What Are Your Apps Sharing?

Discussion in 'Android News' started by jntdroid, Dec 21, 2010.

  1. jntdroid
    Offline

    jntdroid DF Super Moderator Premium Member

    Joined:
    Nov 18, 2009
    Messages:
    6,437
    Likes Received:
    292
    Trophy Points:
    83
    Location:
    TX
    [​IMG]

    "Your Apps Are Watching You" - That is the title of an article the Wall Street Journal posted online a few days ago. The title might be a little too "alarmist" for those of us familiar with the topic, but they do have some interesting findings. They studied 101 popular smartphone apps for the iPhone and Android (here is their methodology) to see exactly what these apps were (or were not) sharing with 3rd parties. They also created a great tool to show their findings - I recommend checking it out, whether you read the article or not. Here are a few tidbits of what they found:

    "An examination of 101 popular smartphone "apps"—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders."

    "Both the Android and iPhone versions of Pandora, a popular music app, sent age, gender, location and phone identifiers to various ad networks. iPhone and Android versions of a game called Paper Toss—players try to throw paper wads into a trash can—each sent the phone's ID number to at least five ad companies."

    As with most advances in mobile technology, the trade-off is privacy for convenience. True privacy might be gone forever, unless you want to live in a cave; but that doesn't mean we should simply give into it without awareness of what we're giving up.

    While this may or may not be earth shattering news (though the tool is pretty slick), I think it's just another reminder to stay aware of exactly what we put on our phones, as they are quickly becoming an extended part of our self.

    Article: WSJ
    Tool: What They Know
    Last edited: Dec 21, 2010
  2. grgguy
    Offline

    grgguy Member

    Joined:
    Mar 12, 2010
    Messages:
    391
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    SoCal
    This is extremely dissapointing. I just went and uninstalled , Shazzam and Papertoss . No app should transmit my location at any time . Unless its a GPS(Navigation) type app. I see no other reason that it would need to !
  3. GrillMouster
    Offline

    GrillMouster New Member

    Joined:
    Nov 23, 2009
    Messages:
    289
    Likes Received:
    0
    Trophy Points:
    0
    Pandora didn't learn

    Pandora has been getting a lot of negative attention from the referenced WSJ article. I was surprised that shortly after the article was published Pandora issued a software update that demands even more permissions than it has in the past. It now asks for access to users contacts and calendar. I have not yet updated because of these extra permissions.

    The popularitiy of social media integration has resulted in apps asking for increased access to users' personal information so that they can share what they're doing in those apps with their "friends". There's got to be a way to do that without having to give those apps access to the user's contacts. If the OS acted like an escrow service this could happen.

    I've noticed that some ad-supported apps, like XiiaLive Lite, use GPS for the ads. I guess it's so the ads can target popuplations in certain geographic regions. I don't like that practice because it's an unnecessary power drain. Also, I don't like my precise location bein shared with third-parties. I might be okay with general regional info (city/state/country), but anything beyond that is too specific for my comfort.
  4. soops
    Offline

    soops New Member

    Joined:
    Dec 10, 2009
    Messages:
    157
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    Phx Metro, AZ
    Would the use of scripts to block ads prevents any of these personal info sent to ad networks? Also what does it means by phone id/identifiers?
  5. Bigaliensexmachine3000
    Offline

    Bigaliensexmachine3000 New Member

    Joined:
    Mar 27, 2010
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    0
    Uninstalled Pandora through the market.

    Reason: malicious (spyware)
  6. sst45jeff
    Offline

    sst45jeff Member

    Joined:
    Dec 2, 2009
    Messages:
    315
    Likes Received:
    8
    Trophy Points:
    18
    more info

    maybe there needs to be a thread started to educate people on what these specific permissions that are being asked for mean. Some listed when installing an app don't mean anything to the layman so they install without knowing what they are giving up.
  7. solar
    Offline

    solar Member

    Joined:
    Dec 8, 2009
    Messages:
    805
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    So Cal
    Thats a really interesting article. I'm familiar with the fact that no one using a mobile with apps (or a PC for that matter) is really hidden anymore, but this sheds a new light on it. Cool stuff!
  8. RETG
    Offline

    RETG Member

    Joined:
    Jul 8, 2010
    Messages:
    491
    Likes Received:
    8
    Trophy Points:
    18
    Location:
    West of the Rockies, East of the Pacific
    What gets me, is if you go to the market to download the widget or whatever you call if for this site, it tells you it has permission for:
    Net Communication
    Phone Call - Read State ID
    My Location (A course location, but still my location)
    Storage - which says mofidy or delete SD card storage
    and System

