Slashdot Mirror
Uber's Android App Caught Reporting Data Back Without Permission
Zothecula writes Security researcher GironSec has pulled Uber's Android app apart and discovered that it's sending a huge amount of personal data back to base – including your call logs, what apps you've got installed, whether your phone is vulnerable to certain malware, whether your phone is rooted, and your SMS and MMS logs, which it explicitly doesn't have permission to do. It's the latest in a series of big-time missteps for a company whose core business model is, frankly, illegal in most of its markets as well.
How about Google does something about it? Like remove the app and takes Uber to court? I'm sure they can find a few terms in the app developer contract that they have violated.
If the app does not have permission to access these personal data, then why is Android giving it access? The solution to privacy is not trust, but robust security. No app should be able to access my call logs or other personal data unless I give explicit permission.
Tangentially, does anyone know of a procedure on Android which enables you to spoof your personal data and activity (at least as far as apps are concerned)?
Example: your name is Dorothy and you're in Kansas clicking your red ruby slippers together, but all apps see you as Toto, living down in Africa, blessing the rains.
Because some idiot decided to strip the security out of Linux to make Android. No Android app is safe, auto updates of a safe app can make it unsafe with no notice to the user. They took the safest OS there is and made a Frankenstein POS out of it to make it user friendly.
Privacy backlash as Twitter starts to snoop on EVERY app users have on their phone
I just went to the google play store page for Uber, and checked the permissions the app requires. It includes:
Read your Contacts, take pictures, status and identity, modify system settings, read google service configuration, and a host of others.
So, based on this (admittedly limited) information, it doesn't seem to be bypassing google security so much as utilizing the proper channels to claim superior access to the user's phone.
And in this, it is not alone. The majority of apps on the play store require all these permissions, and google will not give users explicit control over these permissions for two reasons:
1) Users will break their own apps and then google will take the heat for it (you KNOW this will happen, a LOT)
2) Vendors will hate the sandbox that users put them in, and google will take the heat for that (and lose a lot of free apps that represent a competitive advantage for google).
I am not saying this is right, but this is a natural response to the incentives google faces.
Summary: I found a function called InAuthManager.getInstance().sendSMSLog(this.val$transID) so it must be sending all my SMS messages to their servers.
The reality is that it is probably sending a log of SMS activity that were initiated through the Uber application.
Android isn't "allowing" the app to do anything, it acts like every other Android app. The .manifest defines what capabilities it has, when you install an app it tells you exactly what it's capable of doing.
You're absolutely right, no app should be able to access your "call logs or other personal data" unless you give "explicit permission." The problem is that, seeing as how you obviously ignored the stated permissions in the first place, it's no surprise that you obviously ignored the licensing for most of these apps, a great number of which require you to hand over all that information just for the privilege of using it.
So yes, you're right. No app should be able to take your personal information without your consent. That isn't what's happening. The problem is that you're giving them your consent by using the software, you're just too lazy and ignorant to bother actually reading the legal terms, to take the five seconds or so it takes to scan the list of capabilities and permissions the app supposedly "requires" to run.
You hand the stuff over to them, you have nobody to blame but yourself. You certainly can't blame Android for "allowing" it because it doesn't "allow" it unless you EXPLICITLY ALLOW IT YOURSELF. The Uber app isn't a virus, it doesn't install itself through some unpatched exploit. It straight up tells you what it can do and asks you if you want to install it. Unlike the iPhone it even tells you EXACTLY what the app CAN do, so you should know full well what it COULD do long before you installed it. You choose to ignore that information? You get what you deserve. Truth hurts, I know, but blaming Android for your own, personal failings and naievety makes you look really fucking stupid.
It was an eyeopener to see some apps that were misbehaving or just outright being illegal. My flashlight app now only controls the LED on the rear, and cannot see any of my private details - and they earned themselves a 1-star review..
- This sig deliberately left blank. Nothing to see, move along.
Nobody knows about permissions. People just press "Accept".
The why does the summary say otherwise? According to the summary, the app is accessing data which it explicitly doesn't have permission to do.
OK, so I want to use their taxi service, but their app demands permissions it obviously doesn't need. Android gives me an option of installing it or not installing it.
Now what do you suggest I do?
Android's permission model is completely broken. It's the Windows of the modern world.
Well, the problem is apps ask for every damned permission just in case, and give little explanations as to why. That whole permission which says "this can cost you money" ... WTF does that mean? In what context?
