Go Back   Android Forums > Android Discussion > Android Applications
Android Applications All the information you could ever want about Android Applications. Learn about apps and get help with them... all here! New apps can be found and announced in the Applications Announcements forum linked below.

Like Tree41Likes

test: Reply
 
LinkBack Thread Tools
Old August 26th, 2010, 04:08 PM   #151 (permalink)
New Member
 
Join Date: Aug 2010
Posts: 8
 
Device(s): Galaxy s
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Many thanks for the post, very informative, and to a newbie and a silversurfer like me, it made sense.
Angela

Advertisements
angela55 is offline  
Reply With Quote
sponsored links
Old August 27th, 2010, 07:40 AM   #152 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by sookster54 View Post
Nice guide, I had to come here to find out info about this quoted section, I saw a link to an HTC voice-to-text mod keyboard app and when I went to get it and started to install it I saw this on it and went wtf? How unusual for a keyboard app to requires that permission.
hmm...maybe the keyboard offers a T9 keyboard with a phone dialer that enables you to make calls?
__________________
Sign up with Dropbox using my referral and get an additional 1/2GB on top of the 2GB you get for signing up http://db.tt/YbULMZX

Many thanks,
Roze
Roze is offline  
Reply With Quote
Old September 20th, 2010, 09:02 PM   #153 (permalink)
New Member
 
Join Date: Jun 2010
Posts: 12
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Is it possible to "fake" the permissions screen when installing an app? For example, what if an app wants access to your Contacts but this is not listed when installing the app? Reason im asking, sometimes I install apps from outside the Android Market.
androidmonkey is offline  
Reply With Quote
Old September 22nd, 2010, 09:52 AM   #154 (permalink)
Senior Member
 
jamor's Avatar
 
Join Date: Apr 2010
Location: Planet Earth
Posts: 3,677
 
Device(s): Galaxy Note 3 (retired galaxy nexus, htc incredible)
Carrier: Not Provided

Thanks: 643
Thanked 841 Times in 516 Posts
Default

alostpacket - you are god.

I've been looking for something like this for ages. I even posted a question about it in the lounge and it took 110 views before someone could direct me here.

Thank you so much.. I'll be posting some concerned apps and questions to see what you guys think.
jamor is offline  
Reply With Quote
Old September 22nd, 2010, 09:52 AM   #155 (permalink)
Senior Member
 
jamor's Avatar
 
Join Date: Apr 2010
Location: Planet Earth
Posts: 3,677
 
Device(s): Galaxy Note 3 (retired galaxy nexus, htc incredible)
Carrier: Not Provided

Thanks: 643
Thanked 841 Times in 516 Posts
Default

Anyone notice any concerns with these:

Air Horne (obnoxious noises app) - Your location
Backgrounds - read contact data, write contact data
Barcode Scanner - read browser's history and bookmarks, read contact data, write contact data.
Zedge (wallpaper/ringtone app) - read contact data, write contact data
NFL Mobile - read SMS or MMS, Send SMS messages
Google Translate - read contact data, full internet access
jamor is offline  
Reply With Quote
Old September 22nd, 2010, 10:43 AM   #156 (permalink)
New Member
 
Join Date: Mar 2010
Location: Near Detroit
Posts: 9
 
Device(s): Samsung Epic
Carrier: Not Provided

Thanks: 4
Thanked 1 Time in 1 Post
Default

What about he app Lookout?? Says it is anti virus, backup an find if lost?
Sarge395 is offline  
Reply With Quote
Old September 22nd, 2010, 11:02 AM   #157 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by jamor View Post
Anyone notice any concerns with these:

Air Horne (obnoxious noises app) - Your location
Backgrounds - read contact data, write contact data
Barcode Scanner - read browser's history and bookmarks, read contact data, write contact data.
Zedge (wallpaper/ringtone app) - read contact data, write contact data
NFL Mobile - read SMS or MMS, Send SMS messages
Google Translate - read contact data, full internet access
For air horn, does it ask for internet access? I find that internet access and your location permissions go hand in hand. Usually the 'your location' is to use the GPS to find where you are to give you ads that are more specific to where you live. Though I'm not sure how this permisison can be used for abuse, I find those two are very common for free apps.

I refuse to download barcode scanner for THAT reason. I see no reason whatsoever for the developer to need those indebt access to my phone. I use shopsavvy but only issue I have is that all other 3rd party apps use barcode scanners.

For zedge, I believe those permissions are needed because you can add the ringtone directly to your contact from the app.

Google translate - it's by Google...they already have all of your information to begin with xD Internet is needed because it uses its server to translate what you say. You can't use the app without internet access. Don't really know why it needs read contact data.

Don't use Background nor the NFL app.
Roze is offline  
Reply With Quote
The Following User Says Thank You to Roze For This Useful Post:
jamor (September 22nd, 2010)
Old September 22nd, 2010, 11:09 AM   #158 (permalink)
Senior Member
 
jamor's Avatar
 
Join Date: Apr 2010
Location: Planet Earth
Posts: 3,677
 
Device(s): Galaxy Note 3 (retired galaxy nexus, htc incredible)
Carrier: Not Provided

Thanks: 643
Thanked 841 Times in 516 Posts
Default

What happened to alostpacket? He hasn't been around since 8-19.

