Slashdot Mirror
Ask Slashdot: Are My Drone Apps Phoning Home?
Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine.
I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.
I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?
The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?
Are the drone apps phoning home?
I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?
The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?
Are the drone apps phoning home?
The submitter is now learning why iPhones are better than android garbage?
Modern app appers use App-Fi, NOT LUDDITE Wi-Fi!
Apps!
Yes. Recently, the military suspended the use of certain drone manufacturers products for the same reason.
Analytics. Telemetry. Whatever you want to call it, data is traversing the network without your explicit approval.
Ask Slashdot: What would we have called it if they never made ET?
If you have a samsung and couple of hours I have a solution for you.. if you know a little bit of java.
Samsung phones have firewall apis that you can access with a sdk from samsung and a license code. you can also turn off the wifi with same apis in a way that another app cant open it. also with same api's (and well, if you got admin rights somehow for your app on vanilla android too) you can enable/disable particular services and activities from within the app - this depends on the architecture of the app, but it is possible possibly to just turn off the phone home service.
there are also other things you can do that work on all phones, there's an app on the play store for changing app permissions.
(what it does is repackage the original .apk with different permissions. so you can remove the perm for wifi control from the apk - the app will still have permission for normal http connections though).
now, you might ask why android doesn't give you as the device owner access to all these options just outright from opening the box: because fuck you peon, that's why.
on vanilla android(without rooting) if you want to give admin rights to an app you have to do it BEFORE finishing the first start dialog flow and there isn't that many ways to do that except nfc on some models and a flawed otg auto-apk installer on some other models.
so the samsung extra api's are a case where manufacturer additions to the firmware are actually pretty nice if you use them for yourself instead of someone using them against you.
world was created 5 seconds before this post as it is.
Can Android apps really turn on wi-fi? I normally keep the wi-fi disabled on my tablet so as to not see so many ads or be broadcasting everything I do to the world, and I have never seen an app enable the tablet wi-fi. Some apps refuse to function if the wi-fi is not active, but none have ever turned it on.
Settings > Apps > tap the app (App info) > Advanced > Modify system settings > uncheck the Allow. That will disallow the app from enabling your WiFi.
I had a drone with iPhone app that called home too so its not just an android issue at all.
You can pretty much count on any "smart" thing these days to phone home some type of data to be collected and monetized by the creator of that thing, and yes all you iFanBoies out there, that includes you as well. Why else do you think your sous vide heater, meat thermometer, thermostat, stove, refrigerator, dishwasher, garage door opener, etc -- fucking damn near unlimited list of crap no one needs 27/7 access to -- each require their own app be installed?
--- Keep the choice with the user..
I've found that using a Pi-hole and adding the domains they're trying to call to the blacklist to be useful.
Betterditch the rule of headlines cuz the asnwer to this one is YES!
It'll be the Google Play update. Permission to wake the phone is a special permission, and its one the drone app probably didn't obtain. Google Play services though, does.
DJI quite likely phones home, they now enforce the no fly zones and local limits in the country you are in, and theres a lot of too-and-fro for that.
IMHO the problem here is Google, these phones should control access, but Google's privacy controls don't let you silently block access to services to all apps. Instead they *tell* the app, the service is being withheld, and so the app simply refuses to run holding you hostage at the most annoying time to get granted the permission.
And Google and pre-installed apps, have pre-accepted permissions. So they just wake the damn phone up, connect to Google and send anything they want.
It annoys me that Microsoft, a company I want nothing to do with, put their Office apps on every Samsung phone, AND THOSE APPS PHONE HOME ALL THE TIME. I don't use their app, I don't want their app, Microsoft paid to put that crap on the phone with network, camera, microphone permissions. As if I would ever grant an office app, access to the camera and microphone and phone home capabilities to an NSA/FSB friendly company.
The answer is: yes, of course!
Oh give me a drone, That phones home on its own, And uploads all that I've done, And when it has phoned, Little drone of my own, Its makers will see all my fun.
You are lost in a twisty maze of little standards, all different.
It's 2017. Are you -seriously- asking whether or not an app you use is dataslurping to its mothership?
Of course it fucking is.
Gotta keep its geofence list updated with the latest government restrictions. And likely upload that days flight details so anything naughty you've been doing can be tracked and reported.
... assume 'yes'.
We suffer more in our imagination than in reality. - Seneca
I saw M$ connections on my router logs too. Strangely those M$ connections came from my Android devices. I was very upset because I can't remember using a M$ product on my android device. It just connects to M$ mothership 24/7 without my permission. So I blocked M$ domains for outbound connections of my Android.
captcha: fetches (fetches data from your android into M$ mothership)
Is it in their interest to gather your data? Yes.
Is it possible to them to gather your data? Yes.
Does it cut into their bottom line because people would avoid their products? No. 9 out of 10 don't give a shit and the 10th (you) notices after he bought it.
Do I need to answer your question or can you find the answer yourself?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How is this even possible!?