And the other thing is Google won't give the ability to have discrete permissions on apps, or come back later and revoke some. I frequently get annoyed because I can't think of a single reason why an app actually needs a given permission.
Now, if the app can access this stuff even if it has no permission -- then, yes, this is indicative of the fact that security in Android is crap to begin with.
I've said for a while, what I really want is the ability to go into an an app, and selectively turn off individual permissions. And the ability to click something which says "revert permissions to requested".
It's my damned device, I want control over it.
But, am I really surprised that every app is likely accessing far more than it should because greedy corporations feel entitled to it? No, sadly, not at all.
I have no interest in Uber. But hearing this, I have even less -- because they're either shady, or incompetent. Neither of which is good.
Lost at C:>. Found at C.
You either accept all permissions, without explanation, or you can't install the app. Android needs to give people the ability to deny individual permissions, without having to root your phone and install Cyanogenmod or the like.
and tweaked the punctuation a bit, from "Don't Be Evil" to "Don't, Be Evil!"
BTW, am I the first one to notice that Uber is an anagram of "Rube"?
You look beautiful! Incidentally, my favorite artist is Picasso.
Your options are:
1) Uninstall it, get on with your life.
2) Decide this is so important you don't care about your privacy
3) Root your device and install something which gives you granular control.
From what I've been able to ascertain, rooting my first gen Nexus 7 is hit and miss, and I've not yet decided to take that step.
Me, I've mostly decided I need fewer apps, run my tablet in airplane mode most of the time, and would rather use a web browser than most apps.
As you said, Android's permission model is completely broken. Which means I've mostly decided I don't trust what it's telling me.
Lost at C:>. Found at C.
We sure are lucky, pay-phones weren't able to legally block the introduction and use of cell-phones. From what I hear, we weren't quite as lucky with horse-drawn carriages being obsoleted by autos — but sanity prevailed.
Now the traditional — licensed — taxis are being obsoleted by Uber and the likes and that is a good thing, even if the taxi industry and the rent-seeking city halls don't like it.
All, that cabbie-licenses told you, was that the local town considers the driver (if it is even the same man!) and his car to be compliant with its requirements. Well, Uber does the same sort of vouching for you, the consumer. And they are able to provide that guarantee faster and at (much) lower cost. Sure, there are cases of Uber-drivers going bad, but it happens to taxis too.
In Soviet Washington the swamp drains you.
They took the safest OS there is and made a Frankenstein POS out of it to make it user friendly.
Or they (google) made android such that it was more easy to spy/track people. User-friendliness has nothing to do with tracking. Why do games need access to call logs, need to launched at android startup, need access to your contact list? None. Yet, 90% of the top-downloaded games in the play store need access to your private data. Google is evil since they allow this without doing anything about it.
Not sure why uber is being singled out, because many, many apps do the same exact invasion of privacy.
The hubris of Uber will be its undoing. They are quickly and loudly showing their true colors. One could only hope that enough drivers wise up to the Uber mafia and organize a labor stoppage to teach them a lesson in free market economics.
Don't install it.
You'll be okay. There are other ways to get a taxi. I promise.
My mom has an android tablet and whenever we check what an app (mostly games) asks for, it's astounding. Why is a game asking for contacts, call logs (ok, in her case not a problem), and other info? some info like geolocation is fine (at the limit), but Google really should do a big cleanup.
Say what you will about iOS, but being more restrictive about what an app can fetch is not a bad thing.
I've got better things to do tonight than die.
Turn off your sarcasm filter.
Google didn't create Android, they backed it and later bought it. The original developers thought users were too dumb to use Linux, so they dumbed it down by stripping the security out of it to make it user friendly.
As part of the app approval process developers should be required to explain why they want certain sensitive permissions, such as access to contacts, messages etc. Google should then deny approval of apps that overreach in terms of permission requests.
Incorrect analysis by the original blog. Please see this nextweb article which clarifies
http://thenextweb.com/apps/2014/11/27/ubers-app-malware-despite-may-read/
Uber wants "Uber über alles!"
Google has deliberately made it impossible to install an Android app and then subsequently block it from phoning home. This is possible under every other operating system that runs on a Linux kernel, but they've not provided this user choice on Android.
We are given only two choices, either install an app and kiss your privacy goodbye, or don't install the app at all.
Google are extremely hostile to user privacy, and this is just one more example of it.
But you need to "Root" your phone.
See: http://repo.xposed.info/ for info on installing the Xposed framework which basically places a hook into the main event loop of Android where Xposed modules like XPrivacy can watch, block or "lie" to most of the rest of the Apps running within Android.
