Feeds

back to article University boffins build snoop-spotting snitch app

University researchers have developed a smartphone app to show users how often their mobile software tracks their movements. The team from Rutgers University said that the their Android tool uses a real-time monitoring system to show exactly when an application pulls locational information and transmits it. The results, they say …

COMMENTS

This topic is closed for new posts.
Bronze badge
Megaphone

Where is the app for the iPhone

I want one. Now.

3
0
Trollface

Re: Where is the app for the iPhone

Why don't you get yourself a proper phone? You know, one that runs this app?

10
10
Bronze badge

Re: Where is the app for the iPhone

You might want one for your iPhone, but you certainly don't need one.

Settings | Privacy | Location Services shows you which apps you've allowed to slurp your position. And the OS itself monitors on an app by app basis how often they do so, reporting this in the form of various status icons (documented in the settings). You can also enable a status bar icon to be displayed when any location slurping by anything goes on.

So, no app required, and no 'proper phone' that needs an app installed to do this.

5
1

Re: Where is the app for the iPhone

The iPhone doesn't need this app because iOS prompts for approval to access location data the first time an action is taken which requires it, thus alerting the user to the context in which it is being requested. Android needs this app because once blanket location permission has been approved during install there is no way to know when it is being hoovered up.

3
0
Anonymous Coward

Re: Where is the app for the iPhone

"iOS prompts for approval to access location data the first time an action is taken which requires it, thus alerting the user to the context in which it is being requested"

So did Symbian, back in the days of Series 60 (e.g.) in 3rd edition on the Nokia E71 in 2008. Maybe earlier too (e.g. E65?). (There was a difference between signed/certificated apps and unsigned. I'm ignoring it here).

It seems to be mainly Android that's lost the plot.

Or, maybe, Android itself is OK, and it's the Google-specific PlayStore Services Layer (or whatever it's called), or some other "ease of development" layer in between app and underlying OS? Anyone know for sure?

1
0
Anonymous Coward

Re: Where is the app for the iPhone

"You might want one for your iPhone, but you certainly don't need one.

Settings | Privacy | Location Services shows you which apps you've allowed to slurp your position. And the OS itself monitors on an app by app basis how often they do so, reporting this in the form of various status icons (documented in the settings). You can also enable a status bar icon to be displayed when any location slurping by anything goes on.

So, no app required, and no 'proper phone' that needs an app installed to do this."

Already available. People are so stupid. Smart Phones for Dumb People.

iFooled is one for all so hardly surprising. When you buy a tool and not a toy, you will understand this.

0
0
Silver badge

But ...

Wouldn't it need access to the location service to detect this?

And so could itself be a spyware app for the SNSA ?

0
0
Facepalm

Great, so we can see what apps are pulling location info.

If only Google had developed a hidden option to revoke app permissions, so we could block unwanted intrusions...

11
0

XPrivacy

but you will need root access to run it...

2
0
Silver badge

Re: XPrivacy

And not be running the new Android Runtime. It's currently disabled and an option in 4.4, but the next version's expected to have this on by default, breaking the Xposed Framework needed to run XPrivacy.

0
0

at last an app i would pay for

3
0
Silver badge

Slurping up all permissions

It's interesting that "geek" apps are the ones least likely to want excessive permissions.

Apps such as ZFS Monitor, ConnectBot, WiFi Analyser, Fing etc only ask for the permissions they actually need. None of those mentioned request permission to make phone calls, send/receive SMS, access acounts data etc,, unlike some other apps I could mention which have no need for those permissions but want them anyway.

I will rather spend more time looking for an alternative than allow an app more permission than it needs. Or just install it on my tablet which has no phone/SMS/GPS capabilities in the first place and only gets used at home so WiFi based location data is worth far less.

6
0

This is why....

I only turn on my GPS when I'm actually using the GPS functions like navigation.

I also check permissions and if an app wants too many of them, I won't install it.

2
0
Bronze badge

Re: This is why....

You get locations from cell tower data and wifi APs too.

3
0
Anonymous Coward

Re: This is why....

WiFi access points are very unreliable.

If you mean your Internet Point of Presence can be located then please carry on with that.

My POP location is actually almost 50 miles from where I am located.At odd times when my ISP is doing work on that site my POP is nearer 200 miles away.

As I don't want to set a challenge for others, I'm hiding as A/C

0
1

Re: This is why....

Your GPS is no longer required in Android as of the Google I/O conference as of past year.

Google created fused location services to use your Wi-Fi radio in listening mode only EVEN IF TURNED OFF" to use Google's servers to accurately keep track of where you are.

http://thenextweb.com/google/2013/05/16/inside-googles-new-location-apis-for-android/

When I received my 4.3 OS update this was one of the more exciting features of the update.

It was not enabled by default and I had to search the web to find out how to enable it but now I don't have to turn on my Wi-Fi or GPS (and wait) to use an app like Nooley to get highly accurate weather reports.

This will presumably be the default in Kit Kat..

Not mentioned anywhere is this also allows Google to continuously map and refine Wi-Fi station locations, but this does give everybody (as well as advertisers) much improved services with geo-fencing and instant availability by applications which need this.

Of a slightly bigger worry, when trying to track down why my battery life is much shorter; I finally noticed that one app I have which finds nearby vegetarian restaurants had a permission to run when booting the phone and is apparently running at intervals and collecting (and i suppose transmitting,) my location to the app developer even when i don't use it!

The fused location services are overall to the betterment I suppose but I now have multiple reasons to root this phone so I can get control back of the device I *own*!

I wonder how soon before Apple implements similar technology?

4
0
Bronze badge

Re: This is why.... "Listening mode only"...

