Curious and Seemingly Paranoid

[Bob Maxey]

Good Day

I know very little about Android. I do have a background in developing apps for the Palm VII; it was my job, in part. But that is as far as it goes.

I have a Zio and it suits me fine. I do not care about the next Android release, I just want to do what I need to do.

That said, when I download from the market, I am presented with a list of things the software has access to. Location, SD Card, Passwords, email address, and the list goes on and on. I am not telling most of you anything you do not allready know.

My question is this: how are we protected from apps that are designed to take this info and use it in a nefarious manner? Again, I am not an expert. I am not paranoid, just curious.

We all have PCs. We all know about virus issues, pishing scams, bots, trojans, scams, etc. Seems to me, the last thing we would accept is software that gathers copious quantities of sensitive data; we do, so it seems, accept it from developers of applications that we freely DL from the market.

Please help me understand.

Cheers

 

[gingergirl]

I'll be really interested to read the responses to your question!! I, too, feel uneasy about all this! Every time I get something in the market, and see all the warning notices... I can't help but wonder! Great post, Bob.... I'll be watching this one!

 

[uzetaab]

actually, this is a fairly common criticism of android which I totally agree with.

As it stands now, it's pretty useless. The only use it has is if you download something like a wallpaper manager & it wants access to your contacts, for example, you can choose not to install it.

If you download an SMS manager & it want's access to your contacts, that seems totally normal, but you don't really know what it's doing with those contacts. At least it tells you what it's accessing so your not totally in the dark like you would be with say, an iphone.

Although apple check their apps, it's totally been proven that devs can sneak stuff in if they choose. There was that app a few months ago that was a torch/flashlight, but it had a hidden function that could turn the phone into a tethering device.

Now Apple pulled the app once they found out, but how many people downloaded it before they pulled it? What if the app had had a 2nd hidden function that sent the user's contact list to a spammer?

Back to my original point, at least we get to see what the app wants access to ourselves. But how do we know what the accuracy of those warnings is? Could a Dev sneak a function through in android too?

I have 2 other thoughts about this:

Firstly, it would be nice if I could specify which of those functions to allow individually, but that would likely be too problematic. I'd say it would be hard to implement & blocking a function could break the whole app which could potentially kill the phone.

The second thought is that the way the warnings are displayed seems a bit over the top. I think it makes people unnecessarily nervous about installing apps. I mean in the real world, you only see warnings that look like that for things like live minefields, not exit only signs.

Further, once users get used to seeing those warnings, they stop paying attention to them anyway. At least google are trying, but imo, the far better way to choose apps is by looking on this website at what others use & recommend.