Some Users Find Swype Keyboard App Makes 4000+ Location Requests Per Day

New submitter postglock (917809) writes "Swype is a popular third-party keyboard for Android phones (and also available for Windows phones and other platforms). It's currently the second-most-popular paid keyboard in Google Play (behind SwiftKey), and the 17th highest of all paid apps. Recently, users have discovered that it's been accessing location data extremely frequently, making almost 4000 requests per day, or 2.5 requests per minute. The developers claim that this is to facilitate implementation of 'regional dialects,' but cannot explain why such frequent polling is required, or why this still occurs if the regional function is disabled. Some custom ROMs such as Cyanogenmod can block this tracking, but most users would be unaware that such tracking is even occurring." Readers in the linked thread don't all seem to see the same thing; if you are a Swype user, do you see thousands of location requests, none, or something in between?

This sounds more like incompetence...

[Torp]

... than malice.
Or malice (location tracking) plus gross incompetence in implementation.

Re:This sounds more like incompetence...

[mrxak]

Either way, I'm glad I don't use Swype.

Re:This sounds more like incompetence...

I do not think so. If it would be incompetence, at the moment of testing, the testdatabase would show a large numbers of records immediately.

Location tracking is big business.

Re:This sounds more like incompetence...

[TrollingForHostFiles]

Read their FAQ about
"Living language"
This data mining ain't
Excess baggage!

BURMA SHAVE

Re: This sounds more like incompetence...

SwiftKey does the same thing so either stick with default or get screwed.

Re:This sounds more like incompetence...

[sumdumass]

Does the app send the location data anywhere?

Outside of a small delay, it probably would be just fine only looking up the location when the app is first opened and when it opens every 5 hours or so. Maybe even less- especially when the regional function is turned off.

2.5 times a minute is definitely tracking in the literal sense. They would know everywhere you went and probably even when you went to the restroom assuming you had the phone in your pocket. I run wigle every once in a while and while I would expect it to update the location data often, I don't think it checks the location near as much as swype seems to. That is of course if those reports are true.

Re:This sounds more like incompetence...

[TheRaven64]

The Google Keyboard for Android sends what you're typing to Google servers 'to improve suggestions,' so I don't think that asking for your location a lot is the worst invasion of privacy of a mainstream on-screen keyboard app. The AOSP keyboard also requires a phenomenal list of permissions, including the ability to download files without notification, read contacts, modify or delete contents of USB storage and view accounts on the device. No idea why it needs all of these things - I wouldn't mind so much if it had access to all of my data for improving predictions if it didn't also have the ability to make network connections.

Re:This sounds more like incompetence...

[Nikker]

According to Google Play Store this app has about 40K installs. We are saying that 40K x (60x60x24) x 2.5 = 8,640,000,000 rows added per day is something that not even the DBA noticed?

That's a bit of a stretch.

Re: This sounds more like incompetence...

[robmv]

download files without notification: dictionary updates
read contacts: suggestions
modify or delete contents of USB storage: I don't know why it needs this one, store dictionary outside private app directory?
view accounts on the device: suggest your email address

Re:This sounds more like incompetence...

[Lumpy]

Which is why the hacker keyboard is on mine. it doesnt do any of this crap.

Re:This sounds more like incompetence...

[Nikker]

Mistake on my math that would have been 2.5 / second, the real number would be:

40,000 x (60x24x2.5) = 144,000,000 rows per day (still quite a bit).

Re:This sounds more like incompetence...

[mrxak]

I'm honestly asking here, but how much typing do you actually need to do on your phone?

Re: This sounds more like incompetence...

[TheRaven64]

download files without notification: dictionary updates

Could be bundled as part of the application, updated via the normal mechanism, without requiring it to have a permission that allows it to send data remotely ('download' can mean an HTTP GET with a really long query).

read contacts: suggestions

Most of the time, I'm not typing a contact's name so this sounds like it would lead to a lot of false positives. I've never seen it suggest a name that isn't a common English name though, so it doesn't seem to actually need this.

modify or delete contents of USB storage: I don't know why it needs this one, store dictionary outside private app directory?

If that is the case, it's bad design.

view accounts on the device: suggest your email address

It doesn't seem to ever do that for me...

Re: This sounds more like incompetence...

[Minderbinder106]

I checked my Privacy Guard settings on my CM11 Nexus 5 and SwiftKey has never accessed my location data.

Re:This sounds more like incompetence...

[allo]

use the aosp one.

Re:This sounds more like incompetence...

[msauve]

Swype comes standard with a lot of phones (although not necessarily the default keyboard. For example, many Samsung Galaxy S4s come with it pre-installed. And they've sold 40 million of those.

Your first try was probably more accurate, even if the math was wrong.

Re:This sounds more like incompetence...

[andydread]

Has it been shown that the app has actually been uploading or storing any data? or is it just simply polling the GPS subsystem for location information?

Re:This sounds more like incompetence...

[knarf]

Just put it behind the firewall, no more requests to Google. Use something like privacy guard (in CM) or a similar 'datawall' to keep it from your personal data. Disable location, who needs it anyway? The mere fact that these devices can be tethered to your every personal detail does not mean you should - or want.

Don't use a factory distribution. Build one yourself, or use a build from somewhere you trust. Root your phone. Use a firewall. Use a 'datawall'.

For those of you inclined to start proselytizing for Apple or Microsoft (or any other brand) I'd say wake up and smell the coffee. The difference between Android and 'the others' is that on Android you have a choice. On Apple you don't, you just drink the Cool Aid. Same on Microsoft.

Of course even a self-built Android distribution still uses closed source binary blobs for all sorts of stuff, including the much maligned radio/modem which often has total control over your device. So... if it is a tablet device you wanted... take one without a WAN interface. One less leak to stop...

Re: This sounds more like incompetence...

[rsilvergun]

You used to need the write to external storage permission to save the app to the external Smart Card. My old Hauwei Ascend ii had 128 megs of internal ram. A few updates from google and that was full, so if your app couldn't install to my 8 gig sim card then your app wasn't getting installed on my phone.

Re:This sounds more like incompetence...

[WaffleMonster]

The Google Keyboard for Android sends what you're typing to Google servers 'to improve suggestions,'

Google keyboard provides an option to turn the feature off so there is that.

so I don't think that asking for your location a lot

Is it asking for your location? Is a list of take it or leave it demands most apps make these days really asking a question?

is the worst invasion of privacy of a mainstream on-screen keyboard app.