Although I have owned a few Android phones over the last few year, my primary smartphone has been an iPhone since the iPhone 3G. So, the idea that a third party app could turn on radios in my mobile device without my permission or knowledge is simply insane to me.
Besides just the loss of personal privacy and violation of confidentiality (depending on what the app is doing when it turns on the radio), many people still have capped or metered internet services, and this app could be draining that without the handset owner's permission!
Unbelievable... just unbelievable.
Is easier to assume that it does than to think it does not. And even if it does not now,. it might do so in the future.
Note: It is only paranoia when you THINK that you are being followed, not when you actually are.
Don't fight for your country, if your country does not fight for you.
A firewall app will block this kind of thing. For example: https://play.google.com/store/...
Have we learned nothing from the whole Snowden experience?
You put your drone in the fridge overnight. A microwave oven would be even better, for some values of oven.
Fiat Lux.
I know this question is outside of the main focus of the post, but why is the submitter disabling Wi-Fi overnight? I can't think of any logical reason to do it.
"A plan fiendishly clever in its intricacies"- Homer Simpson
You would have to assume that any devices made and software updated by international companies could be potentially co-opted by those states in time of war to spy on national activities - anything with a camera, microphone, and internet connection. That includes the bazillion security cameras, drones, TVs with cameras, phones and laptops. I uninstalled a firmware upgrade to my security camera when I saw they wanted to upload all data to their cloud when I have a perfectly good one at home. Same with the wi-fi smart router. Time to get out the tin foil hats.
I have a Samsung GT-E2550, no apps because it's a feature phone. I use it to talk to people and (from time to time) send an SMS. Younger members of my family usually gather by tradition during public holidays to mock me, but they're beginning to wake up now.
Seriously, I don't want a load of badly coded, intrusionware on my phone or for it to declare my location to all and sundry. Of course, it's possible to triangulate with cell tower data, but my view is that this level of intrusion shouldn't be a) default b) 'easy'. Android is now such a tangle that it's not really clear (except maybe via Wireshark, for example, but do you want to live like that?) when everything is genuinely 'off'.
On y va, qui mal y pense!
ALL of your Apps are phoning home.
Android, iPhone, Windows 10...
ALL.
In this day and age, you have to assume that every piece of software you run on any platform will be phoning home.
That's why I firewall all traffic, incoming and outgoing, these days, especially on my phone. It's also rather interesting examining the logs of what was blocked.
In fact, as I was doing routine firewall maintenance over the weekend, it occurred to me that at some point I made a shift -- I now pay more attention to outgoing traffic than incoming!
Industry trends have resulted in it becoming necessary to treat all devices and software, inside or out, as threats.
Root your Android device and edit the hosts file. No more spying.
Only the State obtains its revenue by coercion. - Murray Rothbard
The "Connects" app will let you see where all your apps are connecting too on a map and you can then go back to the Firewall to deny access to particular ip destinations, per application, that you think should not be allowed. Anything to Russia or China would be on my immediate No list.
MY one gripe is that without root privileges the NoRoot Firewall is not necessarily the first app to start when your phone boots and Wifi is enabled.
Don't put untrusted apps on your primary phone with all your personal data. Instead, get a old phone or mobile device and put nothing on it except for your untrusted apps. You can tether it from your phone if you need an internet connection out of your home.
Furbies were quasi-recording and regurgitating childrens utterances. Some people afraid of spying. Banned in NSA offices, etc.
Does iOS allow any app to enable wifi (or disable airplane mode for LTE/4G data)? Yeeks. I'm really shocked Android allows this, seems like a massive violation, especially on metered connections (like my tiny-ass dataplan!)
The only apps I install are open source and I firewall my phone with droidwall. The reason: I was once recruited (I turned it down) to create a database to organize the "telemtry" data collected by a number of apps. To quote one of the executives, "These people out there have no idea how much data is collected". The EULA's say data "may be "collected but don't specify what in most cases, and I don't have time to analyze the apps traffic packets. Banking apps are getting a bad rep in Canada too because of the data people are discovering is being collected. The safest assumption is, if it's not open source for the public to audit, it's probably sending data the app developers can sell/make money off of and legally installing the app is "permission" (?!? laws need to be modified to protect the public). And if the apps doesn't explicitly tell you what it's collecting, it's like Windows 10: Collecting as much as it can. With a GPS (which I always turn off), text log, possible email, all log and a video camera, that is a LOT of data that could be collected. Welcome to a brave new world. Convenience comes at the price of security. I've yet to see an exception to this.
"Imagination is more important than knowledge" - Einstein
Don't put untrusted apps on your primary phone with all your personal data.
And don't consider any app you didn't write yourself as "trusted".
You can find out exactly what's being sent. Just run Android x86 or macOS (with iPhone emulator from Xcode) in a VM and capture the packets from the virtual NIC. Open the .pcap file in Wireshark and see exactly what's being sent.
You would be THAT lucky! It more likely mirrors your entire phone's contents - id, contacts, calls, texts, photos, everything! And people never questioned WHY these drones came with a handy-dandy smartphone app for the controls.