That's too bad he was very helpful
jamor is offline  
Reply With Quote
Old September 22nd, 2010, 11:12 AM   #159 (permalink)
Senior Member
 
jamor's Avatar
 
Join Date: Apr 2010
Location: Planet Earth
Posts: 3,677
 
Device(s): Galaxy Note 3 (retired galaxy nexus, htc incredible)
Carrier: Not Provided

Thanks: 643
Thanked 841 Times in 516 Posts
Default

Quote:
Originally Posted by Roze View Post
For air horn, does it ask for internet access? I find that internet access and your location permissions go hand in hand. Usually the 'your location' is to use the GPS to find where you are to give you ads that are more specific to where you live. Though I'm not sure how this permisison can be used for abuse, I find those two are very common for free apps.

I refuse to download barcode scanner for THAT reason. I see no reason whatsoever for the developer to need those indebt access to my phone. I use shopsavvy but only issue I have is that all other 3rd party apps use barcode scanners.

For zedge, I believe those permissions are needed because you can add the ringtone directly to your contact from the app.

Google translate - it's by Google...they already have all of your information to begin with xD Internet is needed because it uses its server to translate what you say. You can't use the app without internet access. Don't really know why it needs read contact data.

Don't use Background nor the NFL app.

Air Horn - Your location, Storage, Network communication (full internet access), Phone calls (read phone state and identity).

I think I should get rid of this app it's way too fishy for an app that is just supposed to make sounds. Would you agree?

I am going to get rid of barcode scanner too now that someone agrees with me. Very fishy. I'll switch to shopsavvy.

Zedge- ahh thanks.
jamor is offline  
Reply With Quote
Old September 22nd, 2010, 11:28 AM   #160 (permalink)
Member
 
Eusibius2's Avatar
 
Join Date: May 2010
Location: Chicago area
Posts: 158
 
Device(s): Moto Droid, HTC Incredible, Moto Razr MAXX.
Carrier: Not Provided

Thanks: 50
Thanked 13 Times in 12 Posts
Arrow Re: Barcode Scanner

I was curious about Barcode Scanner myself, after you pointed out all the requirements it has and access it has to my private data. So I took it upon myself to look the dev's website and found this info out. I'm going to continue to use the scanner, and not delete it. Knowledge is power.

Why does Barcode Scanner want access to ...

... my contacts?

QR Codes and Data Matrix codes can encode contact information. Upon scanning such a code, you will be prompted to add the contact information to your contacts list. In addition, Barcode Scanner can encode a contact as a QR Code and present it on-screen, so that a friend can easily scan your contact information from your screen. This is why the app requests permission to write and read contacts. They are not used in any other way.
... my browser history and bookmarks?

Just like contacts, you can share a bookmark with a friend by encoding the URL as a QR Code. It is then shown on screen for him or her to scan with their phone. That's the only thing we use them for.
... my SD card?

The application can send a generated QR code, or your scan history, via email. To do this, the barcode image / history CSV file must first be written to device storage, which is why the permission is needed. As a bonus, this makes this output available for retrieval from your SD card directly. It is not used for any other purpose.
... my wi-fi settings?

QR codes can encode "WIFI" URIs which encode settings for a wi-fi network. These make it possible to configure a phone for an area's wi-fi network with one scan. To do this, the application needs to be able to change wi-fi settings.

http://code.google.com/p/zxing/wiki/FrequentlyAskedQuestions
Eusibius2 is offline  
Last edited by Eusibius2; September 22nd, 2010 at 01:04 PM. Reason: [corrected the URL for reference]
Reply With Quote
sponsored links
Old September 22nd, 2010, 11:44 AM   #161 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by jamor View Post
Air Horn - Your location, Storage, Network communication (full internet access), Phone calls (read phone state and identity).

I think I should get rid of this app it's way too fishy for an app that is just supposed to make sounds. Would you agree?

I am going to get rid of barcode scanner too now that someone agrees with me. Very fishy. I'll switch to shopsavvy.

Zedge- ahh thanks.
Not a big fan of phone calls permission...though alostpacket said that it just check your phone to see if it's active or not (or something like that). So if you're in a phone call...the app turns off.

Eusibius explained what the permission means for barcode scanner.

Quote:
Originally Posted by Eusibius2 View Post
I was curious about Barcode Scanner myself, after you pointed out all the requirements it has and access it has to my private data. So I took it upon myself to look the dev's website and found this info out. I'm going to continue to use the scanner, and not delete it. Knowledge is power.

http://code.google.com/p/zxing/wiki/FrequentlyAskedQuestions
Why does Barcode Scanner want access to ...
... my contacts?

QR Codes and Data Matrix codes can encode contact information. Upon scanning such a code, you will be prompted to add the contact information to your contacts list. In addition, Barcode Scanner can encode a contact as a QR Code and present it on-screen, so that a friend can easily scan your contact information from your screen. This is why the app requests permission to write and read contacts. They are not used in any other way.
... my browser history and bookmarks?

