back to article It never ends: TV exposé tags new Android privacy howler

The UK’s Channel 4 News has dropped a fresh load of privacy grief in Larry’s lap, with an expose into the way advertisers hitch-hike on apps’ permissions. The Channel 4 piece has drawn a furious response from European Commission VP Viviane Reding, who has told the broadcaster: “this is against the law, because nobody has the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    It's an operating system given away free by a marketing company. Not surprised.

    1. Anonymous Coward
      Anonymous Coward

      Not surprised but

      Why do I keep getting adverts for dating sites?

      Not to mention more other more 'unusual' advertisments....

      No I have never downloaded them... However my 7 year old son plays some of the games on my phone and increasingly it is not easy to avoid accidently pressing on the ad, next thing he sees is an ad that 7 year olds should not see.

      Is this enough for a lawsuit I wonder. If ads are supposed to be targeted why don't I get tech stuff, flying stuff, food stuff (boring I know) instead its all naked girls, dating, etc?

      1. LarsG

        Re: Not surprised but

        Permissions cannot differentiate between a 7 year old and an adult. However the phone user should be able to tell the app or advertisers that the device may be used by children.

        This is a serious omission, the onus should be on the developer and advertiser to state what ads will be served up, and for the user to opt in or out.

        If a porn site or naked girls etc ad is served up to a minor it is an offence pure and simple. The owner of the phone has no control over it as it may literally appear out of the blue.

        1. LarsG

          Re: Not surprised but

          Oh and finally, how many people allow their children to use the phone?

          Most probably, so there should be a presumption.

          1. Martijn Bakker

            Re: Not surprised but

            - The internet is for porn

            - You could install something like AddFree to get rid of adds (not entirely ethical if you use a lot of add supported apps, but it will keep your son from seeing naughty adds)

            - The scary bit is that most will assume that you must have done something to make Google think that you have an interest in dating sites

            - I generally get adds for games, tech and books. Google must have decide that your genes need to be passed on.

            1. Armando 123
              Coat

              Re: Not surprised but

              "- The scary bit is that most will assume that you must have done something to make Google think that you have an interest in dating sites"

              Like, what, breathing?

        2. Rob

          Re: Not surprised but

          "... the onus should be on the developer and advertiser..." missed a bit, let me help you...

          "... the onus should be on the parents to ensure all measures are taken to protect children from this content and supervise them when necessary."

          There are apps out there to make your device child friendly and stop them from accessing content you don't want them too. It might be a bit hard to convince the advertisers and developers about responsibility as they will assume most 7 year old don't have the money to buy these devices and in the case of a mobile phone aren't legally old enough to buy.

          1. NogginTheNog

            "legally old enough to buy."

            I don't think there are any legal restrictions on anyone of ANY age buying a mobile phone are there? The only age restrictions come with being able to sign a contract, though I don't think PAYG involves any contractual agreement (precisely for this purpose!)?

            1. Rob

              Re: "legally old enough to buy."

              Your right there is no legal age limit for PAYG phones as no contract is involved, but you'd be hard pushed to find a shop that will sell a PAYG handset to someone who looks too young without a parent with them, mainly because the handset in question wouldn't have been set-up with age restrictions in place by default and the shop/brand would probably be liable if something bad happened.

              Sorry should have worded my original post better.

              1. heyrick Silver badge

                Re: "legally old enough to buy."

                Don't assume. Over here you can *buy* a mobe shrink-wrapped to the front of a magazine. It's around €30 or €40, comes with some initial credit, can play MP3s and so simple online stuff. It's a really basic featurephone, but I don't think the day is far off when we can see low-end Android sets in a similar sort of situation. And who, stereotypically, blasts out the most texts and tweets? Teenagers. Hell, there's a whole pile of advertising directly targetting them.

                Thus, I think it's a fairly safe bet that non-adults will be using mobile devices; and app authors might really want to think twice about the cack they allow on the phone.