And, even if off, the radio might be clandestinely working in concert with the accels and gyro/s to refine a holder's movements -- elevation, direction, speed -- to possibly micro-burst the phone's locations.

Airplane mode probably now only serves to stop phones from "bleeding" and "polluting" restricted airwaves. But, for those being hunted or monitored, anyone with special equipment can now use this as yet another way to keep tabs on a phone.

What would happen if I started slipping my phone into a shielded sleeve, just for the hell of it. Of course, if I got into gov buildings that may ask me to turn it on to prove it really is a phone, then, if I were a tracked/monitored person, my location would be updated -- aside from in-building and perimeter cams that likely are doing what they are supposed to be doing.

At some point, a rooted phone will become a RIGHT, and the sooner people wake up and tell the carriers to sod/screw/get off, the soone we collectively might be able to pressure google and the phone manufacturers to ease up on the lock-down. Enforced locking down of and making difficult to root our phones is putting some of us at risk of intrusion or of us bridking our own phones due to elaborately difficult rooting procedures that, while published, my destroy a phone randomly outfitted with commodity chips that our slighly outside of spec. Recal that even any given Dell model is NEVER 100% identical to every last copy in the same product life cycle. Maybe for batches of 10-100 of the same model, but, not ALL 100,000 or 50,000. In 99, and 2003 I found out the hard way when wasting 10+ hours dealing with a failed clone job.

0
0
Silver badge

Re: This is why.... "Listening mode only"...

At some point, a rooted phone will become a RIGHT, and the sooner people wake up and tell the carriers to sod/screw/get off, the soone we collectively might be able to pressure google and the phone manufacturers to ease up on the lock-down.

Never happen. One of the parties that want the wide-open door is the government (in the generic, not the specific). They'll always want that access as a matter of course (governmental instinct), and any attempt to get them to sign anything otherwise just results in "ink on a page". After all, who can you turn to above them to keep them in line, given that the government is sovereign and, by definition, in control of its own destiny?

And before you ask why you don't hear the same thing about Apple phones? Bet you that's because they got an insider there years ago and twisted Apple's arm, allowing them to create a more sophisticated snaffer that can't be readily detected by spectrum analysis because it only transmits sideband.

BTW, to whoever mentioned the em-shielded bag, accelerometers and gyros don't need EM to work, so if it gets a fixed via radio (which it'll get at some point because you have to use the phone), then if it's shielded it can still keep track of itself for some time while in the bag, then when you take it out again it can correct for drift before sending.

0
0
Anonymous Coward

Re: This is why....

"highly accurate weather reports"

Pull the other one.

0
0

Re: This is why....

iOS doesn't suffer from this problem and doesn't need to implement this technology, which is a sticking plaster over Android's lack of granular permissions management, hopefully due to change. See my and Mike Bell's responses further up.

0
0
Silver badge

Re: This is why....

"highly accurate weather reports"

Pull the other one.

Perfectly possible to have highly accurate weather reports.

Forecasting the weather... well, that's something else... :)

0
0
Bronze badge

Should be MORE than a mere "indictment"...

It should be an excoriating, keel-hauling, new-asshole-ripping experience for google.

If I had the money, I'd fund these students to find not only which apps are sluping GPS and WiFi info, but which are attempting to slurp:

-- photos

-- notes

-- contacts

-- logs

-- anything else the app has not goddamned business peeking, poking, sniffing, fingering, or otherwise screwing around with.

Further, I'd mandate that the app give the uses/victims a "broadcast" feature to blast to a "cease and desist" type of boardd which apps are violating basic privacy expectations of the victims.

Google, "do no harm" ALSO means do NOT FACILITATE the doing of harm.

Clearly, google, you ARE facilitating harm!

10
0
Anonymous Coward

Blackphone

MWC 2014 - Blackphone; end of story.

1
0
Bronze badge
Joke

?

The research was funded by an intermediary organisation fully funded by MickeySoft

?

0
4
Gold badge
Unhappy

*Finally* something that actually *helps* protect peoples privacy.

Taken a damm long time.

0
0

What's it called and where can I get it?

2
0
mtp
Alert

Root your droid then use a security app

One of the many reasons why I use 'LBE Privacy Guard' (or use another if it takes your fancy). If your android is rooted then I recommend this. It patches up the obvious flaws in the android security model by allowing you to deny permissions to apps. This is way better than the standard all or nothing as provided by android. For example if you are a Angry Birds fan then you can prevent it from reading your location.

Sounds a bit adverty but this is a genuine rant against the all or nothing android security model.

As a genuine example there are 5 apps on my phone that want to access my call logs and 17 that want my position. I block 90% of these - why does barcode scanner need access to my call logs?

The feature that I am looking for in future security programs is limited network access. I used to have Flickr installed but that accessed the network a insane number of times per day (every few minutes). I would reinstall it if I could limit it to sync only once per day.

2
0
Anonymous Coward

Re: Root your droid then use a security app

I want my permissions properly managed by the OS provider, to avoid stories like this:

http://androidforums.com/esteem-all-things-root/555032-lbe-privacy-guard-possible-malware.html

0
0
Silver badge

Re: Root your droid then use a security app

I DON'T because governments will know whose arm to twist. If the security app comes from an unenforceable land or has a widespread community support, it would be much harder to squelch or tamper.

0
0
Gold badge
Unhappy

Obvious question. Do *devs* have to take *all* or nothing access to your data?

Sounds stupid (and it sounds like quite a few devs on Android don't) but does Google force that sort of slurping behavior?

0
0
Silver badge

Re: Obvious question. Do *devs* have to take *all* or nothing access to your data?

Rather, it's the devs forcing it on Google or they would never have migrated from the Apple store to begin with.

0
0
This topic is closed for new posts.