Android, Security, Google, Vigilance!

[Bateluer]

Seems like most of the apps I look at now want network and GPS location, access to phone call logs, contacts, etc. Even for something as simple as a Tic Tac Toe game, it'll want GPS location access. Heck, the Pandora 1.4 update wants access to both Network and GPS location, phone call records, and contacts. No idea why it needs those things, I emailed their support inquiring about it but have not received a response yet. Naturally, when I don't install apps like these when there doesn't seem to be a valid need for the security access levels. In the case of Pandora, if I don't get a response from Pandora support that I like, I probably will uninstall the Pandora app entirely and switch to Last.fm or Slacker Radio, which ever is more agreeable. I'm not a developer, but I just don't see the need for simple applications, tip calculators, simple games, etc, to have any need for location information, phone call logs, or contacts.

This like this concern me greatly because so many people have a very cavalier attitude to their own privacy. I may not install an app that wants unrestricted access to my GPS location and contact list, but my name and number are on other people's contact lists, and they will install those apps, often without so much a second glance at the security levels. Seems like I can be security minded and carefully guard my own privacy and information, but if the people I associate with don't maintain the same level of awareness, then my efforts are completely wasted.

Combine this with Google's 'No Security/Privacy by Default' policy, and it seems like a recipe for disaster. Theo de Raadt and Richard Stallman would be appalled.

What say you?

[alphawave7]

We need (some say desperately) a service to vet these Android apps one by one...even more vigorously than Apple would. A *detailed* description of what security requirements, and reasons the app has them. At least google gives us the warnings, but it's insufficient, imho. Perhaps someone like AppBrain or similar could be the 'Underwriter's Laboratory' for Android apps.

[ilikemoneygreen]

I want an app that will just deny apps of a certain service. So even if you install an "app A" that requires gps... youll be able to prevent the app using it while still having "app A." I would love if a dev created this.

[Bateluer]

I want an app that will just deny apps of a certain service. So even if you install an "app A" that requires gps... youll be able to prevent the app using it while still having "app A." I would love if a dev created this.

Oh I'd buy an app that did that reliably.

[furbearingmammal]

I want an app that will just deny apps of a certain service. So even if you install an "app A" that requires gps... youll be able to prevent the app using it while still having "app A." I would love if a dev created this.

It'd be my first paid app purchase, and I don't do pirated apps. I installed one once, ran it for a while, and got rid of it. It wasn't worth breaking the law for an app I have no use for.

I think there should be an approval process for any app that asks for anything that could be dicey for the end user, especially things like your contact list. Giving up your own privacy is mucho estupido, even if everyone under the age of 30 doesn't expect it and is wild about the idea of everyone and their uncle who cares knowing that they're going to the bathroom or who they're sleeping with, but sacrificing everyone else's privacy so you can listen to music is not only stupid, it's immoral.

[ilikemoneygreen]

Glad to know its a good idea, Maybe someone could foward the idea to a popular dev. My problem is, i know no one in that department....

[hapster]

Dunno why Pandora would need call log access, but it wants GPS because it's ad supported and uses your location to show relevant ads. GPS doesn't help it if it's not on, so then it uses network location.

It's the same concept for other apps. Blocking an app's access to those services could interfere with with the dev's ad revenue, which could mean development could stop. Bottom line is, if you don't want an app accessing things like that, or you question why it wants it, don't install it.

Sent from my Droid

[ilikemoneygreen]

Dunno why Pandora would need call log access, but it wants GPS because it's ad supported and uses your location to show relevant ads. GPS doesn't help it if it's not on, so then it uses network location.

It's the same concept for other apps. Blocking an app's access to those services could interfere with with the dev's ad revenue, which could mean development could stop. Bottom line is, if you don't want an app accessing things like that, or you question why it wants it, don't install it.

Sent from my Droid

WOW, how could it interfere with the devs revenue? Considering the adds are written in the app. I would like to know how the devs are paid by the adds. Because if they are paid by just having the adds written into the app then you would be wrong.
And lol, Using your point, my Bb .4 blocks adds.... So i guess none of the devs are getting paid. (thus the gps is a useless service to have. I want to block access!)

[hapster]

WOW, how could it interfere with the devs revenue? Considering the adds are written in the app. I would like to know how the devs are paid by the adds.

I don't know how the payment schemes are set up, or if the dev gets paid simply by the ads being shown, or only if a user clicks on it. But, using Pandora again, the ads themselves are not part of the app. I see ads for products and services for businesses in my area. When we went out of town last month, I saw ads for that area. Not saying that is how they all work. Ads in other apps I've used were pretty generic.

Sent from my Droid

[Bateluer]

Dunno why Pandora would need call log access, but it wants GPS because it's ad supported and uses your location to show relevant ads. GPS doesn't help it if it's not on, so then it uses network location.

It's the same concept for other apps. Blocking an app's access to those services could interfere with with the dev's ad revenue, which could mean development could stop. Bottom line is, if you don't want an app accessing things like that, or you question why it wants it, don't install it.

Sent from my Droid

WOW, how could it interfere with the devs revenue? Considering the adds are written in the app. I would like to know how the devs are paid by the adds. Because if they are paid by just having the adds written into the app then you would be wrong.
And lol, Using your point, my Bb .4 blocks adds.... So i guess none of the devs are getting paid. (thus the gps is a useless service to have. I want to block access!)

I have ads blocked in my Sapphire ROM as well, however, I have paid/donate versions of several applications, Rom Manager, SetCPU, Cachemate, and a few others.

While the dev does get some revenue from ads, you don't need location information to display ads. Yes, targeted ads can be applied with location information, but I don't think there'd be much difference in their usefulness to the end user. Its not worth the risk of having Google or the dev having a list of data of every place I've been and the routes I've taken to get there. This is a very serious security concern, and, to be honest, the lack of response from people across the net really concerns me.

You've got various governments, including the US Govt pressuring all the major smart phone makers and carriers for access to their information, which would include all that location, phone call logs, and contact information that was tracked. The dev may be just one individual, or a small team of individuals, who's only goal is to make a few extra dollars in ad revenue, but the government's objectives are cloaked in the guise of our own protection. Think they need a warrant to get your data? Nope, all four US national carriers actively cooperate with law enforcement willingly without warrants.

Very scary stuff. Where's my tin foil hat?