John McAfee has reportedly decided on his next product, according to Silicon Angle, which says the colourful security entrepreneur has produced something called “Cognizant”. The Android app is a security tool of sorts, inasmuch as it reportedly takes a census of all the apps on your Android device and then reports on what they …
I guess it's no bad thing, raising the profile of permission overreach, but Android already presents all this information to the user when installing a new app. So I'm not sure what McAfee's proposal is bringing to the table.
Facebook finally got canned when a recent update decided that it now needed to access my text messages.
It's vaguely reassuring to see the Privacy Guard icon appear in the notification bar of my Cyanogen Mod'ed phone when I fire up facebook...
The question is, what permissions does it need? :-D
"Facebook finally got canned when a recent update decided that it now needed to access my text messages."
But if you kept your eye on IT news sources you would know that the Facebook app doesn't actually want or need to access all of your text messages. Apparently the app actually wants to access texts from one source, but Android doesn't allow for or report that level of granularity so as far as the use knows the app wants to access all text messages.
I know that and I don't even use Facebook.
We'd need to solve the problem at the root:
1. Ditch App-Stores and get proper distributions which have strict code control like Debian for example. Yes, this would kill commercial closed source apps, but point 3 will take care of those.
2. Mandate some common hardware platform or a BIOS so the operating system doesn't need to be ported to every device.
3. Design and implement a very simple protocol for "remote GUIs". Essentially this should replace web-apps with something simpler, more secure and faster to use over wireless connections. It would be something like "GUI-toolkit" commands via TLS over Websocket or something. There may be code to implement something like custom GUI elements, where the code can only access the properties of that element and draw in the area of the element as well as get touch information from that area. All the logic would run on the server, everything time critical would run on the client. This is of course trivial to charge for.
turning mobile phones into chromebooks?
I'm all for somebody doing this except for one thing, and by one I mean one and three. I don't have very good wireless in the toilets at work, and I gotta play angry birds while I poop.
'It would be something like "GUI-toolkit" commands via TLS over Websocket or something.'
So basically you're saying ditch all the things that make Android so versatile and remove the ability for developers to make a profit directly while adding a layer of complexity for them. If smartphones used the model you're proposing they'd never have taken off.
Will it be pushed on to your device with Java updates...?
Androids aren't running Java.
That's what Eric keeps telling Larry.
You are clearly looking for downvotes, why else would someone write a clear and simple to understand fact.
Yeah, really. I suppose you could install openjdk on there if you root the device if you really wanted to run java.
Next time, I must remember to put <sarcasm></sarcasm> tags round my post.
Terribly sorry to have wasted your time explaining about OpenJDK...
You want security? Follow the MONEY!
The data that I most want in terms of assessing apps is the financial model that the developer is using. If the google wasn't EVIL and greedy, and therefore most concerned about protecting their own privacy, then they would see the obvious need for such a tab in the Google Play Store. In other words, a developer doesn't have to say anything about the money, but if the developer is willing to trust us first by telling us at least something about how the money flows, then we would have the most important data we need to decide whether or not it's a legitimate app or some kind of scam.
In support of this approach, the google could provide some kind of supporting or assessing statement, still without revealing the exact details. For example if the app says it is getting revenue from Google ads, then the google doesn't have to say exactly how much money (unless the developer feels like sharing that level of detail). The google could just offer something like "This developer has received significant advertising revenue" or "Though this developer says the financial model will be advertising based, no significant revenue has yet been generated."
Re: You want security? Follow the MONEY!
Don't know why you were downvoted, why would people not want to know if an app they are about to download has in-app purchasing and/or advertising, perhaps with ratings over how intrusive which can be generated automatically from views per run.
If you're rooted..
XPrivacy allows you to revoke permissions and feed applications with fake data all day long
That said, I'm still happy to see more about John McAfee. He's one charismatic guy.
Re: He's one charismatic guy
Charismatic as a hatter.
Re: If you're rooted..
Would be nice if this was available for none rooted devices. Typical Bank apps won't run if they can detect the device has been rooted.
Anyone who does already care about app permissions either doesn't install the app to begin with, or roots and blocks permissions already? Anyone who doesn't care already won't suddenly start caring because of some app they won't download.
Android is one big spying platform
All apps leak data over the air/wire in plaintext. The weather app sends your GPS coordinates to a web server periodically, for example. If you're using the same Google account on the PC, you're basically fully owned 24/7.
Re: Android is one big spying platform
And, I presume iOS isn't?
Get real! Android users have much more control over their equipment AND they don't have to worry about Google editing words - unlike iOS.
Re: Android is one big spying platform
Yeah, I don't use my actual Google account when I use YouTube, which is the only thing I need an account for (sodding Google merging accounts). I use one that has a fake, temporary email address.
It's very handy for keeping a subscription list and allowing adult content, or I'd do without the thing entirely.
Re: Android is one big spying platform
> The weather app sends your GPS coordinates to a web server periodically
I assume you are talking about sending the coords unencrypted, otherwise how would you expect it to function? If you are worried about your coords being unencrypted find another one that doesn't. If you are just concerned about it sending the coords to a webserver I'd suggest you wet your finger and stick it out the window.
Damn good idea! Maybe that crazy SOB isn't as crazy as......well......still, sounds promising. Let's see how the app stores receive it.
> The Android app is a security tool of sorts, inasmuch as it reportedly takes a census of all the apps on your Android device and then reports on what they are allowed to do to it.
Avast! for Android does this already and there are probably others. No harm in competition though.