Just like contacts, you can share a bookmark with a friend by encoding the URL as a QR Code. It is then shown on screen for him or her to scan with their phone. That's the only thing we use them for.
... my SD card?

The application can send a generated QR code, or your scan history, via email. To do this, the barcode image / history CSV file must first be written to device storage, which is why the permission is needed. As a bonus, this makes this output available for retrieval from your SD card directly. It is not used for any other purpose.
... my wi-fi settings?

QR codes can encode "WIFI" URIs which encode settings for a wi-fi network. These make it possible to configure a phone for an area's wi-fi network with one scan. To do this, the application needs to be able to change wi-fi settings.
Interesting...your link doesn't work though.
Roze is offline  
Reply With Quote
Old September 22nd, 2010, 01:05 PM   #162 (permalink)
Member
 
Eusibius2's Avatar
 
Join Date: May 2010
Location: Chicago area
Posts: 158
 
Device(s): Moto Droid, HTC Incredible, Moto Razr MAXX.
Carrier: Not Provided

Thanks: 50
Thanked 13 Times in 12 Posts
Default

Quote:
Originally Posted by Roze View Post
Not a big fan of phone calls permission...though alostpacket said that it just check your phone to see if it's active or not (or something like that). So if you're in a phone call...the app turns off.

Eusibius explained what the permission means for barcode scanner.


Interesting...your link doesn't work though.
I've corrected the link in my above post, as well as the link here.

Note to readers: the link that is quoted in Roze's post just has too many http:// for some reason...

This works:
FrequentlyAskedQuestions - zxing - Frequently Asked Questions about zxing - Project Hosting on Google Code
Eusibius2 is offline  
Reply With Quote
Old September 22nd, 2010, 03:28 PM   #163 (permalink)
Senior Member
 
jamor's Avatar
 
Join Date: Apr 2010
Location: Planet Earth
Posts: 3,677
 
Device(s): Galaxy Note 3 (retired galaxy nexus, htc incredible)
Carrier: Not Provided

Thanks: 643
Thanked 841 Times in 516 Posts
Default

I don't get it - why would you add a Code as a 'Contact'? Seems like a good way to clutter your contact list. The bookmark response is also confusing to me.

Also, if you read the comments on the market - many note that the developer has full control of your phone..

I just don't fully believe the reasons so I'm going to stick with shopsavvy but I appreciate you posting the developers response.
jamor is offline  
Last edited by jamor; September 22nd, 2010 at 03:51 PM.
Reply With Quote
Old September 22nd, 2010, 03:39 PM   #164 (permalink)
AF Contributor
 
Poloki's Avatar
 
Join Date: Jul 2010
Location: Hackettstown, NJ
Gender: Male
Posts: 148
 
Device(s): Motorola DROID 1 {Retired} Motorola DROID RAZR
Carrier: Verizon

Thanks: 21
Thanked 26 Times in 17 Posts
Default

Quote:
Originally Posted by jamor View Post
I don't get it - why would you add a Code as a 'Contact'? Seems like a good way to clutter your contact list. The bookmark response is also confusing to me.

Also, if you read the comments on the market - many note that the developer has full control of your phone..

I just don't fully believe the reasons so I'm going to stick with shopsavvy but I appreciate you posting the developers response.
Maybe to share a contact with someone else? Like a Business Card?
Poloki is offline  
Reply With Quote
Old September 22nd, 2010, 03:57 PM   #165 (permalink)
Member
 
Eusibius2's Avatar
 
Join Date: May 2010
Location: Chicago area
Posts: 158
 
Device(s): Moto Droid, HTC Incredible, Moto Razr MAXX.
Carrier: Not Provided

Thanks: 50
Thanked 13 Times in 12 Posts
Default

Quote:
Originally Posted by Poloki View Post
Maybe to share a contact with someone else? Like a Business Card?
That's exactly what it was created for. I've not seen anyone actually share a contact or website as QR code, but I'm not THAT savvy either. I guess some ppl do.
Eusibius2 is offline  
Reply With Quote
Old September 22nd, 2010, 04:15 PM   #166 (permalink)
Klaatu barada nikto
 
reinbeau's Avatar
 
Join Date: Sep 2010
Location: South of Boston, MA
Posts: 1,344
 
Device(s): Samsung Captivate, 2.3.3, Serendipity VII
Carrier: Not Provided

Thanks: 174
Thanked 211 Times in 165 Posts
Default

What a great post/guide - now four pages later - and after downloading many apps while blowing past all the verbage I should have been studying - is there any way to go back and reread those permissions?
__________________
Ann, Palm refugee, learning to grok Android. Perhaps your answer is in the CapFAQ
Excellent video tutorials, watch and learn!!
Now on Serendipity VII, click link to learn more
Did you read the first post in the thread?
reinbeau is offline  
Reply With Quote
Old September 22nd, 2010, 04:25 PM   #167 (permalink)
Senior Member
 
jamor's Avatar
 
Join Date: Apr 2010
Location: Planet Earth
Posts: 3,677
 
Device(s): Galaxy Note 3 (retired galaxy nexus, htc incredible)
Carrier: Not Provided

Thanks: 643
Thanked 841 Times in 516 Posts
Default

Quote:
Originally Posted by reinbeau View Post
What a great post/guide - now four pages later - and after downloading many apps while blowing past all the verbage I should have been studying - is there any way to go back and reread those permissions?

