App security paranoiaSupport


Last Updated:

  1. Nefser

    Nefser Active Member This Topic's Starter

    Joined:
    Oct 14, 2009
    Messages:
    31
    Likes Received:
    3
    Perhaps it's just me, but I haven't noticed anyone being at all nervous or at least commenting on the amount of access some apps require.

    The majority of them tend to want internet access or not sleep the phone. These two I can understand, because at least if they don't have access to my personal data, they may want to (or need to) access web information for usage,high scores, etc.

    Not sleeping also makes sense.

    What really bothers me is when a rather innocuous piece of software, such as "Backgrounds" says that they want to have read and write access to my contact information. Huh?!? Why?

    I understand (or at least I think I do) about wanting to know the phone status, or to enhance my 'productivity' by auto-dialing numbers. But seriously, I would rather have an app cut and paste a number into my dialer and bring it to the foreground but NOT dial the number for me.

    Indeed, there are a number of tools and games that I have completely steered away from as I don't like the amount of access that they want to have. But when trawling through the comments (good or bad), no one seems to ever mention this side of things.

    So, am I just too paranoid? Or is it the new phone app/"I want to be ignorant" mentality of most people doesn't take this stuff into consideration?
     

    Advertisement
  2. kam187

    kam187 Well-Known Member

    Joined:
    Aug 3, 2009
    Messages:
    1,320
    Likes Received:
    46
    Nah, you're totally right. There's threads about that spread around in various forums. The problem is the paranoia usually gives way to lazyness or eagerness to try an app, and you stop looking at the access levels the app wants.

    If you look at the free apps on android, nearly all use the advertisement and referal model to make money. That means the more information about you they can pass on, the more money they will probably make. I wouldnt be surprised if there arent at least a couple of apps which are stealing contact information for adverttising purposes.
     
  3. Xenon

    Xenon Well-Known Member

    Joined:
    Aug 30, 2009
    Messages:
    243
    Likes Received:
    3
    Nefser, it is not just you. I noticed that applications often want
    access to stuff that is none of their business. Nowadays I routinely
    refuse to install those, but when I just got the phone curiosity got
    the better of me a couple of times and I installed some that wanted
    access to contacts. I keep my fingers crossed that it was just for
    something benign (a button that lets you mail something to a friend)
    and that my contacts didn't get harvested by some evildoers.
     
  4. dontbotherme

    dontbotherme New Member

    Joined:
    Nov 19, 2009
    Messages:
    1
    Likes Received:
    0
    Is there an app that can quickly scan all installed apps in order to see which apps "need" to be able to view/write contact information?

    If there's not, I guess I might have to investigate android app development...
     
  5. tsphere

    tsphere Well-Known Member

    Joined:
    Oct 4, 2009
    Messages:
    84
    Likes Received:
    4
    Google should regulate this. I know devs are always complaning about the iphone store, how hard it is to push software there, but perhaps apple are not so wrong about this...
     
  6. KlaymenDK

    KlaymenDK Well-Known Member

    Joined:
    May 29, 2009
    Messages:
    1,217
    Likes Received:
    130
    No there isn't -- because there can't be. The Android security model makes it pretty impossible for one app to know what other apps are up to, aside from published "intents". (The "intent" concept is pretty neat, but is less than ideal because it needs too much coordination between projects; that's why OpenIntents.org came to be.) What I'm saying is that on an un-rooted phone, there's no way of telling what other apps want to do (and get to do); I'm not sure the situation is different on a rooted phone.


    I would disagree. I think it's much better to aim for openness and reason than control and lock-down. It really is no different than knowing not to click pretty banners on the Internet or open strange emails ... people need to employ just a little common sense in all that they do. Android included.
     
  7. lazarus101

    lazarus101 Well-Known Member

    Joined:
    Sep 1, 2009
    Messages:
    70
    Likes Received:
    6
    There is an option on the Market to flag an application as inappropriate, and I'm sure if an app receives too many reports like this Google would investigate and remove it from the Market if it's harmfull.
     
  8. bearcave

    bearcave Member

    Joined:
    Oct 15, 2009
    Messages:
    14
    Likes Received:
    0
    I recently went to update gFlash and found it now demanding access network, location and hardware controls. For something that lights the LED so you can use the phone as a torch!

    I emailed the author, and this was his response:

    I'm not installing the update. I am grateful to the author for the app and would be very happy to slip him a contribution, but I'm not trusting some Ads library that wants all that access.

    I wonder if ad libraries are behind the escalating access demands?
     
  9. informale

    informale Well-Known Member

    Joined:
    Oct 25, 2009
    Messages:
    704
    Likes Received:
    33
    That is probably true, but since the app does not demand access to your contacts, emails, etc - it's harmless.
     
