Feeds

back to article It never ends: TV exposé tags new Android privacy howler

The UK’s Channel 4 News has dropped a fresh load of privacy grief in Larry’s lap, with an expose into the way advertisers hitch-hike on apps’ permissions. The Channel 4 piece has drawn a furious response from European Commission VP Viviane Reding, who has told the broadcaster: “this is against the law, because nobody has the …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

It's an operating system given away free by a marketing company. Not surprised.

32
3
Anonymous Coward

Not surprised but

Why do I keep getting adverts for dating sites?

Not to mention more other more 'unusual' advertisments....

No I have never downloaded them... However my 7 year old son plays some of the games on my phone and increasingly it is not easy to avoid accidently pressing on the ad, next thing he sees is an ad that 7 year olds should not see.

Is this enough for a lawsuit I wonder. If ads are supposed to be targeted why don't I get tech stuff, flying stuff, food stuff (boring I know) instead its all naked girls, dating, etc?

8
0
Silver badge

Re: Not surprised but

Permissions cannot differentiate between a 7 year old and an adult. However the phone user should be able to tell the app or advertisers that the device may be used by children.

This is a serious omission, the onus should be on the developer and advertiser to state what ads will be served up, and for the user to opt in or out.

If a porn site or naked girls etc ad is served up to a minor it is an offence pure and simple. The owner of the phone has no control over it as it may literally appear out of the blue.

5
2
Silver badge

Re: Not surprised but

Oh and finally, how many people allow their children to use the phone?

Most probably, so there should be a presumption.

4
0
Anonymous Coward

Re: Not surprised but

Because Google knows you've been looking at pictures of naked girls?

0
1

Re: Not surprised but

- The internet is for porn

- You could install something like AddFree to get rid of adds (not entirely ethical if you use a lot of add supported apps, but it will keep your son from seeing naughty adds)

- The scary bit is that most will assume that you must have done something to make Google think that you have an interest in dating sites

- I generally get adds for games, tech and books. Google must have decide that your genes need to be passed on.

2
3
Rob
Bronze badge

Re: Not surprised but

"... the onus should be on the developer and advertiser..." missed a bit, let me help you...

"... the onus should be on the parents to ensure all measures are taken to protect children from this content and supervise them when necessary."

There are apps out there to make your device child friendly and stop them from accessing content you don't want them too. It might be a bit hard to convince the advertisers and developers about responsibility as they will assume most 7 year old don't have the money to buy these devices and in the case of a mobile phone aren't legally old enough to buy.

3
4

Re: Not surprised but

no script and ghostery in your browser, and always run in a private browsing session. Then run in normal mode and search for something you'd never normally search for. This severely annoys ad bots, but its rather funny seeing the adds that target you afterwards.

Root your droid and use addblock. problem solved. You will also wish to disallow all tracking in your settings. Lets face it, you usually know where you are and where you are going, and you don't really want to be checking into places either with farcebook.

While your on it, install thunderbird for access to your gmail.

lastly, stop surfing for porn.

0
0
Coat

Re: Not surprised but

"- The scary bit is that most will assume that you must have done something to make Google think that you have an interest in dating sites"

Like, what, breathing?

2
0
Bronze badge

"legally old enough to buy."

I don't think there are any legal restrictions on anyone of ANY age buying a mobile phone are there? The only age restrictions come with being able to sign a contract, though I don't think PAYG involves any contractual agreement (precisely for this purpose!)?

0
0
Rob
Bronze badge

Re: "legally old enough to buy."

Your right there is no legal age limit for PAYG phones as no contract is involved, but you'd be hard pushed to find a shop that will sell a PAYG handset to someone who looks too young without a parent with them, mainly because the handset in question wouldn't have been set-up with age restrictions in place by default and the shop/brand would probably be liable if something bad happened.

Sorry should have worded my original post better.

0
1
Silver badge

Re: "legally old enough to buy."