Go into applications > manage applications, click on the application and scroll all the way to the bottom where they will be listed.
jamor is offline  
Reply With Quote
The Following User Says Thank You to jamor For This Useful Post:
reinbeau (September 22nd, 2010)
Old September 22nd, 2010, 07:40 PM   #168 (permalink)
Member
 
Casbah's Avatar
 
Join Date: Aug 2010
Location: Northern Virginia
Posts: 187
 
Device(s): HTC Droid Incredible
Carrier: Not Provided

Thanks: 37
Thanked 19 Times in 14 Posts
Default

Quote:
Originally Posted by Eusibius2 View Post
That's exactly what it was created for. I've not seen anyone actually share a contact or website as QR code, but I'm not THAT savvy either. I guess some ppl do.
A colleague at work today just got a new Dinc and I was actually showing her this very thing with the QR code. She thought it was awesome. I could see it working but wonder if it would have to be another droid or if the iphone with barcode scanner software could actually import the contact as well. Would be nice if both platforms could.
__________________
Rooted via Unrevoked, S-Off via UnrevokedForever
Radio: 2.15, ROM: Virtuous 3.0.1
hboot: 0.79
, Kernel: Stock Virtuous Kernel


Casbah is offline  
Reply With Quote
Old October 26th, 2010, 10:05 PM   #169 (permalink)
New Member
 
Join Date: Oct 2010
Location: chhattisgarh India
Posts: 1
 
Device(s): zenithink zt-180
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to dharmesh.sahu
Default

I'm beginer, I want to know about android id, How I can get android apps from adnroid market
dharmesh.sahu is offline  
Reply With Quote
Old October 27th, 2010, 08:27 AM   #170 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by dharmesh.sahu View Post
I'm beginer, I want to know about android id, How I can get android apps from adnroid market
Open the application drawer scrool to the 'market' icon and open it and you're in the Android Market!
Roze is offline  
Reply With Quote
sponsored links
Old November 26th, 2010, 10:10 PM   #171 (permalink)
New Member
 
Join Date: Nov 2010
Posts: 13
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 1 Time in 1 Post
Default

Great post and thank s for starting it alostpacket. Also thanks to Roze, you have been helpful.
I have been worried too about how some apps ask for more permissions than they seem to need. I have just a few statement/questions.

1. When I did a search on “android forums” many people said that Linux can’t have viruses. This may be true but spyware seems to be very easy as many people just accept apps blindly. Many apps ask for Internet and contact data. Wouldn’t that be an easy combination for spyware that “I” gave permission to use?
2. What is the best anti spyware, virus protector programs available? Some have said not to use any of those programs but that seems risky.
3. The most annoying statement on the other posts were “stay away from un-trusted downloads”. Frankly I do not know any of these developers. That statement would tell me not to down load anything.
4. Lastly, how would an anti-spyware software work? Think about it. I gave the program/app permission.
Nevikan is offline  
Reply With Quote
Old January 9th, 2011, 07:35 PM   #172 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Working on an update for this post to incorporate some more of what I have found as a developer and others have asked about. Should be ready hopefully by the end of the week.

Thanks all
alostpacket is offline  
Reply With Quote
Old January 10th, 2011, 12:57 PM   #173 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by alostpacket View Post
Working on an update for this post to incorporate some more of what I have found as a developer and others have asked about. Should be ready hopefully by the end of the week.

Thanks all
Sounds great! I'm happy that you're back, you can take care of this thread. I tried to keep the fork down while you were gone :P I don't think I did a good job as you though, lol.
Roze is offline  
Reply With Quote
Old January 10th, 2011, 01:00 PM   #174 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Quote:
Originally Posted by Roze View Post
Sounds great! I'm happy that you're back, you can take care of this thread. I tried to keep the fork down while you were gone :P I don't think I did a good job as you though, lol.

Nah im sure you did great, it's good to be back though and hopefully can be helpful with this thread
alostpacket is offline  
Reply With Quote
Old January 10th, 2011, 01:09 PM   #175 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by Nevikan View Post
Great post and thank s for starting it alostpacket. Also thanks to Roze, you have been helpful.
I have been worried too about how some apps ask for more permissions than they seem to need. I have just a few statement/questions.

1. When I did a search on “android forums” many people said that Linux can’t have viruses. This may be true but spyware seems to be very easy as many people just accept apps blindly. Many apps ask for Internet and contact data. Wouldn’t that be an easy combination for spyware that “I” gave permission to use?
2. What is the best anti spyware, virus protector programs available? Some have said not to use any of those programs but that seems risky.
3. The most annoying statement on the other posts were “stay away from un-trusted downloads”. Frankly I do not know any of these developers. That statement would tell me not to down load anything.
4. Lastly, how would an anti-spyware software work? Think about it. I gave the program/app permission.
Quote:
Originally Posted by alostpacket View Post
Nah im sure you did great, it's good to be back though and hopefully can be helpful with this thread
You can do your first job back on this thread and reply to Nevikan's post. For some reason I missed it >_<; (Gomen-nasai Nevikan-san ) And the questions are a bit over my understanding of how Android works.
Roze is offline  
Last edited by Roze; January 10th, 2011 at 01:11 PM.
Reply With Quote
Old January 10th, 2011, 01:10 PM   #176 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Quote:
Originally Posted by Nevikan View Post
Great post and thank s for starting it alostpacket. Also thanks to Roze, you have been helpful.
I have been worried too about how some apps ask for more permissions than they seem to need. I have just a few statement/questions.

