Noticed the new permissions already...
Every couple of days my phone tells me theres an updated Facebook app to install..
Every couple of days I say no thanks.
Facebook's updated Android app can read text messages on the user's smartphone. The tweaked software now demands access to SMS and MMS messages, and the change was spotted yesterday by blogger Tony Calileo. "This is just one of a bunch of new permissions the app is requesting for this update, but it's probably the most …
When I saw the permissions it was asking for (IIRC some time in December), I quickly unistalled this horrible piece of bloatware and disabled the pre-installed app on my phone. My thinking at the time was along the lines of, "Fuck you FaceBook, go and push your spamvertising at someone else."
If you're aware of it, most clueful SMS apps in Android will present a toaster notification when you get a new message so you can read a 2FA verification code and tap it in with very little inconvenience. (ChompSMS does this quite nicely and has options to adjust on-screen display for what remnants we have left of our privacy.)
Frustratingly though, as usual, we all have to blindly accept a blanket read permission simply because people can't be arsed to go into their text messages to get a six digit code. What's the point of two factor if you're allowing an app unsupervised access?
This is also an excellent highlight of Android's frankly shit permissions model. I'd dearly love to be able to selectively deny permissions to an app to invoke certain functions or system calls (optionally reenabling it later) but nope - vaguely descriptive catch-all categories are all we get.
The more clueful devs are beginning to list reasons for why their apps request permissions, this should be a mandatory requirement for every app, viewable by all potential punters and completely granular. Apps should also not crash out if part of a call is denied access (they should trap it and just return a null, perhaps with viewable message explaining what's not working) but this would need to be baked into the AOSP core. And can you imagine the software community rewrite carnage...
At least our security model is moderately translucent, unlike Big A's black box (which GCHQ are gleefully busy exploiting)...
"I'd dearly love to be able to selectively deny permissions to an app to invoke certain functions or system calls (optionally reenabling it later)"
Apps like LBE privacy guard allow you to do that.
Totally agree that Android's out of the box take it or leave it approach is a little more transparent but ultimately does bugger all to protect your privacy
Totally agree that Android's out of the box take it or leave it approach is a little more transparent but ultimately does bugger all to protect your privacy
Remember that it wasn't Google's idea to do it this way. Their original permissions model was at the insistence of the app developers who wouldn't jump from the Apple store unless they had more control over permissions.
Given that environment, there's no turning back with regards to the structure, but we can certainly augment the structure to make it more useful. As noted, perhaps the permissions can be divided into more sub-permissions. Also, I think most would appreciate each permission having a written justification provided by the developer.
Really? Ugh.
Maybe Android should be changed so that, if you enable Developer mode, you get fine control over permissions - that way, those who give a monkey's can get it done, and those who don't care don't have to worry about it?
LBE Privacy guard does not work on Android versions 4.3 and up. Android hinted at possibly later providing native support for privacy-related permissions with the 4.3 release, however as it was still in beta, you needed a third party app to interface with it (see App Ops Starter). It wasn't as functional as LBE, but at least it gave you some basic level of control.
Then, for no apparent reason, they removed the functionality completely in version 4.4.2. Now, there is nothing to manage permissions. Nice one Google. You're on the fast track to becoming the Apple of the 2010s.
At least our security model is moderately translucent, unlike Big A's black box
I'd call Android's security model translucent. It's confusing, but if you actually do understand it you know what it's doing. That's not to say it doesn't have problems. Only a fool or a fandroid would call it perfect.
Please Google let us selectively deny tokens that an app requests.
The app developer should have the ability to state whether a given token is mandatory or optional and a few lines to describe why they want it.
As for optional tokens, there are two ways this can be easily handled. The app developer could either receive a runtime exception when they make a call to a method where the token was denied or they could elect to receive fake data for things like contact lists, GPS coordinates or SMS messages. Then even lazy developers could mark most tokens optional without needing to make code changes.
Yet another reason to also SLAM google for not creating any sort of content vault system.
BY DEFAULT, google, damn you, every piece of information on a user's devices should be subject to granular access controls/permissions.
-- Kakao, talk, line, whatever apps are there in the store or other sources should not have cart blanche access to contact lists!!!! Create in the contact list a check box to deprive access by/reads by apps listed on the install list or at the users' whims.
-- apps that access or attempt to access contacts, logs, text, memos, art, jpgs, whatever, should be logged and reported to google, AUTOMATICALLY, so that in real-time, google can push down code to users' devices to thwart in a heuristic manner any subversive, invasive, or other surgical attacks on our devices
If google cannot participate in this kind of discussion and facilitate better protection, first-party, then why do we put up with shit shitty state of affairs. How can be bludgeon or chest-punch google into getting off the sidelines?
I'm surprise the ACLU and EFF do not seem to be weighing in on this issue on a regular basis.
Just yesterday, on my Android-based phone, I saw "update facebook", but i ignored the shit. Due to another app not refreshing, I decided to reboot my phone, which works for that given app when the screen stays black and it takes 10 seconds for a long press on the home button to exit the app or present me a task list.
I task-kill the app, root around (myself, no root capabilities) looking in vain to kill anything else, and then shut off the antenna, turn on airplane mode, and then...
After I rebooted, mysteriously (or, why should I have been surprised), no more nag/listing "update facebook".
I have for YEARS suspected that fuckking android and/or some other apps in the phone bypass the antenna setting, leave the icon dimmed, and call home.
After this reeboot, I saw somethinakin to "binary installed". WHAT THE FUCK!!! The antenna was OFF, or so I commanded.
And, at SFPL, where various versions of Android would die or lock up, when connected to the lib's wifi... But, falling back to an older version was OK? That was around early-to-mid 2013, and seems to have stabilized. But, personally, given SF's leftness, and SFPLs steadfast anti-surveillance compliance, and refusal to hand over patron borrowing history, I strongly suspect the library's payroll involuntarily has IT staff who work for another entity. Wifi, for free, in a major library, in a left-town that acts like a nation-state? Not being surveilled? Yeh, right. Maybe the potentially-present sniffing gear had issues with my tablet being the Korea-locale variety? I dunno. My older, android phone was seemingly ok, but not my recent, 2012 Tab.
Anyway, only with some proper RF gear might I determine whether my phone blurps/beeps/sends or takes in any code.
Hell, I insinuated that zuckerberg may be on the nat-sec payroll. I suspect google is and has been all along, and possibly even apple. After all, if Apple's warez needed FEWER nat-sec letters to monitor, then it's possible either Apple was cored or just gave up the stuff. All the foot dragging is just for show, for public consumption.
I guess one way to find out if our phones talk surreptitiously is to plant vile stuff on them and wait to be contacted. Just plant vile shit on them, but never, directly log on to anything, never surf, never, allow it to turn on the antenna, not by one's own hand. Then, justt wait for it to violate the users' commands and then get "discovered".
Oh, wait, that's my outraged mind speaking. I prefer to not be cuffed, and don't recommend embarking on a cuf-worthy path. But, goddammit, it is the GOVERNMENTS' jobs to do their OWN fucking dirty work, not drag companies into it and facilitate wholesale slurping, or take things to the point that our devices by default LIE to us and by default report on or pass up the line any and every thing they see or are fed.
Sigh...
Back to Spooks (er, umm, MI-5, since the USA's history clashes with the term "spooks" being used in a broadcast program.... Sigh ) a quite brilliant, even if entertaining, show.
iOS stuff asks for permissions as you use the feature. At least the stuff I've installed. And then there are permission lists scattered around the rather disorganised settings menu, where you can grant or remove permission for each app individually. It's then up to the dev what they want their app to do.
Some simply stop, say they need the permission activated and don't do anything else. So you have to go back to settings and enable - weirdly this doesn't seem to happen via the app.
I've just looked, and actually there's a privacy menu now, which covers most of it. Although I notice that in giving Google maps permisison to use location services (for satnav) it also gave itself a 'background app' permission I wasn't previously aware of. Hidden in another bit of the settings menu. So that it could access location services even when the app wasn't turned on. So I guess I've been updating Google on lots of stuff to help their mapping for the last couple of months since I used G maps for sat-nav. Cheeky fuckers. Or data-thieves, as they really are.
Anyway, Apple is a bit of a mess, but mostly pretty good.
PS:
I decided to have a look. Surprisingly enough Google Maps also asked for permission to use the microphone. Denied. Nothing has asked for Bluetooth or phots. Only Gmail wanted contacts, also denied.