Perfectly happy to declare all of these fine contestants winners of the privacy invasion contest. I must say proliferation of cheesy excuses to collect data is truly inspired. We need to know where you are at all times physically to configure a localization setting...yea that's it...

Re: This sounds more like incompetence...

[AuMatar]

You're wrong on a lot of levels.

Dictionary updates can't be bundled when you have 80+ languages of over 1 MB each. OEMs and consumers complain about apk size already, and different languages will be updated at different rates. You don't want to make everyone download a new version because hinglish was updated (yes, that's a real language). Thus downloads from the internet.

Reading contacts- It suggests my contact's names a fair amount of the time. Of course I have a lot of non-english names in my contact list. The false positive rate is fairly low here. It's a useful but non-critical feature. The problem is that every other keyboard does it, so if Swype didn't it would look worse in comparison.

USB storage- this is really your micro-SD storage. ANd yes, it has to use it. Private directory data is limited on Android. The limits are per-device and not known in advance. But if a user downloads a bunch of dictionaries, they will easily go over the limit. Thus it puts them on the SD card. Look at your SD card and you'll see damn near every Android app of any size does this.

Re:This sounds more like incompetence...

[perryizgr8]

why would *anyone* use swype now? samsung phones have built in swiping keyboard, so do nexus phones. i guess it's those other 10% android suckers.

Re: This sounds more like incompetence...

Maybe off topic but I've always considered the Android app permission model seriously flawed. You grant them at download time clickwrap-style and it keeps them forever. You can't evaluate the app without giving it all of the keys. It won't install otherwise.. Users just tend to tap through the warnings and forget about them. They just want to try the damn thing.

In iOS apps don't get permission to potentially sensitive resources until it asks for them, at which time you have to grant them access. And you can chose not to! If an app breaks because you refuse it permission then Apple will remove it from the store.

You can even pick and choose which things you want. Like location yes, photos no (No twitter. You're not getting in to my fucking email or contacts. Fuck off)

Re:This sounds more like incompetence...

[Kielistic]

Typing anything more than a simple sentence with TXT speak on a phone is unbearable to anyone used to typing quickly. Swype bridges that gap a little and makes it annoying but bearable.

Re:This sounds more like incompetence...

[lucien86]

It needs all those permissions because its hack software. It needs the network access to send your secrets and private data and stuff like bank account details. Don't worry they need your bank details without telling you so that they can watch your finances secretly and provide you a better service. Honestly. (Details may be sold on to criminals or telesales marketers)

Regional dialects

[jones_supa]

"Regional dialects". :D What an explanation.

Re:Regional dialects

[Charliemopps]

You need to understand that this application is trying to anticipate what you're trying to type before you type it. If you're at a stop&go and you start to type "I'm getting..." your next word might be Gas, Beer or robbed but it's probably not going to be "ready for work" that would be more likely if you were at home.

So by saying "regional dialects" they might mean far more specific regions than you're thinking and they just communicated it very poorly.

Re:Regional dialects

[jones_supa]

Aha!

Re:Regional dialects

[Bing+Tsher+E]

Yes, but no matter where you are if you're in an 'update' on some social networking thing, the logical choice is "I'm getting stupid" so no further scanning is necessary.

Re:Regional dialects

[TheGratefulNet]

regional dialects, my ass!

well, bless their hearts.

Re:Regional dialects

[K.+S.+Kyosuke]

"dialect" refers to language, not a place. Please stop making excuses for lies.

Actually, a dialect is an umbrella term for a specific variety of a language, and just happens to be most often associated with places of L1 acquisition. (Varieties linked to social strata (sociolects) or individual people (idiolects) and others are also recognized.)

Re: Regional dialects

[Minderbinder106]

CM11 Privacy Guard on my phone shows that SwiftKey has never accessed my location data.

Re:Regional dialects

[allo]

yeah, because you totally want to use the local dialect, as soon as you are there.

Re:Regional dialects

[BasilBrush]

You need to understand that this application is trying to anticipate what you're trying to type before you type it. If you're at a stop&go and you start to type "I'm getting..." your next word might be Gas, Beer or robbed but it's probably not going to be "ready for work" that would be more likely if you were at home.

That's quite a fairy tale you've constructed there to excuse a spyware app on your favoured phone platform.

Re:Regional dialects

[Hognoxious]

Varieties linked to social strata (sociolects) or individual people (idiolects) and others are also recognized.

Is either of those influenced by where you happen to be at a particular moment? Does either of those change over the polling interval?

Not relevant, then.

Re: Regional dialects

I'd rather the app request location data from the local service running on the phone, than sending whatever I type (or read) to external servers.

Re:Regional dialects

[Hognoxious]

Say I'm ganning, I mean going from Newcastle to London. That's about 300 miles, and I'll go from "Why aye man" via "Eee by 'eck" and "alright me duck" to "gor love a duck, guvnor".

That's a change every 8 minutes - if I'm traveling in a jet fighter..

By my reckoning it's polling 20 times as often as it could ever need to.

Re:Regional dialects

[K.+S.+Kyosuke]

That would be probably be a register. I was reacting to the '"dialect" refers to language, not a place' part, which didn't make too much sense to me. There is, however, not that much of technical difference between the referents of the two terms. Both are a set of constraints placed on all levels of the language. Any speech or text prediction system is not going to care about labels we puny humans place upon the differently restricted varieties of language; all of them are going to be using the same algorithms and data structures. This is where the cold, objective machine is right and we are wrong.

Re:Regional dialects

[AuMatar]

Disclosure: I worked at Swype 2 years ago. I left 6 months after the buyout. At that time we didn't make any requests for location.

However, I am currently on a trip to Europe, and I use Swype. It definitely added place names (Catalunya or Palau would not be in a native english dictionary, but were swypable for me in Barcelona). It was a useful feature. There should definitely be a way to turn it off, and doing so should stop it from requesting any location information. But the explanation is reasonable.

Then again, I think Android in general needs to be more granular with permissions- I should be able to turn on and off permissions by app, and the OS should return a reasonable default or throw an exception if the permission isn't granted.

Re:Regional dialects

[postglock]

Disclosure: I worked at Swype 2 years ago. I left 6 months after the buyout. At that time we didn't make any requests for location.

I'm not sure how much you can disclose, but there seems to be a general discontent with Nuance and their level of competence since the takeover. I was wondering if you can shed any light on this, and the future development of Swype.