1. When I did a search on “android forums” many people said that Linux can’t have viruses. This may be true but spyware seems to be very easy as many people just accept apps blindly. Many apps ask for Internet and contact data. Wouldn’t that be an easy combination for spyware that “I” gave permission to use?
2. What is the best anti spyware, virus protector programs available? Some have said not to use any of those programs but that seems risky.
3. The most annoying statement on the other posts were “stay away from un-trusted downloads”. Frankly I do not know any of these developers. That statement would tell me not to down load anything.
4. Lastly, how would an anti-spyware software work? Think about it. I gave the program/app permission.

1) Any computer system can get a virus, but Linux does have some added protection as opposed to say, desktop Windows.

2) I personally don't use any anti-malware/virus/spyware software at all. That's not to say some are good at what they do but I find that with being careful you can avoid the necessity of such software.

3) The best way to stay away from untrusted downloads is to read a lot about the apps. Read the comments in the Market and on forums like this

4) Anti virus on Android could just be a backlist of sorts. And could warn you about apps known to behave badly. There are some other tricks where apps can use heuristic type protection but I'm not super familiar with the technical aspects of that.


In the end, as long as you take reasonable precausions with your data, (use good passwords, dont do banking over public wifi, only use your own bank's app, etc) you can rest assured that things will be OK.
alostpacket is offline  
Reply With Quote
Old January 11th, 2011, 10:05 PM   #177 (permalink)
New Member
 
Join Date: Jan 2011
Location: Devon
Posts: 7
 
Device(s): Orange San Franscisco
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

An excellent post and greatly appreciated!
larryfroot is offline  
Reply With Quote
Old January 20th, 2011, 10:12 AM   #178 (permalink)
Member
 
macgiobuin's Avatar
 
Join Date: Jan 2011
Location: Chattanooga, TN
Posts: 308
 
Device(s): Moto X Nexus 7 (2013)
Carrier: Not Provided

Thanks: 8
Thanked 27 Times in 23 Posts
Default

Thanks for the info! I didn't understand some of it, because I don't know the "lingo" for computers/phones. Maybe a brief glossary to define those terms? (SMS, ROM, root, etc.)
macgiobuin is online now  
Reply With Quote
Old January 20th, 2011, 10:58 AM   #179 (permalink)
New Member
 
Join Date: Jan 2011
Posts: 1
 
Device(s):
Carrier: Not Provided

Thanks: 1
Thanked 0 Times in 0 Posts
Default

I'm about to purchase my first droid and this post was a great eye-opener. Thanks a lot.
Will post queries when I get to play with the device.
sulbigar is offline  
Reply With Quote
Old January 27th, 2011, 03:05 AM   #180 (permalink)
Member
 
Baz8755's Avatar
 
Join Date: Jul 2010
Location: South Coast UK
Posts: 128
 
Device(s): HTC Desire
Carrier: Not Provided

Thanks: 2
Thanked 7 Times in 7 Posts
Default

Hi,

I recently downloaded Wordwise free and when it ran it asked for permanent access to my googlemail account. I couldn't get past the screen without accepting this.

I uninstalled the app but am now wondering exactly what it would have had access to (eg. would it be able to get my googlemail password or infiltrate my account).

Anyone had experience of this app or other apps asking for googlemail access
Baz8755 is offline  
Reply With Quote
sponsored links
Old January 27th, 2011, 11:05 AM   #181 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by Baz8755 View Post
Hi,

I recently downloaded Wordwise free and when it ran it asked for permanent access to my googlemail account. I couldn't get past the screen without accepting this.

I uninstalled the app but am now wondering exactly what it would have had access to (eg. would it be able to get my googlemail password or infiltrate my account).

Anyone had experience of this app or other apps asking for googlemail access
I really don't know but checking the permission list...it's intense for a basic game app.



Quote:
  • android.permission.ACCESS_COARSE_LOCATION
  • android.permission.ACCESS_NETWORK_STATE
  • android.permission.CALL_PHONE
  • android.permission.CHANGE_NETWORK_STATE
  • android.permission.GET_ACCOUNTS
  • android.permission.GET_TASKS
  • android.permission.INTERNET
  • android.permission.MANAGE_ACCOUNTS
  • android.permission.READ_CONTACTS
  • android.permission.READ_PHONE_STATE
  • android.permission.USE_CREDENTIALS
  • android.permission.VIBRATE
Those are way too many permssions needed for a simple word game. Some are self explainatory but the others are simply questionable. You can email the developer to see what he/she has to say and explain what the app needs all these permissions.

Good to hear that you uninstalled the app, it's just way too suspicious imo.