Don't assume. Over here you can *buy* a mobe shrink-wrapped to the front of a magazine. It's around €30 or €40, comes with some initial credit, can play MP3s and so simple online stuff. It's a really basic featurephone, but I don't think the day is far off when we can see low-end Android sets in a similar sort of situation. And who, stereotypically, blasts out the most texts and tweets? Teenagers. Hell, there's a whole pile of advertising directly targetting them.

Thus, I think it's a fairly safe bet that non-adults will be using mobile devices; and app authors might really want to think twice about the cack they allow on the phone.

FWIW: One of the apps I use frequently touts Asian dating sites. The logic? I have an interest in Japan that is kinda hard to miss, and I don't appear to be otherwise linked to a female. "Ba-ding, let's set him up with somebody". Errr... Yeah. I prefer mine to be three-dimensional, thanks...

0
0
Rob
Bronze badge
Meh

Re: "legally old enough to buy."

Completely get your point and agree to an extent, but you'll have to forgive my usual soapbox rant about "parent responsibilty/liability".

0
0
Silver badge

I've been saying it for years.

google (and by extension, the rest of the !GooMyFaceYouMsTwit online advertising companies) are an accident waiting to happen. My recommendation remains the same as it has been since their inception:

Shun them.

3
2
Bronze badge
Thumb Up

I've been saying it for a year

Install DroidWall. It let's you block apps from accessing the internet. About half my apps are blocked, Also blocks ads on those apps.

I feel safer, my phone runs faster and gets better battery life. And get this: DroidWall doesn't require network access!

0
0
Anonymous Coward

Re: I've been saying it for a year

@BillG

Droidwall doesn't need network access permissions. It's got root access!!

1
0
Silver badge

A VERY special message!

Larry, Serge, and Eric have a -very- special message for Viviane, the EU, and everyone else: "Fuck you".

1
7
Anonymous Coward

WebOS anyone?

hat & coat, leaving!

2
0
Bronze badge
Thumb Up

Yay, Go Viviane!

Make the fuckers install an option on their OS that says

STOP TRACKING MY PERSONAL SHIT FROM WHEN I WAS TOO YOUNG, STUPID OR GULLIBLE TO KNOW ANY BETTER

5
1
Silver badge
Devil

Re: Yay, Go Viviane!

On a more serious note - the way apps permissions are formulated they do not make a distinction between "use" and resell to third parties.

This distinction exists in Eu Data protection law and cases and is very well defined.

This will be interesting to watch - I expect a large contingent of Eu tanks parked on Chocolate Factory's lawn soon as well as the biggest fine in data protection history to subsidize them. We all need more money to repair the damage from the "Timeo Danaes, Goldman Sachs options ferentes" and their Euro Trojan horse. So I would not expect the commission to show any mercy :)

10
2
Anonymous Coward

Re: Yay, Go Viviane!

Dear V'sRH,

I'm curious what you mean by "Timeo Danaes, Goldman Sachs options ferentes" and their Euro Trojan horse. Could you please tell me what you're refering to and/or direct me to more info?

Thanks.

0
0
Thumb Up

Re: Yay, Go Viviane!

At last! Someone who can actually _use_ Latin!

0
0
Happy

Re: Yay, Go Viviane!

Come on, AC! It's a (modified) quote from the Aeneid - never heard of the 'Greek gift' tactic in chess?

0
0
Anonymous Coward

I don't get it

Does it mean that these apps send the data to the advertisers? I rather doubt that the advertisers are able to come themselves read the data in the cell phone...

0
1
Silver badge

Re: I don't get it

...Or does it even mean these apps COULD BE doing it, who knows?

If they really found apps that played fast and loose with the user data, I'm sure Google would remove them from their app store, but somehow, Channel 4 have decided not say exactly what the apps do, or even name the apps that they found to be misbehaving. Can we get some DETAILS?

