[Workaround] Worried about Pandora snooping contacts?

Discussion in 'Android Hacks and Help' started by barcodelinux, Aug 15, 2010.

  1. barcodelinux

    barcodelinux Member

    Joined:
    Dec 26, 2009
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    If you have updated/downloaded Pandora recently and have looked at the comments section, you might have noticed a lot of people complaining about the new permissions change where Pandora asks for access to your contacts list. Pandora says they only use it if you let them. However, most people don't believe this.

    Regardless of if/when they use it, odds are you dont want your grandmother getting emails telling her what radio stations you are listening to.

    Here is how you can get around Pandora getting access to your contact data and still listen to your free/paid Pandora radio stations on your Android device.

    NOTE: Steps 1 and 2 below are not needed of you have the 2.2 OTA update.

    1. Root your device
    2. Install a 2.2 based ROM
    3. Uninstall the Pandora app on your device (if installed)
    4. Install Flash 10.1 ( from Market or here )
    5. Open the stock browser and in the address block type "about:debug" (nothing will happen). Do not close the browser!
    6. Hit the menu button then go to "More" and then "Settings"
    7. Scroll all the way to the bottom and tap on "UAString"
    8. Choose "Desktop"
    9. Hit the "Back" button to get back to the browser.
    10. Go to Pandora.com and sign in.
    11. Enjoy!

    The only problem that I have found is that if you navigate away from that browser window or turn the screen off, then Pandora stops playing.
     
  2. Codiusprie

    Codiusprie Member

    Joined:
    Mar 31, 2010
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0

    You rooted your phone, which arguably make it less secure than when it was stock, just so you can't share radio stations with Pandora? You should read up on rooting and how it can open your phone up to apps using root access for unsavory things. Just because an application has access to certain aspects of your phone doesn't mean it is going to use them for malicious reasons, I think that Pandora should have made it very clear as to why it needed contact access but it seriously is not a big deal. Again, there is a great article floating around from when I first rooted back in March talking about how easily an app can use root access to completely **** your phone and you.

    Also this seems like a pretty big deal, how long is your phone's battery going to last if it is streaming music with the screen on?
     
  3. barcodelinux

    barcodelinux Member

    Joined:
    Dec 26, 2009
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Wow! Ya know, ya coulda just said "Thanks" and went on about your way.

    And I supposed I could have just let your ignorance speak for itself. But, the way I see it, you took time out of your day to tell me how bad my contribution to the android community was. And I feel as though I owe it to you (and the android community) to return the favor and inform you as to how wrong you are. So I will take the time to refut each one of your incorrect and audacious points, or those points of which you speak as if they are facts, but are not in actuality, are not.

    Where do I begin?

    Whoa Whoa Whoa...let me stop you right there.

    Thats rather presumptuous for you to assume, don't ya think? Who said that *I* rooted my phone? And more to the point, what does that have to do with anything? You do not have to have root to do this workaround. I thought I made that very clear in the NOTE section. If I didn't, please let me know. But go on...

    Ok, again, let me stop you right there.

    Arguably? Ok, I'll bite. Specifically, how does a rooted device allow more control of your device by unsavory apps than a non-rooted device? Are we back to the whole assuming thing again?

    Now I would like to take a turn at the Assuming Wheel of Fortune. "Hey, Pat. I would like to buy a reality check!"

    Stay with me here...lets assume that you are correct and a rooted device is more exploitable that a stock (non-rooted) device. Wouldn't Google/Verizon/AT&T/T-Mobile all make it VERY clear that if you rooted your device, there could be SERIOUS security risks associated with taking such actions. I don't ever remember Big Red telling me anything of the sort. (Maybe I was so mesmerized by the shiny new Droid in my hands that I just tuned everything else out) Also, wouldn't said parties involved make patches that were pushed to the devices immediately as soon as the vulnerability became known? Now, I have been a Linux user for over 10 years now. You can not tell me that it takes that longer than 72 hours for a patch to be released and pushed to the devices for a certain confirmed and wildly exploited vulnerability when we have a platform that is open source like it is.

    But, I digress...

    If a non-rooted device is exploited by an unsavory app, there would be no notification to the user that said program had received elevated permissions and said app would be allowed to continue on its merry way wreaking untold havoc. Seriously, in this case its not like "blow up the world" kind of havoc, just more like "annoy your family and friends and co-workers about what kind of music you want to listen to" kind of havoc. Nothing serious.
    However, if a rooted device has an unsavory app installed and said app requests elevated permissions, the Superuser program (comes with a rooted Moto Droid) would send a pop up window to ask the user to allow or deny elevated permissions for a specific app. Now, would YOU rather exploit a vulnerability or have an unsavory app take care of that for you?

