Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 25% of Android Apps Know Too Much About You

Posted by Soulskill on from the but-they-always-forget-my-birthday dept.

CowboyRobot writes "A pair of reports by Juniper and Bit9 confirm the suspicion that many apps are spying on users. '26 percent of Android apps in Google Play can access personal data, such as contacts and email, and 42 percent, GPS location data... 31 percent of the apps access phone calls or phone numbers, and 9 percent employ permissions that could cost the user money, such as incurring premium SMS text message charges... nearly 7 percent of free apps can access address books, 2.6 percent, can send text messages without the user knowing, 6.4 percent can make calls, and 5.5 percent have access to the device's camera.' The main issue seems to be with poor development practices. Only in a minority of cases is there malicious intent. The Juniper report and the Bit9 report are both available online."

41 of 277 comments (clear)

  1. If only! by Joehonkie · · Score: 5, Funny

    If only there were some way for me to tell which permissions an app will use when I install it!

    1. Re:If only! by Anonymous Coward · · Score: 5, Insightful

      If only there were some way to know what permissions the app really needed to do its job!

      If only you didn't have to slog through 15 different flashlight apps before you find one that doesn't want access to your address book!

    2. Re:If only! by rvw · · Score: 4, Interesting

      If only there were some way for me to tell which permissions an app will use when I install it!

      I've created one Hello World app, just to see how it works. I've followed directions, didn't do anything to snoop around. The result is that it needs Phone ID somehow. I suspect that many app programmers do nothing to snoop around, but automatically request more permissions than actually needed, probably because the programming IDE does this automatically.

    3. Re:If only! by h4rr4r · · Score: 5, Interesting

      You don't. Torch, Done.

      What Google should do is let me search for apps by permissions. I also wish they would let me never see a freemium app again. I have zero interest in them.

    4. Re:If only! by Anonymous Coward · · Score: 5, Insightful

      Disagree. It's a problem with humanity. Android does a good job of warning you that your flashlight app will send your contact list to the universe.

    5. Re:If only! by h4rr4r · · Score: 4, Informative

      Actually a lot of decent apps have a why in the description of the app.

      If it does not seem like it should need it and they fail to explain it don't install it.

      Still better than on the PC, where any application can read any of your files.

    6. Re:If only! by agentgonzo · · Score: 2

      Given Android will now (I think - I've got an iPhone so can't be sure.... ssshhhhhhhh! Don't tell anyone) tell you what permissions the app will access, why isn't there the ability to just configure android to refuse to pass those details on to the app at the OS level?

      I know I'm going into dangerous territory here by praising Facebook for their security (ssshhhhh!!!!) but when you add 'apps' to facebook, it will tell you what it is wanting to access but facebook gives you the ability to deny access to this information from the app. I would have thought it shouldn't be too hard for android to do this at the API level (and just return null or 'denied' or something) so that you can still pick which flashlight app you want to use, but tell the OS not to pass your address book onto it even if the app wants your details

    7. Re:If only! by berj · · Score: 5, Informative

      On iOS I can choose *after* installation to allow or disallow certain activities.

      So.. for example.. I can allow an application access to my calendar but not to my contacts or photos.

      If a GPS application wants access to my contacts and location I can let it.. but if it asks for access to my photos and bluetooth sharing I can disallow it.

      It's quite nice, actually.

      Android is a "take it or leave it" system. Which I suppose is great for the app developers.. but not so much for users.

    8. Re:If only! by TheGratefulNet · · Score: 4, Interesting

      permissions are vague. I can't know what the hell they plan to do!

      what I'd want is a watcher that gives pop-ups or some notification and STOPS THE APP until I let it thru. very very fine grained permit/deny and also a lot of all info that is captured and sent.

      until the apps are more transparent (they are anything but, now!) I refuse to run most android 'store' apps or anything else.

      the whole market is fucked up; the protection model is bullshit and there's no audit ability for users to feel confident that this or that app is not doing funny shit behind the owner's back.

      the permissions model is quite stupid by design. another google design failure, designed by engineers and not designed FOR users who are non-tech and simply want to know what the app is DOING.

      there also isn't a standard default firewall on unrooted android. again, I have no trust in android when I have to go around it and root it just to have a firewall and user filters or ACL's.