XPrivacy is available here:
http://repo.xposed.info/module...
And BTW, iPhone Apps are not any better about this stuff like phoning home and spying on you unless they are rooted and modified. It is just that the greater openness of Android platform ersus iOS makes it easier to spot. But that also means that there are more and better countermeasures.
If you want to be shocked take your phone place it in WiFi only mode and then use network packet sniffer on all the data flying by like tcpdump or wireshark while using apps on it. You will then realize that you the purchaser of the device does not "truly own" that device as it is delivered.
You can also replace the stock Android OS with Cyanogenmod:
http://www.cyanogenmod.org/
to gain better control of your device.
Facebook is billions of individual "Skinner Boxes." And if you use it you are the pigeon!
Relieved to see the nextweb tested it out and found the claims in the original blog to be incorrect
Yes you are correct, however what are you supposed to do?
It's all or nothing with Android. It's not like you can exchange your phone for a different platform that has better permissions if you decide it's too much.
Google should change the way it works.
So yes, you're right. No app should be able to take your personal information without your consent. That isn't what's happening. The problem is that you're giving them your consent by using the software, you're just too lazy and ignorant to bother actually reading the legal terms, to take the five seconds or so it takes to scan the list of capabilities and permissions the app supposedly "requires" to run.
The text from TFA is as follows: "and your SMS and MMS logs, which it explicitly doesn't have permission to do."
What permission in the list of permissions asserted in the manifest grants SMS and MMS log access? Does it access your google account and download data from a backup? How is it doing it? Name the permission which enables this activity.
You hand the stuff over to them, you have nobody to blame but yourself. You certainly can't blame Android for "allowing" it because it doesn't "allow" it unless you EXPLICITLY ALLOW IT YOURSELF.
I'm not down with blaming the victim when a platform has been intentionally engineered to fuck over users.
The Uber app isn't a virus, it doesn't install itself through some unpatched exploit.
If facts asserted by TFA are correct it is spyware.
You get what you deserve. Truth hurts, I know, but blaming Android for your own, personal failings and naievety makes you look really fucking stupid.
Would love to know which permission explicitly grants SMS access.
... and it wants to be the Facebook of transportation. "We're collecting all this data to help us make your user experience better. Don't like it - use someone else. Oh wait - we actively sabotage the competition 'cuz we got $1.5 billion thrown at us by crazy investors."
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
If this is your default answer, you're going to have a bad time.
The problem is with the permissions model of Android. "allow access to make phone calls" also means can see all metadata.
That's a big WTF right there.
There are two types of people in the world: Those who crave closure
Welcome to the world where capital rules. Dont say communism is better, its the world where crazy old alcoholics rule.
Hands up who is surprised by this? Anyone?
I'm sure a little careful digging in their TOS/EULA and you'll see that you already agreed to give all your secrets to them.
Seven puppies were harmed during the making of this post.
Contacts: For splitting fares with friends, inviting friends to use Uber
Phone: To call your Uber driver or for them to call you
Camera/Microphone: Uber has a function that lets you take a photo of your credit card for scanning
Wi-Fi Connection: Checks if you have internet and attempts to use the WiFi name to help determine your location
Device ID and Call Information: Allows access to your phone number and a unique ID for your device
Identity: Allows Android users to sign in and pay with one tap (using the Google Sign-In and Google Wallet services)
Photos/Media/Files: Uber says this is to “save data and cache mapping vectors.”
http://thenextweb.com/apps/201...
CyanogenMod and many other ROMs let you control this stuff. I have never found an app that broke due to the CyanogenMod privacy manager. I can't see how it would break because all it does is mock dummy responses for all of these things.
Probably because android has all-or-nothing, non-granular permissions where you have to grant the app access to everything it requests, or else it's 'no app for you!'
If the app wants to access to your contacts, accounts, phone history, photos, camera, messaging, mail, you give it access or you don't get to install it.
It's a stupid, dumb, and poorly thought out implementation and google should (?) know better.
I just deleted my uber app and will use left going forward
No Android app is safe, auto updates of a safe app can make it unsafe with no notice to the user.
Patently not true. If an app needs new permissions in an update it must be explicily accepted by the user.
Google didn't create Android, they backed it and later bought it. The original developers thought users were too dumb to use Linux, so they dumbed it down by stripping the security out of it to make it user friendly.