Location Services seems to be the biggie, that every app seems to want. I assume it's partly because of advertising. Here Apple are quite good, as even Apple's own apps have to ask for permission to use this. So I've allowed Apple maps, but not the camera or Safari, for example.
Apple also have an advertising bit in the privacy settings. You can limit ad tracking (whatever that does) and manually re-set your advertising tracking ID.
That reminds me a lot of how Symbian managed permissions.
The first time the app tried to do something requiring a specific capability, I'd get a pop-up describing the permission, typically very specific, it requires and the option to select "Never", "Once" or "Always". Plain and simple. Many apps work fine without mobile or Wi-fi network access. As a bonus developers get to write one app and gracefully degrade for parts that customers won't authorise. The Android model seems to favour monolithic apps and avoid cooperating applets/services. Maybe because of the limited tasking.
*sigh* How things have improved :(
They had permissions creep and wanted access to the microphone on an IR Remote Control app (to let you make voice commands to trigger the remote functions).
After having words with them, they now do two versions, a basic and one with all the extra functions.
I doubt that Facebook and Twitter (which also wants access to your SMS) will release a less intrusive app. And as a result, I am not updating them.
If anyone knows a good and trustworthy apps that will access Facebook and Twitter without all the extra intrusive permissions, please let me know.
I might even write my own.
This post has been deleted by its author
Too many apps seem to require lots of irrelevant permissions. Often arriving with updates ( so clearly they didn't need this in the previous version).
My favourite ( moaned about elsewhere) is the blanket access to phone call details. Most of the recent trivial apps seem to need to know who I've been phoning.( So I only use these on a phoneless tablet, if at all).
The blanket access to phone call details is especially common for games because when an app suddenly loses focus it needs to know how to handle it. If you receive a call midway through a game for example the apps sounds needs muting, the processing paused, etc. You need to be able to read the phones call state to do that and it is all bundled into one permission.
The second point that Facebook makes about having to request all privileges is only true if the app is monolithic. It seems that some of the functions could be split out, optionally installed, and with each separately installed a separate list of privileges could be given.
If they want a level of trust, they could even make these separate bits open source. An SMS-listener that matches only texts from a certain number and them communicates that a properly formatted two-factor authentication has arrived.
Xprivacy gives you fine grained permission control, including obscure sub-permissions i.e. you could grant an app the read_phone_state permission, but deny or insert fake/randomised data for the read_imei sub-permission.
App-ops has been re-enabled in Android 4.3 and above (including kitkat) over on xda. Google really should give up trying to hide the thing and just put it in developer options or something as its really rather good. Although its not as all encompassing as xprivacy, it does handle the main `problem` permissions.
There is also a cut down version of lbe that works with Android 4.3+, I think its been ripped from a Chinese phone (the company that makes lbe seem to write custom versions for various Chinese handset makers). You need to hunt around to find it for download though.
Can someone explain to me how 2 factor authentication is of _any_ use if the second factor of authentication is sent to the device you're logging in from?
2 factor authentication relies on not only knowing a secret, but also having access to a distinct physical device which only you should have access to. If you're logging in from that device in the first place then it becomes useless as a distinct physical device - only the secret provides any security in this case. The fact that the facebook app then automatically reads the second factor kind of highlights how pointless this is. Better to disable 2FA on that device and therefore not require the READ_SMS permission.
Unless I've missed something about how the 2FA works in this case (I've never used it for facebook).
Fair enough demanding Apps be less intrusive but Android needs to be able to stop Apps being intrusive while allowing them to do what the user wants. It's no good saying an App should do this or that if Android does not support it being done that way.
If people want an App to do certain things, and that means having to ask for more permissions than that App needs, it's not really fair to blame the App developer; they are stuck between a rock and a hard place.
Some App developers will take advantage of having permissions they do not need but Android is complicit in that; if Android did not allow that they could not do so. App developers may be taking advantage of the situation but Android is allowing being taken advantage of.
sadly with Facebook and their like benefitting from this shitty permissions model they're not going to put pressure on Google to improve the way it works.
I had a ramble about this earlier this month when I noticed the permissions for Facebook getting steadily more invasive for no apparent benefit - http://post.offbeatmammal.com/2014/01/14/why-i-uninstalled-facebook-and-your-app-might-be-next/
First,
Try setting up a new FB account where they require you to enter a phone number to verify you're a real person. (Good reason to get a Burner.)