I knew that McAfee's new plans would eventually be revealed. I'm honestly surprised it took this long. Although, I suppose there's really no telling how much someone can change after spending years developing their own hallucinogens in a seaside fortress and testing them on yourself.
Anyway, it is clear now, he's an Apple plant. When force and technology can't unseat a troublesome adversary, and you've got no Elop in your arsenal, a valid plan is to throw a pillowcase full of crazy at them. No amount of organizational resilience or hierarchical cohesion can ever fully defeat an unstructured, decentralized and wholly unstable force that keeps gluing sandpaper to the toilet seats and leaving Lego blocks on the floor of your bathroom.
That's why tiny bands of rebels/insurgents/guerrillas/mercenaries always do so much damage to vastly superior forces. A structured adversary has a goal that must be reached to be considered successful in their agenda. The pillowcase of crazy considers his agenda a success every time sees a walnut brownie on sale for less than $1.13 but more than $1.12 or sometimes when the brownie is in his cravat and his moon burn tastes itchy.
You can never truly defeat crazy with structure. You can chase the crazy away, and sometimes capture the part of it that stays home to blow the dust out of the gerbils, but you can't actually defeat it. The traditional response is either crown the pillowcase Emperor/King/President/Prime Minister so they will be distracted and nobody will really be surprised at their decisions, or get your own bag of crazy to balance their pillowcase of crazy. I look forward to seeing what happens.
Have an upvote *and* a beer sir.
I had to reset my account password just for upvote and this - -thanks for making an otherwise ugly morning a smile sir.
"No amount of organizational resilience or hierarchical cohesion can ever fully defeat an unstructured, decentralized and wholly unstable force that keeps gluing sandpaper to the toilet seats and leaving Lego blocks on the floor of your bathroom."
I think I already have an app that does this... Except I deleted it because I noticed that I mostly start up a handful of apps and I (thought I) could detect a delay in launching them after installing PermissionDog.
I suppose that if this app is well executed, it could do a lot of good but I think what I need is a better explanation of what the permissions are... Angry Birds needs to know what "read phone state and identity"? What exactly does that mean?
It would also help if I could control these permissions, like denying such permissions. An app that lets me do THAT would be useful.
You've hit on two crucial elements of a products value.
- There is nearly limitless room for products that all do the same thing. Unless you're comparing two or more vastly different things, or you have very specialized requirements, customer perception is always more important than the specs/capabilities of a particular product in that family. The GREEN thing and the MAGENTA thing are 100% alike except for their color and their logos, but some customers will convince themselves one has better (x).
In a professional field you'll generally find that to be different, more grounded. But general consumers are their own worst nightmare of a salesperson. You can be the designer & engineer of a thing and people will tell you how great the (feature) is, except you didn't put that feature in there. They're either lying, or have no idea what those words mean. The latter is generally the case.
- The better explanations thing is all about customer education, and you jump right off into intensely deep and philosophical outlooks on educating, not educating, deceiving and outright lying to customers. I'm strongly in the 'tell them the absolute truth, then charge about 2.7 wheelbarrows full of cash more than it cost you to make it' camp. It's an odd thing, but people who pay lots and lots for something tend to take better care of it and complain only if there's a legitimate problem. Bargain hunters are the opposite, they have unrealistic expectations and just complain non stop.
But that's just my view. One if the best places, I believe, to study the philosophies of customer education is the US Food and Drug Administration website. All the letters and conversations about full disclosure in Rx meds are open and it's really, really interesting how different people view customer education and those views translate directly from meds to toys to consumer electronics.
But I agree, better definitions are needed for permissions.
The gift that keeps on giving for snakeoil vendors everywhere.
Can't believe no one has mentioned the excellent Permission Remover app.
It's surprising how many apps function perfectly well (for the end user) when so called essential permissions are removed.
I just want a shim...
That I can configure to return an empty contacts list, a random location etc. etc. to apps unless I've whitelisted their use of said data.
There are already plenty of apps which can do this.
So what's the difference? The McAffee name?? For anyone who's experienced their PC software that won't be a selling point...
So is there a SIMPLE app that simply lists all your apps then lists all the permissions a particular app wants and you can simply check the box to allow or not?
Basically so if something falls over you can then choose to re-enable the permission or just uninstall the app.
Thats pretty much all that's needed, nothing fancy or convoluted.
If you use something like cyanogen then yes (google/bing/etc for privacy guard), if you use stock anroind then no, but I'd be very surprised if it doesn't come soon.
the right man for the job
Device security is important, so I'm glad this is being addressed by someone as sensible and level-headed as....oh, never mind.....
Wouldn't the type of person who would use this app already be paying attention to the permissions that the apps request via the dialog you get when you go to install them? What's the point of duplicating functionality like this? Or have I missed something?
Facebook multimillion dollar buyout..
Does John know about http://www.cognizant.com/ ? They might be a little upset over the name....the idea of the software is great though, I do like android devices, but I worry about what is going on when my back is turned......
Apart from presenting the information in one place McCrazy isn't offering anything the average use can't find out for themselves through Android without any special skills or knowledge.
But really apart from a widely derided antivirus suite what has McCrazy ever given the world?
I really do want to know what all the apps are up to on my Android, but I get the feeling that if I partner with Mr. McAfee on this venture, I'll have a few scantily clad women of questionable reputation hanging around my phone, with the phone eventually being found murdered in some Central American country under very suspicious circumstances.
... so what's the dilemma?
- Infosec geniuses hack a Canon PRINTER and install DOOM
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer