FYI, I just posted this over in News - some apps sending GPS and phone# data surreptitiously to ad s

[robphelan]

some apps sending GPS and phone# data surreptitiously to advertising servers

http://androidforums.com/android-ne...sending-private-data-advertising-servers.html

you may want to check if your apps are on the list & decide if you're OK with keeping them.

I believe I have the BBC app installed.

EDIT: I just checked but my BBC app looks like it is the official one

 

[Prim8]

I don't see the app list anywhere?

 

[Citznfish]

There is no app list.

Might as well delete this useless thread

 

[Grut]

There IS an app list. Click on the link that robphelan posted and scroll down, you'll find it. This thread is not useless, you just didn't look..... :/

 

[lordhamster]

In the case of the captivate this is a non-issue. Thank you Samsung!

 

[ace35]

how is the captivate more secure than others for the sending of data like this, even with gps problems, they can still get fairly close with the wireless data triangulation.

 

[sremick]

There IS an app list. Click on the link that robphelan posted and scroll down, you'll find it. This thread is not useless, you just didn't look..... :/

I read the Engadget article, read the BBC article, and read the original research paper they're all based on.

Citznfish is correct: There is no list of what the culprit apps were.

They list the apps they tested. They listed the generic permissions they asked for. But then they go on to analyze how the apps used those permissions and what specific data they tried to send. They identified serious bad behavior, but don't specify which of the apps from the list did this.

If you yourself click on the link robphelan posted and scroll down, you'll see that this is mentioned and confirmed more than once.

 

[mnemonicj]

I don't understand why they didn't post the results. I read the PDF (http://appanalysis.org/tdroid10.pdf) report and it mentioned 30 applications of which they caught 20 sending personal information. If I have two of those apps (Bump and Barcode Scanner) then there is a good chance that one or both of them are malicious.

I immediately uninstalled both of the apps because I would rather not have the apps than have them installed and not know. It's pretty horrible reporting to report that 20 of 30 apps are bad and then not point out which 20 they are, especially when there is no way for us to identify which ones they are.

 

[tazman171]

Well that's worthless already known info. Each app list what its going to use on your phone right before you click install, there are a hell of a lot more that use gps data than what's "listed" on that useless list. Can't believe (actually I can) they don't just list the "malicious" apps. Worthless, IMO.

 

[mnemonicj]

Barcode Scanner is OK.

TaintDroid: Realtime Privacy Monitoring on Smartphones

 

[s.m.knipe]

Barcode Scanner is OK.

TaintDroid: Realtime Privacy Monitoring on Smartphones

Agreed, Barcode scanner has been around quite a while and I'm sure someone would have noticed by now if it was sending too personal of stuff. As to Bump, without knowing the parameters of the test, I would wager it fails because it probably doesn't encrypt the data it transfers when "bumped" into another phone. Evernote is probably on the list for a similar reason