Feeds

back to article Oi, Android devs! Facebook wants your apps to be more secure

Facebook has released the source code of a software library that's designed to make it easier for developers to implement fast, secure cryptography in their Android apps. Dubbed Conceal, the library was developed for a limited range of tasks with the specific needs of Android developers in mind, allowing app makers to include …

COMMENTS

This topic is closed for new posts.
Bronze badge

Oi, Andrios devs, Facebook wants Google to get less personal information.

You are almost supposed to back up your entire andriod device and sync anything that can be synced unencrypted to Google servers.

Offering encryption services on android would seem to be a good way to reduce the amount of information android users give to Google.

I am appalled that Google does not provide optional encryption for their android backup and sync services. How hard can it be and what possibly reason could there be for not providing it other than they want to read and analyse your backup and sync data?

2
0
Bronze badge

Re: Oi, Andrios devs, Facebook wants Google to get less personal information.

I am in sync with you. And as for google's sieve-holed android, I'm having a sinking feeling.

Check my past few rants against google about this, and the nose-diving -7 hits I took for it a few hours ago.

Facebook, at this point, almost seems to totally redeem itself in my eyes and heart. I'm embarrassed. Yet, I'm happy to say that, too. I am infuriated that google refuses to tighten up its business model and beat facebook to the punch.

I post far more on fb than on g+, and I was ready to cut over to g+. But, after this conciliatory Conceal gesture fb just shat on googles doorstep, well and truly lit and steaming, I'm reconsidering fb and might just, out of SPITE, venom, and frustration with google, shift to/remain on fb.

How many others will see it this way?

Google, step yer ass up the the plate! Time to tweak your biz model. ONLY those businesses that directly receive sniff/metrics perms from won-over users should be getting user metrics. You're chopping us up like gruel or shark bait for stupid fishermen who cannot even figure out in what waters to fish. You're just encouraging them to fish and flail haplessly and wastefully, and the users are held up for sacrifice.

Rrrrrevise your business model! It ISN'T that hard to do once you commit to it!

2
5
Bronze badge

Re: Oi, Andrios devs, Facebook wants Google to get less personal information.

"Facebook, at this point, almost seems to totally redeem itself in my eyes and heart."

I can't see anything altruistic in this. The less personal data Google gets the more valuable the personal data Facebook gets.

8
1
Silver badge

Re: Oi, Andrios devs, Facebook wants Google to get less personal information.

"I am in sync with you. And as for google's sieve-holed android, I'm having a sinking feeling."

But Google said they wouldn't be evil. Are you seriously suggesting this was a lie?

0
0
Silver badge

Oooo

Google say we wont be evil

Facebook dont say anything like that

Who do I trust more with my data ?

Well Duh........... facebook is not on my kit at all.........

1
0
Silver badge

Re: Oooo

Errr how about trusting neither

3
0
Silver badge
Coffee/keyboard

Android? Secure?

Waaaaaaaaaaaaaaaaaaaaaaaaaahahahahahahahahahahahahahahaha!

2
3
Law

Facebook - change the mobile app culture, not the symptom

"What many people don't realize is that Android's privacy model treats the SD card storage as a publicly accessible directory," Iyengar wrote. "This allows data to be read by any app (with the right permissions). Thus, external storage is normally not a good place to store private information."

Uh huh - and it's thanks to companies like Facebook that just ask for permission to everything for what is basically a wrapped up web browser. Most of the less technical/security minded people using Android will now allow blanket access to the SD card, contacts, location, sms data and services, because if they don't, they get the annoyance of using the mobile website.

Having said that, it's nice they're releasing stuff like this... just wish they would tackle the culture (cause) - not the symptom. Android's flexibility towards developers is a good thing, mega corp app developers making average users snow-blind to permissions by just asking for everything is not.

2
2
Silver badge
FAIL

Security? How about letting US have a choice...

I just tried to download a QR reader for my Moto-G. For some reason it said it needed access to my Contacts list!

WHY FFS???

Until *WE* get the choice of what data and personal information gets passed to Apps and the ability to say "You can have X and Y, but not Z" then there is *NO* real security.

4
0
Silver badge

Re: Security? How about letting US have a choice...

Yup had the same for a simple clock, but of course it also wanted to read SMS messages and call logs....Still must be ok as thousands of others said it was good.....

0
1
Anonymous Coward

Re: Security? How about letting US have a choice...

Possibly, it can save the contact scanned from the code into address book.

Of course selective permissions would be good but at least those who need the functionality has an option (provided that they trust the app) and those who don't can just find a more suitable alternative. At least end users having choice and final say, makes life simpler.

A neat solution would be user having access to audit logs and see when, where, and why specific feature was accessed. This would at least help building trust.

2
0

Re: Security? How about letting US have a choice...

One of the more useful applications of QR codes is the ability to store contact info. I've seen business cards (not updated mine yet) which have contact details and a QR code which you scan to then add those details to your phone, no fuss, easy peasy, hence the permission.

0
0
Silver badge

@Mike Green - Re: Security? How about letting US have a choice...

"One of the more useful applications of QR codes is the ability to store contact info."

Ok, fair enough, that was an application I'd not considered.

But why can't (or isn't) such a thing be done on a case-by-case basis: "This application needs your permission to write to your Contacts - Allow/ Disallow/ Allow Permanently"?

I'd be happier with a system like that rather than one that demands over-arching permissions as a condition for installation.

0
1
Silver badge

Re: @Mike Green - Security? How about letting US have a choice...

I think this would be a good thing, though one of the headaches it creates for developers is having to put up with the 1 star reviews for people who disallow permissions, but then complain it isn't working right. I think a better solution for that would be to create a rating/review system that doesn't cater to the "vote down for trivial reason even though I got this app for completely free" whiners, but sadly it looks like the 5 star rating system is here to stay.

For optional features, this could be handled if blocking a permission meant the app could tell the permission wasn't available, and simply not allow that feature.

In the meantime, vote with your wallet/downloads - don't use something if it claims permissions you don't think are reasonable, and reward an app that does it better.

2
0
Anonymous Coward

Was this library written in collaboration with the NSA?

Get everyone to implement flawed security, trick people into false sense of security, nab their data.

0
1
Silver badge

Must admit "It's a trap!" was my first reaction. One must always consider the source.

0
0

at least it's open to peer review

the cynic in me had assumed that what would happen is if a dev bundled this library it would automatically copy the data to Facebook's servers for analysis ("and as a great service we offer a secondary backup of your data!") but the fact the code is open to review at least comforts me that nothing nefarious will slip in so it's a step in the right direction.

0
0
This topic is closed for new posts.