                FWIW: One of the apps I use frequently touts Asian dating sites. The logic? I have an interest in Japan that is kinda hard to miss, and I don't appear to be otherwise linked to a female. "Ba-ding, let's set him up with somebody". Errr... Yeah. I prefer mine to be three-dimensional, thanks...

                1. Rob
                  Meh

                  Re: "legally old enough to buy."

                  Completely get your point and agree to an extent, but you'll have to forgive my usual soapbox rant about "parent responsibilty/liability".

      2. Anonymous Coward
        Anonymous Coward

        Re: Not surprised but

        Because Google knows you've been looking at pictures of naked girls?

      3. FreeTard

        Re: Not surprised but

        no script and ghostery in your browser, and always run in a private browsing session. Then run in normal mode and search for something you'd never normally search for. This severely annoys ad bots, but its rather funny seeing the adds that target you afterwards.

        Root your droid and use addblock. problem solved. You will also wish to disallow all tracking in your settings. Lets face it, you usually know where you are and where you are going, and you don't really want to be checking into places either with farcebook.

        While your on it, install thunderbird for access to your gmail.

        lastly, stop surfing for porn.

  2. jake Silver badge

    I've been saying it for years.

    google (and by extension, the rest of the !GooMyFaceYouMsTwit online advertising companies) are an accident waiting to happen. My recommendation remains the same as it has been since their inception:

    Shun them.

    1. BillG
      Thumb Up

      I've been saying it for a year

      Install DroidWall. It let's you block apps from accessing the internet. About half my apps are blocked, Also blocks ads on those apps.

      I feel safer, my phone runs faster and gets better battery life. And get this: DroidWall doesn't require network access!

      1. Anonymous Coward
        Anonymous Coward

        Re: I've been saying it for a year

        @BillG

        Droidwall doesn't need network access permissions. It's got root access!!

  3. Turtle

    A VERY special message!

    Larry, Serge, and Eric have a -very- special message for Viviane, the EU, and everyone else: "Fuck you".

  4. Anonymous Coward
    Anonymous Coward

    WebOS anyone?

    hat & coat, leaving!

  5. Mike Bell
    Thumb Up

    Yay, Go Viviane!

    Make the fuckers install an option on their OS that says

    STOP TRACKING MY PERSONAL SHIT FROM WHEN I WAS TOO YOUNG, STUPID OR GULLIBLE TO KNOW ANY BETTER

    1. Voland's right hand Silver badge
      Devil

      Re: Yay, Go Viviane!

      On a more serious note - the way apps permissions are formulated they do not make a distinction between "use" and resell to third parties.

      This distinction exists in Eu Data protection law and cases and is very well defined.

      This will be interesting to watch - I expect a large contingent of Eu tanks parked on Chocolate Factory's lawn soon as well as the biggest fine in data protection history to subsidize them. We all need more money to repair the damage from the "Timeo Danaes, Goldman Sachs options ferentes" and their Euro Trojan horse. So I would not expect the commission to show any mercy :)

      1. Anonymous Coward
        Anonymous Coward

        Re: Yay, Go Viviane!

        Dear V'sRH,

        I'm curious what you mean by "Timeo Danaes, Goldman Sachs options ferentes" and their Euro Trojan horse. Could you please tell me what you're refering to and/or direct me to more info?

        Thanks.

        1. Michael Dunn
          Happy

          Re: Yay, Go Viviane!

          Come on, AC! It's a (modified) quote from the Aeneid - never heard of the 'Greek gift' tactic in chess?

      2. Michael Dunn
        Thumb Up

        Re: Yay, Go Viviane!

        At last! Someone who can actually _use_ Latin!

  6. Anonymous Coward
    Anonymous Coward

    I don't get it

    Does it mean that these apps send the data to the advertisers? I rather doubt that the advertisers are able to come themselves read the data in the cell phone...

    1. ratfox

      Re: I don't get it

      ...Or does it even mean these apps COULD BE doing it, who knows?

      If they really found apps that played fast and loose with the user data, I'm sure Google would remove them from their app store, but somehow, Channel 4 have decided not say exactly what the apps do, or even name the apps that they found to be misbehaving. Can we get some DETAILS?