    Remember, you can install the unsavory apps whether you are rooted or not. Whether YOU allow them root access or not is another matter.

    Maybe not to you, but I didn't like the fact that Pandora emailed my wife and bothered to tell her that I updated my Kenny Logins radio station. Do you realize how embarrassing that was??

    Does this article state facts or is it the writers opinions/assumptions? Can I have a link?

    I didn't say it was a great workaround. I didn't say that it solved world hunger or brought peace to the middle east. I just said that it worked.
    Besides, my battery never goes dead while *I'm* listening to Pandora and my screen is on...because *I* listen to Pandora while my device is in my docking station and on A/C power at my desk while I'm at work. I gotta have something to get me through those 200+ slide presentations.

    Now, feel free to pick apart my retort...or just let it go.
     
  4. The White Weapon

    Joined:
    Feb 28, 2010
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bloomington IN
    Ratings:
    +0
    "Stay with me here...lets assume that you are correct and a rooted device is more exploitable that a stock (non-rooted) device. Wouldn't Google/Verizon/AT&T/T-Mobile all make it VERY clear that if you rooted your device, there could be SERIOUS security risks associated with taking such actions. I don't ever remember Big Red telling me anything of the sort. (Maybe I was so mesmerized by the shiny new Droid in my hands that I just tuned everything else out)"

    as a vzw employee (on student leave) and a former at&t employee, none of the companies you mentioned are going to tell a customer "don't root/jailbreak/hack your device". they don't even want the thought coming in to a user's head. At the very least, the company doesn't want one of their own employees putting the thought there. If someone messes this process up, they will undoubtedly try, at some point, to bring the device back and try to get it exchanged for a different/new model. exchanges and replacements costs the company a lot of money every year. No company is going to take the risk of warning a customer against hacking, in hopes that the customer will never come in contact with the idea of it.

    "f a non-rooted device is exploited by an unsavory app, there would be no notification to the user that said program had received elevated permissions and said app would be allowed to continue on its merry way wreaking untold havoc. Seriously, in this case its not like "blow up the world" kind of havoc, just more like "annoy your family and friends and co-workers about what kind of music you want to listen to" kind of havoc. Nothing serious.
    However, if a rooted device has an unsavory app installed and said app requests elevated permissions, the Superuser program (comes with a rooted Moto Droid) would send a pop up window to ask the user to allow or deny elevated permissions for a specific app. Now, would YOU rather exploit a vulnerability or have an unsavory app take care of that for you?

    Remember, you can install the unsavory apps whether you are rooted or not. Whether YOU allow them root access or not is another matter."

    I think he was just saying that the joe schmoe user, that doesn't know much about root, should try this. I don't think he was attacking you in any way.

    "I didn't say it was a great workaround. I didn't say that it solved world hunger or brought peace to the middle east. I just said that it worked.
    Besides, my battery never goes dead while *I'm* listening to Pandora and my screen is on...because *I* listen to Pandora while my device is in my docking station and on A/C power at my desk while I'm at work. I gotta have something to get me through those 200+ slide presentations."

    Again, I think he was just raising a point for discussion, not trying to insult your integrity/intelligence. I personally use pandora when I job, ride my bike, lift weights, etc., so I can't charge mine while using it, rendering this workaround useless for me.

    Once again, not attacking, just raising points. It's hard to read inflection, so I can understand how someone might misinterpret someone's meaning, but I didn't take anything that Codiusprie said as malicious or derogatory.
     
  5. serveitup911

    serveitup911 Member

    Joined:
    Dec 19, 2009
    Messages:
    291
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    I'm sorry to quote the whole post, but that is one of the best systematic rebuttals that I have ever seen. Seriously, that's the best post I've seen today, or even this week!
     
  6. barcodelinux

    barcodelinux Member

    Joined:
    Dec 26, 2009
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
  7. EmmVeePee

    EmmVeePee Member

    Joined:
    Dec 30, 2009
    Messages:
    182
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Wait, what?
     
Search tags for this page
pandora android permissions
,
pandora app permissions
,
pandora permissions
,
pandora radio security issues
,

pandora security risk

,

why does pandora need access to my calendar

,

why does pandora need access to my contacts

,
why does pandora need to access my calendar
,
why does pandora want access to my calendar
,
why does pandora want to access my calendar