On the heels of last week’s controversy regarding the photo-slurping habits of iPhones come reports that Android can play similar games with privacy. Following the template it used to demonstrate the iOS vulnerability, the New York Times commissioned an Android app developer, Ralph Gootee of Loupe, to put together a demo app …
A huge problem with Android apps is the 'take it or leave it' approach to permissions. You either accept what the dev claims his app needs to run, or don't install it. Where's the third approach, which would be to install it but replace dodgy sounding permissions with stub implementations? No, your game doesn't need access to my phone book or the internet, so if it tries, it gets an empty phone book and I appear permanently offline...
A third option is to install LBE Privacy guard (and there's probably a few similar apps I don't know about, just found one that worked and have stuck with it) which allows you to block these permissions for each app and each permission (eg access phone book, contacts, internet, location, phone ID etc).
If you deny a genuinely needed permission the app obviously wont work properly, but at least you have more control than the blanket permissions a lot of apps request.
In terms of the out of the box Android experience I guess its good to be informed, but would be better to have control without having to use third party apps...
Re: option c)
But doesn't this mean you need to give the security app access to everything?
Can you trust the security app?
Re: option c)
Also, does this not require root privileges, which opens a whole other can of worms (not to mention voids most warranties)?
downloading apps that need apparent permissions that have no relevance to what the app is all about.
Now I have no apps!
This I think will remain a problem until we have the choice on permissions on the download page.
Each app should come with a 'tick' the box for what you will allow and this should have no effect on the app.
Re: I STOPPED....
If only everyone took a stand over these permissions, just give a one star rating for apps that require too many permissions or everyone stops downloading for a few weeks we would probably see some changes.
Re: I STOPPED....
Sadly, I highly doubt this will happen. Especially if it means that the user won't be able to run their favorite app, or an app which everyone else is running. I can already hear the screams about not being able to play "Angry Birds" (not implicating Rovio, here, just that I honestly don't know any other games on the platform) JUST because it can snarf their pics.
Those screams would sound like customers who call me because their favorite website has been exploited and Google, Firefox, or their anti-virus is preventing them from visiting. But they REALLY REALLY REALLY need to get to the website, so can't we just drop those protections long enough to get some work done?
I've had to liken it to sexually transmitted diseases and unprotected sex before to get the point across. Even then, I'm not certain the conversation had lasting effect.
Paris, no conversation has a lasting effect.
Re: I STOPPED....
Ditched Angry Birds myself when I realised they were adding more and more intrusive permissions to their games, to the point that it wanted to read my SMS, my contacts and more.
Re: option c)
Cyanogenmod allows you to dig into an app's permissions and deny / allow as you see fit before you run the app for the first time. This does have the occasional side effect of an apps crashing, but in a recent case I had of a note taking app wanting contact and network permissions and falling over when denied such, it was warning enough for me to nuke the damned thing and look elsewhere.
Probably for adverts.
So here's a suggestion: PERMISSION::ADVERTS, PERMISSION::ADVERTS_GPSLOC, PERMISSION::ADVERTS_TOWERLOC, plus any others that are specifically related to the advertising framework you're using.
Now offer users a central control panel with checkboxes that say "Yes, adverts can know my location", "Yes, adverts can read my contacts", and any other permissions that Adwords and other approved advertising companies might use. I say this because "approved advertising companies" is better than "whatever advertising companies the local monopolies commission says you HAVE to work with".
Make sure the user can always turn all checkboxes off. Doesn't stop an advert-funded app displaying adverts, just that they would be more like billboards and less like a personalised sales pitch.
Does anybody remember the utter stink that Go!Zilla and Aureate kicked up? It wasn't just because of the ad banner.
Re: Probably for adverts.
An advert doesn't need to know my location, the nosey bastards.
I want a 'give false location info to adverts' app.
A better option is to install DroidWall. It's a free firewall that let's you block apps from accessing the internet. About half my apps are blocked, including cameras, games, books, barcode scanner, calender storage, contacts, and video players. Also blocks ads on those apps.
I feel safer, my phone runs faster and gets better battery life.
Only an idiot codes to an Interface rather than an implementation
At least until the 'evil app' learns how to access Droidwall
"A better option is to install DroidWall. It's a free firewall that let's you block apps from accessing the internet."
If an app has 'full permissions' it will only be a mater of time before apps have enough code to look for and disable these things.
Re: option c)
1) Root your phone so you actually have control of your phone. Sad, but true.
2) LBE works AWESOME to block nefarious requests to information completely unrelated to the app. You'll be surprised how many things ask or are currently - grabbing!
"Where's the third approach, which would be to install it but replace dodgy sounding permissions with stub implementations?"
Yeah, agreed but it ain't gonna happen. It would be like turkeys voting for Christmas - the people offering the "free" apps are making their money by pimping users' data to marketing companies - and Google aren't going to help as it was their idea in the first place. There are 3rd party solutions though.
You can do that if you have root
The app Pdroid can block a number of permissions in that way, but requires Root.
