US regulators have told smartphone software makers to do more to protect the privacy of kids using their apps - or face the watchdogs' wrath. In a report that acknowledged the "tremendous" growth of mobile software, the Federal Trade Commission said app developers are not making "simple and short" declarations of their privacy …
As gatekeepers of the app marketplace, the app stores should do more
I quite agree, but also, as gatekeepers of the well being of their children, I think parents should probably be doing more too.
Re: As gatekeepers of the app marketplace, the app stores should do more
Agreed; but as most of these security slips are mostly only discovered after your data has been raped it's a difficult task. The app stores should be doing much, much more and all data rape ought to be opt-in only; but as that's where a lot of the money is coming from it'll only happen when they are forced to. And then they'll be finding ways to weasel out of it.
I Stopped downloading apps for the simple reason that the developers are asking for too much information.
Why do they need to know where I am, why do they need access to sms, why do they need to....... Contacts list.
TO COLLECT DATA AND SELL IT ON FOR ADVERTISING
IF EVERYONE stopped downloading apps they would soon change things. I would love to have examples of the information they take off you because, believe me you wouldn't be downloading half what you do now.
"Couldn't figure out from the *promotion* pages"
Hint's in the name, morons
Needs a "selectively allow" option though.
There are so many apps that just ask for "everything", and I put many of these down to laziness on the part of the author, not malice.
Being able to allow some access patterns would be good. Actually as would an "advert fetching" permission, rather than full access. Then run an ad server on the phone...
Re: Needs a "selectively allow" option though.
I'd rather have a menu for each app where I can decide whether to let it have genuine information, or whether it gets to know my name is Mickey, my contacts are Pluto and Donald, my location is Disneyland, it's net read/write access is /dev/zero and /dev/null respectively, etc.
That way I could still use an app in spite of not trusting it.
Re: Needs a "selectively allow" option though.
"There are so many apps that just ask for "everything", and I put many of these down to laziness on the part of the author, not malice."
Well, there's your problem.
Follow that logic through: if the developer is too lazy to identify the access rights their application needs, what other basic development tasks are they too lazy to do properly? "Laziness" is not giving the developer the benefit of the doubt, it's just raising YET ANOTHER reason why you shouldn't install their product.
Maybe the parents ...
... should be a bit more responsible. Oh what am I thinking? Parents who are children themselves, or child-like, and addicted to all the codependent little electronic drugs can't do that. The basement can be such a scary place ... why ever leave?
Re: Maybe the parents ...
you obviously don't have children yet do you!
This level of security will be hard to achieve
For example I've seen Oyster apps sending all your Oyster card details to the developer's own server, and presumably then contact TfL from there. (using cleartext HTTP to make matters worse)
But what else are they doing with that info? Why doesn't the app simply contact TfL directly?
It's not something that shows up on Android permissions either because it's simple Web access.
Short of users starting to sniff what their apps are doing I think it'll be very had to put a stomp on this.
There's a simple solution to this.
Don't let kids download apps.
Re: There's a simple solution to this.
or register on websites..
Oh wait how do you do this? Block the browser?
Winds me up this corporate bullshit...
"From the beginning, Android has had an industry-leading permission system, which informs consumers what data an app can access and requires user approval before installation"
But doesnt give ANY method of stopping those apps accessing it...
In other words "you dont want us harvesting your data? Dont download the app then".
So, as a brand new Fandroid user i have discovered nearly EVERY app wants access to everything about me... Why??? Why cant i explicitly allow or deny acces to certain data.
My SMS app might need to access my contact list but it doesnt need to know what my geo location is...But i cant modify that.. All or none and none equates to not installing the app in the first place...
So i recommend Pdroid or Privacy blocker. Or better yet, go back to symbian!!!!!
Dear google, get your fucking tendrils out of my data!!!
Personally I think the worst bit of permissions is they show them at install time, before the user actually has any clue about everything the apps does. This leads people to think that the permission will actually be useful somewhere, so of course they accept it (and yes there's no other option other than accepting it)
Also there's no clear picture of how the permissions are used, i.e. sure the app needs "read address book" but that doesn't tell the user that the app will "read the address book and send it to our server in the Bermudas".