    2. Muckminded
      Holmes

      Re: I don't get it

      I guess it depends how the ads are implemented. If the app developer is not complicit, by adding data slurping code, then it's down to whether advertisers can inject code, in addition to the graphic and link information, in their ads. If the ad suppliers cannot insert custom code, then it's difficult to know how they gain anything by the permissions granted.

    3. n4blue
      Unhappy

      Re: I don't get it

      agree it sounds iffy.

      However, the report seems to claim that this is exactly what's happening:

      "The code that [the researcher] found gave advertising networks access to your contacts, calendar and location. It came from a large U.S. ad network called Mobclix."

    4. Ilgaz

      Amazing amount of permissions

      You can actually build a zombie android network just with "full internet access" which all ad enabled require. There are white hat tools on market which can switch your entire connectivity off, erase all wifi access points to try fixing your connectivity. They require one permission: "full internet access". That is "super user" power on Linux/ Mac.

    5. Ian Michael Gumby
      Mushroom

      Re: I don't get it

      It depends on the app and who the advertiser is. But essentially you are correct.

      When an app generates money from ad revenue one of the revenue streams is the personal information that they app can pick up about you.

      I have friends who say "who cares?" and go about their daily lives not caring about their privacy.

      I and other friends are of the mind... "I like my privacy so get the fsck out of my life."

      So we don't use these apps, etc ...

      But here's the sad part. Because some of my friends don't care about their privacy, these companies are getting my personal information via my friends. Something they may have opt'd in to, but I didn't.

      The US Government is on the take to the lobbyists from these companies. Go EU

  7. Dan 55 Silver badge
    Facepalm

    No such thing as a free lunch

    "The are spotting you, they are following you, they are getting information about your friends, about your whereabouts, about your preferences. That is certainly not what you thought you bought into when you downloaded a free of charge app."

    It's exactly what I thought, that's why I've got a handful of apps and 99% of them made by the same manufacturer who made the mobile phone.

    But I don't see why she's making free a distinction, as if paid-for was a guarantee of anything (e.g. WhatsApp).

  8. Anonymous Coward
    Anonymous Coward

    Permission blocking

    We need the ability to block individual permissions on an item by item basis - not just "if you install this we'll do all these things".

    We also need the ability to block all tracking, and have that block respected.

    Suggest the EU call a privacy conference of the great and good from google, apple, microsoft, etc. - then arrest the lot of them and bring them to trial. THAT would send a message that won't quickly be forgot.

    1. Anonymous Coward
      Anonymous Coward

      With you all the way....

      Until that last part about arresting everyone. 2 out of 3 aint bad but not enough for a thumbs up, sorry.

    2. sorry, what?
      Facepalm

      Re: Permission blocking

      Symbian anyone?

    3. Anonymous Coward
      Stop

      Re: Permission blocking

      "We need the ability to block individual permissions on an item by item basis - not just "if you install this we'll do all these things"."

      Still needs to be a mandatory vs optional thing (and so can be done in app with the current system if the developer could be bothered - and obviously if you trust them). If I'm making an app whose functionality depends on a particular permission (camera access say), there's no point making it available if you're going to block said permission (and likely then complain in the reviews when the feature doesn't work).

  9. Anonymous Coward
    Anonymous Coward

    Just read the permissions

    You don't need to know what goes on in the background when you see such permissions required as "allow application to send SMS" and a few others then you have to wonder why the application needs such access. At this point anybody with more braincells than a brick would choose not to install the app no matter how good it seems to be.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just read the permissions

      Yeah right. I thought the same 15 years ago when I saw people clicking OK to messages popping up on their screen saying "Your Internet Connection Is Not Optimized. Download InternetBOOST Now!"

      The average phone user doesn't have a clue about permissions and their implications.