      the whole model needs a serious rewrite. not saying the apple model is any better, but android is quite immature in how it DOES NOT protect the user or give them any real info to go on. the only thing you have now is 'trust us' and, well, I just don't!

      vista annoyed users with the popups but I do think that some level of that is needed, here. WHEN an app tries to do things that fit some trigger, show me! show me what and when and where. keep logs of it. let me query the logs and study how good or bad this app is. let me run it in 'hobble mode' so that it, by default, does not get access to anything. let me trust it over time and relax restrictions as it gets my trust.

      the whole model is all wrong. sorry, but it seems no one was thinking of the users, here. and users are getting screwed by not having true visibility into the (often) evils that 'flashlight apps' do.

      --

      --
      "It is now safe to switch off your computer."
    9. Re:If only! by h4rr4r · · Score: 4, Informative

      There are aftermarket ROMs that do that. CM is one.

      There are tools that actually do one better, they let you give apps fake data. Let that stupid game have a GPS, one that shows you out in the Atlantic.

    10. Re:If only! by berj · · Score: 3, Informative

      On iOS I can choose *after* installation to allow or disallow certain activities.

      So.. for example.. I can allow an application access to my calendar but not to my contacts or photos.

      How do you know that, by the time you disable the permission, the app hasn't already uploaded your info to their servers?

      because (sensibly) by default apps have no such permission. I get asked if I want to allow the action the very first time.

      Android is a "take it or leave it" system. Which I suppose is great for the app developers.. but not so much for users.

      Except, with Android, I can root my phone and do whatever the heck I want with it.

      And what about those of us that don't want to bother with such things? I don't build my own computers. I don't jailbreak my iDevices.. I don't tinker with my car.. I don't mod my fridge. If I have to immediately start hacking my device in order to get the security I want then it's not really much good to me.

    11. Re:If only! by Syphonius · · Score: 3, Interesting

      Then you may have done it wrong (or whatever example you followed was wrong). The default IDE (Eclipse with the ADK plugin) does not generate permissions into the manifest. They all go in manually. If your Hello, World required extra permissions then they were most likely added by accident or you are using some uncommon IDE/plugin.

    12. Re:If only! by Minderbinder106 · · Score: 3, Informative

      CM was one. CM7 had this feature but it was taken out for CM9/CM10. It's too bad, it was a great feature.

    13. Re:If only! by Jeng · · Score: 3, Insightful

      Here is vague.

      full Internet access: Allows the app to create network sockets.

      The main question I have is Why does it need internet access? And that is not answered.

      --
      Don't know something? Look it up. Still don't know? Then ask.
    14. Re:If only! by jeffmeden · · Score: 2

      And what about those of us that don't want to bother with such things? I don't build my own computers. I don't jailbreak my iDevices.. I don't tinker with my car.. I don't mod my fridge. If I have to immediately start hacking my device in order to get the security I want then it's not really much good to me.

      You are completely missing the point. If you are holding an android device in your hand then, much like an iPhone, it is already secure. If you choose to install a shitty app, that's on *you* and just because the OS or the ghost of Steve Jobs doesn't step in and smack your hand, that doesn't mean the only way to maintain security is to "immediately start hacking". Security first, shitty flashlight apps second. That should be the workflow. If it's too much to grasp, then sure stick with your iPhone.

    15. Re:If only! by Voyager529 · · Score: 5, Informative

      LBE Privacy Guard. Still free, and still allows denial of permissions to apps on a rooted phone.

    16. Re:If only! by L4t3r4lu5 · · Score: 2

      Given Android will now ... tell you what permissions the app will access, why isn't there the ability to just configure android to refuse to pass those details on to the app at the OS level?

      This is a feature of Cyanogenmod. You can revoke permissions in a granular fashion; There's no knowing how it will affect the app's performance, and you do so at your own risk obviously. For all others, there's LBE Privacy Guard which will prevent access to contacts, messages, location, and data services on a per-app basis.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    17. Re:If only! by tlhIngan · · Score: 2

      If only there were some way for me to tell which permissions an app will use when I install it!

      You do realize that Android has been making it progressively harder? In ICS, the big fat "INSTALL" button is located at the top (instead of the bottom) so users can quickly tap Install, Install and never see the permission list.