I think Android in general needs to be more granular with permissions- I should be able to turn on and off permissions by app, and the OS should return a reasonable default or throw an exception if the permission isn't granted.

That's one of the advantages of Cyanogenmod (and presumably other custom ROMs). Hopefully this feature will roll out into most ROMs one day.

Re:Regional dialects

[AK+Marc]

how does that work? I've seen lots of complaints that it checks location often. But I've seen no assertions that it sends it back "home".Spyware that sends nothing to anyone.

Re:Regional dialects

[AuMatar]

I really don't want to air all my dirty laundry. I left at the 6 month mark because we agreed to it- I had worked at a previous startup (in a completely different field) bought by the same company and knew I didn't want to be there long term. So we agreed on a compensation package for me to stick around for a few months to get them into a good position, leading the maintenance team as they merged codebases.

I will say very few of the original Swype devs are still there, and some of those that are have moved to other positions in the company. So there was definitely a brain drain. There almost always is when a startup is bought- people were working at a startup for a reason, had they wanted to work for a large company most of them could have easily.

As for the future development of Swype- I have no clue. I talk to friends there, but we don't go over the roadmap together. Especially as I'm potential competition now, working on Dryft (www.dryft.com).

Re:Regional dialects

[postglock]

Okay, thanks for the response and candidness. Despite the brain drain, I suppose Swype is fairly mature anyway.

Since I have a rooted phone, I can deny Swype internet access and be comfortable that I'm not being tracked, but I was more concerned that I was supporting an unethical company. However, I've already paid, so I suppose it doesn't make any difference.

Good luck with Dryft. I don't have a tablet, but it looks pretty nifty!

Re:Regional dialects

[AuMatar]

The remaining devs aren't unethical. Management- the levels I know I wouldn't say are unethical, but their ethics may not be as pro-privacy as yours and mine and I definitely can't speak for higher levels. I tend to believe them that it's a bug, it's an easy type of bug to write- just write some code that tries again in X seconds if it can't get the location, and forget to put any type of exponential backoff in it. But if you have any doubts I'd turn it off since you're already rooted.

Re:Regional dialects

[balbus000]

If the suggestions aren't static, then they are useless.

If I know to type "mittens" I need to press M, I, and then it will be the word suggested in the center, then I will learn to use it. If I type M, I, and the suggested word could be "milk" or "might", etc. then stopping to read the suggested words will take longer than just typing the word out myself.

Same goes for word predictions based on the previous word. It has to be static to be useful.

Re:Regional dialects

[postglock]

No, sorry, I didn't mean to suggest the devs were unethical. And yes, it seems that we both define "unethical" as "pro-privacy" :)

You might be right that it's a bug. However, in this case, it still polls extremely regularly even if I *don't* restrict the permissions. So I think that even if it gets the location, it still polls this frequently.

Re:Either way

[mrxak]

Hey, at least those cans and string aren't draining our batteries unnecessarily and uploading our every move to some company doing who knows what with it.

Can someone blow the lid on Android Apps?

[Tasha26]

Each time an App wanted to update in the last 6 months, it was to increase its access to areas of my Samsung phone that I thought were completely un-necessary for it to work properly. Makes you wonder who in the Google Store is rubber stamping the ok on such Apps! When will privacy groups wake up and start lawsuits against App makers and/or Google? Maybe it will fist require a popular tech website to run a Top-10 Worst Privacy Infringing Apps in Google store.

Re:Can someone blow the lid on Android Apps?

Each time an App wanted to update in the last 6 months, it was to increase its access to areas of my Samsung phone that I thought were completely un-necessary for it to work properly. Makes you wonder who in the Google Store is rubber stamping the ok on such Apps! When will privacy groups wake up and start lawsuits against App makers and/or Google? Maybe it will fist require a popular tech website to run a Top-10 Worst Privacy Infringing Apps in Google store.

When will privacy groups come to aide your suffering of gross stupidity? Don't hold your breath.

No one is twisting your arm to download, install, or use these apps. YOU are doing that every time you agree to install or update the dame thing.

And I'm sorry, but this should be of no surprise to anyone that any "free" app installed on damn near anything these days wants to track you in some way, shape, or form that has little or nothing to do with the app itself.

How the hell do you think Google became a household name. They sure as shit didn't do it selling lollipops.

Re:Can someone blow the lid on Android Apps?

[jones_supa]

Maybe it will fist require a popular tech website to run a Top-10 Worst Privacy Infringing Apps in Google store.

Could as well flip it around and instead make a third party give a "Privacy Gold Star" for apps that don't infringe your privacy and don't require unnecessary permissions from the phone operating system.

Re: Can someone blow the lid on Android Apps?

[l2718]

I agree that are asking for absurd permissions, but I don't see the store as responsible for policing app permissions. Rather, you and I do so by refusing those updates and by not installing the apps on the first place.

If most consumers don't care, then we who do need to live in the "long tail"; mainstream apps won't cater to us.

Re: Can someone blow the lid on Android Apps?

It's probably that most users don't understand or recognize the implications of the added permissions

Re:Can someone blow the lid on Android Apps?

[Solandri]

If you're rooted, you can install XPrivacy. It doesn't try to block these apps, it just spoofs the data. So if I haven't given Swype permission to access location data, it will just get fed random locations all over the world every time it thinks it's getting my location.

Re:Can someone blow the lid on Android Apps?

In the early 00's the requirement for having a firewall and an antivirus on your average Windows desktop PC went from 'good practice' to 'mandatory' as the number of malware types and exploits on the web exploded.
With Android, it is swiftly thus becoming 'mandatory' to root your phone and install XPrivacy (or similar). Most people just have not realised yet quite how badly they need it.

Re:Can someone blow the lid on Android Apps?

[Barsteward]

yes, but its still fucking with your battery life..

Re:Can someone blow the lid on Android Apps?

[quetwo]

Hate to break it to you -- there is no human intervention required to publish to the Google Play Store, unlike the Apple App Store. The time from the last compile to the app being live in the store is about 15 minutes. So, to answer your wonder -- there is a lonely robot rubber stamping the ok on all those apps...

Downloader beware!

Re:Can someone blow the lid on Android Apps?

[nblender]

This is one of the things I hate most about Android (having recently switched from an iphone to a Nexus5). I tried to install flashlight app but the top 5 or 10 all wanted egregious access to my phonecalls, instant messages, or full network access. I gave up.