    2. Danny 14
      Stop

      Re: Just read the permissions

      The problem is, some apps need the specific permissions, such as:

      read phone ID - needed for licensing quite a few apps - it is how they lock down their apps to a certain phone.

      read location - GPS? Mapping software? speed testing with local server? Even if you can turn these functions off in the program the permission is still needed.

      read contacts - needed for not just the contacts but also calendar *and* repeating alarms using specific dates (i.e. the calendar but only the alarm part).

      Ive developed some android apps and I state what each permission is used for in the blurb - I *still* get the odd 1 star claiming "why do I need xxx permission" which shows even then people dont even read what they are downloading.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just read the permissions @Danny 14

        I don't doubt some permissions are necessary and indeed that a blanket permission may be required when a more specific less nefarious one would do but that doesn't detract from the fact that some are open to abuse. Having the choice I'd rather not install.

        I doubt there is any app I would consider so necessary as to hand over control of my phone for even though I don't have any photos on it, don't use address books and all the telephone numbers I need are in my head with the exception of my own.

      2. Muckminded
        Joke

        Re: Just read the permissions

        I'd like to know more about this "xxx" permission...

        1. Gannon (J.) Dick
          Meh

          Re: Just read the permissions

          I'm told it only applies after you have fraglewhumpped the islepecker on certain very high end Androids, and cheapskates are not even offered the option, but you'll know better next time.

          Clear ?

      3. sorry, what?
        FAIL

        Re: Just read the permissions

        @Danny 14, reading between the lines I think it is fair to say that the Android permissions framework is basically not fit for purpose and urgently needs revision and/or replacement.

    3. Andy Watt
      Stop

      Re: Just read the permissions

      "At this point anybody with more braincells than a brick would choose not to install the app no matter how good it seems to be."

      Well done. Even using the 80/20 rule with regard to Joe Public on smartphone app permissions is incorrect. It's probably more like 90/10.

      Seriously, people just don't want to be bothered wadnig through what they regard as boring, endless, incomprehensible security classifications (I KNOW you understand it - so do I - but we are EDUCATED in these matters - and know _it_ matters!) when they want to PLAY THEIR NEW SHINY THING!

      Piously suggesting that people should RTFM won't cure Android's problems. Failing to act to make android properly secure will just result in a platform no "normal" person trusts, especially if news stories like this keep breaking. Smartphone security is getting a bit Zeitgiest...

  10. Anonymous Coward
    Anonymous Coward

    Alex Hanff has an interesting idea....

    ....to deal with Google's EU non-compliant "privacy" changes.

    He's taking them to the small claims track to recover the cost of his Android phone (£400).

    Unless he gets labelled a vexatious litigant (unlikely) then even if Google "win" it'll cost them as they can't recover costs.

    Should he win then precedent is set and anyone in the UK with an Android phone will be able to get a refund from Google, not the manufacturer, as its Google who is the offender.

    Going to be interesting to see the outcome of this.

    1. Voland's right hand Silver badge
      Devil

      Re: Alex Hanff has an interesting idea....

      Close, but no cigar.

      If memory serves me right, small claims court does not form precedents.

      None the less, the idea is tempting to say the least.

      1. Anonymous Coward
        Anonymous Coward

        Re: Alex Hanff has an interesting idea....

        You can of course refer to another small claims track case in your own case as evidence of repeat "offenders" (or indeed as serial/vexatious litigants) - that is where this is likely to be useful, assuming he wins which is going to require some interesting argument.

        Still at least he's trying something.....

        1. Gannon (J.) Dick
          Go

          Re: Alex Hanff has an interesting idea....

          was going to say, isn't success in litigation it's own precedent ?

    2. Metz

      Re: Alex Hanff has an interesting idea....

      Slight flaw in the plan.....small claims court does not set precendent under the UK judicial system. Infact, I beleive that every single country around the world that has fast-track for small claims operates the same way, so no precedent can be set in this case.

      I think the chances are that Google will simply claim it has nothing to do with them, and the vendor will say it has nothing to do with them, and he'll be left holding the baby.

      1. Anonymous Coward
        Anonymous Coward

        @Metz.