2
3
Holmes

Re: I don't get it

I guess it depends how the ads are implemented. If the app developer is not complicit, by adding data slurping code, then it's down to whether advertisers can inject code, in addition to the graphic and link information, in their ads. If the ad suppliers cannot insert custom code, then it's difficult to know how they gain anything by the permissions granted.

1
0
Unhappy

Re: I don't get it

agree it sounds iffy.

However, the report seems to claim that this is exactly what's happening:

"The code that [the researcher] found gave advertising networks access to your contacts, calendar and location. It came from a large U.S. ad network called Mobclix."

3
0

Amazing amount of permissions

You can actually build a zombie android network just with "full internet access" which all ad enabled require. There are white hat tools on market which can switch your entire connectivity off, erase all wifi access points to try fixing your connectivity. They require one permission: "full internet access". That is "super user" power on Linux/ Mac.

0
0
Silver badge
Mushroom

Re: I don't get it

It depends on the app and who the advertiser is. But essentially you are correct.

When an app generates money from ad revenue one of the revenue streams is the personal information that they app can pick up about you.

I have friends who say "who cares?" and go about their daily lives not caring about their privacy.

I and other friends are of the mind... "I like my privacy so get the fsck out of my life."

So we don't use these apps, etc ...

But here's the sad part. Because some of my friends don't care about their privacy, these companies are getting my personal information via my friends. Something they may have opt'd in to, but I didn't.

The US Government is on the take to the lobbyists from these companies. Go EU

1
0
Silver badge
Facepalm

No such thing as a free lunch

"The are spotting you, they are following you, they are getting information about your friends, about your whereabouts, about your preferences. That is certainly not what you thought you bought into when you downloaded a free of charge app."

It's exactly what I thought, that's why I've got a handful of apps and 99% of them made by the same manufacturer who made the mobile phone.

But I don't see why she's making free a distinction, as if paid-for was a guarantee of anything (e.g. WhatsApp).

6
0
Anonymous Coward

Permission blocking

We need the ability to block individual permissions on an item by item basis - not just "if you install this we'll do all these things".

We also need the ability to block all tracking, and have that block respected.

Suggest the EU call a privacy conference of the great and good from google, apple, microsoft, etc. - then arrest the lot of them and bring them to trial. THAT would send a message that won't quickly be forgot.

2
0
Anonymous Coward

With you all the way....

Until that last part about arresting everyone. 2 out of 3 aint bad but not enough for a thumbs up, sorry.

0
0
Facepalm

Re: Permission blocking

Symbian anyone?

1
0
Stop

Re: Permission blocking

"We need the ability to block individual permissions on an item by item basis - not just "if you install this we'll do all these things"."

Still needs to be a mandatory vs optional thing (and so can be done in app with the current system if the developer could be bothered - and obviously if you trust them). If I'm making an app whose functionality depends on a particular permission (camera access say), there's no point making it available if you're going to block said permission (and likely then complain in the reviews when the feature doesn't work).

0
0
Silver badge

Just read the permissions

You don't need to know what goes on in the background when you see such permissions required as "allow application to send SMS" and a few others then you have to wonder why the application needs such access. At this point anybody with more braincells than a brick would choose not to install the app no matter how good it seems to be.

3
3
Anonymous Coward

Re: Just read the permissions

Yeah right. I thought the same 15 years ago when I saw people clicking OK to messages popping up on their screen saying "Your Internet Connection Is Not Optimized. Download InternetBOOST Now!"

The average phone user doesn't have a clue about permissions and their implications.

4
0
Silver badge
Stop

Re: Just read the permissions

The problem is, some apps need the specific permissions, such as:

read phone ID - needed for licensing quite a few apps - it is how they lock down their apps to a certain phone.

read location - GPS? Mapping software? speed testing with local server? Even if you can turn these functions off in the program the permission is still needed.

read contacts - needed for not just the contacts but also calendar *and* repeating alarms using specific dates (i.e. the calendar but only the alarm part).