Later I read a slashdot comment from an Android app developer who said shortly after making his app available in the Play Store, he started receiving messages from individuals offering to pay him a per-download commission on his app if he would consent to linking their "library" in with his app... It was a very attractive commission... So that explains the requests for access to unreasonable things... I don't know how this is different in IOS-land... Maybe the apps just get that access without anyone knowing? Or maybe someone at the App store decides whether a flashlight app needs access to instant message logs ...

Re: Can someone blow the lid on Android Apps?

[Rob+Simpson]

The store doesn't offer any means of sorting by permissions or hiding apps that request permissions you don't want to give. Trying to find the one good solitaire app or simple flashlight app requires individually clicking on several dozen apps to find the one that doesn't want any permissions. Several will ask for your GPS, phone book, calendar, and full internet access.

Re:Can someone blow the lid on Android Apps?

[BasilBrush]

I don't know how this is different in IOS-land... Maybe the apps just get that access without anyone knowing? Or maybe someone at the App store decides whether a flashlight app needs access to instant message logs ...

First of all ever app operates in it's own sandbox, so no app can access the data of another app. So the scenario you suggest isn't possible on iOS.

Secondly, yes, there's an app reviewer, assisted by automated tools, that's looking for whether your app does bad things.

Thirdly, things such as requesting your location, as in this Swype example, then the OS pops up a dialog asking permission when the app first tries to do it. You can allow it or deny it. And you can change the permission whenever you like via the settings app.

None of these things are true of Android. And that's why last year 97% of mobile malware was on Android, and 0% was on iOS. (The remaining 3% was on Symbian.)

Re:Can someone blow the lid on Android Apps?

[I'm+New+Around+Here]

That doesn't make sense. The second time I find it, it is already where you want me to move it to.

Re:Can someone blow the lid on Android Apps?

[ultranova]

yes, but its still fucking with your battery life..

How so? How expensive is a syscall that just returns a pseudorandom number?

Re:Can someone blow the lid on Android Apps?

[argStyopa]

1000% agree.
Every time I see updates, it's invariably to increase an app's access in my phone.

I would pay money for an app that can 'firewall' other apps, and prevent them from accessing what I would consider to be irrelevant things.
"Flashlight" app wants to access GPS? I don't think so.
"Solitare card game" wants to access my systems' phone number? No.

I *do* try to always go into airplane mode when I run Kandy Krush Saga, but then I've gotten to a point where I think it's essentially impossible to win without paying $.. I honestly can't even comprehend someone paying ANYTHING for a 'few more turns' at a timewaster, meaningless game. Seriously.

Re:Can someone blow the lid on Android Apps?

[AuMatar]

As it should be. I don't want any company deciding what I can and can't download. Apple has been shown multiple times to stomp down on free speech or any app that they decide is to close to what they already do destroying competition (or worse, anything they plan to do soon, which they've used as a reason to pull apps several times). The app store should be a delivery man, not a decider on content. The only thing it should be screening for is malware.

Re:Can someone blow the lid on Android Apps?

[complete+loony]

For basic apps like that, install the F-Droid installer. It only includes open source applications, built directly from source.

Re:Can someone blow the lid on Android Apps?

[Neil+Boekend]

Each time an App wanted to update in the last 6 months, it was to increase its access to areas of my Samsung phone that I thought were completely un-necessary for it to work properly.

That's because apps that don't need new permissions don't need to ask. They can just update.

Makes you wonder who in the Google Store is rubber stamping the ok on such Apps!

Nobody. This isn't the walled garden from Apple. No rubber stamps needed.
I am sure that Google has a way to pull apps that give serious privacy complaints but nobody checks them before they get to the Play Store.

When will privacy groups wake up and start lawsuits against App makers and/or Google?

What Google does is probably perfectly legal. There are even quite good reasons to let the app makers choose the permissions and the users just choose the apps.
I do not think those reasons are strong enough to let it be this way.
A couple of months ago I installed a free to play game. I did a micropayment investment in it because I feel they made a cool game. Now they changed the game to need location permissions. The game is not going to get that, no way. So now I can't update the game anymore (at least not until I Cyanogen my phone). Last time I checked it still ran fine without updating, but how long is that going to last?

Swype needing location permissions would be a reason not to install it. It doesn't need location in order to function as a keyboard. If I wanted Swype and were able to deny it the location I would do just that. The limited options means the app would not get installed, even if and when the makers have no malicious intent. I can not determine that intent. I can determine what rights it asks and what rights it minimally needs.

Re:Can someone blow the lid on Android Apps?

[Neil+Boekend]

Yes I own an Android phone. Yes it is set up to only allow updating over wifi.
That doesn't change the fact that the only apps that I have to manually update are apps that need additional rights. Thus the only apps I see updating are apps that require additional rights.
Thus I concluded that Tasha26 would probably only see app updates that require pointless extra right because the only app update (s)he sees are app updates that require extra rights (while all the core functionality rights are already granted before installing, else it wouldn't have worked).
Disallow auto update is beside the point. Most updates are benign. If they do not ask for new rights I have already assumed that they fully abuse the rights I give them. I chose to install it anyway because I need the functionality. Nothing changes with an update that needs no additional rights.

Battery Life

[ClaraBow]

Has anyone, who uses these apps, noticed diminished battery life?

Re:Battery Life

[dotancohen]

I have! About three weeks ago I noticed that my battery was drained before the end of the day, whereas until that time it would last me two full days. I have been using Swipe since well before then, though, so if this is related then the 'feature' was just recently implemented.

This is on a Samsung Note 3.

Re:Battery Life

[dotancohen]

I just went through the Swype settings to see where "Regional Dialects" is configured, and I don't see it.

Re:Battery Life

[hyades1]

My buddy rooted his Android phone because of this kind of behaviour. He didn't have Swype, but there were at least seven or eight apps that came installed on his S4 constantly trying to phone home.

Once he rooted the phone and got rid of all the crapware, his battery life increased by something in the 5 to 10 percent range. And that's a conservative estimate.

Re:Battery Life

[postglock]

I just went through the Swype settings to see where "Regional Dialects" is configured, and I don't see it.

It's actually called "Living Language". It's under "My Words" in the settings.

Re:Battery Life

[tepples]

You don't need root to "uninstall updates" and then "disable" a preinstalled Android app. All root does, as I understand it, is let you free the space it takes in the system image.

Re:Battery Life

[ichthus]

Pre-installed apps are configured as "system apps". You have to be root to remove them.

Re:Battery Life

[tepples]

I was referring to disabling an app, which does not require removing it.