        I believe they have to turn up physically even to say it has nothing to do with them. If they don't then the judgement goes against them. If they do it will cost them more money than what the claim is. Either way they lose money.

  11. Anonymous Coward
    Windows

    RTFM

    If it's free, you are the product, don't complain. That goes for all the stuff that is "free". Nothing is free.

  12. Andy 70
    Trollface

    windows phone

    huh, all i get are investment opportunity, and property portfolio managment ads.

    maybe it's a windows phone vs android general demographic vs actual data? ;)

    1. B4PJS
      Thumb Up

      Re: windows phone

      I tend to get SQL server ads, just waiting for the ads on SSAS/MDX to come through as that is what all my latest searches through Bing are on!

  13. Anonymous Coward
    Anonymous Coward

    Android ad framework?

    Do they all use a common ad framework that does all the snooping or is the developers themselves who initiate the snooping for referral $?

    1. Craigness

      Re: Android ad framework?

      There are numerous different ad frameworks. Developers may ask for more permissions to allow the ad frameworks to have more control over the phone, but this would lead to people not installing the app, in preference for ones with more realistic permissions.

      1. Jon Press

        Re: Android ad framework?

        Interesting piece from Mobiclix here on why frameworks "need" lots of permissions and you shouldn't worry your pretty little head about it:

        http://blog.mobclix.com/2012/01/24/why-do-3rd-party-sdks-need-permissions/

  14. Giles Jones Gold badge

    Lets face it, we never had such a diverse number of applications on our desktop machines. Many apps are just more convenient ways of accessing web sites.

    So your desktop machine could very easily be pillaged of personal data without it even needing to ask you. The difference is we didn't tend to install lots of free applications from people we've never heard of.

    We simply can't trust people to play nice and so phone OSes are going to need a lot more in terms of restrictions to APIs.

  15. Craigness

    Lookout has an app which shows the ad networks on your phone and what they can do.

    https://market.android.com/details?id=com.lookout.addetector

    1. yoinkster
      Thumb Up

      awesome

      "This app requires no special permissions to run"

      There's a good app!

  16. silver fox
    Trollface

    Stand back everybody

    Why exactly is this such a bad thing? If you're getting something for free you have to pay for it somehow right? There's no data that's likely to be on my phone that i consider private enough such that it's a disaster or an outrage if anybody looks at it.

    Just throwin this out there...

    1. I ain't Spartacus Gold badge

      Re: Stand back everybody

      The phones are not free! Android is only sort of free anyway. As the manufacturers pay for the Google suite of apps, and it's not much cop without them.

      But repeat after me: Phones are not free.

  17. Anonymous Coward
    Anonymous Coward

    Phone lusers

    "at the moment I don't think they are aware of the situation and how widely their information can be used"

    And when they are made aware, and told how their information is being used... they won't care.

    That's what smartphone users are like. People browsing this site may know and understand the situation, but your average phone user who responds well to mobile phone marketing and buys a lifestyle product or toy to check whether they're compatible with their boyfriend for just £1 rather than a device to fulfil some practical need simply doesn't care and will just carry on as they are.

    If you want a secure, reliable pocket data solution, fish out your old Psion from the bottom draw, scrape off the leakage from those batteries you left in it since 1999, glue back the hinges and make like Robert Duvall in Deep Impact. And if you're concerned about your New Labour-educated teenager haemorrhaging personal data via their phone but know they can't survive without some kind of portable interactive gadget, might I recommend trying them out on a Speak & Spell.

  18. qpopb
    Megaphone

    On Android - Check your market settings

    In the Android Market (Gingerbread+) within the settings menu there is a checkbox:

    "Google AdMob Ads - Personalise ads based on my interests"

    Not that it will necessarily help anything, but why not disable it? Can't do any harm!

    Then root your phone and install Ad-Free, hosts-file based ad-blocking.

    Problem solved(ish)?

    1. Ilgaz

      Re: On Android - Check your market settings

      A power like Google who codes the freaking OS and pays for terabytes of traffic and teraflops of processing power could tell advertising networks "please respect our opt out too"

      Of course, they didn't. They have no respect to your privacy, it is in their culture.

