Could the apps you have installed on your mobile phone be snooping on you? Based on the latest data from app security analytics firm Appthority, it's not merely possible; it's actually more than likely, particularly if you downloaded those apps for free. According to Appthority's Winter 2014 App Reputation Report, released this …
The app stores (iOS, Android and Win), all have very strict guidelines and threaten rejection as their favorite actions in case of suspicious permissions list. That is the whole point of trusting a store, right?
What causes the fall out is they are unwilling to enforce that just for the sheer numbers. So, it's a case of false advertising on part of these big players.
Re: Wrong expectations
Not about enforcement.
It's all about everyone involved in apps, from the developers through to the store that sells them working together to gradually erode our perception of privacy.
Little by little they push the boundaries of what is right and proper, hoping that the public either won't notice or will 'get used' to the little tweaks they make. Facebook is a prime example. There is a big difference in perspective of a radical overhaul where a company states 'we will harvest and then we will sell all of the data we hold on you' to inch by inch movements over a period of years like the erosion on a granite rock.
It is in all their interests not to make a fuss because it is all to their benefit. Don't look the gift horse in the mouth is the motto.
They give the perception of enforcement, but they don't actually enforce as it is not in their interest to do so.
And first on the list...
To get that report on which apps are collecting risky information, I need to give Appthority my name, e-mail, phone number, job title, employer, employer industry, number of employees, employer revenue, and employer location.
OK, so someone at Appthority has a sense of humour.
To view the App Reputation report, about apps collecting lots of irrelevant data, ...
I must complete a form, whose purpose is ...collecting lots of irrelevant data
Most popular apps, eh?
So what is the selection bias here? Are paid-for app writers slightly less interested in user data (having a revenue stream from the app itself), or are pundits more reluctant to open wallets for flashlights that want their location data whereas freetards are just happy with the price tag? More research is needed, methinks...
How many mobile apps _have the opportunity to_ collect data on users?
There, fixed that for you. Did those smart guys actually disassemble all the code, trace what data goes where, and what leaves the device...? Or did they simply count the requested permissions blindly, assuming all of them are used to send data home? Well, that's what I thought.
Also, congrats, way to take stuff out of context. While obviously any permission might be abused maliciously and asking for as few as technically possible would be a good thing indeed, the common "extra permissions" asked for by free stuff is in general simply a non-negotiable requirement of the ad libraries included, which obviously prefer to serve you geo-selective ads etc. - once the developer goes for an ad-supported model, they have no further say about requiring those specific permissions.
Re: How many mobile apps _have the opportunity to_ collect data on users?
" .. once the developer goes for an ad-supported model, they have no further say .."
If you (developer) are selling guns you have to make sure these are not the illegal models.
If you are distributing free rice bowls (free app developers), you have to make sure these are not rotten.
A Killer App Opportunity...
So now what we need is for someone to write an App that will act as an over-arching sandbox for all the others to run in such that *WE* get to decide what (if any) data leaves it!
I'd certainly be willing to pay for that.
Re: A Killer App Opportunity...
we have (had) browsers for that.
A good place to start ...
.. is to install F-Secure's "App Permissions" app. It won't let you control the permissions, but it will show and rank your apps by permissions.
So, for example at one extreme, you can see that an app that grants total remote control of your device, like Webkey, requires permissions for just about everything (125 permissions), whereas "App Permissions", at the other extreme, requires zero permissions.
[I am in no way connected with this app]
Re: A good place to start ...
The Comodo Security app for Android claims* to let you set individual permissions for apps (Allow/Deny/Ask).**
*I have no way of testing other than setting all permissions to Ask and then seeing what requests come up. So far, it seems to do what it says on the tin in terms of requesting what I would expect from apps I use, though some odd requests have come up that I have denied.
** I have no connection with Comodo except using their software on my phone and laptop.
Re: A good place to start ...
Assuming it's actually blocking/spoofing the permissions, not just asking you for permission every time you load the app and doing nothing.
Wonder how this compares
to BlackBerry and Windows apps. I know they're a much smaller sample set, but it would still be interesting to see a comparison. I know some of the BB apps I've downloaded ask for various permissions but you can deny some or all of them, whereas the Android ones I've put on the BB have a static set of permissions - take them or don't use it.
This is fully the app stores fault.
The online stores should allow people to filter their view of apps to ones which do not read their contacts list, do not track their location, DO NOT ..., The real problem is that the APP stores only display this info when you go to install the application. They are complicit in facilitating the distribution of spyware. And u^Hn^Hcommon sense should then prevail with customers e.g. You can not get a GPS application that can function without access to your location information (GPS, WiFi SSIDs, GPRS). But a GPS application should not need access to your contacts list.
The real problem is that the stores are not fit for purpose, unless that purpose is to push ads from millisecond adaptive micro auctions and spy on customers.
Re: This is fully the app stores fault.
"But a GPS application should not need access to your contacts list."
Unless, of course, you want directions to an address in your contacts list, which some GPS apps are capable of. Naturally that should be an optional permission IMHO, but might be useful to some users to have.
Re: This is fully the app stores fault.
Wow, the NSA's dream, somebody who thinks "contacts" are people you'd like to know.
Yet everyone is happy for their phone provider to know where they are or the phone won't work. Odd.
Hmmmm ... I'm a bit confused. My phone works quite well without any location tracking switched on. If you are referring to triangulation within a cell - that is inherent when using radio.
Gotta wonder about those apps for little kids, you know, the ones that let you put some type of designer clothes on a cartoon doll. Taking a look at the permissions allows the app to record video, take pictures, use your location......I think you get the idea.
"but...but...but sir! I just got my new Nexus for Christmas! Surely I can trust the Google store NOT to harm me in any way!!!"
So how many eyes are now starting to open, and how many are doing their best to squeeze shut.
There's currently a rumor going around that an App called Talking Angela lets paedos talk to your kids and/or says various outrageous things. All signs point to this being untrue, but I guess this shows some people are at least thinking about these concerns, even if not in a very informed or productive way.
For those addicted to the android or iOS phones (any cell phone, with or without GPS, actually), an easy way to protect yourself is to create a "Faraday cage" for your smartphone by wrapping it in aluminum foil. Then they can't track you, for sure, for no radio waves can get in or out of it. Aluminum foil works. Try it. Or you can buy a sleeve to put the phone in. Cheap ones from China work, are available on eBay for 5 bucks.
I mention this because of the recent news story that demonstrators in the Ukraine were texted by the government that they were in a demonstration location, and to get ot of there if they weren't demonstrating. You might like to shield your phone if you do not wish "them" to discover that you were in attendance at, for instance, a political or confidential business meeting, or that you and your confidante were together in hotel x at time y. Of course, the NSA listens to you, to the tune of 5 billion records per day, but they don't text you about it.
I tried this, but it makes Flappy Bird even harder. Please advise.