That can be easily addressed via social engineering.
Here's an example of what seems to be a benevolent app that required some questionable permissions to do some very useful things. The app in question is the official XBMC remote control app, for which the source code is thankfully available. The point is, however, that certain potentially dangerous permissions (or combinations of permissions, like Internet access plus access to contacts) are sometimes needed to perform harmless but useful functions. In the wrong hands, though, the same permissions can be fraught with danger.
Here are the XBMC Remote App's permissions explained (http://code.google.com/p/android-xbmcremote/wiki/Permissions):
We don't like apps demanding permissions that don't seem obvious, so here we'll explain each permission XBMC Remote asks prior to installation:
INTERNET - We need to connect to XBMC. The INTERNET permissions actually controls any socket, internet or not, so this is unavoidable.
ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE, CHANGE_WIFI_STATE - We've introduced an option that avoids connecting to XBMC when not connected to WiFi. In order to check this we need this permissions.
VIBRATE - Remote control screen lightly vibrates to give a more realistic user experience (configurable).
READ_PHONE_STATE - We have a feature that pauses anything playing on incoming calls. In order to receive this event, we need this permission.
RECEIVE_SMS - The feature that displays SMS on the TV screen needs this permission in order to obtain the messages.
READ_CONTACTS - In order to display contact info (and picture) on incoming calls or messages, we need permission to read the phone book.
READ_SMS - When displaying SMS, we actually display the first part of the message, so we'll need read permissions of SMS.
WAKE_LOCK, DISABLE_KEYGUARD - A requested feature was overwriting the power manager to keep the processor from sleeping or the screen from dimming. This is configurable, but we'll need the permissions in any case (activated or not).
WRITE_EXTERNAL_STORAGE - In order to save cover and poster thumbnails locally for caching purpose, we need write access to your SD card. This permission was introduced with Android 1.6.
Explained this way, the permissions seem quite reasonable. In fact, they are necessary for the app to work properly. Yet because Google/Android grants permissions as they do, they still require a "trust us" post like this to explain why the permissions are needed.
The take-home point is that even people that are actively trying to personally filter apps by screening the permissions can't do a good job of it, because quite a few apps need risky permissions to be useful. So often it still comes down to "trust us", and that's just not the most comfortable situation. It could be done much better.
I'd prefer the ability to selectively reject certain permissions, or at least be able to whitelist them rather than allowing everything wholesale at install time. NoScript can be a PITA, but it's a good model of how this could work. Allow questionable actions only by permission at run time, and allow them to be revoked at any time. I could live with that.
Explain to me how a few outliers are significant compared to the number of malicious apps might have been created WITHOUT a vetting process. This says more about the vetting process and how poorly it was implemented than it does about the value of a vetting process that successfully filters a substantial number of undesirable apps.
Introduce a vetting process that is somewhat effective though not perfect and it will still be better than the wild west that is currently the Android Market.
I'm honestly surprised that it took so long for something like this to happen, and I attribute it to the honesty and integrity of most of the developers (or maybe their skill in remaining discreet). But there are no barriers in place that I can see to prevent an ambitious and unscrupulous developer from taking advantage of the gullible.
When it comes to the Android Market, Caveat emptor rules the day. Some might say that is how it should be, and to a large part I agree. But there is an implicit aura of trust that surrounds the market, since it is the only "official" avenue for getting apps. There is an option in the Android settings to allow apps from "unknown sources" that comes with an ominous warning about malicious apps if you choose to enable it. That strongly implies that the apps available via the Market are to be trusted. Despite this, I've never felt that Market apps were any more trustworthy than those from other sources, precisely because there is no evidence of any vetting or other quality control.
I would very much welcome a multi-layered market that included a vetted set of apps that could (mostly) be trusted alongside a layer or two that were more free to developers.
As it stands right now, I just don't install anything that looks suspicious. Everything else just gets ignored. So much for "we have more apps". That means nothing.
Your comment is entirely tangential to the issue being discussed.
Sheep carry on oblivious to the dangers around them as they are led to the slaughter. That includes underestimating the power and danger of a society acting under the influence of the "current social moral" [sic]. Blatantly thinking outside the box in such an environment is just as stupid as waving a sandwich in the face of a grizzly bear and expecting him to respect your right to your property. Good luck with that. Thinking outside the box (or enjoying a sandwich) is entirely possible without being stupid about it.
Choose your battles wisely and remain a live lion instead of a dead sheep. It's much easier to think outside the box and "question our moral and knowledge" [sic] that way than in the latter state.
You're not "selling your data for nothing". You're exchanging access to your data for the ability to use a service without financial compensation to the service provider (who probably incurs substantial cost running said service). You deserve no "cut" - you already got access to Facebook. TANSTAAFL.
This is a rare instance where "vote with your wallet" can be exercised in a positive sense rather than the typical negative. I want more movies like this and less Michael Bay crap. I went to the theater and paid for the movie, and I will be buying the DVD/Blu-Ray when it comes out.
Ummm, no. I will NOT pay more for the privilege of having less bloatware. That's just stupid. Here's what should happen - you pay for a basic android based phone with only the stock apps/functionality that comes with the base OS. Then the vendors make apps that are actually useful and wanted by people. Then I pay extra if I want the useful app that I didn't get with the basic environment. Paying extra (aka bribing) to keep stuff you don't want off your phone is just nuts.
Indeed. Since this story is the one we happen to be LIVING IN, passion and urgency is to be welcomed, applauded and shared. I know that's not what you meant with your snide comment, but you accidentally drew attention to something vitally important. Cool insight, bro, even if inadvertent.
Brownies, cookies and other baked goods. Maybe even a tossed salad with a garnish of buds. Smoking and inhaling is totally not required. For those who are worried about adverse effects of smoking on health, ingestion should do just fine.
Most people are good, most of the time. I wasn't raised that way, I've observed this to be the case.
Do you live in a major city? Secondly, do you live in a impoverished area? If not, then go do so and get back to us. I'm not saying poor people are evil, but the area does seem to have more crime than others (hint, I live near a drug dealer and chalk lines of a murder scene)
Yes I have lived in a major city (several, in fact). And in or near impoverished areas (couldn't afford much else on the grad students stipend and had to be close to school). And the biomedical research institute I happened to be at was adjacent/connected to the local county hospital, so I've seen all kinds of shit.
I still maintain that despite all the crap that went down nearby, or was evident from the condition of the folks coming into the ER, the mayhem was caused by a small percentage of the population, *not* the majority. Most of the people I've encountered in my life have been good people, even those who, perhaps in a moment of weakness, have done bad things.
Being in a place where the concentration of wrong is high doesn't mean everyone is bad, though it can be daunting. We all have the capacity for wrong within us, but that generally doesn't manifest itself except under duress for most people (there are exceptions, of course). Back when life was much harder, it was a survival skill. Now, not so much. Put people in circumstances where survival is paramount and they will do what they need to do. That's not the same as evil.
The problem for many people is the incongruity between how they were raised and reality.
People are generally raised to believe that people are good, that there are norms of behavior
Most people are good, most of the time. I wasn't raised that way, I've observed this to be the case.
there is justice in the world
There is, most of the time. The existence of exceptions doesn't negate the rule, and certainly doesn't justify giving up.
authority figures can be trusted
This is a tough one. Many authority figures can be trusted, but not unconditionally. Any authority figure should be open to question and monitored closely. The problem isn't that someone with authority can't be trusted most of the time, it's what happens when they stray and the trust is misplaced. Even if rare, the ramifications are great.
things happen for reason
Generally true. You may not like the reason, but cause and effect seems to affect most things that happen, in my experience.
[Things] are overseen by an omnipotent deity
Nope. I have no evidence of that. I'll grant you this point.
As we grow up, we learn that these are simply convenient lies that define our society.
They aren't convenient lies. Believing in good, justice, trust and reason are things to be aspired to, because if you don't, you have given in to evil, injustice, distrust and unreason. The existence of the latter does not necessarily make the former "lies".
Most of them do, I think. I've been on the internet a looong time and have never heard of this site. It's encouraging that this site is discussed so rarely that I have been unaware of it until now. Now that I am, I am not even interested enough to go take a look, based on the descriptions I've read.
Take heart - most people have no interest in this stuff at all, based on my experience.
It's not arrogant - it's a prerequisite for clear and un-muddled communication while keeping the latter reasonably streamlined and efficient. People agree by convention that in a given context a phrase or label means something specific so that they don't have to repeatedly specify exactly what they are talking about. When discussing software, open source generally stands for OSI open source. If you are not following convention, then you should really state explicitly that you mean something different. If you don't, you either don't know that there is a convention and what it means (ignorance) or you *do* know and are deliberately using a different meaning without saying so (malicious). Orasio was exactly right.
No. What the hell are city employees doing watching TV. Shut them off and get back to work you leeches.
News, weather, traffic. Being able to receive emergency broadcasts during, er, emergencies (or to monitor that said broadcasts by the city are indeed being transmitted.) Same for things like school closings etc. C-SPAN. Watching city council meetings on the local access channels. There are plenty of good reasons.
Exactly where in the 'article' is the information about Comcast charging? It's not.
Go back and read it again, focusing in particular on the paragraph after "jake-itguy continues". You'll find what you missed there. You might want to rethink your comment. Personally, I think forcibly phasing out analog and charging extra rent for the digital converters smells more like a less than ethical money grab to me.
Uh huh. Those are sexy marketing shots. Maybe they recognized the resemblance, maybe they didn't and just wanted to make it look cool. It's a hand held laser - by definition it is going to share attributes with other hand held light-emitting devices. Watch the video on the same page, and it's rather obvious that in actual use it's nothing like a light saber. In fact, it's much more similar to a laser pointer both in form and function. I don't really see a case here.
the days of rockstars selling $20 cd's and people paying attention to monotonous radio stations that only play a short playlist of over-publicized artists is over.
I wish. Everytime I drive somewhere with my daughter she nags me to turn on the local hits radio station where they endlessly play the same 20 songs over and over. Now and then she buys a $20 cd from the latest teen sensation (currently somebody called Swaylor Tift or something like that). That scene is very much alive, just maybe not in your age group. Prince is definitely over, though. These kids wouldn't give him the time of day.
Demonstrating a mastery of the language in civil discourse comes second only to bathing.
If you can't spell or construct proper sentences, you won't get so much as the time of day from me, regardless of how potentially brilliant your ideas might be. Few will take your seriously, and if they do, well, that doesn't mean much, because they aren't very credible either.
Failure to master even this rudimentary level of communication skill suggests your mastery of everything else is equally poor. If you are trying to promote your ideas in public discourse, you have to learn to express them well. Grammar and spelling are the basic building blocks of such expression. Either learn to communicate properly or go away.
I'm having a little trouble parsing your rant, but I get you are passionate about it. Yay for you - my heart is glad too. Work a bit more on the language and expressiveness and the rest of us can share your joy. Otherwise you are dancing on the periphery of tl;dr territory.
Slashdot Mirror
That can be easily addressed via social engineering.
Here's an example of what seems to be a benevolent app that required some questionable permissions to do some very useful things. The app in question is the official XBMC remote control app, for which the source code is thankfully available. The point is, however, that certain potentially dangerous permissions (or combinations of permissions, like Internet access plus access to contacts) are sometimes needed to perform harmless but useful functions. In the wrong hands, though, the same permissions can be fraught with danger.
Here are the XBMC Remote App's permissions explained (http://code.google.com/p/android-xbmcremote/wiki/Permissions):
We don't like apps demanding permissions that don't seem obvious, so here we'll explain each permission XBMC Remote asks prior to installation:
INTERNET - We need to connect to XBMC. The INTERNET permissions actually controls any socket, internet or not, so this is unavoidable.
ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE, CHANGE_WIFI_STATE - We've introduced an option that avoids connecting to XBMC when not connected to WiFi. In order to check this we need this permissions.
VIBRATE - Remote control screen lightly vibrates to give a more realistic user experience (configurable).
READ_PHONE_STATE - We have a feature that pauses anything playing on incoming calls. In order to receive this event, we need this permission.
RECEIVE_SMS - The feature that displays SMS on the TV screen needs this permission in order to obtain the messages.
READ_CONTACTS - In order to display contact info (and picture) on incoming calls or messages, we need permission to read the phone book.
READ_SMS - When displaying SMS, we actually display the first part of the message, so we'll need read permissions of SMS.
WAKE_LOCK, DISABLE_KEYGUARD - A requested feature was overwriting the power manager to keep the processor from sleeping or the screen from dimming. This is configurable, but we'll need the permissions in any case (activated or not).
WRITE_EXTERNAL_STORAGE - In order to save cover and poster thumbnails locally for caching purpose, we need write access to your SD card. This permission was introduced with Android 1.6.
Explained this way, the permissions seem quite reasonable. In fact, they are necessary for the app to work properly. Yet because Google/Android grants permissions as they do, they still require a "trust us" post like this to explain why the permissions are needed.
The take-home point is that even people that are actively trying to personally filter apps by screening the permissions can't do a good job of it, because quite a few apps need risky permissions to be useful. So often it still comes down to "trust us", and that's just not the most comfortable situation. It could be done much better.
I'd prefer the ability to selectively reject certain permissions, or at least be able to whitelist them rather than allowing everything wholesale at install time. NoScript can be a PITA, but it's a good model of how this could work. Allow questionable actions only by permission at run time, and allow them to be revoked at any time. I could live with that.
Explain to me how a few outliers are significant compared to the number of malicious apps might have been created WITHOUT a vetting process. This says more about the vetting process and how poorly it was implemented than it does about the value of a vetting process that successfully filters a substantial number of undesirable apps.
Introduce a vetting process that is somewhat effective though not perfect and it will still be better than the wild west that is currently the Android Market.
I'm honestly surprised that it took so long for something like this to happen, and I attribute it to the honesty and integrity of most of the developers (or maybe their skill in remaining discreet). But there are no barriers in place that I can see to prevent an ambitious and unscrupulous developer from taking advantage of the gullible.
When it comes to the Android Market, Caveat emptor rules the day. Some might say that is how it should be, and to a large part I agree. But there is an implicit aura of trust that surrounds the market, since it is the only "official" avenue for getting apps. There is an option in the Android settings to allow apps from "unknown sources" that comes with an ominous warning about malicious apps if you choose to enable it. That strongly implies that the apps available via the Market are to be trusted. Despite this, I've never felt that Market apps were any more trustworthy than those from other sources, precisely because there is no evidence of any vetting or other quality control.
I would very much welcome a multi-layered market that included a vetted set of apps that could (mostly) be trusted alongside a layer or two that were more free to developers.
As it stands right now, I just don't install anything that looks suspicious. Everything else just gets ignored. So much for "we have more apps". That means nothing.
Congratulations on your stealth-Godwin. You slipped that in quite cleverly.
Your comment is entirely tangential to the issue being discussed.
Sheep carry on oblivious to the dangers around them as they are led to the slaughter. That includes underestimating the power and danger of a society acting under the influence of the "current social moral" [sic]. Blatantly thinking outside the box in such an environment is just as stupid as waving a sandwich in the face of a grizzly bear and expecting him to respect your right to your property. Good luck with that. Thinking outside the box (or enjoying a sandwich) is entirely possible without being stupid about it.
Choose your battles wisely and remain a live lion instead of a dead sheep. It's much easier to think outside the box and "question our moral and knowledge" [sic] that way than in the latter state.
Two quarters, Three dimes, a nickel and four pennies. That's 89 cents of change I can believe in. I like it just fine.
The opposite of sheep, I'd say. This sounds like sound advice for the intelligent and careful.
You're not "selling your data for nothing". You're exchanging access to your data for the ability to use a service without financial compensation to the service provider (who probably incurs substantial cost running said service). You deserve no "cut" - you already got access to Facebook. TANSTAAFL.
Dude, I had no idea. Thanks for pointing out the End of Eternity. If they don't screw it up, this could totally rock.
Word.
This is a rare instance where "vote with your wallet" can be exercised in a positive sense rather than the typical negative. I want more movies like this and less Michael Bay crap. I went to the theater and paid for the movie, and I will be buying the DVD/Blu-Ray when it comes out.
Send a message, folks. Pay for it if you like it.
Seconded. Very nice article.
Ummm, no. I will NOT pay more for the privilege of having less bloatware. That's just stupid. Here's what should happen - you pay for a basic android based phone with only the stock apps/functionality that comes with the base OS. Then the vendors make apps that are actually useful and wanted by people. Then I pay extra if I want the useful app that I didn't get with the basic environment. Paying extra (aka bribing) to keep stuff you don't want off your phone is just nuts.
Indeed. Since this story is the one we happen to be LIVING IN, passion and urgency is to be welcomed, applauded and shared. I know that's not what you meant with your snide comment, but you accidentally drew attention to something vitally important. Cool insight, bro, even if inadvertent.
Brownies, cookies and other baked goods. Maybe even a tossed salad with a garnish of buds. Smoking and inhaling is totally not required. For those who are worried about adverse effects of smoking on health, ingestion should do just fine.
Most people are good, most of the time. I wasn't raised that way, I've observed this to be the case.
Do you live in a major city? Secondly, do you live in a impoverished area? If not, then go do so and get back to us. I'm not saying poor people are evil, but the area does seem to have more crime than others (hint, I live near a drug dealer and chalk lines of a murder scene)
Yes I have lived in a major city (several, in fact). And in or near impoverished areas (couldn't afford much else on the grad students stipend and had to be close to school). And the biomedical research institute I happened to be at was adjacent/connected to the local county hospital, so I've seen all kinds of shit.
I still maintain that despite all the crap that went down nearby, or was evident from the condition of the folks coming into the ER, the mayhem was caused by a small percentage of the population, *not* the majority. Most of the people I've encountered in my life have been good people, even those who, perhaps in a moment of weakness, have done bad things.
Being in a place where the concentration of wrong is high doesn't mean everyone is bad, though it can be daunting. We all have the capacity for wrong within us, but that generally doesn't manifest itself except under duress for most people (there are exceptions, of course). Back when life was much harder, it was a survival skill. Now, not so much. Put people in circumstances where survival is paramount and they will do what they need to do. That's not the same as evil.
The problem for many people is the incongruity between how they were raised and reality.
People are generally raised to believe that people are good, that there are norms of behavior
Most people are good, most of the time. I wasn't raised that way, I've observed this to be the case.
there is justice in the world
There is, most of the time. The existence of exceptions doesn't negate the rule, and certainly doesn't justify giving up.
authority figures can be trusted
This is a tough one. Many authority figures can be trusted, but not unconditionally. Any authority figure should be open to question and monitored closely. The problem isn't that someone with authority can't be trusted most of the time, it's what happens when they stray and the trust is misplaced. Even if rare, the ramifications are great.
things happen for reason
Generally true. You may not like the reason, but cause and effect seems to affect most things that happen, in my experience.
[Things] are overseen by an omnipotent deity
Nope. I have no evidence of that. I'll grant you this point.
As we grow up, we learn that these are simply convenient lies that define our society.
They aren't convenient lies. Believing in good, justice, trust and reason are things to be aspired to, because if you don't, you have given in to evil, injustice, distrust and unreason. The existence of the latter does not necessarily make the former "lies".
People should be self-censoring of this shit.
Most of them do, I think. I've been on the internet a looong time and have never heard of this site. It's encouraging that this site is discussed so rarely that I have been unaware of it until now. Now that I am, I am not even interested enough to go take a look, based on the descriptions I've read.
Take heart - most people have no interest in this stuff at all, based on my experience.
p>Because they hate the customer... AT&T really hates their customers.
No, they are probably indifferent to the customers. They just love the money.
It's not arrogant - it's a prerequisite for clear and un-muddled communication while keeping the latter reasonably streamlined and efficient. People agree by convention that in a given context a phrase or label means something specific so that they don't have to repeatedly specify exactly what they are talking about. When discussing software, open source generally stands for OSI open source. If you are not following convention, then you should really state explicitly that you mean something different. If you don't, you either don't know that there is a convention and what it means (ignorance) or you *do* know and are deliberately using a different meaning without saying so (malicious). Orasio was exactly right.
No. What the hell are city employees doing watching TV. Shut them off and get back to work you leeches.
News, weather, traffic. Being able to receive emergency broadcasts during, er, emergencies (or to monitor that said broadcasts by the city are indeed being transmitted.) Same for things like school closings etc. C-SPAN. Watching city council meetings on the local access channels. There are plenty of good reasons.
Exactly where in the 'article' is the information about Comcast charging? It's not.
Go back and read it again, focusing in particular on the paragraph after "jake-itguy continues". You'll find what you missed there. You might want to rethink your comment. Personally, I think forcibly phasing out analog and charging extra rent for the digital converters smells more like a less than ethical money grab to me.
Uh huh. Those are sexy marketing shots. Maybe they recognized the resemblance, maybe they didn't and just wanted to make it look cool. It's a hand held laser - by definition it is going to share attributes with other hand held light-emitting devices. Watch the video on the same page, and it's rather obvious that in actual use it's nothing like a light saber. In fact, it's much more similar to a laser pointer both in form and function. I don't really see a case here.
the days of rockstars selling $20 cd's and people paying attention to monotonous radio stations that only play a short playlist of over-publicized artists is over.
I wish. Everytime I drive somewhere with my daughter she nags me to turn on the local hits radio station where they endlessly play the same 20 songs over and over. Now and then she buys a $20 cd from the latest teen sensation (currently somebody called Swaylor Tift or something like that). That scene is very much alive, just maybe not in your age group. Prince is definitely over, though. These kids wouldn't give him the time of day.
Demonstrating a mastery of the language in civil discourse comes second only to bathing.
If you can't spell or construct proper sentences, you won't get so much as the time of day from me, regardless of how potentially brilliant your ideas might be. Few will take your seriously, and if they do, well, that doesn't mean much, because they aren't very credible either.
Failure to master even this rudimentary level of communication skill suggests your mastery of everything else is equally poor. If you are trying to promote your ideas in public discourse, you have to learn to express them well. Grammar and spelling are the basic building blocks of such expression. Either learn to communicate properly or go away.
I'm having a little trouble parsing your rant, but I get you are passionate about it. Yay for you - my heart is glad too. Work a bit more on the language and expressiveness and the rest of us can share your joy. Otherwise you are dancing on the periphery of tl;dr territory.
why two?
Sheesh, dude. The other one was for Anna.