back to article Want to keep Android apps from spying on you?

A security researcher has released an Android app that allows users to control precisely what information they share with other programs installed on their smartphones. The latest version of WhisperCore remedies a shortcoming of the Google mobile operating system that has vexed users since its release: a design that often …


This topic is closed for new posts.
  1. M Gale

    After Angry Birds' latest permissions hike?

    This can't come too soon. Angry Birds is just one example of apps that seem to start with just "Internet Access" and then with later updates, expand their permissions requirements into location and other such lovelies. Presumably the developer and/or advertisers think you can't live without some toy that involves flinging birds about like a sparkly version of GORILLAS.BAS.

    Yeah. Watch me.

    1. Stewart Atkins
      Thumb Up

      Who checks?

      I think more to the point the developers/advertisers think you wont check or care that they've decided to add location permissions to your list of requirements. At any rate, the latest angry birds update remains 'pending' on my own droid until the permissions are changed or I get another option such as an app like this one.

    2. Anonymous Coward
      Anonymous Coward


      I think my Friday afternoon 'work' might be sorted. I used to love that game.

  2. SilverWave

    Fantastic - HTC Desire next please :-)

    The post is required, and must contain letters.

    1. Steven Roper

      I got dibs

      on them doing the Samsung Galaxy S2 after yours! ;)

    2. Kajiki
      Thumb Up

      HTC Desire

      +1 vote for HTC Desire

    3. Sparckus
      Thumb Up

      Xperia Play

      Xperia Play after the above please :)

      Would definitely pay for this app.

  3. Dropper


    I like my apps spying on me. It lets me know my decision not to get an iPhone was justified. I get all the spying-on-me features the Jesus phone offers at a fraction of the price.

  4. Gary F

    Or just switch off your data connection

    Useful to know, thank you Register.

    My apps eat bandwidth all the time, even if I've told them not to (where possible). The result is going way over my data bundle allowance and enduring costly data charges. Together with the idea of some apps reporting on my location and other personal info I simply switch off my data connection - or APN to be precise. I activate it when i need to go online. The result is going from 3GB of data per month down to a reasonable 500MB.

    1. KirstarK

      You need the APN on-off Widget

      Allows you to turn your data connection on or off with a press.

    2. Anonymous Coward
      Anonymous Coward

      2.5Gb of application data?

      Really? I think not. Maybe you're not torrenting or viewing online media, but there is no way on earth you have accrued 2.5Gb of saved data traffic from background data.

      I'd be utterly amazed if that data accounted for 50mb.

    3. Slabfondler

      @Gary F - Perhaps while in a drunken stupor...

      you turned off the Wi-Fi hotspot option you enabled in another drunken stupor? Just sayin'....

  5. McWibble

    Not Exactly an Android App...

    While this certainly does look like a very nice program, it's not exactly an app - it replaces the entire OS on the handset! It would be nice to see these features introduced into Android, but for now I'll stick with the genuine (albeit flawed) OS...

  6. GhilleDhu

    Title is required

    I got quite pissed at this a wee while back, and eventually gave in and rooted my phone. Now any non essential apps requesting internet get blocked by the DroidWall.. If they crash then they are deleted, saves bandwith and space all in a oner. :)

  7. LazloWoodbine
    Thumb Up


    Oh yeah, loved this program and remember playing it on a duel 3.5" 8086 with Hercules graphics adapter through a CGA emulator when I should have been learning how to use basic word processing and DTP packages at school. Old skool!

    1. sabroni Silver badge
      Thumb Up

      Gorilla victory dance!

      was a common mime to indicated success back in the day. Well it was in the office I worked in.....

  8. dssf

    I wish HiSurfing did not require the phone to be rooted.

    I'm angry though, that for an OS built around/on Linux, that Google didn't build it with the premise that users may want to revoke privileges for apps at the app and data lifting level. Shameful and disappointing.

    And, I will operate on that position, too: If the app crashes after being denied, it's going bye-bye!

  9. Eddy Ito

    Precisely why

    I've been sticking to open source apps on my android. If I don't like the permissions I change them even though all the ones I'm using already have minimal permissions. It does make me wonder if there isn't a need to take over the process from Google in order to have an actually open operating system instead of just a "no such thing as a free lunch" one.

  10. Anonymous Coward
    Thumb Up

    Or you could..

    root your device and use DroidWall to stop 3g/wifi access to specific applications. They're all disabled by default, meaning while Angry Birds might want to know your location it can't do anything with it. plus the added bonus that none of those stupid in-app adverts load up anymore

  11. okubax

    Good Idea but I want a full changelog from the company showing the changes to the stock Android ROM

    Nice Idea, but the looking at the files, it seems their script would issue the command 'oem unlock' to unlock the bootloader. It would have been much easier to use .zip files and flash them through a modded recovery than use fastboot to flash the included .img files

    Think the the Reg should included a warning that their software would 'Unlock' the Bootloader on the Nexus One and Nexus S phones which may or may not void the warranty on the phones.

    1. Dicko99

      Dev phones?

      Erm, aren't both the supported phone 'developer' devices and therefore fully unlocked already?

  12. Anonymous Coward
    Black Helicopters

    Great app

    But "WhisperCore"? Why oh why didn't they call it Paranoid Android?

    1. Jacqui

      Or just Marvin

      Hmm Droidwall should be renamed marvin :-)

    2. dssf

      "Paranoid Android"?

      Or, hehehhee, PARADROID

  13. poohbear

    Help is at hand

    I use these:

    1. LBE Privacy guard: lets you control precisely what services an app can access. So far, I've denied lots, and had no crashes. This seems superior to the one in the article, and works on most phone, I assume. Requires root though.

    2. Gemini app manager: lets you control what gets autostarted when, so that things that suck bandwidth don't get autostarted when, for example, you merely plug in the charger. Yes, there are things programmed with that sort of logic ... Also requires root.

    Only problem with (2) is that updates to the apps reset the autostarts and then you need to switch them off again.

  14. Quantum
    Big Brother

    Title Required

    Privacy guard and Gemini app manager installed, thank you poohbear.

    Although I like the work that Moxie does, I can't give up Rodriguez's MIUI ROM. It's the most advanced phone I've ever used. (rotating cube desktops, etc)

    I'm surprised at those who are surprised that that-search-engine-everyone-uses is the greatest Data Mining Business In The World. People blithely hand over their contacts, network of friends, emails, and their very voice calls! This is so valuable for marketing, not to mention intel services.

    I use for searches. Just as good.

  15. Paul 135
    Big Brother

    This is no accident

    It's frankly utterly ridiculous that Android has never allowed application-specific permissions control. Even old JME phones running the likes of Sony Ericsson's old OS had this.

    Considering that it isn't particularly difficult to implement such a feature, I think that there's more than a fair chance that this is deliberate by Google. The less control given to users over permissions, the more data Google can collect on Android users.

    1. Steven Roper

      And that's why

      Google will soon delete this application from the Market, as well as retroactively removing it from the phones of everyone who installed it. Which is why I don't like this trend towards remote deletion and interference these companies have accorded themselves on just about every new OS.

      Do I get a refund if Google delete from my phone an app that I paid for? I bet I don't. Which is theft as far as I'm concerned.

      1. Ian Yates
        Thumb Down


        "Google will soon delete this application from the Market, as well as retroactively removing it from the phones of everyone who installed it."

        Citation needed, methinks.

        Yes, they certainly *could* do that, but I think it's unlikely they will.

        From what I've seen, Google have remotely uninstalled less than a handful of apps from phones - and they were all malicious or PoC exploits.

        Google hold a lot of power in their hands, but I think it's unfair to accuse them of having abused it just yet.

        Finally: "I bet I don't." Really?! Have you a) looked around the Internet for this answer or b) thought to ask Google?

  16. Anonymous Coward

    Don't run it if you don't like it...

    No doubt this will be down voted to oblivion, but the fact is that having spent months slaving away on an app, app developers have to make some return. The "stupid in-app" ads allow you to have the app for free and devs to make a few pence on the side.

    If you don't like the permissions, don't install the app. If you cheat your way around the ads to get the app for free whilst providing nothing back, it's no different to piracy.

    1. Quantum
      Thumb Down

      Don't run it if you don't like it...

      Fallacy. Some apps have no substitute. The free market is not truly free.

      When you are forced to accept all the fine print in the Microsoft OS or Photoshop, can you realistically modify or negotiate? No. There is no substitute for these, if you want to share with others, and there can't realistically be when they are like the monopoly utilities of the software world.

      Same with certain phone apps. When you need a function, you can't just not use it if you don't agree to the terms. It is a completely asymmetric negotiating situation, as has so often become the case with the total corporatization of our world.

    2. M Gale

      I don't mind the ads.

      What I do mind is anything other than "Internet Access" required to deliver them. That includes phone state and identity, and definitely includes location awareness. Also SMS sending/receiving, being able to read contact data, and the numerous other permissions that some apps require for no good reason at all.

      Your right to a return on your work does not trump my right to privacy, and I will take active measures to defend myself. If you don't want your app being used by people with adblockers, then don't make your app require stupid permission levels. Simples!

      Or to paraphrase a certain Cupertinian businessman: "Change your app's permissions. Not that big a deal."

  17. Anonymous Coward
    Anonymous Coward

    Re: Don't run it if you don't like it...

    It isn't a negotiation. Someone has slaved away to create something and you are free to use it by their terms. That's it. If you aren't happy with the terms, write it yourself. If you aren't capable, then you survived perfectly fine before the app existed, and you'll survive perfectly fine in the future.

    Re: I don't mind the ads.

    I absolutely agree with you, and I won't install an ad-supported app which relies on location. The problem is that all of the ad agencies require a unique id as a minimum, location data is optional, and that's why I don't include it in my apps.

    1. M Gale

      "The problem is that all of the ad agencies require a unique id as a minimum."

      There must be some that don't. Angry Birds didn't require that until recently. Sure you can't make up a number unique to the installation (as opposed to the device) and use that instead?

This topic is closed for new posts.

Other stories you might like