to snoop around. The result is that it needs Phone ID somehow. I suspect that many app programmers do nothing to snoop around, but automatically request more permissions than actually needed, probably because the programming IDE does this automatically.
You don't. Torch, Done.
What Google should do is let me search for apps by permissions. I also wish they would let me never see a freemium app again. I have zero interest in them.
permissions are vague. I can't know what the hell they plan to do!
what I'd want is a watcher that gives pop-ups or some notification and STOPS THE APP until I let it thru. very very fine grained permit/deny and also a lot of all info that is captured and sent.
until the apps are more transparent (they are anything but, now!) I refuse to run most android 'store' apps or anything else.
the whole market is fucked up; the protection model is bullshit and there's no audit ability for users to feel confident that this or that app is not doing funny shit behind the owner's back.
the permissions model is quite stupid by design. another google design failure, designed by engineers and not designed FOR users who are non-tech and simply want to know what the app is DOING.
there also isn't a standard default firewall on unrooted android. again, I have no trust in android when I have to go around it and root it just to have a firewall and user filters or ACL's.
the whole model needs a serious rewrite. not saying the apple model is any better, but android is quite immature in how it DOES NOT protect the user or give them any real info to go on. the only thing you have now is 'trust us' and, well, I just don't!
vista annoyed users with the popups but I do think that some level of that is needed, here. WHEN an app tries to do things that fit some trigger, show me! show me what and when and where. keep logs of it. let me query the logs and study how good or bad this app is. let me run it in 'hobble mode' so that it, by default, does not get access to anything. let me trust it over time and relax restrictions as it gets my trust.
the whole model is all wrong. sorry, but it seems no one was thinking of the users, here. and users are getting screwed by not having true visibility into the (often) evils that 'flashlight apps' do.
--
"It is now safe to switch off your computer."