      Plus, a lot of permissions get grouped under "Other permissions" so you have to tap that in order tlo see the full permission list, so at best you see a few major permissions, and the rest are socked away.

      Finally - Dancing Pigs. Users want to run the app, permissions list be damned. They click through the permission list like it was some EULA. They aren't going to read it.

    18. Re:If only! by lister+king+of+smeg · · Score: 2

      the platform is perfectly secure you simply granted access to things you shouldn't it like saying that prisons are incapable of keeping felons from escaping, after you handed each prisoner a master key and told the wardens to let them leave.

      the problem lies with the developers for demanding to many permissions and the user for granting them

      --
      ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
    19. Re:If only! by Samantha+Wright · · Score: 2

      You've hit the nail on the head. It's Church-Turing impossible to guarantee knowledge in advance of what the program will or will not do, beyond what API calls it's allowed to make.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    20. Re:If only! by farble1670 · · Score: 2

      If a charge comes up, I reference that conversation and it's their problem. No charge has come up.

      that's good that it has not come up, because if you think referencing previous conversation with a support rep is going to help, i have a bridge to sell you.

  2. Privacy apps - LBE by rvw · · Score: 4, Informative

    I've installed LBE Privacy control and it blocks unnecessary permissions for many apps. Why does a keyboard need internet access? The only thing I'm concerned about... What does LBE know, and what does it share?

  3. Fine grained options by photonic · · Score: 2

    They should add more fine-grained permission, so that for example an application would only require 'access to add-server' instead of full network access. And please make some clear policy that gets enforced, i.e. applications that do ask more permissions than they need get banned until the problem is fixed.

    --
    karma police: arrest this man, he talks in maths; he buzzes like a fridge, he's like a detuned radio. [radiohead]
    1. Re:Fine grained options by tepples · · Score: 2

      No. An iPhone would cost $297 extra for a developer certificate that covers the three-year life of the device, and that's assuming that I switch to a Mac on my next computer purchase.

    2. Re:Fine grained options by skandalfo · · Score: 2

      The J2ME security model did this. You would start a photo-manager midlet and you would have to authorize access in a nagging pop-up form for each single directory in the path to the photo you were going to see and then for the photo file itself. This was totally horrendous, and I prefer the security model in Android to that.

      Moreover, it's difficult to make any automated system *understand* what a program is actually doing. If you just give permission to an app for connecting to a specific server for downloading the weather forecast, it could be using that same connection to funnel any data (for which it has access) away.

      The more interesting approach to actually controlling access in a useful way is the way in which intents work in Android, actually. See Locale, for instance, for which you can get plugins downloaded as independent apps. The main program and the plugins communicate via a well-defined intent-based protocol. Each plugin will get different (and thus limited) permissions, as they need. The location plugin will access the GPS, a messaging one might need SMS or account access. You can enable/disable/install/uninstall them as needed, providing fine and sensible control.

      To some extent, the same thing happens with the share menu, at a much more coarse level.

  4. What we need is name and shame by e065c8515d206cb0e190 · · Score: 3, Interesting

    We need a website listing apps and what persmissions they require vs use.

    Developers will start paying attention when their apps are publicly shamed.

  5. Lets Mention Apple by tuppe666 · · Score: 4, Informative

    Lets have a little balance

    http://www.huffingtonpost.com/2012/02/15/iphone-privacy-app-path-facebook-twitter-apple_n_1279497.html?ref=mostpopular

    Facebook, Twitter, Foursquare, Instagram all send email addresses and phone numbers to their local servers.

    The whole thing blew up and ended up with US congressmen sending letters to Tim Cook. This was feburary this year

    "This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."

    Butterfield and Waxman then quote parts of Apple’s iOS developer website which states that Apple provides a comprehensive collection of tools and frameworks for storing, accessing and sharing data. It is then questioned whether Apple requires apps to request user permission before transmitting data about a user."

    1. Re:Lets Mention Apple by Bogtha · · Score: 3, Insightful

      Lets have a little balance

      Facebook, Twitter, Foursquare, Instagram all send email addresses and phone numbers to their local servers.

      All of these companies have both official iOS apps and official Android apps, and the ones I've used on Android have definitely accessed my contacts. In fact, Facebook made headlines by fucking up the email addresses in the address books of Android users recently.