Second... You are their product. They didn't have to do it the way they did. They could have had you enter it yourself.
Think of this as evolution in progress. Those that have gained enough intelligence will ditch their FB accounts and walk away from it. Anyone who wants to get a hold of me, knows how to do it.
I complained about a similar problem with the Ocado app. It wanted access to the phones camera, so it could read bar codes.
The argument that all the permissions are required up front isn't valid: Multiple applications can co-operate, so you can install the additional apps to provide restricted access to resources. Only these apps have the required permissions. You can ask a user to install an extra app from within an app - this is how, for example various apps get you to buy a license for the premium version, in the app store. The experience is reasonable. You might say 'what's the difference?'. The gatekeeper apps can be very simple, and change rarely, so they should be much harder to attack than a large complex app.
In this case, an app with no UI waits for text messages matching a particular pattern, and then forwards that message to the facebook app when it matches the pattern. Otherwise it does nothing. It accepts no incoming messages, and has no state.
Hi, What about these two:
1) Send emails to guests with out owners Knowledge (under add or modify calendar events.)
2) Change Wi-Fi State.
No app should send emails with out your consent. I agree that they may have the capability of utilizing your email app to construct an email, but NEVER send them with out your direct initiation. Given that normally - only clicking send triggers an email being sent... WHY would there be a need for this kind of permission - unless it was dubious.
Why would an app be able to change your Wi-Fi state and turn it on? I would understand that it could prompt you to turn it on, but not actually do it.... (I mean maybe there could be a setting in FB to "Turn on Wi-Fi to accomplish tasks if it is not on." That kind of permission would be insane. Especially where Wi-Fi networks are detected but require web policy acceptance pages to be agreed to. This would drain your battery very quickly as repetitive actions fail with out an actual connect.
I think both Android and Facebook need to get their crap together.
These wording of setting these permissions are highly offensive and not unlike those medical commercials that list horrible side effects. Well this is what could happen, but hopefully it wont, but you could die, but ask your doctor if you can go on it.
Well, we will suck your lists, monitor your conversations and calendar for ad placement, Track and broadcast your location at any given time and.., oh yeah... send emails out with out your consent... But it is free, cool, and you should use it.
They give "Examples of what we use this permission for" but do not detail what they ACTUALLY use it for. Seems dodgy. Then when you go to ask for clarification of what it means you have to sign in to Facebook, as though non-subscribers are not allowed to ask questions - strange if there is nothing to hide.
Remember the golden rule about Android App Permissions: they were built at the insistence of the developers because Android was late to the party and needed to convince app developers to port their apps from the Apple store. And once the genie was out of the bottle, there was no putting him back in. Remember, the developers could just go back to the Apple store.
What the actual permissions asks is. (I still have a screenshot)
Access to read SMS / MMS.
It wants the abillty to modify, edit your calendar and "send to guests without owners knowledge", read calendar events plus confidential information, read your contact card.
Connect and disconnect from wifi, Full network access
The update before that wanted permission to use your mobile number.
Come on Reg ask why the facebook scumbags need all that??? But the realist in me sees that and think it could if it wants to grab whatever it wants from your phone and then email whoever it wants using your tariff to do it and without your knowledge.
Ironically I posted this all on facebook before Christmas, then uninstalled and disabled the app.
The problem is after a while the app becomes outdated and then doesn't connect unless you update.
When discussing with a friend who has an iphone he knew none of it, when checking his phone security it was set the same, only he wasn't told by the app store.
Facebook just keeps going down the wrong road.
Bloatware. The app is huge
Not in my control. I can't move it to the SD card (I don't need it active all the time)
Its a battery hog (It tracks me when I am not in it)
Its insecure. (see it tracking me above, but it accesses everything: SMS, phonebook, etc.)
They try to say its secure by deleting people that shared info with me when I delete it, yet they get all my address book contacts without there permission.
They try to say they protect privacy by not telling me who's near when I/they specifically checkin & share there location, yet they track a persons every movement, and frequently attach it to posts and messages without explicit permission at that time.
(They try to get you to install another for page management, how about a basic facebook app, and not paper)