      1. Ilgaz

        Dear thumbs down owner

        Do you work for google? Advertising company? Some Gray hat developer who makes extra with known semi spy notification advertising framework? Against privacy based on political beliefs?

        Or you clicked thumbs down like a mindless zombie?

  19. ysth

    Who is MWR Infosecurity? No wikipedia page; not much web presence at all other than their thin website.

    I'm a little baffled by this; are there some other permissions the app should use when displaying advertisements besides the permissions the user granted? What do these users who weren't informed of something (not sure what) expecting?

    1. Alan_Peery

      Principle of minimum privilege

      > I'm a little baffled by this; are there some other permissions

      > the app should use when displaying advertisements besides

      > the permissions the user granted?

      Yes, the minimum needed to get an ad on-screen -- which can be distinctly less than required for the enclosing app. The app might need to know Contacts, but there is no reason why this capabillity should be shared with the ad.

  20. Jas 1
    Devil

    As an app developer

    OK, i've written an app.

    It is free, and has adverts in it.

    As a coder, this involves adding a jar file to the project and adding some code which displays the adverts. Now, my app does not request permissions to get contacts or texts etc as it has no need for these.

    Assuming I wrote an app that did, then I assume that grants permission to the 3rd party ad library to do the same, since it is all part of my app. So could it be that developers of these apps don't even know that ad brokers are piggy backing on these permissions to get at the personal data?

    I have no idea what other things this library is doing, but I imagine it would be quite easy for the 3rd party ad library to say:

    //

    // Show an advert and do nothing else (honest)

    //

    showAdvert()

    {

    if(hasPermissionToReadContacts())

    {

    uploadAllContactsToTheCloud(); // shshshsh

    }

    // oh yeah, don't forget to show the add otherwise people might get suspicious

    readlyShowTheAdvert();

    }

    Be careful out there

    1. TonyHoyle

      Re: As an app developer

      The news report didn't imply that (although it's certainly possible, provided the advertiser doesn't mind the bad publicity and subsequent lawsuits). They got a 'researcher' to write a malicious app that grabbed every bit of information about the phone (even that was debatable, as the data they were showing looked made up to me.. some of that data eg. the content of SMS I'm pretty sure you'd have to be rooted to get hold of) then say 'see! Any app can be doing that!'.

      When I saw it it came across like they'd heard of this (probably been reading el reg :p) and decided to make a story about it, but being unable to find a *real* malicious app on the marketplace, decided to fake it.

    2. stanimir

      Re: As an app developer

      small nitpick:

      in java usually it has to catch an exception for security related (restricted) tasks.

    3. Anonymous Coward
      Anonymous Coward

      Re: As an app developer

      A developer who apparently uses a library which you have no idea what it does. Even if you did read any documentation about the library (I assume you did as you'd need to know how to get paid) and it wasn't clear about what it did you can't have even installed your own app. If you had then you would have seen the permissions the plugin was asking for above those your app required, either that or you didn't bother to check. With such a level of carelessnes I daren't even think about the quality of the app.

      You, are not a developer.

      1. Craigness

        Re: As an app developer

        Chris, I'm not sure what you wrote is true. According to Lookout's Ad Network Detector app, the AdMob and MobFox networks can collect location information if "the application in question requests the appropriate permissions". So using the ad plugin doesn't necessarily result in the location permission being required, even though it can access that information when the app does request the permission.

        1. Anonymous Coward
          Anonymous Coward

          @Craigness

          I looked at a few ad plug-ins and in general they inherit your permissions so I was incorrect in my assumption that would notice additional permissions when you install your own application, where's the "Hands up" icon? However using a plug-in without knowing fully what it does is still not advisable. It is also appears possible to explicitly add the request for additional permissions for the ad plug-ins, something which I suspect they urge you to do.