I combine that with Avast AV which contains an application firewall, also requires root. It allows Deny All, Permit by Exception. If it is a game or something that has no need to access the internet it is blocked automaticlly, unless I specifically add it to the allowed list. If it needs internet to work I use Pdroid, so for example, facebook is feed a random Device ID, phone number, SIM serial, Subscriber ID, GPS and Network location, while incoming number (why the hell do they need this?), call log, SMS, MMS, Sim Info, and network info are blocked completely.
I know some friends who would really love these capabilites, but are nervous about rooting their phone. It would be great if this was allowed for everyone.
I don't see any difficulty in NOT conflating "Internet Access" with "Access to <insert LOCAL data of choice>".
One is accessing data over a network the other is... n't.
The trouble is, I can't seem to find any Android manifest permission relating to local data other than the specific CALENDER, CONTACTS and FRAME_BUFFER data (the closest I found to any camera content I guess).
I'm not sure (but don't know for sure) that there is ANY protection for camera files or any other local data. Looking at the available permissions on Android, it looks like the real problem is that if you give an app INTERNET access then you open a big fat pipe down which it can SEND local data that it already has access to.
Paris, cos she likes big, fat pipes. Allegedly.
Not sure why half my Android tablet apps need half the permissions they do. Sure you can have access to my phonebook, I'm using a tablet so I don't have one!
So if I don't have one, why does it need it? The app still works. Most odd. Likewise with some of the other permissions? Over-caution from Google or data mining?
Still at least it asks. God knows what is happening on my iPhone where I do have a phonebook, etc.
Like I said in another thread: share buttons. You wanna tell your friends about the app? Well, it needs to know who your friends are. And how do you wanna tell them?
SMS? That's a permission.
Facebook? That's a permission.
Email? That's a permission.
Seriously, The Moron Test is not rifling through your text messages. It just needs to be able to send one.
Oh, and by "send one" I don't mean secretly send one without your knowledge, I mean it needs a permission to compose a little message reading "Play the Moron Test!" and ask you to click send.
"You wanna tell your friends about the app?"
If yes, then I'll tell them myself. I'd like to take those auto email/post things out everyones hands. To many auto generated messages by spammers without friends acting like some psudo spam relay.
Basically the whole file system is open - just like on your (non-Linux) desktop.
There are a number of solutions. One, your photo app could encrypt your photos so that no other app could read them. This would get the job done, but you'd be unable to view them in the built-in Gallery or do anything else with them outside the photo app - the classic walled garden approach. Trivially easy to implement, but also crappy.
Rumor has it that future versions of Android will allow apps to limit outside access to their home folders.
"Gootee of Loupe"
What does it mean, though?
Curious to see what Google does about this, if anything.
The modify/delete permission was introduced in Android 1.6 - before it apps could write or delete without stating anything. However introducing that also meant that all apps designed to prior versions of the Android API get the modify/delete SD permission implicitly, regardless of actual use.
If they did the same again, all existing apps would shown an implicit read SD card permission, even if they don't use the SD card. This would be highly counter-productive and confuse users to no end, so I suppose they'll have to think of something else other than just adding another permission.
Issue is deeper and WONTFIX
Issue is choice of the file system, Microsoft fat which Ms themselves bypassed on first opportunity (win phone)
It has no clue about owners, it is designed for dos.
Sorry for stating these basic facts to you, it is in fact for couple of idiots who claims people who will plug the card to computer and manually manage files can't install a ext reader to windows.
Billions of dollars at risk, people lose personal, impossible to reproduce photos are disappearing because it has no journal and now, all personal data at risk. Every time someone mentions these basic facts, someone pops up and talk about that imaginary guy who plugs the sd to computer and hasn't installed some suite.
I can't even believe the fact that even if you manually go with ext3/2 and kernel has support, your device won't mount it. Yes, tried and I am not hacking the /etc just because some Microsoft Trojan made its way to stupid google, unnoticed.
I sense another lawsuit from Apple coming seeing as they did this first...
So the NYT's "commissioned" an app developer to put together something incredibly trivial because it's a known fact (and presumably a design decision) that the "user data" (let's call it external SD, because it differs from /data/data, which is some what protected) is accessible to any app. This is newsworthy?
How else are apps like Photoshop, Facebook, Twitter, Dropbox, etc going to gain access to your photos for retouching/uploading? Yes, you could have them encrypted on external SD with an API and explicit permission set for accessing them, but then you wouldn't be able to access them when you connect your phone via USB mass storage, which would be an incredible inconvenience.
I have several different video and/or music players on my Android devices, and they can all access my stored videos/MP3s, which is what I want to be able to do. On my wife's iPad, I accidentally loaded some non-video files into the walled garden of her CinePlayerX app, which I'm now completely unable to delete because they don't appear in the file list of the app.
Sometimes we have to balance the needs of security with convenience, just as we do in real life. I'm not going to be taking naked pictures of myself, or copies of state secrets on my phone, so if they somehow end up on a public website, I don't particularly care.