Only app I use that I remember asking for my gmail credential is Appbrain, but it requires that since it needs to know what apps you have on your phone.
This is the alert you get when you log into appbrain via your google account
Quote:
AppBrain uses Google Accounts for Sign In.

Google is not affiliated with the contents of AppBrain or its owners. If you sign in, Google will share your email address with AppBrain, but not your password or any other personal information.
AppBrain may use your email address to personalize your experience on their website.
Roze is offline  
Last edited by Roze; January 27th, 2011 at 11:09 AM.
Reply With Quote
The Following User Says Thank You to Roze For This Useful Post:
alostpacket (January 27th, 2011)
Old January 27th, 2011, 11:15 AM   #182 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Yeah there is really no reason I can think of that a scrabble knock-off should need the ability to manage your accounts. I'd be hesistant to give it half of those permissions but that one sticks out as absolutely not necessary.

I'm with Rose on this one, in my opinion, skip this app.
alostpacket is offline  
Reply With Quote
Old February 5th, 2011, 07:28 AM   #183 (permalink)
New Member
 
Join Date: Feb 2011
Posts: 1
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 1 Time in 1 Post
Default

Great post. I really wish I found and read it before I went crazy downloading free apps. I actually stopped using my phone's Facebook app, since the contact information from my Facebook friends were listed on my contacts. So the same goes for them. Now I'm worried that, if they have my contact info, I would be now available to get spam via text message if they downloaded an app that grants them access to their contacts.

It would explain why I've been getting these strange texts asking me to get a premium SMS. Then again, it could be those apps I downloaded.

Anyways, again great posting.
elchamber is offline  
Reply With Quote
The Following User Says Thank You to elchamber For This Useful Post:
alostpacket (February 5th, 2011)
Old February 5th, 2011, 09:00 AM   #184 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Thanks elchamber, also feel free to post a list of apps in one of the support forums and ask about your problems, sometimes people here can help you spot what's wrong. These types of forums are a great place to get help/info/advice.
alostpacket is offline  
Last edited by alostpacket; February 5th, 2011 at 09:10 AM.
Reply With Quote
Old February 5th, 2011, 11:00 AM   #185 (permalink)
 
Join Date: Apr 2010
Posts: 26
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Thumbs up My own apps on Android Market - Maildover LLC

Folks I like this post, but I do have some reservations. All of my apps (free and non-free) are FREE of adds and safe, not all of them have 4-5 stars, mostly because people won't give you good review if they like your app, only bad one if they don't have one...
udik is offline  
Last edited by Roze; February 7th, 2011 at 10:50 AM. Reason: Please do not promote your app in this thread
Reply With Quote
Old February 5th, 2011, 11:31 AM   #186 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Edit: Sorry, but I'll have to say I dont appreciate you promoting your app in this thread. You make somewhat of a good point that's on topic, but having seen you posting something similar all over the other android community forums, as well as several other posts just to promote your app, I'm suspicious that you even care about this thread or what you said other than as a chance to promote your app.

I sincerely hope I'm wrong, and there is nothing wrong with a little app promotion, (heck I do it all the time) but this is not the thread for it. Please show a little more respect and decorum. Perhaps you could consider editing out references to your app and making an announcement in the Applications Announcements forum.


Anyways, here's my original reply:

====

You make a good point, and I've considered putting a bit of a disclaimer in that part, but all I was saying is that any app with less than 3 stars is not worth your time, anything above that is a judgment call, and of course this post is my opinion as well. I too struggle to get good reviews as an app dev when the only people who tend to want to review my app have some obscure FC, and uninstal my app never to check back that I fixed it.

So I hear where you are coming from and let me stew on some ways of updating the guide to reflect something a bit more flexible with regards to ratings.

Mostly my goal was to steer people to communities such as this to get info. Since to me, that's the most reliable source.
alostpacket is offline  
Last edited by alostpacket; February 5th, 2011 at 08:16 PM.
Reply With Quote
Old February 6th, 2011, 09:13 PM   #187 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

added the following permission:

Development Tools read logs
This permission is of very high importance. This allows the application to read what any other applications have written as debugging/logging code. This can reveal some very sensistive information. There are almost no reasons an applications needs this permission. The only apps I might grant this permission to would be Google apps.


Source:
Vimeo, Video Sharing For You

Thanks to a Slashdot reader R- for pointing me to the info
alostpacket is offline  
Reply With Quote
Old February 7th, 2011, 09:07 AM   #188 (permalink)
New Member
 
Join Date: Feb 2011
Posts: 1
 
Device(s): Galaxy S updated to Donut, rooted.
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: security thread

Thanks, ALostPacket, for the advice on this thread and for all the good stuff in the forum.
Jayess1 is offline  
Reply With Quote
Old February 7th, 2011, 10:25 AM   #189 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by udik View Post
All of my apps (free and non-free) are FREE of adds and safe, not all of them have 4-5 stars, mostly because people won't give you good review if they like your app, only bad one if they don't have one...
I've seen many comments saying how great an app is mix in with issues the app is having. I've comment in most of the apps I use rating that it's good as well as bad. If your app is really good, then the good comments will outweight the bad ones is what I believe.
Roze is offline  
Reply With Quote
Old February 7th, 2011, 10:44 AM   #190 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Quote:
Originally Posted by Roze View Post
I've seen many comments saying how great an app is mix in with issues the app is having. I've comment in most of the apps I use rating that it's good as well as bad. If your app is really good, then the good comments will outweight the bad ones is what I believe.

