Re: As a windows phone owner
That'll be the microwave radiation from your handset...
Mine's the one with the tinfoil hat in the pocket.
More than a third of smartphone apps can track user location, according to a study based on an analysis of more than 800,000 Android applications. Analysis of 836,021 Play Store Android applications by net security firm BitDefender also revealed that more than one in 20 (5 per cent) of Android smartphone apps can locate and …
This post has been deleted by its author
You can turn it off but that doesn't stop 95% of apps asking for permission to use it even if it is turned off and if you say no, you cannot install the app. My understanding is that even if you have it turned off if you allow it for an app it is enabled for the app. I would be very happy to be proved wrong.
"Apple have already borged most of our twenty somethings!"
Funny, I'm 52, I own two iphones, two ipods, a Windows fartphone and android tablets and smartphones.
My desktop and server OS's are Linux, NetBSD, Windows and Solaris.
So, am I "borged"? Or do I use each OS to its desired and designed purpose?
Frankly, the lot of them are shit, save for *BSD, whose developers are so stodgy that new fangled things have to be around for a half decade before the kernel has support for them.
> a separate study by cloud security firm Zscalar into privacy issue with
> iOS apps found that 96 per cent of iOS apps require email, address
> book (92 per cent), location (84 per cent), camera (52 per cent),
> calendar (32 per cent) permissions.
I don't believe it. What was their methodology? Can we have a link to this study?
If you aren't paying, you aren't the customer. You are the product.
OK, so it's not original, but I will make damn sure that my offspring have learned this by the time they've grown up because it seems to be an all-pervasive phenomenon in modern society. Do they teach this in schools, yet?
It's only 12 words. It wouldn't take long. It's ever so important.
I flew SleazyJet(tm) on Friday and this evening. The LGW approach was "exciting" to say the least and I was impressed that the landing was as neat as it was. Top marks to Mr. Pilot. As for the rest, well, it seemed pretty much like every other airline, except everything costs. I have flown enough to allow myself to have an opinion on these things*. I appreciated being able to buy a train ticket in flight and avoid the 32 million people at the station ticket machines/windows, so I rate that as excellent service. I was on a flight out of GVA last week and it was on time and efficiently handled.
All in all, I may have to even stop calling them SleazyJet(tm) if this keeps up
* DIsclaimer, I stopped counting when million got an s on it.
That's why I don't mind paying for privacy. Specially when it's open source and based out of Iceland.
I love the fact that all these new companies are popping up now. This is a good leading indicator that privacy is beginning to matter more and more, and people are willing to pay for it, just like any other service.
Who says open source can't make money? www.fortknox.is
You should include stats for Windows Phone apps too if you can find them - in my experience every single app I wanted to install on Windows Phone required access to location and after researching this it turns out this is down to the advertising platforms that app developers are forced to use.
I can't find any source for this study, but this one seems similar: https://www.appthority.com/appreport.pdf
Certainly that study also uses the 96% figure, but this time it claims that they "share data with advertising networks and/or analytics companies", which could just mean anonymised data about the usage of the app. Not ideal, perhaps, but that's quite different from sharing location and contacts information.
What these studies fail to do, however, is take account of the fundamentally different approach to permissioning between iOS and Android - iOS allows you to install an app but then deny permission later, so it's quite possible that most users simply deny the permission - this would skew the results quite significantly. I've used plenty of apps which function quite happily if denied access to optional services such as contacts lists.
This article discusses this issue in more detail: http://www.theguardian.com/technology/2013/dec/20/android-apps-permission-app-ops
"can" is not the same as "does".
This study seems meaningless without knowing what those applications do. So an app requires location permission - but if it's an app which requires location by its very nature, then why is this an issue? Admittedly 1/3 seems rather high, but then I have no idea what the distribution of application types is.
"locate and open private photographs on smartphones"
If private is in an application's private space, I'm not sure this is true. If private just means in the standard picture folders on Android, then yes, they're accessible to all applications. Just like I can open up my picture in GIMP on Windows or Linux. Perhaps there are better ways to do this (e.g., marking folders as only accessible to a whitelist of apps? But then there's also the trouble of making it user-friendly) but I don't know of any OS that's done this kind of thing yet - the study seems to regard any access of data by an app as "bad", without understanding how almost all OSs currently work.
"can divulge email addresses over the internet"
Does this mean they have Internet and email address book permissions, or that they are actually doing this?
"Sutton credited Apple at least with acting to address the problem."
Because clearly it's better that we're all wrapped in cotton wool and can only run on "our" device if someone else lets us. It's this kind of attitude that's led to making it increasingly difficult to run software without extra "Yes I'm really sure" clicks.
I agree, many apps ask for lots of permissions but do nothing with them its inexperienced developers.
What is needed is a way for android users to install an app and deny permissions requested so you can use the app but protect privacy at the same time, most apps would work fine with little else but network access...
