back to article Japanese govt: Use operator-run app stores, not Google Play

Google’s security credentials have taken another hit after the Japanese government warned local Android users to download their apps from third party operator-run stores, and not Google's own Play, following the discovery of a prolific info-stealing app on the official site. The Tokyo-based Information Technology Promotion …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    During the meanwhile ...

    Does the Japanese Government not warn Android users that the gootards can cross-reference everything they do on their telephones with everything they do on their laptops/netbooks & desktops, even if all three(four) are on different contracts, and seemingly on different networks & network addresses?

    How? Glad you asked ... You do read your gmail account from all three (four), right?

    Think about it.

    1. P_0

      Re: During the meanwhile ...

      You do read your gmail account from all three (four), right?

      Hi welcome to 2013. You seem to come from a time period when this was news.

      Obviously, if you are going to use free products (gmail, yahoo mail, hotmail/outlook) "the man" will be tracking you and knows exactly what kind of pr0n you like. That's the way the world works. You do know using gmail isn't compulsory to use the internet, right?

      Back to the headline: Yeah Google need to pull their finger out. Their Google Play security stinks. Then again, users should ask themselves, "why would a sexy wallpaper need access to my phone book?"

      1. This post has been deleted by its author

      2. ADJB

        Re: During the meanwhile ...

        "why would a sexy wallpaper need access to my phone book?"

        So young sexy single ladies can contact me directly instead of just randomly emailing my porn browsing account.

      3. jake Silver badge

        @P_0 (was: Re: During the meanwhile ... )

        Most folks who use such "services" don't know that they are the people providing the profit, not the people receiving the profit. google exists for the google shareholders, not share-less google end-lusers. Think pimp, hooker & john. One pimp, several hookers, and boatloads of johns.

        I'm trying to pass the word along to the johns, who may not appreciate the depth that the pimp can (and obviously does) set the hookers delving into the lives of the unaware johns. If you have issues with me pointing it out, carry on as you see fit. No skin off my teeth.

        1. P_0

          Re: @P_0 (was: During the meanwhile ... )

          I'm trying to pass the word along to the johns, who may not appreciate the depth that the pimp can (and obviously does) set the hookers delving into the lives of the unaware johns. If you have issues with me pointing it out, carry on as you see fit. No skin off my teeth.

          From my experience more or less everyone is aware that Google tracks you and knows what you (or at least your ip address) is searching for. Who are these unsuspecting Johns? 6 or 7 years ago people could get away with the naivety of not knowing what Google is and what it does, but in 2013 naivety is giving way to incompetence.

          1. jake Silver badge

            Re: @P_0 (was: During the meanwhile ... )

            "Who are these unsuspecting Johns?"

            Your mum/dad, your granny/grandad, your teenage child(ren), your buds who are iFad/Fandroid luser(s), your GreatAuntie/Uncle, the Principle/Headmaster/Marm at your child's school ... need I go on?

            You're speaking as an admin, not a user. Your users are targets for the marketards. They are sitting ducks, and don't you ever forget it.

            1. Anonymous Coward
              Anonymous Coward

              iFad/Fandroid luser(s)

              Well, I was thinking you were a selfless champion, worried about the common users who does not know how they can me monitored/cheated/robbed/scammed on the interwebs, but after that luser bit it seems you are more on the lines of a conceited twat. Go away now.

              1. Anonymous Coward
                Anonymous Coward

                Re: "no skin off my teeth"

                I am not surprised that you had to look that one up. What I am surprised at is that you found anything.

                The expression is 'no skin off my nose'.

                There are several variants that still make sense but this is not one of them. Your teeth do not have any skin.

                Do not get it confused with "surviving by the skin of one's teeth" which is intentionally using this fact to make the point (survival by a very thin margin).

                Only someone of limited intelligence who was incapable of understanding the meaning of their words would ever come out with such nonsense.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: "no skin off my teeth"

                  There is also the fact that you are slightly more likely to graze your nose if you happen to accidentally fall over or bump into something.