His app had 5 stars and two ratings, (one from himself) and he posted that message on other forums (but it looks like they removed it). I'm pretty sure he was just spamming.

He's somewhat right though -- I've had people encounter a bug, rate my app 1 star, uninstall it, and then never look back despite the fact I fixed their bug two days later.

I've also had commenters incessantly keep editing their comment until their specific phone/feature worked correctly (when you edit a comment it appears at the top again). I nearly reported the guy to Google.

I've also had the opposite where someone comes back to change their rating to 5 stars when their bug got fixed.

Still, frustration can often push someone to comment, but mere satisfation is not as strong a motivator. However, in general the rating systems reflect that for ALL apps. That's why even the best apps only have 4.5 stars at most.

So it all evens out in the end, and the ratings system is still valuable because enough good people will rate regardless. It's just important to think of it as grading on a curve. That's why I figure anything below 3 stars is not worth the time. The Market will only show you as having 2.5 stars if your average rating is below 2.75. It rounds to the nearest .5
alostpacket is offline  
Reply With Quote
sponsored links
Old February 7th, 2011, 11:02 AM   #191 (permalink)
Hiding behind a mystery
 
Roze's Avatar
 
Join Date: Jan 2010
Location: Where the Sakura grows
Posts: 9,847
 
Device(s): Moto Atrix [lovin'] Nexus One [Lost] LG Vu [Lost]
Carrier: Not Provided

Thanks: 809
Thanked 2,192 Times in 1,489 Posts
Default

Quote:
Originally Posted by alostpacket View Post
He's somewhat right though -- I've had people encounter a bug, rate my app 1 star, uninstall it, and then never look back despite the fact I fixed their bug two days later.
That's tough luck but that's how people operated. Kudos to you fixing the problem quickly but by fixing the issue, you got more people to install your app.

Quote:
I've also had the opposite where someone comes back to change their rating to 5 stars when their bug got fixed.

Still, frustration can often push someone to comment, but mere satisfation is not as strong a motivator. However, in general the rating systems reflect that for ALL apps. That's why even the best apps only have 4.5 stars at most.
No system in the world is perfect. I usually email the dev personally about an issue I have since I know quite a number of devs don't read the comment section and I would like to know what actions they'd take. Also...there's a character limit on the comment section, so it doesn't really tell the dev much of the issue. Though having been a beta tester for some apps, this is just the way I've done it, lol. If you don't reply to my email within in the week and the app wasn't updated to fix the issue...I'd post a one star and say how bad the dev's support is :/

Quote:
So it all evens out in the end, and the ratings system is still valuable because enough good people will rate regardless. It's just important to think of it as grading on a curve. That's why I figure anything below 3 stars is not worth the time. The Market will only show you as having 2.5 stars if your average rating is below 2.75. It rounds to the nearest .5
That is interesting but I guess that makes sense. You don't want to over inflate the quality of the app.
Roze is offline  
Reply With Quote
Old February 7th, 2011, 01:02 PM   #192 (permalink)
Junior Member
 
Join Date: Jan 2011
Location: The low deserts of Arizona
Posts: 33
 
Device(s): Droid 2 Global
Carrier: Not Provided

Thanks: 7
Thanked 2 Times in 2 Posts
Default

Thanks VERY much , Roze and (especially) alostpacket. This has been a really useful thread for me, too. One question I did not see answered (although I may have missed it in almost 200 postings): If I uninstall an app, is it really, truly gone or--like Windows--could malware have left disguised bits of itself behind to cause me problems/continue keylogging/etc?
Lare is offline  
Reply With Quote
Old February 9th, 2011, 02:55 PM   #193 (permalink)
Junior Member
 
Join Date: Feb 2011
Posts: 18
 
Device(s):
Carrier: Not Provided

Thanks: 2
Thanked 0 Times in 0 Posts
Default

Thanks Alostpacket, great post which taught me more in a minute than I learnt spending hours googling it. I'm currently worried about an app I downloaded (doubletwist) simply because of the amount of permissions it wanted and I couldnt understand, even though it has loads of great reviews from people. I'd be quite interested in a reply to Lare's question about uninstalling too.. Thanks again for the post!
Maxib is offline  
Reply With Quote
Old February 9th, 2011, 03:08 PM   #194 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Doubletwist is pretty popular, I wouldn't generally worry too much about it.

As for uninstalling an app, yes it's pretty much gone after you uninstall it. There have been some reports of the ability to stealth install apps without permission from the user but those vulnerbilities were patched pretty quickly as far as I recall. I'll try and remember to dig a littlle deeper on the subject in the coming days/weeks and see if I can locate the sources of that info. Unfortunately right not I'm furiously working on my own app, as well as a second app to be released soon, so I'm pretty busy currently.

