Android, Security, Google, Vigilance!

[RW-1]

My guess about the Pandora rights: It probably needs "phone state" so that it can hibernate properly when you get a phone call. It probably needs "contact info" because it has a "share" feature if you want to send song info to your contacts.

Which is more likely: Pandora - a strong competitor in the Internet radio business - would risk the horrible publicity of being caught exposing your personal information; or the Pandora app needs certain specific rights for the legitimate operation of their app - and the Android SDK simply doesn't provide a way for them to specify exactly how they plan to use those blanket rights? I think the latter. Maybe you disagree?

There are a bunch of really smart tech-savvy people out there putting the popular apps through more of a wringer than I ever will. It stands to reason that one of them, somewhere, would be able to tell if an app was up to some shenanigans. At that point, of course, the dev would be called out publicly, and his/her reputation would be permanently destroyed.

Maybe that's being cavalier with privacy, but I just think developers have too much to lose by screwing around with your privacy, especially when it is virtually guaranteed that someone, somewhere, will know about it. Someone out there with a packet sniffer will be watching what the app is sending with its "full internet access" and will blow the whistle.

I think most apps that need your "phone state and identity" need it because they want to handle a phone call interruption elegantly; and I think most apps that need your "contact info" need it because they have some convenient ability for you to share information with your contacts - which is a GOOD thing.

Having said that, I try not to screw around with apps that have small audiences. There's safety in numbers, I think: the more people who are using the app, the better the chance that I don't need to worry about it.

Spot on! +1

BTW, you are in the right place, the Android community, consisting of the dev's out there doing ROM's, and others like us here at DF, are the "someone" you talk about watching what apps do.

I say again and again, make comments on all your apps, good or bad, in the market.

 

[Bateluer]

Android Security FAQ | Android Developers

This is how Google defines malicious apps. Interesting.

The term malicious software is subjective, and we cannot make an exhaustive definition. Some examples of what the Android Security Team believes to be malicious software is any application that:

• drains the device's battery very quickly;
• shows the user unsolicited messages (especially messages urging the user to buy something);
• resists (or attempts to resist) the user's effort to uninstall it;
• attempts to automatically spread itself to other devices;
• hides its files and/or processes;
• discloses the user's private information to a third party, without the user's knowledge and consent;
• destroys the user's data (or the device itself) without the user's knowledge and consent;
• impersonates the user (such as by sending email or buying things from a web store) without the user's knowledge and consent; or
• otherwise degrades the user's experience with the device.

Under their definitions, I classify MotoBlur, encrypted bootloaders, and almost all pre-installed carrier/manufacturer apps as malicious because they resist my attempts to move them. I wonder exactly how many apps disclose personal information to a third party without the knowledge or consent of the user?

 

[iPirate]

Giving info on why an app needs that access is ok but then the Dev could lie and steal your info ...

Pandora needs call info so the music can pause. Most maybe all ads request GPS. They aren't stealing your contact info or tracking your every move. Do you think you are that special?

Maybe the details are too broad

 

[furbearingmammal]

How is spamming the hell out of your twitter list with "I like pie!" every time you heart a song a GOOD Thing? Assuming I used Twitter, that is -- I don't. I also don't Mybook or Facespace, or anything else that involves telling everyone I know when I'm leaving the house, taking a porcelain cruise, what and where I'm eating, how gassy I am from last night's chili, or if I'm intimately involved in a nightly game of wrestle midget. Especially if I happen to lose.

Seriously, though, look at the fap over the data harvesting of those wallpaper apps before you tell me there's safety in numbers, too. Even if the data wasn't harvested for malicious intent, how do we know how secure the servers it was sent from or to were? Now that the cash stream from the apps themselves has dried up, how do we know the entire collection won't be sold off either piecemeal or all at once to someone who has said malicious intent?

The fact of the matter is that, while I'm not paranoid like some people I've met in my life, or like Dale Gribble from King of the Hill, I do worry about the total lack of privacy that seems to be the rule these days.

All it takes is one bad egg with patience and possibly tens of thousands of people are screwed like a new deck.

 

[FunN4Lo]

How is spamming the hell out of your twitter list with "I like pie!" every time you heart a song a GOOD Thing? Assuming I used Twitter, that is -- I don't. I also don't Mybook or Facespace, or anything else that involves telling everyone I know when I'm leaving the house, taking a porcelain cruise, what and where I'm eating, how gassy I am from last night's chili, or if I'm intimately involved in a nightly game of wrestle midget. Especially if I happen to lose.

I have several of the concerns voiced here. I have decided not to DL many apps because of the permissions they want.

But.... I think the quote above will be my new status update today :rofl3::rofl3::rofl3:

 

[Bateluer]

I do worry about the total lack of privacy that seems to be the rule these days.

All it takes is one bad egg with patience and possibly tens of thousands of people are screwed like a new deck.

And that is the point I'm trying to make. This 'open by default' mentality and complete disregard for our own security and privacy will explode in our faces.

Giving info on why an app needs that access is ok but then the Dev could lie and steal your info ...

Pandora needs call info so the music can pause. Most maybe all ads request GPS. They aren't stealing your contact info or tracking your every move. Do you think you are that special?

Data mining. Google's data retention policy is to keep pretty much everything indefinitely. It may not seem like a big deal now, but do you really want Google, Pandora, whomever having all that information about you, what you like, what you dislike, whom you like, whom you dislike, things you've bought, where you've been, etc, to use how ever they wish in perpetuity.