      2. stanimir

        Re: As an app developer

        totally agree - most of 3rd party libs (esp. close source) are total trash and often dangerous

  21. Anonymous Coward
    Anonymous Coward

    And yet 3 and Vodafone continue to get a free pass when it comes to sharing every single URL visited by their customers with a corporation located in California. URLs could easily contain personal information too, and most customers are not even aware that this is even going on, let alone given their informed consent for such an activity.

    Any corporation located in the US is subject to US law.

    Not UK law - US law.

    This is regardless of the promises made to UK companies that pay for their services. This means complying with the PATRIOT act and all the other nastiness like FISA warrants and national security letters. The data might not even need to go anywhere near the US either for the US government to think that they have a right to demand access to it.

    http://www.computerworld.com.au/article/413379/australian-based_data_subject_patriot_act_lawyer/

  22. Destroy All Monsters Silver badge
    Stop

    "a furious response from European Commission VP Viviane Reding"

    Please, El Reg, can we leave the emoting bullshit to the gutter press?

    A "furious" politician is just code speak for emotional theater behind which the politican sees opportunities to upweasel his position, perks, kickbacks or put down a political opponent. It has nothing to do with the matter at hand.

  23. Ilgaz

    You can't buy apps too

    As I have no trust to advertising companies on mobile platform, I rather go with "pro, plus" whatever versions of apps I use on android.

    Guess what? Same as many huge markets, my country can't buy apps from google store. The apps I could buy requires a lot of paypal manual process and as developers aren't accountants, a lot of them doesn't even put the option. Of course, serial means crack too. Can't blame them.

    I believe, information vampires at google decided your personal information and habits are worth way more than $.70 poor developer would get and they don't sell on purpose. To spy on you.

    Nokia and Apple sells software here for years now.

  24. Jop
    Stop

    Just as unethical

    Having a rooted phone and Adfree I do not see the ads but do wonder if the data is still slurped and sent back in these cases?

    If an app is useful, I will buy it after trying the free version. But I still do not want my data sent to advertisers while trying it.

    Just yesterday I was looking at an android app that mimics Siri from the iPhone and after seeing it wanted so many permissions decided not to grab it. That is knowing full well that it needed those permissions to actually work how it was supposed too.

    It would take a lot of customers to think like that before permissions are changed and thus have a knock on effect with advertising. Unfortunately there are too many users who will just accept everything thrown at them.

    1. stanimir

      Re: Just as unethical

      >>but do wonder if the data is still slurped and sent back in these cases?

      if it's host blocked - no, it just resolves ads.host.co.uk. as 127.0.0.1 (localhost) and doesn't do anything. Yet, it doesn't mean it can send the data where ever it pleases, just less likely.

      1. Jop

        Re: Just as unethical

        >> if it's host blocked - no, it just resolves ads.host.co.uk. as 127.0.0.1 (localhost) and doesn't do anything. Yet, it doesn't mean it can send the data where ever it pleases, just less likely.

        Thanks Stan, your post reminded me that it indeed does block by setting the ad domains to localhost so most should be safe.

    2. Gerard Krupa

      Re: Just as unethical

      You don't necessarily have to wonder if your phone is rooted. You could install a packet sniffer and see, at the very least, what network connections are being made from your device and maybe contribute them back to AdFree to improve its effectiveness.

  25. Anonymous Coward
    Anonymous Coward

    Not as worrying

    as Channel4 and some unknown security firm brainwashing a nation of gullible idiots using sensational il-researched news.

    The power of the media these days is what the EU should be investigating...

    I wonder who has the most of gain from this CH4 "news" item? Microsoft... I wonder who was sponsoring it????

    1. Anonymous Coward
      Anonymous Coward

      Re: Not as worrying

      Was the "reporter" on this over-hyped story the same Ben Cohen who got his arse kicked for cybersquatting on itunes.co.uk?

  26. Paul Webb

    Just part of MWR's attempts to get noticed at MWC

    It's just taken this long for the mainstream media (well, C4) to run with the 'story'.

  27. Andrew Jones 2
    FAIL

    So.....