      But yes, let's have a little balance by directing the blame for the actions of these particular companies solely at Apple.

      --
      Bogtha Bogtha Bogtha
  6. Yeah by errandum · · Score: 3, Interesting

    That study is irrelevant. Most of those apps don't know that because they need to, but because they are free and the averts do.

    Do the same study on payed apps. For example, GPS location access is not present on any of the games I bought so far.

  7. I just got an android and it's plain scary. by Jartan · · Score: 4, Insightful

    The way things are setup on stock android is a nightmare. The supposed "Walled Garden" doesn't even exist. Android doesn't have malware/viruses because "legit" apps can walk right in and do whatever they want. Want to steal all your users contacts and use them for spam? There's a built-in API for that.

    I was trying to download a widget for screen brightness and 99% of the free ones wanted internet access permissions. It was just absolutely atrocious.

    The only redeeming feature is how easy it is to root and fix.

  8. Versus desktops? by Eric+Coleman · · Score: 2

    That operating systems like iOS and Android even give someone the ability to see that certain permissions are required, and by the compliment, that there are permissions that are not required, is a step in a good direction. That granularity feature is absent in desktop applications--essentially all permissions are granted by default. For all I know pkunzip could have been keeping track of all those file_id.diz it encountered in order to build a profile of me, then dialing some BBS to upload the statistics to. That might seem implausible, but since there was no central authoritative repository to download pkunzip, it came from a BBS. That BBS could have replaced it with its own custom version for tracking.

    The larger point is that desktop programs could have been doing for years what people are worried about with tablet and phone applications.

    That said, it still creeps me out to see a solitaire game needing access to my address book. Maybe this is a case of "out of sight, out of mind."

  9. I'm going to start carrying 2 phones by TheGratefulNet · · Score: 3, Interesting

    one that is the smartphone (portable computer) and that will not have sms, cell service, address book, etc. rooted and firewalled and monitored.

    2nd phone would be a dumb phone that has no networking at all in it, simply just to send and receive voice calls.

    until there is a hard boundary (enforced, like a true barrier) between the soft apps and things that can cost you money (dialing out, stealing your contact list or local data), it just does not seem worth it to bundle all your stuff into one box.

    sure, its convenient but the trust model is not good enough.

    more and more, I just leave the smartphone home and use it as a wifi only device. at least I know that no sms BS is coming thru and no outgoing calls or wan connects could ever happen that would be costly or info-leaking.

    seriously, I'm demotivated to invest more of my personal info on a box that I have less and less control over.

    --

    --
    "It is now safe to switch off your computer."
  10. DroidWall by brouiller · · Score: 5, Informative

    I root all of my Android devices and install the DroidWall app. It allows me to block network access to any app regardless of whether you give them permissions when installing. It's allowed me to download and use many apps that I would otherwise not have used because they wanted network access. It even lets you decide if you want to block the app on WiFi, cell data, or both.

    --
    In life you hoped to do what you could but mostly you did what you were told and that was the end of it.
  11. Re:You know nothing, Jon Snow by GIL_Dude · · Score: 2
    You make it sound simple. It does, indeed, look simple. But when an app wants to "Read Phone State" - is that so that it can quickly get out of the way when the phone rings or is it so that it can send your phone number (and the numbers of the people who call you) to a remote server? Some actions that it could take by acting on "Phone State" data would be things users would want, other thing it could do would be things users definitely don't want. For example, a game I saw on TWiT.tv's show "All About Android" called "Flow Free" requires this:

    READ PHONE STATE AND IDENTITY
    Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.

    So is it going to store my phone number in a database somewhere? Is it simply going to avoid trying to send data if a phone call is active? We, as users, have no way of knowing. And, if they made the permissions even more granular, we would never be able to successfully wade through all of them. I need someone smarter than me to fix the design. But the design as it exists today is largely useless.

  12. Re:Know too much? by Applekid · · Score: 4, Funny

    If you've stayed at a hotel, odds are good someone's seen you nude.

    In that case, I'm glad I'm ugly as sin, and hope I've blinded them. :)

    --
    More Twoson than Cupertino
  13. Force close by tepples · · Score: 2

    Denying permissions to applications that expect those permissions would cause the applications to force close when Android throws a SecurityException. How do you think force closing like this would improve the user experience?

