Slashdot Mirror
Ask Slashdot: Are My Drone Apps Phoning Home?
Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine.
I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.
I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?
The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?
Are the drone apps phoning home?
I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?
The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?
Are the drone apps phoning home?
Yes. Recently, the military suspended the use of certain drone manufacturers products for the same reason.
Analytics. Telemetry. Whatever you want to call it, data is traversing the network without your explicit approval.
Ask Slashdot: What would we have called it if they never made ET?
You will need a bigger teabag.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
If you have a samsung and couple of hours I have a solution for you.. if you know a little bit of java.
Samsung phones have firewall apis that you can access with a sdk from samsung and a license code. you can also turn off the wifi with same apis in a way that another app cant open it. also with same api's (and well, if you got admin rights somehow for your app on vanilla android too) you can enable/disable particular services and activities from within the app - this depends on the architecture of the app, but it is possible possibly to just turn off the phone home service.
there are also other things you can do that work on all phones, there's an app on the play store for changing app permissions.
(what it does is repackage the original .apk with different permissions. so you can remove the perm for wifi control from the apk - the app will still have permission for normal http connections though).
now, you might ask why android doesn't give you as the device owner access to all these options just outright from opening the box: because fuck you peon, that's why.
on vanilla android(without rooting) if you want to give admin rights to an app you have to do it BEFORE finishing the first start dialog flow and there isn't that many ways to do that except nfc on some models and a flawed otg auto-apk installer on some other models.
so the samsung extra api's are a case where manufacturer additions to the firmware are actually pretty nice if you use them for yourself instead of someone using them against you.
world was created 5 seconds before this post as it is.
Settings > Apps > tap the app (App info) > Advanced > Modify system settings > uncheck the Allow. That will disallow the app from enabling your WiFi.
Apple makes sure that every app available to me is a good and wholesome app, no problems with Apple apps. Google allows bad apps, Google is bad.
I had a drone with iPhone app that called home too so its not just an android issue at all.
You can pretty much count on any "smart" thing these days to phone home some type of data to be collected and monetized by the creator of that thing, and yes all you iFanBoies out there, that includes you as well. Why else do you think your sous vide heater, meat thermometer, thermostat, stove, refrigerator, dishwasher, garage door opener, etc -- fucking damn near unlimited list of crap no one needs 27/7 access to -- each require their own app be installed?
--- Keep the choice with the user..
I've found that using a Pi-hole and adding the domains they're trying to call to the blacklist to be useful.
Actually, no. If you are a truly big corp, such as facebook or google, they can use API's that let them upload/download whatever they want, even when they are no the active app, and even if the user has force-quit the app. Every once in awhile, they'll change the app and then it goes and downloads a bunch of crap in the background, a bunch of users get a surprise at the end of the month with overage charges, then they rush out an update to stop doing that particular thing.
I wish Apple would add a setting to every app to permit me to enable/disable all internet access on a per-app basis.
Sleep your way to a whiter smile...date a dentist!
Oh horror! Windows allows you to install any apps! Even those that phone home. And even worse, Linux does not even have that micorsoft antivirus thingy that keeps you safe! Avoid at all costs.
Submitter is now learning how to disallow an app from doing this on Android. Some apps you *do* want to be able to turn on WiFi on its own (e.g. VoIP phone app if you don't want it burning your cellular data).
If you know you're technically incompetent and want someone to handhold you through your phone "ownership", then iOS is what you want. If you have the technical knowledge to tweak the phone and want the freedom to use your phone however you want, then Android is what you want. Just like some people like to buy a Toyota and take the car to the dealer at regular service intervals, while other people buy a Chevy and modify or tweak every single component and do all the maintenance themselves. Different strokes for different folks.
Oh give me a drone, That phones home on its own, And uploads all that I've done, And when it has phoned, Little drone of my own, Its makers will see all my fun.
You are lost in a twisty maze of little standards, all different.
... assume 'yes'.
