As gatekeepers of the app marketplace, the app stores should do more
I quite agree, but also, as gatekeepers of the well being of their children, I think parents should probably be doing more too.
US regulators have told smartphone software makers to do more to protect the privacy of kids using their apps - or face the watchdogs' wrath. In a report that acknowledged the "tremendous" growth of mobile software, the Federal Trade Commission said app developers are not making "simple and short" declarations of their privacy …
Agreed; but as most of these security slips are mostly only discovered after your data has been raped it's a difficult task. The app stores should be doing much, much more and all data rape ought to be opt-in only; but as that's where a lot of the money is coming from it'll only happen when they are forced to. And then they'll be finding ways to weasel out of it.
I Stopped downloading apps for the simple reason that the developers are asking for too much information.
Why do they need to know where I am, why do they need access to sms, why do they need to....... Contacts list.
TO COLLECT DATA AND SELL IT ON FOR ADVERTISING
IF EVERYONE stopped downloading apps they would soon change things. I would love to have examples of the information they take off you because, believe me you wouldn't be downloading half what you do now.
Rant over.
There are so many apps that just ask for "everything", and I put many of these down to laziness on the part of the author, not malice.
Being able to allow some access patterns would be good. Actually as would an "advert fetching" permission, rather than full access. Then run an ad server on the phone...
I'd rather have a menu for each app where I can decide whether to let it have genuine information, or whether it gets to know my name is Mickey, my contacts are Pluto and Donald, my location is Disneyland, it's net read/write access is /dev/zero and /dev/null respectively, etc.
That way I could still use an app in spite of not trusting it.
"There are so many apps that just ask for "everything", and I put many of these down to laziness on the part of the author, not malice."
Well, there's your problem.
Follow that logic through: if the developer is too lazy to identify the access rights their application needs, what other basic development tasks are they too lazy to do properly? "Laziness" is not giving the developer the benefit of the doubt, it's just raising YET ANOTHER reason why you shouldn't install their product.
For example I've seen Oyster apps sending all your Oyster card details to the developer's own server, and presumably then contact TfL from there. (using cleartext HTTP to make matters worse)
But what else are they doing with that info? Why doesn't the app simply contact TfL directly?
It's not something that shows up on Android permissions either because it's simple Web access.
Short of users starting to sniff what their apps are doing I think it'll be very had to put a stomp on this.
"From the beginning, Android has had an industry-leading permission system, which informs consumers what data an app can access and requires user approval before installation"
But doesnt give ANY method of stopping those apps accessing it...
In other words "you dont want us harvesting your data? Dont download the app then".
So, as a brand new Fandroid user i have discovered nearly EVERY app wants access to everything about me... Why??? Why cant i explicitly allow or deny acces to certain data.
My SMS app might need to access my contact list but it doesnt need to know what my geo location is...But i cant modify that.. All or none and none equates to not installing the app in the first place...
So i recommend Pdroid or Privacy blocker. Or better yet, go back to symbian!!!!!
Dear google, get your fucking tendrils out of my data!!!
Personally I think the worst bit of permissions is they show them at install time, before the user actually has any clue about everything the apps does. This leads people to think that the permission will actually be useful somewhere, so of course they accept it (and yes there's no other option other than accepting it)
Also there's no clear picture of how the permissions are used, i.e. sure the app needs "read address book" but that doesn't tell the user that the app will "read the address book and send it to our server in the Bermudas".
Finally many developers just ask for all sorts of permissions without needing them. But I'm told that's because any app updates can't ask for more permissions in the future? (not sure if true, feel free to correct)
Assuming we're talking about Android, then yes, they can. The difference is that if you don't ask for more permissions then the update can happen invisibly in the background, but if you do then the user has to explictly permit the update. Seems like a reasonable model.
To be fair, Symbian OS doesn't allow you to selectively grant permissions either. I think there are other reasons for preferring Symbian over Android, but I'm afraid the permissions model isn't one of them (Symbian's implementation is arguably better but the design is essentially the same, app gets all permissions at install time or it doesn't get installed).
"From the beginning, Android has had an industry-leading permission system,"
Well... NO. Blackberry has industry leading permissions, you could deny individual roles and permissions at run-time on even ancient relics like the Pearl and Curve. Most of the apps would still run too. Even Apple has started to tap out and allow users to deny address book access to individual apps at runtime.
So really, Android's permissions controls are really sort of in-the-midde-of-the-pack-and-and-getting-passed-by-the-competition.
Bollocks.
The Android permission system is all or nothing, with such things grouped clumsily together as "Phone state..." (useful, so stuff shuts up during a call) "...and identity". What? WHAT?
In addition, I have rejected good apps for wanting to "Discover known contacts" and "Services which may cost you money", neither of which are necessary to the functioning of the app and could be disabled with little loss. Plus, yes there's more, there seems no mechanism for targetted web access (like, to the app support site and the obligatory advertiser). It looks like it is all of nothing.
When Google implement a scheme where an app asks for permissions and the user can CHOOSE which to grant, then you'll have a system worth looking at.
That permission could be worded a little better. It's not clear that "Phone" modifies both "state" and "identity". In other words, the permission allows checking the phone state and the identifier _of_the_phone -- not YOUR identity.
This at least indicates why they might be grouped together (common library), even though it would still be nice to separate those two, as the second could be more easily used for nefarious purposes.
I'm well aware it is the phone's identity and not "mine", however if the phone identity is being given out willy-nilly, you might ask yourself what defines your identity? I've already posted how "anonymous" recording of my GPS use could viably lead to the discovery of my likely home location, thus my address, and maybe even my name. But my name is unimportant, you don't need to know my name to know who I am, just use a convenient identifier like, say, my phone's identity...
if you have no children of your own or you are sitting with a smug self satisfied middle class smile on your face.
That smile won't last because your children will be running rings round you and your tech ability.
However, if the permissions really made it clear and gave an example of WHAT they collected about you then MAYBE we could make a better informed decision.
It seems, in general, kids really don't know/care about privacy, for the most part. But anyway...
Say 'No!' to Facebook and you get howls about how 'Johnny Little, 11 down the road has Facebook and so does his puppy, canary and tortoise.'
Say no to some IM shite, you get the same.
Say no to Web cams and Huddles, you get the same. (Huddles? FFS! Whichever twat came up with that needs kneecapping).
And so it goes on. As a responsible parent it's pretty tough getting the balancing act right. You don't want your kids running riot unmanaged or uneducated, but at the same time you don't want to alienate them from their friends.
Personally I am not a great fan of kids of Facebook, Twitter or whatever. But whatever you do as a parent, it'll rarely be right. But that's life IIRC.