If I were to do something that required more security, I would be taking the appropriate steps to safeguard my data.
Matter of trust
So we've established that both Android and the iPhone suffer from unprotected parts of the file system that allows unscrupulous apps to access photos and probably other media. There is no difference between this and my desktop and to deny all access would completely limit anything any app could do.
Anyway, the issue is trust, 1) you have to trust the author not to have written a backdoor and 2) Starting with Google, and ending up with the law authorities, the author of such software would be done over, dragged through thorn bushes and prosecuted to the full extent of the law for EVERY person effected.
Unfortunately, having an app store gives the impression of increased security for both platforms yet its simply not the case. (Yes, even Apple let some slip through despite the rigorous approval procedures in their walled garden)
If Android is going to function as a proper OS it needs to act like one! I like the way MEPIS groups permissions and restricts user access as needed (or desired - sometimes with a little fiddling). Permissions Functionality should be a simple, yet easy to use tool integrated into the OS - settable by the OWNERS, not Google, or the phone company; and all apps should delineate why specific permissions are required for what features.
Many features I'd leaved enabled, others would have certain permissions enabled only as needed, and a few would be routinely blocked, disabled, and not show on-screen (such as Facebook) - until I desire otherwise!
"If Android is going to function as a proper OS it needs to act like one"
It does act like an OS, it operates the hardware on behalf of application programs. I an application wants access to a resource, it gets it via the O/S.
Android is more secure than most desktop operating systems because it requires an application progam to be given permissions to user data; when was the last time you installed a Windows or Mac OS program and had it tell you that it required internet access and access to specific user data? Pretty much every desktop O/S application program has access to read from, and in most cases write to, files created by other applications - the security normally just get's enforced at the User level so all my programs can see all my data (but not anyone else's).
I'll upvote you just for being pedantic...
...and raise you a "Android isn't even the OS, that's Linux. Android is a whacking great stack of software running on Linux, the visible part you see of which is the Dalvik virtual machine and whatever launcher is running."
But yes, the permissions model does need a bit of a remodel.
Re: I'll upvote you just for being pedantic...
I'll upvote myself just for being a dick...
...and raise you a "Linux isn't even the OS... It's the kernel".
Re: But yes, the permissions model does need a bit of a remodel.
That takes the 2012 "understatement of the year" award.
And the solution is..
Have two devices: one for apps, games and entertainment, and another for private stuff: Calendar, contacts, mail, pictures, sms, and calls.
As mentioned earlier, often the permissions are needed for something you may not consider. A bit like the furor over granting Facebook, Google etc the right to display your photos. How else are they meant to show your friends said photos that YOU are sharing?
Obviously with a dodgy developer there could be a problem.
On the other hand, how many apps that people install really are quite trivial to go and create yourself? A huge percentage, I'd say. In fact, several times when I've thought an app needs ridiculous permissions I've written something myself - and that's coming from no previous developing background. Probably the thing I like most about my androids actually, I'm quite enjoying coding and I'd probably never have tried it.
Talking of Photo Slurping without consent, anyone using Google+ app on their Android might like to know it automatically uploads photos to a 'private' album on your profile for you, hum, I don't ever remember agreeing to that! Go through the options list and you can turn it off, but you can't remove the photos from Google+ how helpful, sure people will love looking at photos of my lounge and garden!
Odd that, a quick straw poll shows that everyone I know was asked the first time they signed in with the Google+ app.
Christ, you don't know many people then if EVERYONE you know has the Google+ app! You do realise that the person in the magic window that copies everything you do IS you, don't you? ;)
I would have thought it was fairly obvious I meant solely within the group who have the app, since everybody else I know would be pretty bloody irrelevent to the comment, no?
Besides which, what does it matter how many people I know? The fact it's the first option you get when running the app would still be valid if I knew one person or a million.
I would have thought it was fairly obvious I wasn't being serious, what with the inclusion of the winky smiley.
I still prefer the idea of at least having the OPTION to use a vault.
As for "apps breaking", the phone being queried, when seeing a URL probing for an image, would just serve up a red circle "X". A challenge-reply would enable the user to decide whether and to whom the photo or file will be "released".
It isn't hard, and yes, there will be users who'll screw up the concept and create a lot of tech support headache. But, that is not a valid excuse for not providing a facility for the demanding savvy to use/exploit to the hilt.
Imagine if military officials felt that way about secrets, "oh, it's cumbersome, so just let EVERYone access whatever files we have, shared or not...".
IIRC, military types end-run around the problem by simply not using it. Military communications tend to use their own proprietary devices.
But back to the civilian world, you have a classic power struggle here. Both users and developers want control over the phone, and Google's caught in the middle. If they favor the users too much, devs won't feel comfortable and will probably defect to Apple, who already has an established base that could convince devs to take the plunge...if Google didn't slant things back in their favor. So basically, if you want their app, you have to play by their rules or they won't provide. It's like an auto garage. If you want them to handle your car, you have to agree to their terms, even though it's your car.
Breaking news: Phones play subliminal messages.