Google Android apps found to be sharing data


Last Updated:

  1. Abdur

    Abdur Well-Known Member This Topic's Starter

    Joined:
    Sep 30, 2010
    Messages:
    252
    Likes Received:
    34
    BBC News - Google Android apps found to be sharing data
    Is this something to worry about?
    If so, what apps are rogue (so to speak).
    Just saw this today on BBC.
     

    Advertisement
    staffsmatt likes this.
  2. incredible x4

    incredible x4 Well-Known Member

    Joined:
    Aug 20, 2010
    Messages:
    136
    Likes Received:
    22
    I read about this today too. Engadget posted the full report with the list of apps that were found.

    Heres the list:
    EDIT 2:
    It turns out I am wrong about this list. I read the article too quick.
    THIS IS THE LIST OF ALL APPS THAT WERE EVALUATED USING TAINTDROID.
    NOT ALL OF THE APPS LISTED WERE FOUND TO HAVE PROBLEMS.
    ONLY 15 OF THESE 30 APPS WERE FOUND TO HAVE PROBLEMS.
    Just thought I would make this clear.

    I was kind of surprised by a few of them. The Weather Channel and the barcode scanner mostly. But I'm not too surprised by Solitare. I had some hesitation about downloading that one. I deleted all of these. Mostly because I alread had a lot redundancy with those apps and this was a good excuse to get rid of them.

    Edit:
    Heres the link to the Engadget article:
    http://www.engadget.com/2010/09/30/study-select-android-apps-sharing-data-without-user-notificatio/
     
  3. Abdur

    Abdur Well-Known Member This Topic's Starter

    Joined:
    Sep 30, 2010
    Messages:
    252
    Likes Received:
    34
    I love how BBC News Live Stream is on that list, and BBC is reporting the news. I only had the Barcode Scanner installed, and now uninstalled.
    I knew privacy was terrible, but this is quite surprising...
     
  4. staffsmatt

    staffsmatt Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    153
    Likes Received:
    9
    I had solitaire and barcode reader... had being the operative word!
     
  5. brykins

    brykins Well-Known Member

    Joined:
    Nov 17, 2009
    Messages:
    647
    Likes Received:
    77
    Hmmm....yet another push towards Ebaying the Desire and replacing it with an iPhone?
     
  6. GrenW

    GrenW Well-Known Member

    Joined:
    Apr 16, 2010
    Messages:
    799
    Likes Received:
    130
    The real question is how many of these apps mentioned the priviledges needed on installation? If its done on the quiet then thats a different matter to if you were told before installing.

    Some of what they are talking about is location services. Surely the Weather app needs that, maybe Yellow Pages too? But as for Solitaire and most of the others, there is no excuse!
     
  7. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    I installed Droid Wall on my phone and firewalled apps that have no business talking to the Internet. I don't sync Astrid with any web site, for instance, so it's firewalled. I want more information on what specific data these apps are sending. I can see where Yellow Pages would want to know my GPS location. That makes sense. I can see where it would want to read my contacts. That makes sense too. If it's sending that data anywhere, that doesn't make sense and I want an explanation.
     
  8. woofermazing

    woofermazing Well-Known Member

    Joined:
    May 15, 2010
    Messages:
    177
    Likes Received:
    42
    Can't wait for TaintDroid to be released.
     
    nateEris likes this.
  9. Abdur

    Abdur Well-Known Member This Topic's Starter

    Joined:
    Sep 30, 2010
    Messages:
    252
    Likes Received:
    34
    This.

    I was wondering where I could get one of those firewalls.
     
  10. faugusztin

    faugusztin Well-Known Member

    Joined:
    Jan 8, 2010
    Messages:
    87
    Likes Received:
    2
    Actually, how many of those apps had the same ad provider bundled into them ?
     
  11. srowen

    srowen Member

    Joined:
    Nov 16, 2008
    Messages:
    8
    Likes Received:
    1
    I am an author of Barcode Scanner, and feel compelled to respond to this.

    The TaintDroid / AppAnalysis paper, which is important and valuable work, does NOT say that ALL of these apps violate privacy. On the contrary -- they say they picked 30 popular apps and found issues with 15 of them.