Re:Battery Life

[perryizgr8]

but just disabling is not enough. if you go into play store and click "update all", everything gets updated, including disabled apps. atleast that's what i'm seeing with this wretched chaton.

Re:Battery Life

[hyades1]

You nailed it, my friend! Even worse, most of the frickin' apps kept turning themselves back on, as though there was some kind of "auto-update" function that couldn't be disabled. He actually let me watch while it happened, and I have to say, he wasn't exaggerating. He'd turn an app off, then disable it, then shut off his phone. When he turned the phone back on...guess what.

Re:Battery Life

[perryizgr8]

the s4 is such a nice piece of hardware, but they have burdened it with at least 15 redundant apps. why do i need two browsers, 2 music players, 2 email clients, 2 sms clients, 2 voice thingies, 2 notes, 2 galleries, 2 video players, 2 book readers, 2 app stores? i'm surprised it still works as well as it does. and no way to remove the crap. even microsoft doesn't include as much crap, and all of that is removable.
here, neither google, nor samsung is willing to back down. i like apps from both samsung and google, i can use both variants of the browser, for example. please one of you be the bigger person and let me remove your app!

Re:Battery Life

[hyades1]

You said, almost verbatim, exactly what my friend with the S4 said. And all that garbage is sitting there occupying space that YOU paid for, too. Talk about adding insult to injury! My buddy has now had his S4 rooted for about three months, and he's had no problems whatsoever. Mind you, he was very careful to get it right when he actually performed the operation.

Re:Either way

[TDyl]

I can track you - I just follow the string to find you wherever you are. (What *are* you doing in that closet?)

Onr reason more to not use it

[houghi]

If anytime, they should only do that when I launch it the first time. And otherwise, it should look at the setings my phone is using and ONLy as a way to sufets what you want, not to set it.

Mind you, they are not the only ones who think language and location are related. Among others, Google does this too. It does not look at my browser settings (which are in English) but instead guesses from my IP what language I should prefer. I live in Belgium aand guessing the language by location is wrong a LOT of the times.

There is a reason why my browser setting is in English. That is because I WANT it in English. And just because I visit my parents in Spain or my sister in Germany or friends in the USofA does not mean there is any change in preferece in my language.

To me it is broken by design.

Re:Onr reason more to not use it

[K.+S.+Kyosuke]

There is a reason why my browser setting is in English. That is because I WANT it in English. And just because I visit my parents in Spain or my sister in Germany or friends in the USofA does not mean there is any change in preferece in my language.

You're basically asking for an "I am Heinrich Schliemann" checkbox in the settings. ;-)

Re:Onr reason more to not use it

[AuMatar]

It doesn't change your language setting. It adds words. For example, last week I was in Barcelona. A popular tourist destination is the cathedral "Sagrada Familia". Neither of those words are in English. Both were added to my dictionary automatically. It was helpful, as I did type them into my phone to access the website and buy tickets (rather than wait in a 2 hour long line). It's a useful feature, although not something that makes or breaks a keyboard.

Re:Onr reason more to not use it

[tepples]

Then perhaps this functionality should be moved to another application called "Swype Local" that provides nearby attractions as words to the main Skype app. (Apps from the same publisher can communicate.)

Re:Onr reason more to not use it

[AuMatar]

ANd why would they want to add the complexity and fragility of multiple apps? And the extra time to do cross-app communication in a time sensitive (you need all your suggestions within milliseconds of tapping a key or you appear lagged) environment. The idea is fucking idiotic.

If you want to complain that Swype should provide a setting, I agree. If you want to complain that Android should provide per-app permissions out of the gate, I agree. But if you really expect people to jump through hoops writing a dozen apps that would need to be individually downloaded so that each provides a minimum of permissions despite having an exponential increase in complexity, you're insane. You can't realistically develop like that.

Re:Onr reason more to not use it

[AuMatar]

I did in several of my posts. I haven't been involved with the company in 2 years, and the codebase is now completely different (it got merged with the existing Nuance FlexT9 keyboard, although some of the architecture may have stayed). at the time I worked there there were no location requests, as the feature it's needed for didn't exist yet.

MultiLing

[B2382F29]

I am using multiling keyboard which allows swype input and doesn't even need network permission nor anything else than the user dictionary. https://play.google.com/store/...

Re:MultiLing

I am using multiling keyboard which allows swype input and doesn't even need network permission nor anything else than the user dictionary.

https://play.google.com/store/...

I'll second this suggestion. When I found out the keyboard that came with my tablet (FlexT9) was no longer in development because Nuance bought Swype, I went looking for alternatives since I was stuck on a software dead-end otherwise, and MultiLing was the one I ended up liking the most.

Decent defaults but extremely configurable. In addition to swipe, it has a split keyboard mode for thumb typing, options can differ in portrait and landscape, and it can be resized on-the-fly to use more or less screen space while in use. Plus multiple dictionaries (including a "linux dictionary" with completion for shell commands and more), many keyboard layouts (4- and 5-row qwerty, number only, dvorak, colemak, etc.), easy access to extra keys (function, sysrq, ins/break/del, arrows, esc, tab, math symbols, etc.), and some other things I can't think of or don't use. You can change the colours, key sizes, spacing between keys, even the roundedness of the key corners.

All this and it's a <1mb download (+700kb with the English dictionary). Plus the dev updates it often with bug fixes and features, so it's constantly improving.

it's not perfect, but easily one of the best keyboards I've used while still being fast and lean.

Re:MultiLing

[postglock]

Thanks for the tip. I just installed Multiling Keyboard, and it looks like it is similarly invasive in terms of permissions, but since it doesn't need network permissions, I guess it should be okay.

Re:MultiLing

[B2382F29]

That is strange, for me the only permissions it requires are vibration and dictionary access.
Where did you check the permissions?
Go to Settings -> Apps - > Multiling O Keyboard then scroll down to see the permissions. (Those are the ones that the app requests, not the ones it shows at App ops)
Maybe the App ops is showing something that it wouldn't have access anyways..

Re:MultiLing

[postglock]

Yes, I get the same looking at those permissions. I'm not sure why the disparity with App ops. Unless it's because I have Privacy Guard "Enabled by default" for new apps, which means that those permissions are automatically denied whether they are requested or not.

Not available for Windows Phone

[Aphadon]

Unlike what the summary claims, Swype is not available on Windows Phone. Microsoft will however be rolling out their own, similar keyboard soon as part of 8.1. Hopefully one that doesn't do 4000 location requests per day.

