Self-described hacker Moxie Marlinspike has released WhisperMonitor, a firewall for the Android operating system that among other things blocks its location-tracking features. Its egress filtering monitors all outbound network traffic, and lets users create filtering rules. An outbound connection request can, for example, allow …
Why don't you get it?
I can't understand why El Reg is following the party line by dragging Android/Google into a debate which should be firmly fixed on Apple, do you all work for the Apple PR machine?
Android only tracks users when the opt it to do it, hell, you even have to tick the two box's, accepting defaults on my phone would leave you untracked.
No such option works on the Apple/IOS devices. I can turn on or off the option though a clearly labelled box which explains exactly what is happening.
Google/Android's done nothing wrong here and frankly it's just plain annoying that you keep reporting it like there's a problem.
You can turn off location services. That's one box innit?
*HONESTLY* trust google?
yeah, except an android firewall is worth mentioning
Unlike an iPhone, which isn't going to allow an app that interferes with the "intended use" of the device, an Android firewall shows that an Android user has more control, that there's some cool tech to write about (oh look, a tech website =), and that there's still anti-fanbois to troll. Go WhisperCore.
The point is Android sends a unique identifier. iOS doesn't no matter what settings you have enabled.
Google shouldn't be allowing such information to be collected. Its obvious they do it to make another few bucks out of you.
"The point is Android sends a unique identifier. iOS doesn't no matter what settings you have enabled. Google shouldn't be allowing such information to be collected. Its obvious they do it to make another few bucks out of you."
The Unique ID is likely a quality-control mechanism. If a bunch of bogus data is sent from a single UID, they can purge their system by deleting all data from that UID. With the data not being tagged, there's no way for them to purge that bogus data, short of cross-validating (which they would have no way of knowing how many times said UID had reported). I would likely be a trivial matter to have your rooted 'droid spam thousands of bogus data packets, and without the UID, Google would only see it as a certain bit of data has been "upvoted" thousands of times, thus presumed to be accurate. This has plenty of bad connotations if abused. With UIDs (albeit potentially falsified, but easily blocked when checked against valid UIDs), it would be easy to spot such (single-UID) spam.
Sorry - That Doesn't Wash
Is the Location Data Encrypted For Transmission? If it isn't, or if the UUID is stored unencrypted on the phone, then I can spam with the UUID and Google are none the wiser.
It's possible to do location based info without tracking
You can upload location databases for a region and then locate the data offline.
Beat me to it...
"For users who like their movements to be their own business, this makes it a simple matter of stopping the Android GPS daemon from talking to the outside world. The downside is that you won’t be able to receive location-based advertisements suggesting nearby restaurants, shopping destinations or coffee joints."
Yeah, if you can read the street sign and you know your approximate city/location, you can always use google or bing to find you a nice place to eat, drink, score some crack, meth, hookers, etc...
Oo, the trackers
This is nice for the folk who care, but frankly I don't.
I could seriously not care less if every last one of you knew when I was at the liquor store, the furniture store, cruising the Alaska-Canada highway or playing Angry Birds on the throne. I have no idea of what use that would be to some of you. For some I'm sure it would be useful. I'm sure some of those would find a way to profit from making it useful to me, because they already have. Yes, there are some folk with enemies, future ex-girlfriends, and collection agencies they've stiffed who should be able to opt out - but thankfully I'm past that now and if I were hiding I would not be carrying a TRACKING DEVICE.
But God forbid somebody should sell that info? Give me a break. This whole thing is overblown. For one thing, you should know that if you're using a cellphone at all there's a log kept of your movements at the cellular company for law enforcement and billing and quality analysis purposes and "just because storage is cheap and we never throw out data because it might someday be useful". In your carrier agreement you probably allow them to do what they will with that info - did you read it?
