Google's Android operating system doesn't provide controls to adequately protect users' sensitive data, according to a study that found two-thirds of applications monitored used phone numbers, geolocation, and other information “suspiciously.” The study – by computer scientists at Pennsylvania State University, Duke University …
Are adverts in French somehow more difficult to ignore, or are you actually the mythical advertiser's target audience, who will buy whatever anyone tells them to, as long as they can understand the advert? If this is the case, then please buy some of my genuine bottled Bristol air - a bargain at only £1,000,000 a jar.
Ok so I hate Google but...
I don't see how you can single out Android for this problem. This is a more general problem with ad-based revenue financing the whole software development ecosystem. This model needs to know as much as possible about you to be effective. You can blame Google for promoting this business model as if there is no tomorrow but definitely they are not the only company using it.
I'd rather pay £10 to the developers of an application I find useful than have them engage in this dirty business model, but I suspect I am in the minority. How many people would pay Google to get a search service that doesn't keep track of you AT ALL? Not many I am afraid.
Getting things from "free" is the mantra of this age and people don't worry about the fact that "free" means you are just paying in a different way.
Finer grained controls...
I see several posts here asking why Android can't have finer grained control over what information is used for what. For example, an application (e.g. a mapping app) may need access to both location data, and internet access, but you wouldn't want it sending that location data over the net for advertising purposes.
Unfortunately, because Android apps are written in Java, which has no data 'tainting' (AFAIK), once this information is given to the app, there is no way of knowing whether the app is passing it on to a server somewhere, without having controls on the execution of every line of code. This is clearly impractical.
Some languages (such as PERL) have a concept of data tainting. For instance, with this turned on, data entered by a user cannot be executed as code, without first being 'untainted'. In the same way, a variable containing personal information could be marked as tainted. Any variable then being assigned from this value would also be marked as tainted. Without explicit permission, tainted variables could not be used to generate content sent over the internet. problem solved. Unfortunately, as I said, I don't think Java has this functionality.
Of course, this does raise the issue that if you have too many different access permissions, users are more likely to gnore them. Also, there will always be plenty of people who don't realise, or care about the implications of allowing an unscrupulous app developer access to all of your personal information.
I don't see how this is solely an Android problem anyway; surely the same technical problems exist for any platform that can be given access to both personal data, and the internet.
Why is anyone surprised by this?
It's a google product after all. They want to know EVERYTHING all the time!
Comment on private data access from Android developer.
1. All free applications that contain some ads both on Android or Apple iOs send geo information to server - and this is reasonable - I think you don't need advertising in Chinese or Russian :).
2. Paid applications with self-made protection need to know device unique ID or IMEI to generate license, and normally companies or developers will never use or publish such private data, its not a way of making business for them.
3. Apple fans take a look here - "iPhone apps put user privacy at risk" http://www.theregister.co.uk/2010/10/04/iphone_privacy_report/
- Tricked by satire? Get all your news from Facebook? You're in luck, dummy
- Google straps on Jetpac: An app to find hipsters, women in foreign cities
- Updated Microsoft Azure goes TITSUP (Total Inability To Support Usual Performance)
- The Return of BSOD: Does ANYONE trust Microsoft patches?
- Munich considers dumping Linux for ... GULP ... Windows!