    The outcry is that the APP that YOU download and install is using the permissions that YOU have accepted? How exactly did people think advertising inside an app worked? The advertising is PART OF the app - it is not even inheriting the permissions that you give to the app - it IS the app.

    This is no different to having read the permissions - noted that the app wants to access your location, installed it - and then complained anyway.

    1. Tom 38

      Wouldn't it be better to install the app, and then when the app requests access to your location, be prompted as to whether you wish to allow it or deny it.

      Similarly, a Facebook app may wish to have access to your contacts, and should say so when you install it. In addition to this, the OS should also notify and prompt the user when it tries to actually access this data, and the app should cope with the idea that the user may say no.

      If the user trusts the app implicitly, there could be a setting to control which apps can always access particular information.

      I don't get why this is so tricky for both Apple and Google. Apple at least do it better with location, you can force iOS to prompt the user before allowing an app to use location, but IIRC things like the contacts are freely accessible for an app, and it is only the curated aspect of the app store that stops apps from taking this data.

      1. Craigness

        Unfortunately the curated aspect of the app store merely convinces people that their data is secure. From when the WSJ found, your best bet is Android if you don't want your contacts uploaded.

        http://blogs.wsj.com/wtk-mobile/

        Why do Bejeweled (Iphone) and Calorie Counter (Android) require someone's phone number to be uploaded?

  28. Anonymous Coward
    Anonymous Coward

    Where is Barry shitpeas?

    Where is Barry Shitpeas telling us that Android is fantastic and everything else is shite?

  29. Anonymous Coward
    Boffin

    'White list' of permissions?

    Perhaps the EU should issue a candidate list of opt-in permissions that apps should support and make anything and everything else illegal? I'm sure the advertisers and app providers will howl with protest but a least it would bring them to the negotiating table. At the very least some agendas would be laid bare.

  30. Jeff 11

    This isn't *as large* a problem on iOS because Apple doesn't allow apps any access to any data on the phone other than pictures taken via the camera - although presumably any apps that embed ad code (NOT a URL or web service) will be granting them the same access that they have too. It's a basic principle of software; any permissions or capabilities granted to a piece of software will be granted to its dependent libraries, unless the software takes extra steps to prevent this.

    Having said that, I fail to see why this is Google's problem. It's the app developers that are allowing third parties to run amok with unvetted code, plain and simple.

  31. Anonymous Coward
    Anonymous Coward

    Simple solution

    If I have understood all the above comments correctly, the Mobclix advertisement framework enables a breach of privacy that may be illegal under European law.

    If this can be proved just get some court to instruct Verisign to take Mobclix off the internet or face daily fines. No need to hear Mobclix's side of the story. I understand that's how things are done nowadays.

    VeriSign Authentication Services, now part of Symantec Corp. (NASDAQ: SYMC), provides solutions that allow companies and consumers to engage in communications and commerce online with confidence.

    Symantec (UK) Limited

    350 Brook Drive

    Green Park

    Reading

    United Kingdom

    RG2 6UH

    Registered in England and Wales No. 02575013

    Registered Office: 350 Brook Drive, Green Park, Reading, Berkshire, RG2 6UH

    VAT number: CH627333

    Trade register number: CH-217-3533846-9

    Tel: 0208 600 0720

    Fax: 0208 600 0748

  32. Paul 135
    Big Brother

    Time to kick out Google

    Unfortunately, since Google (the world's biggest advertising company) is in charge of Android, I doubt user privacy will be a concern for Google to fix. Handset vendors need to get together and create a fork of Android which puts privacy and security first, bypassing Google altogether. It is truly pathetic that older J2ME technology offered more user control over application permissions than Android does.

  33. Anonymous Coward
    Anonymous Coward

    Smart Phone Users

    Not looking so smart now are they, i expected this, and am actually quite smug, because, 1, i dont have a smart phone, and 2, i am sick of hearing about, yes but this app, btw, this app, and oh that app, get this app, use our bloody app!

This topic is closed for new posts.

Other stories you might like