Is it so scary to think your local department of transportation may also want to know when traffic stalls and where, how traffic increases over a certain bridge at what times of year or day so they can help you not burn so much time and gasoline waiting on that idiot ahead of you? So your phone and its apps know too, and use that info to deliver you useful information like where the nearest Happy Hour is. In the aggregate it's also useful for managers of parking lot attendants to predict staffing needs for major sporting events - How am I harmed by that? Why should I care if my movements in some small way contribute in the aggregate to data sold by some conglomerate to a small businessman looking for a good place for his next KFC franchise? By adding some credibility to traffic data I'm actually trivially helped by that because poorly located businesses fail and are a drag on the economy - and I might be getting delicious Extra Crispy closer than I would otherwise.
Color me unshocked. It's a technology and this is what it is for.
'Least I have chicken
Leeroy, you are just stupid as hell.
I have no idea of what use that would be to some of you
I'm sure that the burglar who analyzed your movements and chose the best time to strike will be very happy with your attitude.
Really, is that how burglars operate. They sit at home with their location databases analysising movement to assess when would be the most likely time some one is out the house.
Or do they walk down a street and either see an oppourtunity to enter a house or see something nice that they will come back the next day. A lot of burgalries even take place when people are in their homes asleep.
Turns out it is very easy to tell when you are in your house or not - you just look, or even knock at the door!
@ Mikel the troll
Here, have a snack:
"Intrigueing, mr. burglar, howzat you knew I'd be out for 45min on my twice-weekly run?"
Not only do some burglars operate this way, so do some robbers -- though admittedly it's generally using Twitter if the reports are anything to go by. I think a "famous rapper" or "hipity hop star" was even a victim of this.
How nice for you, Mikel.
So, you're saying that just because we've already lost a lot of our privacy, we should be happy to give up even more of it to benefit our corporate owners even further? Also, my recollection is that technology is supposed to benefit the users - obviously, that doesn't happen very much in the real world anymore, except, oh wait, firewalls kinda do. I don't know, dude, maybe some of us just happen to value privacy more than you do. There's some literature on that elsewhere on the internet, if you care to look.
I don't think he's we should be happy to give up even more of our privacy to benefit our evil overlords.
What he appears to be saying is "If you don't want your corporate owners to benefit from knowing where you are then don't get a mobile because mobiles - by their very nature - have to track where you are in order for you to get a fucken signal".
If Google want to try and advertise at me let them. I guarantee you I'm going to have much more fun out of that than they ever are. I'll offer them guitar lessons and not take no for an answer, I'll tell them to fuuuuuck riiiiight oooooofff and then play death metal at them, I'll ask them about the weather and apparently grow increasingly annoyed when they refuse to stick to that topic.
The world isn't going to leave you alone just because you want it to: You might as well have some fun with the dick who wants you to buy something you don't want. If enough people do that perhaps they'll eventually give up trying & go do something useful like kill themselves.
Except that if I don't feel like spending the energy messing with them, it seems like a firewall is a nice way to keep at least some of my bits to myself. The implication seemed to be "firewalls are pointless," or at least "you shouldn't make ANY attempt to maintain privacy on your phone," and I'm kinda going to have to go ahead and sort of disagree.
Maybe it's because I treat my phone (an N900, full disclosure, which I sadly know I'll have to replace someday, hence my interest in Android) as an actual computer first and a phone second; perhaps I'd feel differently if it was just a thing I used to talk to other people and occasionally snap photos of my cats.
The downside is that you won’t be able to receive location-based advertisements suggesting nearby restaurants, shopping destinations or coffee joints.
Surely that should be another upside?
I think El Reg could do with adding a clear colour code system to highlight this in future. Will save confusion....
you won’t be able to receive location-based advertisements
And this is a disadvantage how? I don't buy devices to allow advertisers to waste my time...
Google can remove it.
Google has already demonstrated any program they don't want on an Android device they can remove. It's why I don't have an Android device yet.
(1) I imagine there's only one way to guarantee a daemon you want to run runs : root the phone
(2) Brings up the next problem, do you trust said daemon?
No disrespect to this Marlinspike dude, I think what he said he's done is great. How much is known of him though?