But generally speaking, it's safe to assume an app is gone once un-installed. If someone got really worried they were infected though, you can always do a factory reset and that should clear any and all apps. I would only advise that as a last resort for someone who is sure they have malware or some app that's mucking things up (maybe unintentionally).
alostpacket is offline  
Last edited by alostpacket; February 11th, 2011 at 03:08 PM.
Reply With Quote
The Following 4 Users Say Thank You to alostpacket For This Useful Post:
Lare (February 10th, 2011), Maxib (February 9th, 2011), odatkid (February 22nd, 2011), SpaceDementia (February 21st, 2011)
Old February 21st, 2011, 05:11 AM   #195 (permalink)
New Member
 
Join Date: Jan 2011
Posts: 13
 
Device(s):
Carrier: Not Provided

Thanks: 4
Thanked 1 Time in 1 Post
Default

I've noticed a couple of apps I've downloaded (Adao File Manager and FX Camera for instance) ask for permissions when they install however when I look at there permission in "Manage Applications" they are different to what they requested.

For instance, Adao File Manager only asks for Internet Access but after I installed it I noticed it actually could read my phone state and delete/modify my SD. Which is pretty obvious for a file manager to be doing.
So why didn't it state this in the market permissions?
SpaceDementia is offline  
Reply With Quote
Old February 22nd, 2011, 09:00 AM   #196 (permalink)
Junior Member
 
Join Date: Jan 2011
Location: The low deserts of Arizona
Posts: 33
 
Device(s): Droid 2 Global
Carrier: Not Provided

Thanks: 7
Thanked 2 Times in 2 Posts
Default

I've seen the same thing with other programs. The program "silent toggle widget" by droidmania says it requires NO special permissions when you look at it in the Market.

But if you install it and check Settings>Applications you'll see that it too has a "Modify SD card contents." This makes me uncomfortable.
Lare is offline  
Reply With Quote
Old February 23rd, 2011, 06:40 PM   #197 (permalink)
New Member
 
Join Date: Feb 2011
Posts: 4
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default Quick question

I just got an android phone so im new. My question is if an app needs full access to the internet can it get info i use to login to different accounts on my phone? (user name & password) Also do you know if the app Lookout is good at avoiding all of these different things. My appologies if these questions have been answered.
Thank you.
its_me is offline  
Last edited by its_me; February 23rd, 2011 at 06:43 PM.
Reply With Quote
Old February 23rd, 2011, 06:46 PM   #198 (permalink)
New Member
 
Join Date: Feb 2011
Location: Nassau, Bahamas
Posts: 7
 
Device(s): Motorola Charm
Carrier: Not Provided

Thanks: 2
Thanked 0 Times in 0 Posts
Default

Excuse me, how do you know when you have a virus.Because I new to it as well and I have download a few apps (like about 4 in total) and I do remember 2 of them saying it needs full internet connection. How would I know for sure?
Cherelle is offline  
Reply With Quote
Old February 25th, 2011, 06:25 PM   #199 (permalink)
Member
 
Join Date: Jan 2011
Posts: 138
 
Device(s): Samsung Captivate
Carrier: Not Provided

Thanks: 20
Thanked 6 Times in 6 Posts
Default

Great all around description of security on Android - thank you so much for this. Some of it I already knew but some of it I was reading for the first time. Thanks for putting all this information in one place, its very useful and hopefully there isn't too many security issues with Android going forward. I love that its based on Linux, it gives it a solid core to build upon.
allambition is offline  
Reply With Quote
Old February 27th, 2011, 09:19 AM   #200 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,920
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,603
Thanked 3,578 Times in 1,530 Posts
Default

Quote:
Originally Posted by ikanos View Post
An app with full internet access does not mean it can log what you type. Only keyboards can do that.

That's why I NEVER use a keyboard with full internet permissions - that's the combination to avoid.

But I used to get confused when I saw the standard message that comes up when first enabling any new keyboard - it says the app can get my passwords, credit card info, etc. But that is a standard Google message for all keyboards. Only worry if it's combined with internet permission - otherwise it can't send it anywhere even if it did log my keystrokes.

That's not entirely true, but good as a general rule.

There are ways of sending data without the internet permission but I wont go into them here. And they are holes Google is trying to close (as far as I know).

The best thing to remember is to use the community to help judge things.

To whoever was asking about Lookout Mobile: I think they're a pretty good company even if they do exagerate threats (in my opinion).

I'd probably choose them over the other AV if I used AV.
alostpacket is offline  
Reply With Quote
Reply
Tags
anti-virus, antivirus, applications, apps, best practices, guide, malware, market, permissions, protection level, safety, security, spam, virus


Go Back   Android Forums > Android Discussion > Android Applications
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://androidforums.com/android-applications/36936-android-permissions-explained-security-tips-avoiding-malware.html
Posted By For Type Date
[HOW TO] FAQ on viruses, malware & browser security - Page 2 This thread Refback April 25th, 2012 08:55 AM
newest submissions : Android This thread Refback December 31st, 2011 04:22 AM
Was interested in knowing why an app might need access to who I call, stumbled upon this. Very informative. This thread Refback December 31st, 2011 03:58 AM
Android This thread Refback December 31st, 2011 01:11 AM


All times are GMT -5. The time now is 02:38 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.