Ive developed some android apps and I state what each permission is used for in the blurb - I *still* get the odd 1 star claiming "why do I need xxx permission" which shows even then people dont even read what they are downloading.

6
0
Silver badge

Re: Just read the permissions @Danny 14

I don't doubt some permissions are necessary and indeed that a blanket permission may be required when a more specific less nefarious one would do but that doesn't detract from the fact that some are open to abuse. Having the choice I'd rather not install.

I doubt there is any app I would consider so necessary as to hand over control of my phone for even though I don't have any photos on it, don't use address books and all the telephone numbers I need are in my head with the exception of my own.

0
0
Joke

Re: Just read the permissions

I'd like to know more about this "xxx" permission...

1
0
FAIL

Re: Just read the permissions

@Danny 14, reading between the lines I think it is fair to say that the Android permissions framework is basically not fit for purpose and urgently needs revision and/or replacement.

1
0
Stop

Re: Just read the permissions

"At this point anybody with more braincells than a brick would choose not to install the app no matter how good it seems to be."

Well done. Even using the 80/20 rule with regard to Joe Public on smartphone app permissions is incorrect. It's probably more like 90/10.

Seriously, people just don't want to be bothered wadnig through what they regard as boring, endless, incomprehensible security classifications (I KNOW you understand it - so do I - but we are EDUCATED in these matters - and know _it_ matters!) when they want to PLAY THEIR NEW SHINY THING!

Piously suggesting that people should RTFM won't cure Android's problems. Failing to act to make android properly secure will just result in a platform no "normal" person trusts, especially if news stories like this keep breaking. Smartphone security is getting a bit Zeitgiest...

0
0
Bronze badge
Meh

Re: Just read the permissions

I'm told it only applies after you have fraglewhumpped the islepecker on certain very high end Androids, and cheapskates are not even offered the option, but you'll know better next time.

Clear ?

0
0
Anonymous Coward

Alex Hanff has an interesting idea....

....to deal with Google's EU non-compliant "privacy" changes.

He's taking them to the small claims track to recover the cost of his Android phone (£400).

Unless he gets labelled a vexatious litigant (unlikely) then even if Google "win" it'll cost them as they can't recover costs.

Should he win then precedent is set and anyone in the UK with an Android phone will be able to get a refund from Google, not the manufacturer, as its Google who is the offender.

Going to be interesting to see the outcome of this.

11
1
Silver badge
Devil

Re: Alex Hanff has an interesting idea....

Close, but no cigar.

If memory serves me right, small claims court does not form precedents.

None the less, the idea is tempting to say the least.

0
0

Re: Alex Hanff has an interesting idea....

Slight flaw in the plan.....small claims court does not set precendent under the UK judicial system. Infact, I beleive that every single country around the world that has fast-track for small claims operates the same way, so no precedent can be set in this case.

I think the chances are that Google will simply claim it has nothing to do with them, and the vendor will say it has nothing to do with them, and he'll be left holding the baby.

0
0
Silver badge

@Metz.

I believe they have to turn up physically even to say it has nothing to do with them. If they don't then the judgement goes against them. If they do it will cost them more money than what the claim is. Either way they lose money.

0
0
Anonymous Coward

Re: Alex Hanff has an interesting idea....

You can of course refer to another small claims track case in your own case as evidence of repeat "offenders" (or indeed as serial/vexatious litigants) - that is where this is likely to be useful, assuming he wins which is going to require some interesting argument.

Still at least he's trying something.....

0
0
Bronze badge
Go

Re: Alex Hanff has an interesting idea....

was going to say, isn't success in litigation it's own precedent ?

0
0
Windows

RTFM

If it's free, you are the product, don't complain. That goes for all the stuff that is "free". Nothing is free.

3
6
Trollface

windows phone

huh, all i get are investment opportunity, and property portfolio managment ads.

maybe it's a windows phone vs android general demographic vs actual data? ;)

0
1

Page:

This topic is closed for new posts.