  14. Whose hands is my data? by camcorder · · Score: 2

    I'm afraid of big corps than small application developers for giving my data. If a small company, or an independent developer gets my data and use it without my permission and that harms me, I can sue that guy or small company and probably protect myself. A painful process but doable.

    On the other hand, I'm helpless against a big corp. I don't think there's any difference, since it includes profit and big corps can make more money out of it, in a way that big or small company can do with my personal data. Major problem is I can't fight with a big corp. I won't be able to have a energy and money to protect myself. They will do whatever they could do and I would be helpless.

    It's important to educate people about the importance of their privacy, so there will be a common uprising against the big corps in case they do evil. People ignorantly trust big companies. They will accept any kind of pop-up, or warning you'd put and install their applications. Though they have no idea what could they do and what kind of power they have with these data after they get a big harm. There must be thousands of families or lifes ruined because of irresponsibility of privacy protection of facebook or google. Even I personally know couple of people affected by those. But I haven't heard any case these companies paid for their wrongdoings.

  15. Permissions related to hardware features by tepples · · Score: 2

    How would your crap application handle a device that totally lacks whatever you are trying to access?

    It would rely on having been blocked from installing. Android apps can state that a permission is required or that a permission is required unless the hardware doesn't support it. If a permission is required and the hardware doesn't support it, Android blocks it from installing. I have seen this with newer versions of the ZXing Barcode Scanner on my Archos 43 Internet Tablet, which requires the "landscape" permission that Archos mistakenly left out of its AOSP build. The same happened when I tried to install the official build of this scanner on my Nexus 7 which has a front camera but no rear camera. I had to download the "LearnPad Scanner" and "Nexus 7 Camera Launcher" applications, which are rebuilt to allow use of a front camera. So the only permissions that the user can disable without risking a force-close are features that 1. depend on hardware and 2. have been specified as optional.

  16. Apps need permissions to work by nomad-9 · · Score: 2

    The problem I see is that, in order for most apps to do something useful. For example, if you develop an SMS app, besides permissions on reading/writing/editing/sending messages, you will need access to contacts data, phone state and identity. Looks scary, but no SMS/MMS app can function properly without these.

    I've been developing a few Android apps and they almost all require some type of "unsafe" permissions to run...except one (a small puzzler game).

    Similarly, many apps need internet permissions. You can still look at what the app does, and try to determine if it really needs all the permissions it is asking. But since the problem lies in how do the app creators use those permissions beyond their declared "privacy policy", the only reasonable solution I see, is to install a monitoring app for network access, as suggested by some posters...provided the app itself isn't spying on you...

  17. That is how it behaves, sort of by SuperKendall · · Score: 2

    Okay, just making sure I understand what you're saying - you install an app on iOS, but it's totally dead in the water (i.e., no permissions to actually do anything) until the user actually engages the app for the first time, at which point it goes through the things it wants to do point-by-point, giving the user the option to not allow certain permissions, while allowing others?

    You don't really understand it, but you are on the right track.

    The application when you start it has no ability to access protected resources (Address Book and location and photos are protected). Network access is not a protected resource, but since it has no ability to see any of your data yet that does not matter.

    Now you stated "go through the things it wants to do point by point" on launch. No, that would be stupid. How could the user know yet what made sense to allow? That is BTW the biggest problem I have with Android, it's insane to think a user CAN know up front what permissions make sense for any application, even a flashlight.

    So then what happens is that as you use the application, it asks for permission as the need to access a resource comes up. So only within the app do you ask to use your contacts for something, would it bring up an alert asking if it was OK for that application to use your contacts. Only when the app was ready to make use of location would you be asked if the app should be allowed to see your location - and so on.

    can you cite a source for this?

    Well you could just ask any iOS users or developers since it's the way every app works. But here is just one of many stories.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  18. At least Android has choices by Control-Z · · Score: 2

    Many many apps want far too many permissions. But if you firewall the app it doesn't really matter what it knows, it won't be talking to the Internet.

    What I'd really like to see in Android is apps running in a sandbox and you being able to deny specific permissions for any app (with the caveat that may break the app, but so be it.)

    With iOS all the permissions and spying is behind the scenes so as not to confuse or concern the user.