    Unfortunately, users like you are reading this as suggesting that all 30 have a problem. And unfortunately, I'm inundated with nasty messages and Market feedback from users who think I've stolen their information.

    It is, of course, completely untrue for Barcode Scanner. It does not have permission to access location or phone state (unique ID), and never has. (It didn't help that the paper originally stated incorrectly that it did -- has been fixed now.) Barcode Scanner, of all these apps, should hardly be considered shady. It is completely open source: zxing - Project Hosting on Google Code And, I of course know that we have never ever done anything nefarious with the app.

    I call on users like yourselves to do your homework and understand that we simply don't know who the culprits were in their study (though I know Barcode Scanner wasn't one, and you can know that from the source code and from seeing that the report says they don't have permissions needed for the violations they cite.)

    But I also call on the authors of the paper to "name names" so users can confidently uninstall nefarious apps while not damaging the good names of innocent, open apps like Barcode Scanner.
     
  12. MannyMel

    MannyMel Active Member

    Joined:
    Sep 7, 2010
    Messages:
    33
    Likes Received:
    1
    I had a few of these apps on my iphone so I was quick to download them from the market place. I got an Android phone knowing full well that GOOGLE is a company that makes money off of user data (not implying that GOOGLE is up to any wrong doing here) and that the market place has little to no privacy. Having said that I am disappointed that their are apps that take info that they shouldn't (warned or not they should be more specific of what they grab) but I am not surprised. And along the lines of what srowen said I don't believe ALL these apps are guilty of wrong doing. It would be nice to know exactly what they do especially when they are being touted by T-Mobile for download.
     
  13. staffsmatt

    staffsmatt Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    153
    Likes Received:
    9
    hi srowen,

    I think the main problem for users such as myself is that we don't know WHY the apps are asking for info that they are.

    For example barcode scanner asks to access contact data (read and write)... I'm sure that there is a good reason for this but can't for the life of me think what it could be..... (not trying to accuse you of anything, although I know it sounds like it) - <edit> next post down has the answer! </edit>

    If devs were more open as to what their apps asked for access to and why it would help a lot....

    I agree completely that the authors should name names.
     
  14. faugusztin

    faugusztin Well-Known Member

    Joined:
    Jan 8, 2010
    Messages:
    87
    Likes Received:
    2
    staffsmatt likes this.
  15. Roze

    Roze Hiding behind a mystery VIP Member

    Joined:
    Jan 20, 2010
    Messages:
    9,814
    Likes Received:
    2,183
    This might not explain it all but it's a really great thread that a member, and aso a developer, compiled. The thread explains what most of the permissions mean: http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html

    The manifest permission as described by Google: http://developer.android.com/reference/android/Manifest.permission.html

    From what I have gathered, a lot of the free apps use internet permission so that they can enable ads in the apps. Some developers like to get fancy and ask for GPS access so that the ads can be customized to you based on your location.

    Before you install an app, you are given a list of permissions that the app requires. Developers cannot have 'hidden permssions'. They need to declare those permissions before they are able to access them in your phone. The safety net Android has up. So before you install an app, read the permissions. If you don't know what some of them are, research them and install at your own risk.

    I've quoted some information from the Android Developer site that pertains to Permission access.

    If you want to read the technical of how Devs code permissions and how it works: http://developer.android.com/guide/topics/security/security.html
     
  16. incredible x4

    incredible x4 Well-Known Member

    Joined:
    Aug 20, 2010
    Messages:
    136
    Likes Received:
    22
    @srowen,
    I loved your app. It pained me to delete it. I was very easy to use and fun to mess around with. The reason I got rid of it was because I also have Google Goggles installed on my phone. As you probably already know, this app will scan bar codes too. Along with many other advanced features that your app could not do. Having redundant apps on my phone is a pet peeve of mine. This is also the reason I got rid of The Weather Channel app. I had switched over to using the Weatherbug app instead. I just had hung onto the Weather Channel app until I decided if I wanted to keep Weatherbug. I had been on the fence for a while about uninstalling your app and after I read the article last night, I decided it was time to get rid of it.

    After reading your post I see where I misunderstood the list. It was late last night when I posted that and I was tired and I read the article too quick. I have edited my post to make people aware of this. My mistake.