Finally many developers just ask for all sorts of permissions without needing them. But I'm told that's because any app updates can't ask for more permissions in the future? (not sure if true, feel free to correct)
"go back to symbian" Re: Winds me up this corporate bullshit...
To be fair, Symbian OS doesn't allow you to selectively grant permissions either. I think there are other reasons for preferring Symbian over Android, but I'm afraid the permissions model isn't one of them (Symbian's implementation is arguably better but the design is essentially the same, app gets all permissions at install time or it doesn't get installed).
re "any app updates can't ask for more permissions in the future"
Assuming we're talking about Android, then yes, they can. The difference is that if you don't ask for more permissions then the update can happen invisibly in the background, but if you do then the user has to explictly permit the update. Seems like a reasonable model.
Robsons Right, their permissions code stinks
"From the beginning, Android has had an industry-leading permission system,"
Well... NO. Blackberry has industry leading permissions, you could deny individual roles and permissions at run-time on even ancient relics like the Pearl and Curve. Most of the apps would still run too. Even Apple has started to tap out and allow users to deny address book access to individual apps at runtime.
So really, Android's permissions controls are really sort of in-the-midde-of-the-pack-and-and-getting-passed-by-the-competition.
Why do I get offered less protection than a child?
The risks are the same to me!
"Android has had an industry-leading permission system"
The Android permission system is all or nothing, with such things grouped clumsily together as "Phone state..." (useful, so stuff shuts up during a call) "...and identity". What? WHAT?
In addition, I have rejected good apps for wanting to "Discover known contacts" and "Services which may cost you money", neither of which are necessary to the functioning of the app and could be disabled with little loss. Plus, yes there's more, there seems no mechanism for targetted web access (like, to the app support site and the obligatory advertiser). It looks like it is all of nothing.
When Google implement a scheme where an app asks for permissions and the user can CHOOSE which to grant, then you'll have a system worth looking at.
Re: "Android has had an industry-leading permission system"
That permission could be worded a little better. It's not clear that "Phone" modifies both "state" and "identity". In other words, the permission allows checking the phone state and the identifier _of_the_phone -- not YOUR identity.
This at least indicates why they might be grouped together (common library), even though it would still be nice to separate those two, as the second could be more easily used for nefarious purposes.
Re: Re: "Android has had an industry-leading permission system"
I'm well aware it is the phone's identity and not "mine", however if the phone identity is being given out willy-nilly, you might ask yourself what defines your identity? I've already posted how "anonymous" recording of my GPS use could viably lead to the discovery of my likely home location, thus my address, and maybe even my name. But my name is unimportant, you don't need to know my name to know who I am, just use a convenient identifier like, say, my phone's identity...
EASY TO BLAME THE PARENTS...
if you have no children of your own or you are sitting with a smug self satisfied middle class smile on your face.
That smile won't last because your children will be running rings round you and your tech ability.
However, if the permissions really made it clear and gave an example of WHAT they collected about you then MAYBE we could make a better informed decision.
Re: EASY TO BLAME THE PARENTS...
Making them responsible, which is very different.
Of course our kids will run circles around us, as we did with our parents.
But you have to show interest, give them time.
Easy? Nope, not at all. Rising children is getting harder everyday.
Re: EASY TO BLAME THE PARENTS...
It seems, in general, kids really don't know/care about privacy, for the most part. But anyway...
Say 'No!' to Facebook and you get howls about how 'Johnny Little, 11 down the road has Facebook and so does his puppy, canary and tortoise.'
Say no to some IM shite, you get the same.
Say no to Web cams and Huddles, you get the same. (Huddles? FFS! Whichever twat came up with that needs kneecapping).
And so it goes on. As a responsible parent it's pretty tough getting the balancing act right. You don't want your kids running riot unmanaged or uneducated, but at the same time you don't want to alienate them from their friends.
Personally I am not a great fan of kids of Facebook, Twitter or whatever. But whatever you do as a parent, it'll rarely be right. But that's life IIRC.
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Justin Bieber BEGGED for a $200k RIM JOB – and got REJECTED
- Review Bigger on the inside: WD’s Tardis-like Black² Dual Drive laptop disk
- Inside Steve Ballmer’s fondleslab rear-guard action