Re:Not available for Windows Phone

[postglock]

Unlike what the summary claims, Swype is not available on Windows Phone.

Sorry, you are absolutely right. I just got that info from the Wikipedia page. I should have checked the source.

Re:Not available for Windows Phone

[occasional_dabbler]

It was ported to Windows Mobile, not to Windows Phone

I have the developer preview of Windows Phone 8.1 on a couple of devices and the 'Swype-style' keyboard does seem to work quite well.

Re:Not available for Windows Phone

[AuMatar]

Former Swype dev- it was originally released on Windows Mobile. It was ported to a variety of other platforms, including Android (obviously its biggest success), Symbian, and Meego.

Re:Not available for Windows Phone

[occasional_dabbler]

Wow! Nice to hear from the "horse's mouth", so to speak. Thank you. Funny that it now seems impossible for something to have been developed for a Windows mobile OS and only later ported to Android.

Bad Design?

[miller701]

Why doesn't the OS keep track it it's moving of not (all those wonderful sensors) and then have the app ask the OS for the location? If it's sitting on my desk, it shouldn't need to check it's location every 24 seconds.

Re:It's becoming more and more clear..

[nogginthenog]

Android can already do this. The Amazon App store and F-Droid (FOSS) are 2 options.

Swype is NOT available for Windows Phone

[ericloewe]

Windows Phone has a similar solution, but it's Microsoft's own implementation.

Re:Swype is NOT available for Windows Phone

[postglock]

Yes, sorry, you are absolutely right. I just got that info from the Wikipedia page. I should have checked the source.

Re:Swype is NOT available for Windows Phone

[postglock]

No worries. I'm glad I could help.

Use privacy tools

[bulbbulb]

That's why people used lbe privacy manager, pdroid earlier (both are more or less dead) and now there is another way out - XPrivacy. I don't think standalone games or keyboard apps such as Swype should be able to read my identification like imei, serial or msisdn (number), network id, location, bookmarks, contats, sms, etc. etc. and then possibly report this info over internet. Block everything - leave access only to parts it's supposed to get (like clipboard, storage). It's even more terrifying to see what completely unrelated to their functionality content top gmarket apps like facebook or candy crush saga are trying to acces and how frequently. Latest CM roms have some privacy controls embedded. That's good but still not enough.

Tell news

[allo]

I tried years ago the trial, saw the permission. When i saw that it was used all the time (LBE Privacy Guard. Use XPrivacy today), i uninstalled it.

Try SwiftKey, the swipe is better than Swype, anyway.

Fact Check

Swype is a popular third-party keyboard for Android phones (and also available for Windows phones and other platforms).

I know it's popular to bash Microsoft and their products, but Swype is not available for Windows Phone. Windows Phone 8.1 adds a "Word Flow Keyboard", but it is developed by Microsoft as part of their OS. Third party developers cannot create keyboards for Windows Phone.

But you don't have to take my word for it. Currently Windows Phone does not support Swype.

Re:Fact Check

[postglock]

Yes, sorry, a few people picked up on this. I just got that info from the Wikipedia page. I should have checked the source.

Re:It's becoming more and more clear..

[magarity]

Competition in just the stores? No, I want competition in the base install that doesn't void the warranty via rooting. The devices come with all kinds of crap installed in a way that makes them un-installable - just "stoppable".

I like swype but

[Maxo-Texas]

For the last year (roughly), it's autosuggestions have gotten worse- not better. Sometimes it suggests a word I've never even heard of over a much more common word. It even puts the common word in the auto complete/correction list.

But repeatedly auto complete/correcting it doesn't seem to dissuade it from choosing the weird word.

Re:I like swype but

[AuMatar]

You may want to try resetting user data for the app. If for some reason your frequency data got corrupted, this would be a symptom. Of course, then you lose your library of added words.

Re:Either way

[ganjadude]

little do you know that I have tapped your can and string communications with my own string!

Bandwidth eater

[nurb432]

Aside from the stupidity, it could be costing you.

Re:Bandwidth eater

Bandwidth? Oh yes - So far this month, it's downloaded - according to a bandwidth monitoring app I download specifically to try and work out just what was going on - 1.53GB (the majority of this was on wifi, thankfully), and has used 36% of the total bandwidth.

Re:Either way

[I'm+New+Around+Here]

You not allowed to ask me that question. At least not in some states, or the military.

"Contribute usage data" option

[mwn3d]

If you go into the settings of the keyboard (a few levels down from "language and input" on Android) there is an option to contribute usage data. I bet if you turn that off it'll stop.

Re:Either way

[davester666]

and we detected your tap and have been feeding you misinformation all along.

"not using it" isn't a solution...turn car around

[globaljustin]

Since when is just not using something a solution to a problem of artificial scarcity?

The whole problem is that the App does what it is supposed to do...the system works...it's that for purely abstract economic beliefs the makers of the App make arbitrary intrusions into your personal information

The whole problem is that people look at this relationsship and **do not see a problem of design**...instead the other option is to, essentially, "fsck off"

No. Stop using this logic when discussing the solution to a systemic problem *forever*...you're just wasting everyone's time

The factors of production for any product, even an Android App, can be controlled and manipulated...

These Apps dont just appear magically...people have to spend alot of time and intention to make them...even the ridiculous shitty ones

Someone must make the time/effort to make the App...**that person** or the people directing them...they **chose** to make theirs system abusive by violating user privacy

Your "just don't use it" retort is a nothing response...its' not an argument or counterpoint...just a contextless expression of an obvious and non-viable option within the context of the discussion

If the car is going the wrong way, you can surely *get out of the car*...or you can...you know...turn the car around in the right direction

editorial function

[globaljustin]

So, to answer your wonder -- there is a lonely robot rubber stamping the ok on all those....

ridiculous news stories, anti-logic Congress Bills, TED Talks, and unfortunately alot of published research in the Social Sciences

it's about the editorial function...something bean counters and oligarchs both see as unecessary...

apply to coding appropraitely...the paralells of system dynamics are everywhere

Color, colour, couleur, how many U's do you want?

[tepples]

When you see how militant some Slashdot users get about whether or not to spell "color" with a "u", you'll understand.

Operating despite denied permission

[tepples]

First of all ever app operates in it's own sandbox, so no app can access the data of another app.

Is this why users can't upload text documents created in a word processing app to a web form?

Secondly, yes, there's an app reviewer, assisted by automated tools, that's looking for whether your app does bad things.

