Shady apps?

[modem1001]

I've read alostpacket's "How to be safe, find trusted apps, & avoid viruses - A guide for those new to Android" thread. I've gone through all my installed apps/games to check for security conserns. Most of all I wondered why the "Barcode Scanner" needed to read & write my contact data. Perhaps somebody on this forum can shed some light onto this matter.

Some other (minor) eyebrow raising apps:

3G Watchdog: why "Storage: modify/delete SD card contents"?
ASTRO: why "Network communication: full internet access"?
Flashlight: why "Storage: modify/delete SD card contents"?
Frequency-Generator: why "Storage: modify/delete SD card contents"?
handyCalc: why "Network communication: full internet access"?
Metal Detector: why "Storage: modify/delete SD card contents"?
Seismo: why "Storage: modify/delete SD card contents"?
Swiss Traffic: why "Your personal information: read contact data"?

Thanks a lot!

 

[cableguynoe]

Just because you're paranoid doesn't mean they're not out to get you

 

[hood420]

The Barcode Scanner *probably* needs to read/write contact data because you can scan QR codes and business cards to add contacts to your phone. The other ones I'm not so sure on, but many apps need internet permissions for ads and they need to read/write SD card data for their cache or to save app data.

 

[pavirotten]

Just because you're paranoid doesn't mean they're not out to get you

Obviously, you haven't heard about Google's latest snooping problems. It starts off with your unsecured wi-fi network, progresses to your phone, and ends up with Google owning you.

In case you hadn't heard though, Google has received permission to delete all of the collected information they received through wi-fi.

 

[hempwallace]

Damnit -- misleading thread title.

With summer coming on I was really looking for an app that would provide shade. It's hot here already.

 

[brykins]

Jumping in here, I am not so much worried about Google snooping. What concerns me more and more is the number of apps that ask me to sign in for high scores, etc. Add to these the apps that do seem to want lots of permissions, and then the fact that anyone can whack an app on the Market and it does start to sound less and less secure.

What (apart from total lack of knowledge and talent) would stop me writing (for example) and email notification widget. I could ask for the users email address and password and actually let it work for a month or so. During this time I am collecting email addresses and passwords from lots of other users and when I have 10,000 of them I can suddenly start hacking in to them all, spamming friends and all sorts?

It's very difficult for the "average" user to know how to keep themselves safe with this I think.

 

[cableguynoe]

Jumping in here, I am not so much worried about Google snooping. What concerns me more and more is the number of apps that ask me to sign in for high scores, etc. Add to these the apps that do seem to want lots of permissions, and then the fact that anyone can whack an app on the Market and it does start to sound less and less secure.

What (apart from total lack of knowledge and talent) would stop me writing (for example) and email notification widget. I could ask for the users email address and password and actually let it work for a month or so. During this time I am collecting email addresses and passwords from lots of other users and when I have 10,000 of them I can suddenly start hacking in to them all, spamming friends and all sorts?

It's very difficult for the "average" user to know how to keep themselves safe with this I think.

But isn't there risk anytime we do anything online?
Everytime we type in our credit card number for a payment?

Best thing I think we can do it go use trusted sites/apps, and hope for the best.
Otherwise we'll be too afraid to do anything online.

No different than being too afraid of being mugged, so you never leave your house.

 

[Schwin97]

I wouldn't be too worried about apps needing access to the SD Card. I would guess the apps are using the SD card to store configuration information. It would be nice to know that only the app that wrote the data could delete it (except possibly rooted apps).

 

[OfTheDamned]

The last statistics I read stated that less than 7 percent of all identity theft originate from online activity. Most of those are advance-free fraud like the Nigerian scams. You should be more worried about the guys picking up your garbage than some of the apps you are installing.

Just my 2 cents.

 

[brykins]

But isn't there risk anytime we do anything online?
Everytime we type in our credit card number for a payment?

Best thing I think we can do it go use trusted sites/apps, and hope for the best.
Otherwise we'll be too afraid to do anything online.

No different than being too afraid of being mugged, so you never leave your house.

It quite a lot different to those examples - I, along with most sensible people, buy online from trusted sites. The "average" user will think that the Market is a trusted site and it will not occur to them that apps there are unregulated, uncontrolled and could be written by anyone to do anything.

When I leave my house, I take sensible precautions depending on the time of day, etc. I don't go to known trouble spots at 2am on a Saturday night. Everyone local knows those trouble spots, but we don't know the trouble spots for Paris. The Market is a bit like that - looks like a lovely place but no one knows the trouble spots or how to find them.

 

[mrspeedmaster]

Google needs to clean up the market. There are lots of app that come off as they are from someone else. E.G. Yahoo Messenger app using the original Yahoo icon. Same thing for DropBox. I downloaded a dropbox app 2 days before the official one launched. The icon looked the same, I was able to log-in and get my files. I immediately changed my password because it could have been a phishing app.

 

[cableguynoe]

It quite a lot different to those examples - I, along with most sensible people, buy online from trusted sites. The "average" user will think that the Market is a trusted site and it will not occur to them that apps there are unregulated, uncontrolled and could be written by anyone to do anything.

When I leave my house, I take sensible precautions depending on the time of day, etc. I don't go to known trouble spots at 2am on a Saturday night. Everyone local knows those trouble spots, but we don't know the trouble spots for Paris. The Market is a bit like that - looks like a lovely place but no one knows the trouble spots or how to find them.

But you can get mugged in your local grocery store at 2pm.
I realize it might be an exagerated example, but my point is there are always risks.

I agree with OTD. I am more worried about people that can physically get ahold of my information. I once had some kids working at a pizza place steal my credit card number and use to buy things online and ship to their home (lol, idiots)...
I feel safer online

 

[wayrad]

I'm concerned about this too. Just because risk exists everywhere doesn't mean we shouldn't make an effort to evaluate and minimize it where it's reasonable to do so.

Do you folks think it's reasonable for a Bluetooth file transfer app (which would be really handy if I could use it to put ebooks on my DInc) to require access to contacts? I suppose sending contacts could be a major use, but in that case, why not calendar info too? (edited to add: Never mind, I can do BT file transfer out of the box. Cool!)

 

[Mama Luigi]

Astro needs internet access because it has an FTP client.

 

[glitch32]

I think the only way to stay safe is to download apps with permissions your comfortable with, and check on this forum to see what others have to say about the app.

 

[(G)]

Astro needs internet access because it has an FTP client.

How do you get to that in Astro? I'm not finding it.

 

[brykins]

I think the only way to stay safe is to download apps with permissions your comfortable with, and check on this forum to see what others have to say about the app.

And this is EXACTLY the problem with Android as a whole. A HUGE majority of the phone buying public are NEVER going to know about permissions or even what a forum is. They are simply going to blindly trust apps they download from Google thinking that Google is big and safe.

I absolutely guarantee that before the year is out there will be a big news story about Gmail accounts being hacked or some dodgy bank app or something on Android. It will get blown up by the tech press and will scare people away from Android and into the "safe" iPhone App Store.

If I were Steve Jobs, I'd have a team working on it right now

 

[cableguynoe]

If I were Steve Jobs, I'd have a team working on it right now

Now that's not nice...

There's nothing they can break that can't be fixed....
In android we trust

 

[shagan]

Swiss Traffic: why "Your personal information: read contact data"?

In the app you have an option to send the link of the app to a friend. To do this you can choose the number from your contacts lists.. (avoids having to write the number hand)

I got the answer from info (at) mogo.ch

 

[blackvyper]

What I want to know is how come my phone flickers when I walk in an out of crop circles... is that Google's handiwork too?


We're doomed!