    Why, does any site need this information? Once I read that, I backed out, don't need it.
  9. jntdroid
    Offline

    jntdroid DF Super Moderator Premium Member

    Joined:
    Nov 18, 2009
    Messages:
    6,437
    Likes Received:
    292
    Trophy Points:
    83
    Location:
    TX
    I believe the device ID is simply a code of some sort that is assigned by the manufacturer or vendor to your specific device, or somehow describes your specific device (i.e. when it was made, where it was shipped, etc) - that's a little bit speculation, so don't hold me to all of that.
  10. solar
    Offline

    solar Member

    Joined:
    Dec 8, 2009
    Messages:
    805
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    So Cal
    Thats a pretty good idea. I don't think most people know what the various items mean. Even people who are tech saavy (like me) aren't always familiar with EXACTLY what each means and does and to what extent you are exposed. I wish there was a way to block certain portions of the programs from accessing certain things....
  11. jntdroid
    Offline

    jntdroid DF Super Moderator Premium Member

    Joined:
    Nov 18, 2009
    Messages:
    6,437
    Likes Received:
    292
    Trophy Points:
    83
    Location:
    TX
    +1 - more transparency in this area would help, and it would also help quiet down all the chatter that goes on about how the Android market is full of spyware
  12. Incredibilly
    Offline

    Incredibilly Member

    Joined:
    Aug 3, 2010
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Northern VA
    Or an app that blocks outgoing information on an implicit deny command. Just think, when you go in and approve each permission, you get a real understanding of what is being broadcast. I know they usually tell you what they access, but most people don't really read that stuff.

    As sort of a parallel example, think about cookies: If you've never done it, set your browser's cookie settings to ask every time and see what crap websites are trying to do.

    I wonder how it would affect app performance if I could never allow access to my contacts... sometimes I don't care that it can access fine location... when I want to know where something is (like me).:icon_ banana:
  13. CletusVanDam
    Offline

    CletusVanDam New Member

    Joined:
    Jun 14, 2010
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    FL
    Is there an app out there that allows you to restrict other installed apps from having internet access anytime they want?
  14. AlphaMack
    Offline

    AlphaMack New Member

    Joined:
    Aug 12, 2010
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    California
    DroidWall.
  15. HamDog
    Offline

    HamDog New Member

    Joined:
    Aug 3, 2010
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    0
    Microsoft attempted to do this starting with Windows Vista. It's called "User Account Control Settings". It sucked! People realized that they constantly had to give permissions to everything. Apple had a great time making fun of this in their ads.

    Pandora has come out and explained why it needs permissions to contacts and calendar: "Your Personal Information: these permissions enable two features-- both of which are always entirely under your control-- to share your Pandora stations with a friend via email, and to add an event featured in an ad (like a movie premier) to your calendar." I'm not saying I believe them, but for those wanting a reason, they have given one.

    I posted the Wall Street Journal article in it's entirety a couple of days ago in the general discussion area. Then the mods moved it to the "apps" area, where barely anyone visits. Although I agree it has to do with apps, but I thought it was important enough to be discussed and shared in a more popular general forum. There are more comments there too:

    http://www.droidforums.net/forum/droid-applications/107132-your-apps-watching-you.html
  16. jntdroid
    Offline

    jntdroid DF Super Moderator Premium Member

    Joined:
    Nov 18, 2009
    Messages:
    6,437
    Likes Received:
    292
    Trophy Points:
    83
    Location:
    TX
    Sorry I missed that - maybe a mod will merge the two if they see fit!
  17. GrillMouster
    Offline

    GrillMouster New Member

    Joined:
    Nov 23, 2009
    Messages:
    289
    Likes Received:
    0
    Trophy Points:
    0
    The wording of the permissions can sometimes appear to be more ominous than it really is. It would be nice if there was a spot immediately following the permissions description for the developer to explain in plain language why the app needs those permissions and what they will and won't do with that access.

    As for the specific permissions referenced in the quoted post, here's my take:
    Net Communication: Well, obviously the app needs access to the internet if you're to view content from this site.

    Phone Call - Read State ID: I've assumed that this just means the app can tell whether you're actively on a phone call so it can pause and resume when the call if over.

    My Location (A course location, but still my location): I wish I knew how just how corse the location is. Is it just city/state or is it a few city blocks? I think this is often used or ads so they can target specific geographic populations. Alternately it could be gathering data for marketing research.

    Storage - which says mofidy or delete SD card storage
    and System: Some apps save internal storage by storing some apps & downloads to the SD card. If you use a file explorer to view your SD card you'll see several directories created by different apps. App preferences, backups, etc. are sometimes stored there.
  18. Incredibilly
    Offline

    Incredibilly Member

    Joined:
    Aug 3, 2010
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Northern VA
    Good points, Grill...
    Still, for the same reason many of us root our phones (true ownership of the device), I want final say on what mine transmits into the cloud. Of course I can always NOT use an offending app...*sigh*

    sent from my Incredible Andriod phone using DroidForums App.