  10. crow6

    crow6 Member

    Joined:
    Dec 2, 2009
    Messages:
    14
    Likes Received:
    0
    Wow! Cool. Now we know that autors don't harvest our private data. Ad-companies do this! Great! Now we (and friends) just need to wait for tons of sms, e-mails and instant messenger ads :/

    With rooted phone it is quite possible. Installed apps are stored somewhere in memory as .apk files. So somebody must write tools to decompress every .apk, get manifest-file and scan for permissions section...
    But better question is: how to block this? If we change permissions in .apk before installation then app will be working or we'll get crash message?
     
  11. informale

    informale Well-Known Member

    Joined:
    Oct 25, 2009
    Messages:
    704
    Likes Received:
    33
    Oh, come on people, stop freaking out! Ads only collect you location, so that you don't get Turkish ads if you live in France. That's it! If the app does not require contacts, etc access, it cannot access your private data.
     
  12. TheAndroidWorks

    TheAndroidWorks Well-Known Member

    Joined:
    Dec 17, 2009
    Messages:
    269
    Likes Received:
    27
    Informale, you are spot on.

    If the program is not asking for the contacts data / phone state, this is not possible. Google should do a better job of explaining to a user what each of the access permissions actually are.
     
  13. crow6

    crow6 Member

    Joined:
    Dec 2, 2009
    Messages:
    14
    Likes Received:
    0
    Google did job well on developer pages.
    The problem is when you must update an app and new one brings READ_CONTACTS permission next to bugfixes. Choices:
    * not update and still get bugs;
    * uninstall and try to find replacement;
    * update :(

    About gFlash: apps only turn on/off flash LEDs but needs: *android.permission.CAMERA
    *android.permission.RECORD_AUDIO
    *android.permission.INTERNET
    *android.permission.ACCESS_FINE_LOCATION.
    First one is ok but third and last one is used for Ads. So somebody has easy access to your current position which is a bit dangareus :/
    RECORD_AUDIO - why app need this?!?
     
  14. KlaymenDK

    KlaymenDK Well-Known Member

    Joined:
    May 29, 2009
    Messages:
    1,217
    Likes Received:
    130
    Crow, regarding your first point: Those are the options for any application upgrade, on any platform. At least with Android, we're getting an up-front notice about it, which I think is great. The rest -- deciding whether or not to get the update -- is up to the user, as well it should be.

    Regarding your second point, the fact that we get these up-front notices gives us a degree of superintendence over apps. Obviously, the users benefit from this situation because developers can't "get away" with doing anything without a justifiable cause. This is a new situation so I'm not surprised that not all developers do a stellar job.

    In your specific example, users should contact the developer and ask and/or complain about this -- if nothing else, then in the form of a low-starred review in the Market. That's the "game mechanic" that keeps everybody playing by the rules.

    There is a lot of ways to see this system as empowering the end user -- but as always, with greater power comes greater responsibility, so for the user it does mean more work (as in, forming a critical opinion and acting on that).
     
  15. Andronix

    Andronix Well-Known Member

    Joined:
    Aug 31, 2009
    Messages:
    676
    Likes Received:
    16
    on a side note, I'd like to remind all of you that with rooted phone you can whitelist apps that may reach internet (droidwall)

    [​IMG]

    Oh, while I'm at it, DroidWall perfect companion is AdFree (block ads via hosts file)

    [​IMG]
     
  16. informale

    informale Well-Known Member

    Joined:
    Oct 25, 2009
    Messages:
    704
    Likes Received:
    33
    People don't freak out #2.

    Consider this - when you install an app on your computer, you don't get any notice of permissions at all. You never really know (unless you explicitly use regmon+filemon) what files are accessed.

    So it's not all so bad on Android )
     
  17. Esp_McLee

    Esp_McLee Member

    Joined:
    Dec 18, 2009
    Messages:
    21
    Likes Received:
    2
    A fair point, informale, but apps on a computer that go sniffing in emails, contacts and god knows what else are usually called things like viruses and spyware, for which we have other apps to fight and prevent. On a phone, we don't. And if one of my "bad" apps decide to do something really evil, I might just get a frikkin huge bill from my operator next month. Basicly, we've put our selves in harms way of those dreaded viruses from the age of dial-up internet that hijacked your modem and made calls to adult hotlines in Cuba or something.
     
  18. Andronix

    Andronix Well-Known Member

    Joined:
    Aug 31, 2009
    Messages:
    676
    Likes Received:
    16
    aSpotCat !!!
     

Share This Page

Loading...