 

[furbearingmammal]

Google got cleared of malicious intent in their data retention policies, but again, all it takes is one bad egg and a lot of stuff is suddenly on sale on the black market. How many times have we heard news stories of people selling Facebook credit card numbers in block lots over in Russia before people start getting worried?

The answer can never be given conclusively because people today are so concerned with being noticed and special, and are so shallow they make a mirror look deep. Especially when they look in them.

Seriously, though, I only turn GPS on when I need to use Navigation in my phone or I'm using an app that uses it directly for some purpose. I NEVER have the use network location checkbox marked. I don't think anyone needs to know exactly where I am unless I tell them. Having an app to block some of these permissions would be a Good Thing because then people who want the peace of mind could have it. Those who don't care need not install.

I'm sorry, but these privacy-destroying things should be opt-in, not opt-out.

 

[jbdavies]

Seriously, though, I only turn GPS on when I need to use Navigation in my phone or I'm using an app that uses it directly for some purpose. I NEVER have the use network location checkbox marked. I don't think anyone needs to know exactly where I am unless I tell them. Having an app to block some of these permissions would be a Good Thing because then people who want the peace of mind could have it. Those who don't care need not install.

Network location is not accurate, at all. It'll get your general location (100+yrds), but never your actual location. Turn off your GPS and go into Google Maps. Your phone will just sit there trying to figure out where you are, but will never be close. The only thing that is good for is figuring out what city you're in.

I'm not saying not to be careful or actually care what some apps are collecting and whatnot, but an app that uses network location... really isn't that big of a deal. It's not like they're sending your information to the mafia and they'll kick in your door in the middle of the night to kidnap you.

 

[furbearingmammal]

Seriously, though, I only turn GPS on when I need to use Navigation in my phone or I'm using an app that uses it directly for some purpose. I NEVER have the use network location checkbox marked. I don't think anyone needs to know exactly where I am unless I tell them. Having an app to block some of these permissions would be a Good Thing because then people who want the peace of mind could have it. Those who don't care need not install.

Network location is not accurate, at all. It'll get your general location (100+yrds), but never your actual location. Turn off your GPS and go into Google Maps. Your phone will just sit there trying to figure out where you are, but will never be close. The only thing that is good for is figuring out what city you're in.

I'm not saying not to be careful or actually care what some apps are collecting and whatnot, but an app that uses network location... really isn't that big of a deal. It's not like they're sending your information to the mafia and they'll kick in your door in the middle of the night to kidnap you.

Says you! For all you know I'm working on a water-powered car and am very close to patenting the chemically-boosted electrolysis method for separating the hydrogen from two separate RF-stimulated salt-water mixtures combining under pressure in a sealed chamber lines with a special aluminum alloy I've perfected in my basement lab.

Please Rob Me

Google Latitude, ‘a gift to stalkers’ and a threat to privacy Adotas

 

[solohikr]

This is my first post, and coming from the Blackberry community this topic has been somewhat alarming. From what I gathered with my own data mining into the world of Google, is what ever you do from searching the latest movie reviews to serious work related searches and any porn sites you visit is 100% retained by google for a minimum of 3 yrs.
Where do they have this storage server for the world? (it must be the size of the moon) is beyond me. My conclusion is; If you want to retain some smigen of privacy do not use any google product or related to google product including Googles premier info gathering device. "The Droid".
As stated somewhere in a previous post Google has been cleared of any malicious intent with info gathering, this could just be the begining. We people have a tendency to dumb down some when we want certain things. We make all sorts or justifacations to satisfy our needs for the latest and greatest toys. It may not be a big deal now and somewhat under the radar but where is this data gathering gonna be in 5 yrs?
Im not a conspiracy therorist, nor ever played one on T.V. and I am even rocking the droid X and loving it. Just my .02 cents.

 

[furbearingmammal]

Two hundredths of a cent? Wow, has that statement ever been adjusted for inflation!

 

[solohikr]

Two hundredths of a cent? Wow, has that statement ever been adjusted for inflation!

Just goes to show how little value my opinion is in this world.

 

[jbdavies]

Says you! For all you know I'm working on a water-powered car and am very close to patenting the chemically-boosted electrolysis method for separating the hydrogen from two separate RF-stimulated salt-water mixtures combining under pressure in a sealed chamber lines with a special aluminum alloy I've perfected in my basement lab.http://www.adotas.com/2009/02/google-latitude-a-gift-to-stalkers-and-a-threat-to-privacy/

lol You lost me... :icon_eek:

 

[furbearingmammal]

Two hundredths of a cent? Wow, has that statement ever been adjusted for inflation!

Just goes to show how little value my opinion is in this world.

I was referring to the whole two cents thing.

And may I add;

You and me both.

You and me both.

Says you! For all you know I'm working on a water-powered car and am very close to patenting the chemically-boosted electrolysis method for separating the hydrogen from two separate RF-stimulated salt-water mixtures combining under pressure in a sealed chamber lines with a special aluminum alloy I've perfected in my basement lab.

lol You lost me... :icon_eek:

Sorry, I was confusing the Mafia and the oil companies. Considering how much criminal activity both groups get away with, how many lives they destroy, and their total disregard for anything but the almighty dollar, I think you can see where I might get them confused.