I would like to know what this app reviewer currently considers to be "bad things", so that I know what applications I won't have any chance of finding in the App Store before I spend $299 plus tax on a device. Unlike Microsoft, which publishes its review guidelines for Windows Store and Windows Phone Store, Apple has chosen to keep this information behind the iOS Developer Program paywall. The widely leaked version of iOS Guidelines is three and a half years old.

Thirdly, things such as requesting your location, as in this Swype example, then the OS pops up a dialog asking permission when the app first tries to do it. You can allow it or deny it. And you can change the permission whenever you like via the settings app.

To what extent does Apple require that applications for iOS remain functional when the user has chosen to deny permission? For example, to what extent does Apple Maps or any other navigation application remain functional when the user has chosen to deny GPS location? Otherwise, an application could just show a static screen "To use this app, please open Settings and change Location to Allow." and sit there until the user presses the Home button.

Re:Operating despite denied permission

[BasilBrush]

Is this why users can't upload text documents created in a word processing app to a web form?

There is no user facing file system to browse.

I would like to know what this app reviewer currently considers to be "bad things", so that I know what applications I won't have any chance of finding in the App Store before I spend $299 plus tax on a device. Unlike Microsoft, which publishes its review guidelines for Windows Store and Windows Phone Store, Apple has chosen to keep this information behind the iOS Developer Program paywall. The widely leaked version of iOS Guidelines is three and a half years old.

Real users who were concerned about this would check out the App Store for whether the apps they were interested in exist.

To what extent does Apple require that applications for iOS remain functional when the user has chosen to deny permission? For example, to what extent does Apple Maps or any other navigation application remain functional when the user has chosen to deny GPS location?

Apps are expected to work and do all the functionality that is possible without the resource. For example Maps will still show you maps. It just doesn't highlight your current location.

You may have expected worse behaviour, but that's because you are an Android user and are accustomed to low quality apps.

This is one of the good reasons for having a human being review apps.

Re:Operating despite denied permission

[tepples]

Is this why users can't upload text documents created in a word processing app to a web form?

There is no user facing file system to browse.

Ideally, each application would make available a library of serialized-pieces-of-data-with-a-content-type. For example, a word processor app could support making documents that the user created in the word processor available with the text/plain. When the user activates an HTML upload control that has a given content-type, Safari would then show a list of apps that can provide serialized-pieces-of-data with that content type. The user would first select an app and then select a piece of data using a selector control provided by that app, in much the same way the user selects a photo from the built-in photo library or a video from the built-in video library. The app would serialize that piece of data and hand it off to Safari, and Safari would submit it in a multipart request body. A competing mobile operating system formalizes this flow in the concept of a ContentProvider.

Nowhere in the above description did I say the F-word.

Real users who were concerned about this would check out the App Store for whether the apps they were interested in exist.

For one thing, one needs a device that can browse the App Store first. For another, the current lack of an app for a task doesn't necessarily mean that one can't or won't be created. For example, before Facebook released its app, there was no app for accessing certain parts of Facebook. But that wasn't due to a restriction by Apple. So how would someone determining whether or not to buy an iPhone or iPad go about determining whether the lack of an app for a given task is a consequence of Apple's restriction or is just from nobody happening to have thought to make one yet?

Apps are expected to work and do all the functionality that is possible without the resource. For example Maps will still show you maps. It just doesn't highlight your current location.

So how would the Hulu app or the Netflix app work? It needs your location to determine which shows is allowed to provide. The app would freeze on "This video is licensed for viewing only in select countries. To help $appname determine whether you are allowed to view this video, please go into Settings and turn on location access."

And how would any app that uses encryption work? The app could freeze on "This app contains dual-use encryption technology. Due to applicable United States export control laws, use of this app is prohibited in Cuba, Iran, Sudan, and Syria. To prove that you are not in Cuba, Iran, Sudan, or Syria, please go into Settings and turn on location access."

This is one of the good reasons for having a human being review apps.

I am a human being. Why can't I review apps without paying a recurring fee?

Re:Operating despite denied permission

[BasilBrush]

A competing mobile operating system formalizes this flow in the concept of a ContentProvider.

Android has some features iOS doesn't have. iOS has some features that Android doesn't have many of them being security features. Which is why 97% of mobile malware is on Android and 0% is on iOS (2013 figures).

For one thing, one needs a device that can browse the App Store first.

Only in as much as you'd need a device to download the rules. You certainly don't need a specific device to browse the Apple App store. As to "the potential to do a specific app", sorry but that's not what real users are interested in. If there's no actual app, then it does them no good.

And of course in general they are more likely to find an app that they want on iOS as developers develop first for iOS. And often only for iOS.

So how would the Hulu app or the Netflix app work?

Same way they do now. The server looks at the IP address to decide on region. But the answer to the bigger question you intended to pose I already answered. "Apps are expected to work and do all the functionality that is possible without the resource." They are not expected to do the impossible. If the user has declined a permission, and it's reasonable that the app can;t do anything without that permission, it's OK for it to say so and do no more. Again, that's the value of having a human reviewer - only a human can decide if what an app is doing is reasonable.

I am a human being. Why can't I review apps without paying a recurring fee?

There is no recurring fee to users. As to why Apple don't just abandon the app review system and let any developer upload anything - Android already tried that with the poor result that their platform has 97% of mobile malware. And the app quality is distinctly poorer.

Nexus or Kindle Fire

[tepples]

Of course there's competition in the base install. You can buy a Nexus phone or tablet that doesn't come with most of this crapware, or you can buy a Kindle Fire tablet that doesn't phone home to Google at all.

Accessibility

[tepples]

Third party developers cannot create keyboards for Windows Phone.

Without a facility for third-party assistive tools, how does Microsoft manage to make text input on Windows Phone and Windows RT accessible to users with disabilities?

Separate apps for each dictionary and permission

[tepples]

Dictionary updates can't be bundled when you have 80+ languages

Then the maker of Swype should release a dictionary app for each language, with a name like "Swype in Hinglish". Because different Android applications built with the same publisher certificate can communicate pretty much freely, the word completion would rely on a database stored in the dictionary app. (Only updates to standard English would trigger updates of the Swype app itself.) Then the user could install an app for each language that she uses, and when the maker of Swype wants to update a dictionary, it can push the upgrade for just that app through Google Play Store.

Reading contacts- It suggests my contact's names a fair amount of the time.