We suffer more in our imagination than in reality. - Seneca
You can enable/disable Mobile Data on a per-app basis in iOS - go to Settings > App Name and you can turn on/off Mobile Data for any apps that have registered as using mobile data on your device.
re: big corps that use unpublished APIs, this used to be the case, but Apple have cracked down on it significantly. There are a number of apps that are permitted to run in the background, Facebook is not one of them, however Facebook "accidentally" registered their app as a media player and they'd play a silent mp3 in the background to get around iOS trying to freeze the app when it wasn't in use. Apple had a quiet chat to Facebook and this has apparently stopped.
As far as I know, if you force-quit an App, it has no way to re-launch itself in the background and start using data again.
Specialist Mac support for creative pros, Melbourne
I saw M$ connections on my router logs too. Strangely those M$ connections came from my Android devices. I was very upset because I can't remember using a M$ product on my android device. It just connects to M$ mothership 24/7 without my permission. So I blocked M$ domains for outbound connections of my Android.
captcha: fetches (fetches data from your android into M$ mothership)
But Windows also allows me to install programs that keeps other programs' ability to send stuff out at bay. Care to point me to the phone app that can do that?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is it in their interest to gather your data? Yes.
Is it possible to them to gather your data? Yes.
Does it cut into their bottom line because people would avoid their products? No. 9 out of 10 don't give a shit and the 10th (you) notices after he bought it.
Do I need to answer your question or can you find the answer yourself?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How is this even possible!?
Although I have owned a few Android phones over the last few year, my primary smartphone has been an iPhone since the iPhone 3G. So, the idea that a third party app could turn on radios in my mobile device without my permission or knowledge is simply insane to me.
Besides just the loss of personal privacy and violation of confidentiality (depending on what the app is doing when it turns on the radio), many people still have capped or metered internet services, and this app could be draining that without the handset owner's permission!
Unbelievable... just unbelievable.
Is easier to assume that it does than to think it does not. And even if it does not now,. it might do so in the future.
Note: It is only paranoia when you THINK that you are being followed, not when you actually are.
Don't fight for your country, if your country does not fight for you.
It annoys me that Microsoft, a company I want nothing to do with, put their Office apps on every Samsung phone, AND THOSE APPS PHONE HOME ALL THE TIME. I don't use their app, I don't want their app, Microsoft paid to put that crap on the phone with network, camera, microphone permissions.
If you don't use the app, there is actually a simple solution. Even though you can't remove preinstalled apps without rooting your phone, you are usually allowed to disable the apps, which prevents it from working and thereby from phoning home. Disabling intrusive preinstalled apps is the first thing I do when I get a new Android phone; check out the menu Settings -> Apps -> ... -> Disable. If you have installed any updates to the app, you may have to uninstall these before you can disable the app.
For stronger privacy controls, you might be interested in rooting your phone, in which case you can actually remove the app entirely, and also use stuff like XPrivacy.
A firewall app will block this kind of thing. For example: https://play.google.com/store/...
Have we learned nothing from the whole Snowden experience?
You put your drone in the fridge overnight. A microwave oven would be even better, for some values of oven.
Fiat Lux.
I know this question is outside of the main focus of the post, but why is the submitter disabling Wi-Fi overnight? I can't think of any logical reason to do it.
"A plan fiendishly clever in its intricacies"- Homer Simpson
You would have to assume that any devices made and software updated by international companies could be potentially co-opted by those states in time of war to spy on national activities - anything with a camera, microphone, and internet connection. That includes the bazillion security cameras, drones, TVs with cameras, phones and laptops. I uninstalled a firmware upgrade to my security camera when I saw they wanted to upload all data to their cloud when I have a perfectly good one at home. Same with the wi-fi smart router. Time to get out the tin foil hats.
nobody's asking, "what is the problem here?"
Did you just ask the previous poster to RTFM?
Faster! Faster! Faster would be better!
I have a Samsung GT-E2550, no apps because it's a feature phone. I use it to talk to people and (from time to time) send an SMS. Younger members of my family usually gather by tradition during public holidays to mock me, but they're beginning to wake up now.
Seriously, I don't want a load of badly coded, intrusionware on my phone or for it to declare my location to all and sundry. Of course, it's possible to triangulate with cell tower data, but my view is that this level of intrusion shouldn't be a) default b) 'easy'. Android is now such a tangle that it's not really clear (except maybe via Wireshark, for example, but do you want to live like that?) when everything is genuinely 'off'.