    Now, I do agree with some people who posted about the permissions list in the Market. It would be nice if devs were allowed to go into a little more detail as to why their apps need certain permissions. This would clear up a lot of the confusion about whether a app is safe or not. I know I have had to think about downloading quite a few apps because the permissions list had something on it that I didn't think the app should need to access. But that app needs to access my contacts so I can text a link to someone if I wanted to, for example. I think this is a suggestion that needs to be sent to Google. If devs were allowed to write their own permission list options instead of using Google's pre-written ones, it would clear a lot of things up.
     
  17. UncleMike

    UncleMike Well-Known Member

    Joined:
    Nov 15, 2009
    Messages:
    2,319
    Likes Received:
    482
    The purpose of many apps, such as Yellow Pages and The Weather Channel, is to present the user with a subset of information that is stored not on the device, but on the Internet somewhere. For the Yellow Pages, it's a list of nearby stores. For The Weather Channel, is the weather specific to your location. In order for the app to present this subset of information it must submit a query to a server somewhere. This query must include your location in order for the server to return an appropriate subset of its information.

    Similarly, geographically targeted ads operate in the same way.
     
  18. Weazol

    Weazol Well-Known Member

    Joined:
    Jul 20, 2010
    Messages:
    532
    Likes Received:
    142
    taintdroid is a horrible name.. when I hear it I dont think of a tainted droid. I think of the droids taint
     
  19. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    And that makes sense to me with apps like Weather Channel. When an app like Solitaire wants my GPS location, my eyebrows raise.
     
  20. Weazol

    Weazol Well-Known Member

    Joined:
    Jul 20, 2010
    Messages:
    532
    Likes Received:
    142
    It just wants to make sure you are playing solitaire the way the locals at your location play it.
     
  21. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    Now I'm trying to figure out what a droid's taint would look like. I'm not sure I want an answer to that question.
     
  22. Halifax81

    Halifax81 Member

    Joined:
    Apr 11, 2010
    Messages:
    11
    Likes Received:
    1
    To be fair its always been an issue since Android was dreamt up, this new research has just highlighted the issue, the good news I would take from this is that Google will be forced to do something about it eventually due to public backlash. I for one and quite happy with my device and knew the risks of owning a smartphone to start with, I won't be rushing out to change my phone any time soon

    To add to this I had a look around my apps specifically at what wanted location based dats, only a small number of apps I had looked suspicious as to why they would need this data, so I fired off an email to the Devs of each app:

    Handcent: No response back as yet however the very next day after sending my email an update is sent out for the app, after checking the security page of the app it no longer asks for location based services

    Backgammon (Free): Response to say this was an oversight by them and they are looking into it. Iv'e not uninstalled this but will wait to see if an update comes out.

    MixZing Media Player: Response - Our analytics package (Flurry) uses it. It's not location (GPS), just coarse. - Given that response I will be uninstalling this app as I don't see why the media player needs my location data regardless of it been coarse or GPS

    I'm quite happy at this moment in time with the apps I have on this phone granted I dont know how secure they are but I may get a cheapish android phone and put on the software that was used in the project that kicked off all this concern then and only then will I know what certain apps actually do
     
  23. staffsmatt

    staffsmatt Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    153
    Likes Received:
    9
    Ah right, thanks. Barcode scanner will be re-installed then :) and my previous post edited.

    Maybe more open isn't the way I should have phrased it..... perhaps more obvious. Or a link during the install to info like that provided on the link you posted.
     
  24. srowen

    srowen Member

    Joined:
    Nov 16, 2008
    Messages:
    8
    Likes Received:
    1
    As the next post says, we've explained it in the FAQ. The FAQ is the 'home page' linked from the Market. The Market description specifically says "see FAQ for permission info". I don't know that more can be done in this case.

    But yes I myself often refuse to install an app that requests permissions that don't seem right, and for which I can find no information on the product page.
     
  25. srowen

    srowen Member

    Joined:
    Nov 16, 2008
    Messages:
    8
    Likes Received:
    1
    Completely fine, you know that Google Goggles uses Barcode Scanner for barcode scanning anyway (well, the same library)? As does Google Shopper. In fact all the underlying technology came out of Google, when I was working there. The devs of the other apps have continued this and they're friends of mine. So, really you're still using it.
     

Share This Page

Loading...