                  That's probably the origin of the idiom.

                2. Tom 38
                  Joke

                  Re: "no skin off my teeth"

                  I am not surprised that you had to look that one up. What I am surprised at is that you found anything.

                  He's cutting off his nose to spite his face, but it's no skin off his nose if he gets there by the skin of his teeth?

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: "no skin off my teeth"

                    Another one I have come across is "no skin off my back" which I suspected was a cross with the unrelated 'you will have the shirt off my back' i.e. taking all of someone's possessions.

                    1. jake Silver badge

                      Re: "no skin off my teeth"

                      It means "there is no there there", roughly.

                      Probably a local idiom. It's ubiquitous in the blue-collar community here in the Northern portion of California.

    2. Lars Silver badge
      Pint

      Re: During the meanwhile ...

      Hello Jake,

      Quite liked the message you seem to have deleted. The "no skin off my teeth", I had to look up with Google, new to me. Hooker is apparently not in Google's vocabulary. All they provide is "hooker with a penis lyrics" funny logic here. What a way to be remembered as a general. I wonder if there are many similar fates. Pimp, hooker and Johns. Quite nice, but I would like to add the "condom" to the equation when it comes to using Google. Better keep it on all the time. There are indeed reasons for Google to take matters much more seriously. My condom will stay put as I think Google is a bit like a ship exploring the world but not very keen on settling down and turn serious. Growing up takes time, and for some a lot of time.

    3. Anonymous Coward
      Anonymous Coward

      “sexy porn model wallpaper”

      Come on! Does anyone in their right mind think that a free “sexy porn model wallpaper” app is not going to be anything other than stuffed with malware and the like?

      This just shows the lack of common sense the average Japanese Android user has.

    4. Anonymous Coward
      Anonymous Coward

      At least Apple

      At least Apple are open about ripping you off, Google allows the underhand stuff by third parties and reaps the advertising revenue.

      No wonder it has not been stamped out when it could have been.

  2. Shannon Jacobs
    Holmes

    Follow the money--the google certainly does

    Premise: I think that freedom is a good thing. The problem is when a player like google plays games with the "freedom" word to evade any responsibility for harms. It bothers me more when the victims are on the scale from innocent to naive. At this point, that's the only place you're going to find people who believe "Don't be evil" has any relevance to the google.

    Disclaimer time: (1) I work in a competing food chain, but these days that's sort of like saying 'I work with computers but not for the google.' (2) I hate censorship and I think the google has becoming increasingly censorious, both actively in cutting people off from services and passively in pagerank games. (3) I REALLY hate spam and spammers and the google's motto there is just "Live and let spam." Based on my experiences working for one of the earliest commercial ISPs in this country, I suspect it has something to do with porn, since the president of that company believed it was the driving factor of his business...

    1. Anonymous Coward
      Anonymous Coward

      Re: Follow the money--the google certainly does

      I'm quite simply critical of Google because they lie, deceive and break the law to get what they want and then claim "oops" when found out, with excuses that do not withstand even the smallest amount of intelligent analysis.

      We (as in "users") have legal rights. I see a lot of people say that people choose "voluntarily" to give Google their details, but if you look through the help files of some products you come away with the impression that users may have been deceived in not understanding to what depth Google has access to their lives.

      On the plus side, it appears regulators have woken up. Let's hope that the recent porkfest in Brussels hasn't damaged the ability of the regulators to take action, because if it has, Europe's credibility will be gone. I suspect that's the whole idea, but I'm not sure politicians have that strategic a vision. Most can't see past their own term.

      Google is becoming the new Microsoft, but is far more sneaky going about it.

      1. M Gale

        Re: Follow the money--the google certainly does

        Every single PLC on the planet is governed by rules that dictate they be bastards. I don't hugely trust Google either, but they still make the biggest phone OS on the planet and.they are distinctly unbastardly about letting you have a copy. Source too, if you like.

        Now, about the lack of a post-install permission denial... Get your shit in order Google, before someone else does it for you.