I have an android phone, I'm not too bothered with them tracking me as I do not really do anything very exciting and to be honest, aluminium foil is quite readily available if I did.
But do I trust this Marlinspike guy? I might if I knew more about his operation. I would *definitely* if he opened up the source code. But.. I understand, coders need to eat etc...
Only market apps
Unlike the iPhone, Android permits the installation of unapproved apps. Google has no control over these.
And, while Google *can* hit the killswitch for any Market app, they have only used it against genuine malware, again, unlike Apple, who can, and frequently have, used it against "off message" apps.
Re: Google can remove it. - No they can't
WhisperMonitor doesn't install as a normal Android APK package. It will need to update kernel modules, install Linux binaries in /system/sbin and possibly even install a modified kernel, none of which Google have demonstrated ANY capability to remove remotely. At most they can probably uninstall the configuration front-end leaving the actual firewall up and running.
Same for other smartphones..
@tempemeaty Apple and Microsoft have demonstrated the same functionality for their respective devices using far more whimsical reasons. Not sure about RIM though...
"And, while Google *can* hit the killswitch for any Market app, they have only used it against genuine malware, again, unlike Apple, who can, and frequently have, used it against "off message" apps."
I'm aware of Google hitting the killswitch to remove malware from phones, but I'm only aware of Apple rejecting apps from inclusion in the app store in the first place or removing them from the app store, which is not the same thing as they're not removed from any device in those cases.
I'd be interested in reading about any cases where they've removed apps from user's phones or pads, though.
it's about time....
You wouldn't dream of connecting your laptop to the internet without running a firewall... would you... ? With the continuing convergence of computing devices, there's not much difference anymore between a phone and a laptop. Is about time phones came work built in firewalls... maybe this is the start of a whole new market sector.... Firewall One Mobile anyone ?
You can do this already
The Android kernel runs iptables, and you can get the app DroidWall to configure its rules on a per-app basis. You need root access, but you don't need to reflash the whole phone as you do here. Either way it's not exactly suitable to your average Joe.
add and use the mobile 3G on/off app icon on your home screen if your phone has it (or an APN app) so that the phone isn't broadcasting it's whereabouts all the time. Turn it on when you need to access the internet or email. Outside of corporate use do you really need instant push email all the time? Really - like really? How about those constant facebook and twitter updates? What's the weather doing now and tomorrow? Oh it's the same as it was 5 mins ago. SMS & MMS still work with 3G off...... WOW the phone even rings, like a, well, erm phone.
Use any app that doesn't require network access. Oh look limited or no ads. Try Angry Birds with 3G off...
Sure it won't be the solution for everyone who has to be 'connected' all the time, but suits me. Better battery life and my nuts aren't fried by my phone constantly trying to locate a 3G signal when the phones in my pocket.
repeat till you understand: 3G!=data
Using the data on/off toggle actually stops data. Turning off 3G just slows data down to GPRS or Edge speeds... and don't forget to disable WiFi as well.
...a bit extreme compared to just disabling the relevant sync and reporting options ;)
As is replacing system components instead of just configuring the built in firewall.
No need - I do understand.
Big *Thanks* for your condescending post title BTW. Nice touch.
"The downside is that you won’t be able to receive location-based advertisements suggesting nearby restaurants, shopping destinations or coffee joints"
Less ads? How, exactly, is that a downside?
Finally someone mentions DroidWall. This is my most valued app on the NexusOne. I block every app that I don't specifically use data for. IPTables is built in to the kernel and is highly secure, in and out. I don't know about the provenance of this other app, but DroidWall rocks.
My second-favorite app is AdFree.
Re: Moxie Marlinspike
He's fairly trustworthy, a whitehat hacker and privacy fiend. Also a Sailor, which is quite obvious if you know anything about Naval slang.
He was among the first to prove beyond the speculative, with POC code as well as tools, that SSL was extremely prone to MITM attacks, as well as HTTPS.