A previous El Reg thread on a similar topic led me to this - Xprivacy and Xposed. It's a faff to install, and you do need to be rooted, but it's worth it. Oh yes.....
Every time an app gets updated, Xprivacy encourages me to re-check all the permissions, and gives me granular control over what it can and cannot access.
Analysis of 836,021 Play Store Android applications...
more than one in 20 (5 per cent) ... can locate and open private photographs ...
One in 30 (3 per cent) ... can divulge email addresses over the internet.
Meanwhi[le], 1,749 uploaded the address over an encrypted connection and a further 1,661 did so over an unencrypted connection where traffic can be easily harvested.
Almost 10 per cent of apps tested included permissions to read contact lists.
I'll ignore the vague use of can, as Mark did a perfectly acceptable job covering that. Instead I want to focus on these numbers. See above how specific they are when talking about general access, about what the apps have rights to do. Nowhere there do they talk about motive though. That's the interesting stuff. How many of these apps are actually intrusive?
Many have a legitimate need for this data but others are clearly intrusive.
Oh. Thanks for the detail, guys.
Android is made by Google to harvest rich data on the user so of course it is very leaky. Their approach of getting users to approve permissions for apps on installation is broken, only the most extreme control nut bothers to check everything and anyway it's a choice between give these permissions or don't install the app. Most just install, Google know this. And of course their own preinstalled apps never even throw up the question.
A good demonstration of how easy it would be to make a more secure system is illustrated by Cyanogenmod, which allows you to turn on their Privacy Guard by default, and sends dummy data to any app that requests it. But there's no motivation for Google to produce a locked down Android.
> But there's no motivation for Google to produce a locked down Android.
Perhaps not, but the killer app you can't get just write is GPS/Maps.
So why aren't Nokia doing a secure version which sandbox's apps to allow better control? They can do the maps and you can access the rest of google's stuff over the web. Or Garmin perhaps.
Someone could put together a store where you can buy apps with very restricted permissions monitored by the OS, or where there is a security patrolled API. For example, all accesses to the addressbook could be logged, all access could be logged, eg, app: mail-client, destport 443, mail.google.com, hit-count=x.
The tricky thing is, many apps rely on privacy-infringing facilities to do their job. You want tram information? GPS is required to find out where you are. Collect enough of it and you can track someone's likely habits; you want VoIP, it will need access to your phonebook.
Where are you?
Why do you not demand that Google releases be accompanied with compatible Cynogenmod binaries on release day, with simpler installation?
If google's biz model depends on wholesale slurping of user data, and making it a royal PAIN in the ass to mod one's phone for privacy purposes, then, I dare say, it's time for google to rewrite its biz model, and tell data-slurping app developers to come up with a new income stream.
"The Devs will simply respond, 'OK, then. Back to the Apple store.'"
Why? All most of the devs need is net access to get and display the ads.
Admittedly I almost never look at ads, but I don't recall seeing "local" ads, just generic ones, so the targeting and/or location services either don't work or no one is paying the extra ad costs for the more granular location based targeted ads.
And if users get control of the permission, what do you think will be among the first things turned off for adware apps (unless the app itself needs it for normal function)? Network access. This will probably start app devs packing some ads into their programs so they can't be blocked.
The point is, the app devs want the control, so you have a tug of war between the users who want control of their device and the devs who want control of their app, and Google's position will have them favoring the devs (they pay Google more both directly and through the ad network). Apple can dictate terms since the iDevice line is vertically integrated and has that mysterious "We Must Have It, Here's Our Life Savings" draw. Google lacks that level of control and can easily lose the plot if devs decide to defect.
And if users get control of the permission, what do you think will be among the first things turned off for adware apps (unless the app itself needs it for normal function)? Network access. This will probably start app devs packing some ads into their programs so they can't be blocked.
Good.
"If google's biz model depends on wholesale slurping of user data, and making it a royal PAIN in the ass to mod one's phone for privacy purposes, then, I dare say, it's time for google to rewrite its biz model"
Ha-ha-ha! 'Cause why would Google possibly want to keep making billions and billions of dollars a year?
What's the point of even making a comment like that?
Not all... I looked at one app update that was supposed to go through, the app suddenly wanted extra permissions - it wanted to "search the device for accounts", "receive data from the Internet", "retrieve running apps" and "control vibration".
Now, the second one I can understand, they want to add an online-game mode, the last I can understand as well, a bit of haptic feedback. But why should it need to search my device for accounts? It is a game! And why does it need a list of running apps?
Needless to say, I haven't run the update. On the other hand, I will give the company a nod for including the new permissions in the release notes that are displayed.
I have a bit of an issue with apps suddenly needing various further permissions on an update. Unfortunately, that only gets me a gridlocked queue of dozens of apps on the play store list of apps to update, stuck on a version I'm not willing to go beyond. It's certainly possible to do, but boy does it feel like p##ing against the wind...