  3. ratfox
    FAIL

    And this, gentlemen, is why…

    Android should by default allow the users to selectively block access rights from apps; at least the right to send data over the network. I'm tired of arguing this point when it is such a no-brainer. All I could ever hear against is how poor developers should not have to handle their applications losing access to this or that… But anyway apps don't always have access to the network, e.g on planes, so this is pretty moot.

    1. David Hicks
      Stop

      Re: And this, gentlemen, is why…

      I agree wholeheartedly. Installing apps on google play should not be a case of "this app needs access to <huge list of things that most folks don't understand at all>, continue or cancel?"

      You obviously don't want to get into a Windows vista-esque game of popping up boxes every two minutes to ask for new permissions, but there's got to be a way to stop apps asking for the moon on a stick and the only other option being that you can't install them.

      I know if you install cyanogen mod and some other thing (can't remember off the top of my head) there is a way to take perms away after install, and just live with the resulting stability, but this isn't for the non tech-inclined either.

      What they really need is a better review process for the play store. I know, I know, this means there might be some delay getting the latest fart app published, but I think it might be worth it. At the very least you want someone semi-technical to cast their eye over the permissions list. Why does this wallpaper app need to be able to make calls? Why does this crappy game need access to your address book? Why does skype need to read my SMS inbox...?

      1. Robert Carnegie Silver badge

        Re: And this, gentlemen, is why…

        "I agree wholeheartedly. Installing apps on google play should not be a case of, this app needs access to <huge list of things that most folks don't understand at all>, continue or cancel? There's got to be a way to stop apps asking for the moon on a stick and the only other option being that you can't install them."

        There is another way: put multiple versions of the app in an app store, with different features active.

        Many somewhat unexpected requests are about making money (i.e. downloading advertisements from the internet) or behaving properly in the phone environment (turn off the sexy wallpaper when your wife phones so that she doesn't see it and she thinks it's her that you're excited about), but if you don't understand what it's asking for and why, then say no. This may demand that owners (or users) have some understanding of the device that they own or use. And so they should.

        I suspect that the example described does qualify as malware of the "Trojan" sort since it seems to be doing things unrelated to its overt function, the sexy wallpaper - even though it asks for permission. But that so many users -gave- it permission is extraordinary. Is it perhaps possible that instead it was downloaded many times by its creators to give it a fake popularity?

        1. David Hicks
          Stop

          Re: And this, gentlemen, is why…

          "if you don't understand what it's asking for and why, then say no"

          That's easy enough for me, as a software engineer with an eye on security. Less so for the man on the street, or my mum (for instance). Not that she believes in these new-fangled mobile-telephones anyway.

  4. The BigYin

    Google Play is a failure

    I made the stupid decision to acquire an Android phone recently. Maybe I was expecting too much, but Google Play sucks (as does the inability to remove any of the default apps - Facebook? Do not want.)

    The main annoyance is the permission "App X requires the ability to read all your texts, access your network and rape the family dog." No explanation on why it needs those permissions or any user option to restrict, take it or leave it. By and large I leave it.

    Google Play needs to offer a lot more user control. If "Angry Birds" or whatever needs to know about an incoming call, fine. Tell me that. Needs to know about an informing text, fine. Tell me that. Neither of these should grant the app the right to read my texts or find out the numbers; which is what the blurb implies they do.

    As the end-user I should have final say. If I remove a permit and break an app, boo-hoo me. It's just an app.

    Android can't even sync without you giving all your contact information to Google. Sod that!

    Once this contract is up, I'm going back to a feature phone that does not need charged daily. Android is a total waste.

    1. frank ly

      Re: Google Play is a failure

      I agree with you that it seems unreasonable (and maybe suspicious) that an app which had nothing to do with phone calls is able to read your phone state and the numbers you have called. The explanation I read was that the permissions are too coarse: e.g. a developer who needs to know if the phone is ringing (for incoming) so they can pause music play has to have access to 'Phone stuff' which is so coarse as to include all phone stuff, not just the elements they really need.