He also did something with Certificates and Mozilla Firefox as I recall, but Im not quite sure what that was exactly because I consider Certificates to be a very insecure form of Security delusion. "Just Trust Us!" from the likes of Verisign and Thawte doesnt work for me.
I just ran across Lookout Mobile Security. They've locked on to my TRIcorder..
Does anyone know about Lookout Mobile Security? It is in Market. It has a feature to set off a loud alarm to locate the phone.
What someone could design to make a mint off of is a "dongle" that is in one's pocket. When the phone is stolen, dropped, or left behind on the train, the distance alarm would trigger. Similar to cables and dongles for laptops in coffee shops.
What I'd like is a Cestus III/Gorn Dongle. Some a-hole takes my phone hears a voice of Spock: "THEY'VE LOCKED ON TO MY *tri*CORDER! BRILLIANT TECHNIQUE!", but they don't get to lob it before it dets. Not legal tho. So...
Turn the phone into an electrocuter. If the thief is fitted with a pacemaker of some sort, T.S. Shouldn't a been stealin'...
FRAKIN' AYYYE! GOTTTD***MMIT! THIS is what google should have enabled in the FIRST damned place. All these years, users exposed, and it takes enraged, furious, SCREAMING users, and a 3rd party makes a product that GOOGLE could have produced NATIVELY. Do no harm, huh?
I have been bitching about this for MONTHS. Even here, in El Reg, some have had down-ticked my comments about it. Maybe they work for Google, or the telcos, or spook agencies. i dunno. But, my frackin phone is MY personal network, and and extension of my wallet and my hard drive. I have the right (so long as I am not a criminal) to protect my systems. I also have a DUTY to myself and to those around me to take steps to make sure my phone isn't being trespassed or misues against others for WHAT EVER reasion somone decides to intiate.
Lamentably, my android phone is not on the support list yet.
If Moxie Marlinspike certifies this app has no known backdoors and no national security letter disavow orders attached to his/her product, and doesn't require me t root my phone, i will pay *$30**, **$40** or **$$50** for this app. It would be most my prized Android ware EVER.
Also, Moxie Marlinspike, i urge you to find a sane court of law in which to file for a court-deemed exemption (i forget the legalese term for it) that states you are not doing anything ILLEGAL and that no lawsuits can be initiated upon you or your cohorts for offering this product, and which restrains phone makers and phone carriers from denying users the right to know of intrusions and connections (uninitiated or initiated), touches, copies, moves, deletes, and changes.
Companies are responsible for their networks. Users should be, too. Such an imposition means Whisper is a tool we all are entitled to use and restrict outside contact and to monitor and thwart data lifting.
Lookout Mobile Security just failed for me...
INT WTF???!!! It wants my email provider account password to be entered. I entered a different password, thinking I was going to receive notifications at my gmail account, but that the new password would be my authentication to enter the lookout mobile security profile on the dev's site.
Three tries. Three fails. I deleted the damned app.
WHY do sites insist we enter our private email password just to use a site that is not related to my email account.
COMPLETELY firewalling the GPS daemon is probably a bad idea. You'll end up blocking XTRA requests to Google, which will greatly increase the time to get a satellite lock on your GPS.
You should probably be more specific on what to block and what to allow.
Just had a thought...
All that worrying we're doing about Android phone tracking.... there is possibly ONE major upshot: Theft recovery. if we had a hand-dongle on our person when our phone is snatched, and if that dongle had a panic button that tips off ISPs, telcos, the police, and Google, then the police could monitor the phone and possibly the police could discover a drug den or more, including a trove of stolen goods that were unsolved crimes.
However, to ameliorate some concerns about tracking, that dongle in hour hand (if it too is not stolen or left somewhere) could trigger the phone to disable it's anti-tracking settings, make a call, activate the mic to collect audio for prosecutors to use, randomly shoot pics, and send audio and digital snippets to Google or the provider.
One problem though: the thieves will catch on, and they'll likely sell stolen phones as strip kits for metals or spare parts once they know which part of the phone to not resell nor activated outside of a Faraday cage...