On y va, qui mal y pense!
your point is?
In this day and age, you have to assume that every piece of software you run on any platform will be phoning home.
That's why I firewall all traffic, incoming and outgoing, these days, especially on my phone. It's also rather interesting examining the logs of what was blocked.
In fact, as I was doing routine firewall maintenance over the weekend, it occurred to me that at some point I made a shift -- I now pay more attention to outgoing traffic than incoming!
Industry trends have resulted in it becoming necessary to treat all devices and software, inside or out, as threats.
I don't see how iPhones have any kind of real edge with this sort of thing. Plus, you can't really install an effective firewall on iPhones.
Root your Android device and edit the hosts file. No more spying.
Only the State obtains its revenue by coercion. - Murray Rothbard
The first thing I do when I get a new phone is replace the operating system. This completely eliminates the problem of apps I can't delete.
If I can't replace the OS on a phone, then I don't buy the phone.
Android has had the ability to turn on/off any permission for any app since at least Marshmallow. Go to Settings->Apps then click on an app and then click on 'Permissions'. Don't want it using WiFi? Turn off WiFi. Don't want an app to track your location? Turn off Location. Simple and you don't need to be rooted at all as it's part of the OS
The "Connects" app will let you see where all your apps are connecting too on a map and you can then go back to the Firewall to deny access to particular ip destinations, per application, that you think should not be allowed. Anything to Russia or China would be on my immediate No list.
MY one gripe is that without root privileges the NoRoot Firewall is not necessarily the first app to start when your phone boots and Wifi is enabled.
Facebook is not one of them, however Facebook "accidentally" registered their app as a media player and they'd play a silent mp3 in the background to get around iOS trying to freeze the app when it wasn't in use. Apple had a quiet chat to Facebook and this has apparently stopped.
It has not stopped, at least not in the last few weeks. Play audio, open Facebook app, browse through some pages, click on a link that opens the facebook browser and *BAM* your audio is now hijacked by a completely inaudible MP3. The only time I ever look at Facebook is when I am sitting in the waiting room of a doctor's office or some place like that. I listen to music while I sit there and wait and this drives me insane.
The only apps I install are open source and I firewall my phone with droidwall. The reason: I was once recruited (I turned it down) to create a database to organize the "telemtry" data collected by a number of apps. To quote one of the executives, "These people out there have no idea how much data is collected". The EULA's say data "may be "collected but don't specify what in most cases, and I don't have time to analyze the apps traffic packets. Banking apps are getting a bad rep in Canada too because of the data people are discovering is being collected. The safest assumption is, if it's not open source for the public to audit, it's probably sending data the app developers can sell/make money off of and legally installing the app is "permission" (?!? laws need to be modified to protect the public). And if the apps doesn't explicitly tell you what it's collecting, it's like Windows 10: Collecting as much as it can. With a GPS (which I always turn off), text log, possible email, all log and a video camera, that is a LOT of data that could be collected. Welcome to a brave new world. Convenience comes at the price of security. I've yet to see an exception to this.
"Imagination is more important than knowledge" - Einstein
Don't put untrusted apps on your primary phone with all your personal data.
And don't consider any app you didn't write yourself as "trusted".
This comment just gets funnier every time the next idiot posts it.
Apple makes sure that every app available to me is a good and wholesome app, no problems with Apple apps. Google allows bad apps, Google is bad.
So now I'm confused... does that make Google a bad Apple?
You can find out exactly what's being sent. Just run Android x86 or macOS (with iPhone emulator from Xcode) in a VM and capture the packets from the virtual NIC. Open the .pcap file in Wireshark and see exactly what's being sent.
I'm playing music using Apple's 'Music' app, reading Facebook, looking at a web page using their browser and the music is still playing. I even clicked on a link in the first page to take me to another website to make sure. Music is still playing. iOS 10.3.3, iPhone 6.
When they came for the communists, I said "He's next door. Take him away. Goddam commies."
Can Android apps really turn on wi-fi?
Yes. Any app with the CHANGE_WIFI_STATE manifest permission can do it. Android classifies this as a Normal Permission...
... which indicates that there's no great risk to the user's privacy or security in letting apps have those permissions.
REFs:
Ghostery
That is contrary to fact.