Then the maker of Swype should release a dictionary app called "Swype Knows Your Name" that provides your contacts' names to the main Swype app. Paranoid people who don't want their contacts' names added to autocomplete would just choose not to install "Swype Knows Your Name".

How would you find it without Google?

[tepples]

Try finding either one of those on the Google Play store. Most users aren't going to go google for alternatives

"Put other app stores in Google because most users won't Google." I don't see how that makes any sense. If most users aren't going to use Google Search to search for alternatives, why would they use Google Play Store to search for alternatives?

Define malware

[tepples]

The only thing [the App Store review process] should be screening for is malware.

A lot of arguments are won and lost on defining terms. The question you're implicitly asking is who gets to define malware. Apple thinks any application that can reconfigure your device's Wi-Fi settings is malware. But if you seek a tool to discover or troubleshoot Wi-Fi networks, then you disagree that it is malware. And this disagreement is why the WiFi-Where application is not available for iPod touch, iPhone, or iPad.

Re:Define malware

[jedidiah]

It's a little more subtle than that. Malware is anything that does what it's not supposed to do. Nothing short of a power user tool should be screwing around wtih your wi-fi. This is something that should be enforced by Android as a defined role.

It's not the sort of thing that Apple would enforce by role because Apple doesn't acknowledge the validity of a power user. They go out of their way to denigrate and marginalize power users.

Re:Separate apps for each dictionary and permissio

[AuMatar]

Yeah. Now in the real world multi-lingual users don't want to download multiple keyboards and switch between them, and if you release multiple keyboards with multiple feature sets you just have an organization nightmare that will confuse users. Plus you seem unprofessional- what app on your phone or your computer can't just download needed extensions automatically when you hit the install button for the feature? Nothing made in the last 10 years.

Re:Separate apps for each dictionary and permissio

[tepples]

Now in the real world multi-lingual users don't want to download multiple keyboards and switch between them

You'd download one app (Swype) and it'd come with the English dictionary. Then you'd download additional apps (Swype en español, Swype auf Deutsch, Swype Knows Your Name, Swype Local, etc.) that provide dictionary services to the main Swype app. Only Swype Knows Your Name would see contacts, and only Swype Local would see location.

what app on your phone or your computer can't just download needed extensions automatically when you hit the install button for the feature?

When you tap Install, it'd take you to the extension's Play Store page to download it.

Except Facebook App, garbage Zuck, really...

[cheekyboy]

Facebook, cant even run from SD card, cant even use Sdcard data... Just waste the space on the main core flash.

Are there idiots at facebook?

Re:Except Facebook App, garbage Zuck, really...

[AuMatar]

Yes. Read this https://www.facebook.com/notes... Realize that they thought this was a good idea. Facebook's development practices don't particularly impress me.

Permission Manager LBE

[meehawl]

I tried to install flashlight app but the top 5 or 10 all wanted egregious access to my phonecalls, instant messages, or full network access. I gave up.

Permissions Manager LBE is the kind of thing Apple would never allow on iOS. You can fine-tune any app's permissions *after* install, and even autoblock bundled spyware.

Re:Permission Manager LBE

[BasilBrush]

Altering permissions after install is standard on iOS. And of course there is no bundled spyware.

Started a few weeks ago...

[PortHaven]

Been killing my battery, it's ridiculous. But Samsung keyboard sucks. And so far those are the only reduced scale keyboard options.

I doubt this is even true

[CreamyG31337]

xPrivacy on my phone shows that Swype did something called "requestLocationUpdates" 10 hours ago. Some other GPS related stuff also happened 10 hours ago.
"requestLocationUpdates" is like a subscription, so any app on the phone that stays subscribed to that will get updates whenever the phone OS thinks the location has changed. Since we don't know what parameters this was called with, we can't even say if it's going to trigger GPS to switch on. It probably doesn't, based on my excellent battery life.

Extraordinary Claims

[meehawl]

Altering permissions after install is standard on iOS. And of course there is no bundled spyware.

1) iOS permission request handling is crude, not granular, and accepts as default and not presented certain basics such as net access. As usual, you are stuck with what Apple deigns to expose to the user.

2) As for the latter, what do you call advertising frameworks and analytics?

Re:Extraordinary Claims

[BasilBrush]

1) iOS permission request handling is crude, not granular, and accepts as default and not presented certain basics such as net access.

Permissions which are either not understood by the user, or so numerous that the user stops thinking before accepting are worse than useless. This is Android's problem.

Net access is a fundamental part of most apps these days, any app that wanted to access the net for malicious purposes can easily come up with a legitimate reason for doing so. So such a permission is worse than useless.

As usual, you are stuck with what Apple deigns to expose to the user.

Zero malware on iOS in 2013. 95% of mobile malware was on Android. Apple have got it right.

2) As for the latter, what do you call advertising frameworks and analytics?

There's only one advertising framework, and that's Apple's own iAd. Unless you have any specific examples of spying, I call them advertising and analytics.

Buying a device for existing vs. future apps

[tepples]

iOS has some features that Android doesn't have many of them being security features. Which is why 97% of mobile malware is on Android and 0% is on iOS (2013 figures).

If you stick to Google Play Store and other well-known stores in the developed world, such as Amazon and F-Droid, I'm guessing 96.9% won't reach you. I think China skews the results.

You certainly don't need a specific device to browse the Apple App store.

I was under the impression that the App Store client was iTunes, which ran only on iOS, OS X, and Windows. So you are correct that I don't need a specific device, but as a user of a minority desktop operating system, I would need to license a specific paid proprietary operating system to run in a virtual machine on my current computer. Or what am I missing?

As to "the potential to do a specific app", sorry but that's not what real users are interested in. If there's no actual app, then it does them no good.

Just to make sure I'm understanding you correctly, I'll put it in my own words. You appear to claim people buy a device on the basis of apps for the device published prior to the purchase, not on the promise of apps becoming available later. If so, then why do people buy video game consoles in the first month after launch when they have only a handful of compatible games?

only a human can decide if what an app is doing is reasonable.

And humans have declared Wi-Fi network logging and troubleshooting unreasonable.

There is no recurring fee to users. As to why Apple don't just abandon the app review system and let any developer upload anything

It's not about uploading. Compare the situation on iOS to the Mac App Store. Apple requires payment to upload an app to the Mac App Store, but running apps compiled on your own machine remains without charge. On iOS, Apple charges for both.

And the app quality is distinctly poorer.

For some people, the chance of ending up with a poor app after having not read reviews is better than having no app at all.