      As for the forced Facebook thing on your phone, that is a deal between the phone maker or mobile provider who put it on there before you bought it. I don't have that crap on my phone (Nexus 4). I have other crap :)

      "Android can't even sync without you giving all your contact information to Google. Sod that!"

      You need to spend time in the deeper settings menus, where you can select which google services are synced and which are not. Note: If you're worried about syncing your Google contacts, Google already have your Google contacts (think about it). If it's the phone SIM based contacts you're worried about, then your statement is simply not correct and you need to learn more details about syncing information on Android phones.

      1. Anonymous Coward
        Anonymous Coward

        Re: Contacts

        The contact details associated with most people's phones are not Google contacts and nor are they stored on the SIM card (did you just get in from the 90s?)

        1. frank ly

          @AC 13:51 Re: Contacts

          Well, excuse me for not going through all the possibilities. My phone contacts are not Google contacts or SIM contacts either and Android doesn't need access to them in order to sync. The two examples I gave are just the obvious ones for an Android phone especially for someone who seems to be new to Android. The OP made a statement about Android syncing, which I believe was incorrect. I explained something using two examples.

          Stick to the point instead of taking cheap imaginary shots.

  5. Terry 6 Silver badge
    Flame

    Phone access

    An awful lot of free apps recently have required permission that allows them to monitor phone messages; including some updates to stuff I was already using. Needess to say, I don't mean apps that actually need to interact with my phone in any legitimate way.

    They're just laying in wait for suckers that don't look at or understand the permissions.

  6. Anonymous Coward
    Anonymous Coward

    Japanese govt are quite clearly idiots

    as by telling users to use other stores, users then have to allow ALL untrusted APK's on the phone, which is where 99.9999999999999% of all malware problems come from.

    Funking idiots.

    Google Play is by far the safest place to shop on Android and always will be.

    1. Terry 6 Silver badge
      Childcatcher

      Re: Japanese govt are quite clearly idiots

      I'm not sure *any* of these places are safe unless we have a pretty good idea what we are doing and are prepared to look out for the trip wires ourselves.

      1. Anonymous Coward
        Anonymous Coward

        Re: Japanese govt are quite clearly idiots

        They of course are safe. The only people claiming Google play isn't safe, are Apple and vendors of Android Malware "solutions"

        The reality is.

        a) Google scan all uploaded apps using their Bouncer tech. Other stores (inc Amazon) don't do this.

        b) Goole have the ability to remote uninstall any apps that slip through the net -Other stores also can't do this.

        c) Corporates can apply a group policy that prevents apps or non approved apps being installed.

        d) My Nexus 4 even offers to scan my phone for know dodgy sideloaded malware APKS.

        Why is nobody talking about the rather GOOD preventative measures? Because it doesn't make for sensationalist bullshit stories, that's why....

  7. Irongut

    Electronic Darwinism

    Anyone who installs "sexy fresh girls wallpaper" that wants access to everything deserves what they get.

  8. Andrew Jones 2

    Oh god where to start?

    1) sexy porn wallpaper? really? are people that stupid?

    2) Google Play is unsafe because X, Y, Z - well - we better ban email immediately then - because there are just as many people (and many more) clicking on dodgy links in emails and opening unexpected dodgy attachments as there are people not bothering to read the list of permissions or even the reviews on a Google Play app.

    3) I love the fact it is always anti virus companies screaming about how the Google Play store is littered with malware - and then saying - but hey guess what - we just happen to have an app to help you detect said malware.

    4) Phone State permissions - confusing one this one - people only notice the phone calls bit and think the app wants access to your phone calls - but actually the unique id of the Android installation is accessed with this permission which developers generally store in a database to detect unique users. In theory depending on how an app is coded on the backend - you should be able to do a factory reset of your device and reinstall the app and get your data back without needing a login - though I don't know of any app that does this - the majority of developers that store your unique id - do so to make sending push notifications easy.

This topic is closed for new posts.

Other stories you might like