I don't really understand how this is 'true'. Linux security doesn't isolate process disk data from each other, anybody can read any part of the disk under the same user, which in practice is all apps a user use because they all run under the user's account. Android has a far *better* security model in this respect because it puts different applications in different users, so they can't get at each other. Also, permissions for system information is far more granular in Android than plain Linux, in Linux you just look at /proc whereas Android has to actually get types of permissions for sensitive data.
Google is evil since they allow this without doing anything about it.
Not sure why uber is being singled out, because many, many apps do the same exact invasion of privacy.
Not really. Google actively wants this crap because they are an advertising company, and their entire business model depends on destroying all privacy everywhere (except for the privacy of their proprietary database of your private information). If they put in real security for privacy settings for other people's apps, then Google can't track you either.
It's my damned device, I want control over it.
That sinking feeling when the Google and Apple we all praise (fractions add up to a whole even if individually we meet in fanboy flamewars here), follow the new normal: we are the PRODUCT, not the consumer. Why accommodate US if it won't make them more cash? This is what happens when the slippery rope can't even be invoked because the system is designed from step 1 so all of us rope-walkers start at the bottom end of the rope, trying to climb up.
To us who come from Linux's rpm mirrors or open-repositories world, App stores are control freak traps. Amazon Kindle's, Windows 8's, MacOS's... it can be IMPOSSIBLE to just get a direct download link to an installers from them. This takes our self-management and multi-device control away, even for FREE apps. That should be a dead giveaway that something is fishy. These control games happen even if you sign in, and you need root to just retrieve an APK file from google's filesystem for easy reinstall. When you DO NOT want to be forced on a new device to get that one new version, or the app has been *pulled* (flappybird), you're only safe if you hoarded the old one. And we have no good choice.
It's a bit like the political systems, where all parties give you the same end result, but you still want to perpetuate the feeling of personal choice and keep voting for one, because abstinence is shunned and / or feels dumb.
On my old Android phone (2.2), if you move apps to an SD card and try to migrate to a bigger card without some serious hoops, the apps just disappear from your dashboard. No idea if this got fixed in 4.x, but it's one more reason I am not jumping to buy a replacement phone just yet. Google's track record for fixing policy "bugs" is not good. And I don't trust technical John Smith EndUsers out there to put pressure to fix those policies, because their mentality is akin to "buy more X" or "go somewhere else"
They are over-charging scumbags with dodgy drivers, why would you want to use them? Don't support them until they sort their act out.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Google changed the way the permissions are described in order to combine non-invasive permissions and invasive permissions under the same label. Even a person reading the permissions off doesn't really have a clue about how much access the app actually has to their data.
In anycase, this is why I stopped using Android phones and went with iOS. Apps can't play these sorts of games on iOS.
-Matt
Every AT&T android phone comes with this preinstalled.
Have a look what Citrix Worx asks for (certifier of your phone, so you can look at your work email). Device & app history
retrieve running apps
read sensitive log data
Mobile data settings
change/intercept network settings and traffic
Location
precise location (GPS and network-based)
Photos / Media / Files
modify or delete the contents of your USB storage
test access to protected storage
Camera / Microphone
record audio
Wi-Fi connection information
view Wi-Fi connections
Device ID & call information
read phone status and identity
Other
press keys and control buttons
read frame buffer
close other apps
update component usage statistics
force-stop other apps
modify secure system settings
view network connections
connect and disconnect from Wi-Fi
full network access
run at startup
read battery statistics
control vibration
close other apps
set wallpaper
install shortcuts
uninstall shortcuts
modify system settings
pair with Bluetooth devices
draw over other apps
If only there were a technology which enabled permissions to somehow be enforced by the operating-system itself...
I didn't. But, then, Uber leaching all the contact information of someone I know still is fucking me over. Oops.
Congratulations on your myopic vision of problems. I presume your solution to the problem of contract killers is to just not hire one.
Nice ad hominem/strawman there. There's nothing about wanting something that wasn't offered or instant gratification. What is being discussed is potentially abusive permissions as a norm that most apps don't abuse but enough do.
Whether this ends up just being that people stop using the Uber app and similar apps that are caught being abusive or it starts moving towards a technology method to aid people who want to opt out of this abuse or to an opt in approach that really should be the norm (my opinion, of course), the whole point only appears precisely because of "people ... like 2 year old kids" who call out Uber on the point. If it were merely that people who noticed stopped using the app without telling others, I doubt you or most people would even think to not install Uber based on its insane permission requests.
But, then, "Problem solved"! So, why are you here, again, bitching about other people?
Because some idiot decided to strip the security out of Linux to make Android. No Android app is safe, auto updates of a safe app can make it unsafe with no notice to the user. They took the safest OS there is and made a Frankenstein POS out of it to make it user friendly.
Android is *NOT* Linux based, it is merely Linux hosted. Android is its own OS, its own environment. As such Android is perfectly free to have less or *more* security than Linux. There was no stripping security out, there was only how much security to build into this new and independent environment.
There is a way for apps to jump through some hoops and access Linux (NDK) but only about 25% of apps (last I read) do this. For the vast majority of Android Apps and Android Developers they are just like Android users. They don't see or use Linux at all. If Android were to be updated to host on BSD these users and developers would not know or care. Of the remain 25%, many of their apps would still compile and run. Many use standard *nix calls, nothing Linux specific like most FOSS software.
Apparently you are not familiar with SELinux.
The real "Libtards" are the Libertarians!
The problem with being able to allow/deny individual permissions is the app developers now have 2^n configurations to test, instead of just one. Which is either going to lead to a much higher testing cost, or apps which are buggier when run with less than full requested permissions.
I just deleted my uber app and will use left going forward
Uber will keep your information in their system ntil you specifically request for your info to be deleted. The only way to do this (that I found) is by digging into their website for the correct email address.
Just check - every thread about "nextweb" and its analysis that this blog is incorrect is modded 0 points.
This thread is modded 0 points.
Your note is modded 0 points.
Apparently "sharing the real facts" and "debunking the hysteria" is modded down.
Discussions about how Google/Android are bad, permissions aren't granular, uber is bad, uber has a German name so they must be worse still, etc... those are modded 4-5.
Happy thanksgiving.
Mods - go meta-mod your "peers". They are out of control.
E
E
Sorry but they don't have a Taxi service. Taxi's are licenced and regulated by municipal authorities which means among other things that rates are regulated and such niceties as insurance is sorted out. Your literally rolling the dice with Uber.
Welcome to the world where capital rules. Don't say communism is better, its the world where crazy old alcoholics rule.
One thing about old-style Soviet communism - old alcoholics become dead alcoholics a lot quicker. Or they're "retired".
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
You know what, eff uber. They can keep my data. They're not getting any more of my money.
Easy, start screaming at Google to pull it's bloody finger out and make a much needed modification to permission to differentiate between unlimited permissions and user confirmed permissions every time a request is made, plus the opportunity to change this on the fly. Add in logs for access, that the user can readily confirm in order to change permissions if they don't like them. Send them emails, blog nasty things about them and stop installing apps until changes are made.
Chaos - everything, everywhere, everywhen
This app just popped up on my wife's phone, wanting to update itself. I had no idea what it is, so Googled it... "SuperSU is a Superuser management tool for rooted devices". "SuperSU Brings Better SuperUser Root Permission Management to Android" I still don't have a clue as what I would actually do with such an app. Everything I read about it just leaves me more confused. I have two questions - what is it doing on my wife's phone, that I recently did a factory reset on, and 2.) Would this app somehow allow one to control permissions of apps after installation? http://www.addictivetips.com/m... https://plus.google.com/+Chain...
Poor app developers might actually have to spend time testing their apps.
My heart bleeds for them.
I'm a good cook. I'm a fantastic eater. - Steven Brust
I wonder if not providing fake info was a concession to bring CyanogenMod in line with the Android CDD so that it can ship alongside Google Play Store on the OnePlus One phone.
If an app needs new permissions in an update it must be explicily accepted by the user.
Recent changes to Google Play Store's permission display mean that a new permission will be automatically accepted so long as the new permission is in the same group as a permission that an app already has. Predictably, Slashdot users female dogged and moaned about it.
Android is *NOT* Linux based, it is merely Linux hosted. Android is its own OS, its own environment.
And now you know why Richard Stallman was right about calling the familiar desktop and server operating system "GNU/Linux". Android has a completely different userland on top of the same Linux kernel that underlies GNU/Linux.
It'd be nice if apps had a base set of privs then expanded sets that could be allowed on install or later by request to the system/user.
That's already possible in current Android. Offer one app in Google Play Store that needs a small set of permissions, then offer other apps in Google Play Store that act as content providers for the main app. For example, there might be a "Swype" keyboard app that needs only the input method permission, a "Swype auf Deutsch" app that adds a German dictionary, a "Swype Local" app that adds nearby businesses to the dictionary (which requires the location permission), and a "Swype Knows Your Name" app that adds your contacts to the dictionary (which requires the read contacts permission). If they're all digitally signed by the same publisher (such as Nuance), they can share data structures intimately as if they were one app.
Also it'd be nice if the privileges were a lot more restricted, like "Use Ad Service to show you ads" instead of "Use Internet"
The example you give is not possible unless you want all ad-supported apps in Google Play Store to move to a single monopoly ad provider. If you whitelist communication with one hostname, that host could act as a proxy to access any other host.
iOS 8 also introduces replacement keyboards. If the OS forbids apps from enumerating contacts, how does the user go about adding contacts' names to the keyboard's spell check dictionary?
Please don't use left going forward, it's really confusing for the drivers behind you.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
For the old farts who knew the world prior to it being online 24/7, the solution is an easy one.
Get rid of the damn phone.
Get a basic phone you can pull the battery out of if you must have one to travel with, but drop the surveillance device. . . erm . . smartphone.
Until the folks who create them can get the permissions models right and truly give the end user the ability to lock them down, don't use them.
I have an old Iphone 4. It's served its purpose pretty well but every time we turn around now you hear nothing but how App X is doing something it shouldn't be. How App y is accessing and transmitting everything it can learn about you.
Want to see something fun ? Fire up a sniffer setup to watch all the wireless traffic on your network, then boot your phone and not just how many sites your phone talks with. Then note how the majority of that traffic is encrypted so you'll have quite the hard time figuring out just what is being sent out.
I've been kicking around the idea of upgrading my phone but recently, I've been tossing around the idea of just getting rid of the smartphone thing com
thieves. Gordon Gecko style thieves.
I do not use Uber, but based on everything I have heard on this company's business practices, treatment of it's drivers, threats made to journalist, and now learning that the app is scraping every bit of data possible from people's phones I have to ask "Why are you using this app? Is it really that much better than calling a cab?"
Yes yes very sarcastic of you... You're comparing a specialised Linux niche with what is available on all Android devices that exist. I'm looking at default Android against default Linux.
The trouble is Android's permission model is crap. If an app has a feature that requires a permission the app may need at any point in the future, it has to be approved by the user at install time, and the app cannot control how the permissions are described or even explain to the user why it needs that permission. And lots of innocuous permissions are bundled up together non-granularly with scary dangerous (or dangerous-sounding) ones, so the app only needs EraseBunnyDrawing permissions but to get that it has to request KillFamily permissions, which doesn't actually mean kill *your* family, it means kill a process family, but all the user sees is "Permission to kill family members without warning" and OH GOD WHY DOES AN APP ABOUT DRAWING FLUFFY BUNNIES REQUIRE MY FAMILY TO DIE?! THIS APP SUCKS!!!!!!1111!!!!!oneoneonetyone1!!!
And then the story hits TechCrunch, where it's summarized so that it sounds like there have been actual deaths of family members, and then the mainstream press and the Today show start calling the app developer asking "Why are you a horrible person whose app killed little Stacey's favorite uncle?? :( :( :("
And all because Google can't get security UI right.
-- Old Man Kensey
So, they did strip the security?
Just a little reminder: a program on your linux system can read everything the user can read. Android apps need to ask for permissions (of course, they ask for a lot, but they still need to ask).
The problem is on the other hand, that most apps are spyware, as we called it when people still used PCs. And nobody cares anymore. On the PC we did not install programs, which did more than they should. on the mobile phone it's just normal.
Most of these permissions are for facilities that may not be available, let alone permitted, under real-world conditions. GPS might not be available where you are, the contacts database might not be available, network access apart from port 80 might be unavailable.
This isn't the same as screen size of hardware chipsets, this is runtime allocation of OS resources -- you always have to check to make sure that the OS can give you them, and then handle failures gracefully.
Don't blame me, I voted for Baltar.
I arrived in Guadalara, and "Poof!" there was an email from Uber announcing they now have service in Guadalajara. I'm going to uninstall their app now.
I was alluding to the fact that Android is based on GNU/Linux, and Linux has permissions built into the core. Fair point though.
Aside: apparently there's not much GNU code in Android. Interesting.
It doesn't like knowing my phone is rooted - but then slap on Root Cloak, and it happily rolls over and lets me tickle it's underside.
I think this might be my main annoyance - ridiculously intrusive, and yet pretty dumb.
Google Play has majority market share on smartphones now. If Google flexes this market power to play kingmaker in the mobile advertising market, I can think of at least one competition regulator that might step in.