I think one the biggest problems is laziness. These crappy little apps are often written by people who've spent about 2 weeks learning Java, then decided to have a crack at Android development, managed to knock up some naff little app in an afternoon and in order to make it as easy as possible to get access to the class defs they need, they simply enable everything possible. It's much like some DB developers simply ask for DBA level account privs as it makes it easier than having to code within the confines of a security system. Consequently when the naff little Android app heads to the store it flags up that it needs X + Y + Z just to enable the flashlight on the camera!
This flashlight app requires: Your contacts list, identity, access to your camera...
A global survey of more than 1,200 mobile apps has discovered that the vast majority (85 per cent) fail to provide basic privacy information. The global survey faulted apps for accessing large amounts of personal information without adequately explaining how they were collecting, using and disclosing personal information. …
COMMENTS
-
-
Thursday 11th September 2014 11:15 GMT Shippwreck1
I think that's an extremely generous assumption...
I work on the basis that these "naff" little apps are constructed by people who know EXACTLY what they are doing and know that for very little dev time spent, every 1,000/10,000/100,000 people that say yes, they can sell that info... at best to marketing companies and at worst to... well!
In-app purchases aren't the only way to make real money in apps...
-
-
Thursday 11th September 2014 16:41 GMT Shippwreck1
I would also hazard a guess that we are both partly right ;-)
I have made the odd app here and there (nothing pro... i wish!) and although it's not quite as simple as just adding all the classes etc, I can quite imagine that there are basic frameworks out there provided specifically so that people can quickly build apps on top and that those frameworks DO have all the permissions enabled... so basically the same thing.
-
-
-
-
Thursday 11th September 2014 11:14 GMT JDX
Is the default for apps to want everything?
I've turned down a metronome app recently on WP8 because it wants access to all these things. Do the vast majority actually USE any of this data, or has the developer left everything checked? You'd think the OS would know, based on what classes you use, exactly which permissions are required since it's sandboxed?
-
Thursday 11th September 2014 11:20 GMT Kevin Johnston
Re: Is the default for apps to want everything?
Had the same experience with a spirit-level app. I would say that while some of this may be malicious, the vast majority is going to be down to incompetence and an inability to write minimalist code as in the old Windows Xp days when every game needed Admin level access to run.
-
Thursday 11th September 2014 16:01 GMT Jamie Jones
Re: Is the default for apps to want everything?
I don't know about WP or Apple, but one thing that causes this in Android is backwards compatibility:
All apps are coded to an API level based usually on the release at the time.
If a future android version now requires permissions for something it didn't need before, to retain backwards compatibility, when the app is installed, it's assumed that it requires this new permission.
So some older apps don't just request permissions that they don't need, but also request some the author never intended to request!
I know it's not ideal, but on android at least, there are many third party apps that allow you to retrospectively remove events and permissions.
I find event abuse the most obnoxious - apps can request to be run on startup, when switching to mains power, when switching to battery, when another app is installed/removed, any many more.
It's impossible to fart without loads of apps starting in the background. In my opinion, Googles own apps are the worst culprits.
-
Thursday 11th September 2014 18:06 GMT SuccessCase
Re: Is the default for apps to want everything?
YO, which I hasten to add I only downloaded because I was gobsmacked that an app that bad could raise so much finance and I wanted to check if it really could be that bad... Yep.
On install it very politely asked for permission to send push notifications.
Then next said
"YO needs access to your contacts. Give it over f**ker." or words close to that effect (they may not have been the precise words but how my brain interpreted them given the abruptness of the message and lack of explanation).
Needless to say I declined and found the app still worked perfectly well. Or rather, worked worked as intended, which means my last sentence is in fact a lie. Left me with a sour taste all round. OK YO, so having lied to me about your need for access to my contacts list, I'm going to post messages like this in public places warning others of your bad attitude.
The thing I find slightly annoying is they will have my contact details because one or other of my friends is bound to have granted access.
-
Thursday 11th September 2014 18:57 GMT Anonymous Coward
Re: Is the default for apps to want everything?
Yes, a messaging app asks for contacts. :P
However the problem is what other stuff they do with it after this, and also why it cannot be sandboxed/spoon fed this data... though I assume that's because they could not use it for advertising if they did that.
(All my old "dumb" phones asked for data/contact/read/write permission on a per use bases or I could grant open access... strange the more advanced the OS the less restrictions applied to the apps.)
-
Thursday 11th September 2014 19:48 GMT SuccessCase
Re: Is the default for apps to want everything?
I'm perfectly capable of putting in the email address of anyone I want to message and there is NO need for access to my entire contact list. There was a time, only a few years ago, when a man's contact list was considered and extremely valuable and personal thing. The assumption I would give mine up at the touch of a button, without first asking my contacts if they want there details to be given out to a third party lacks integrity. Just because kiddies reaching puberty in the Facebook generation have got accustomed to thinking nothing of giving away the contact details of others, so they can set-up multi-player death matches, and do so without asking their friends permission first, doesn't mean to do so isn't thoughtless or rude.
-
-
-
-
Thursday 11th September 2014 11:19 GMT EddieD
Same old, same old...
Why does a compass need access to Identity services, photo and music libraries etc...
I've got about 9 apps on my Nexus requesting permission to update, all of them wanting increased permissions - why would my GoPro app need permission to create accounts???*
They're all due for deletion.
People blindly press "Okay" and then wonder why their the victim of identity theft
*Actually a serious question, I don't want to remove it, as it's very useful, the GoPro not having a viewfinder, and teh options menu being a wee bit laborious...but I'm not having it create accounts without my permission.
-
-
Thursday 11th September 2014 18:59 GMT Anonymous Coward
Re: List maker
No need. If it's a phone it will already be tracking your location. Within reasonable accuracy, using the right data collection, they could just build a list of what you purchased by where you walk in the supermarket.
The one with the Android in the pocket that found out he was at the car garage so pushed tire adds the moment the browser opened up. Yes, it was a strange feeling of abuse!
-
-
Thursday 11th September 2014 11:41 GMT Anonymous Coward
maybe
The solution (which is long overdue) is the ability to deny specific access during install (check box like) rather than an all or nothing accept/decline offer. Or even some better way to control permissions at the data level (which apps can access my contacts).
Doubt it will happen (except for having to install specific apps to let it work after some rooting). there's too much money in having the ability to access this information (especially for the OS vendor).
As mentioned, it may also be down to lazy programming to some extent, but if you could block access then the app would either not work (and it really was harvesting) or it would still work (lazy programming). I installed an app last month that apparently 'needed' the ability to make phone calls! This was obviously a lie - I was installing it on a nexus tablet (no phone capability), and it worked fine.
-
Thursday 11th September 2014 15:08 GMT Don Dumb
Re: maybe
@AC - The solution (which is long overdue) is the ability to deny specific access during install (check box like) rather than an all or nothing accept/decline offer. Or even some better way to control permissions at the data level (which apps can access my contacts).
For what it's worth, IOS does give this control and it might be helped by the vetting process preventing apps from asking for access that the app doesn't need for some function*. I'm surprised that Android has an all or nothing approach.
In IOS Apps can still ask for particular access that you don't want the app to have but it will still work, but there will be something that it doesn't do, which is fair. I found the other day that Google Maps didn't have access to my contacts (so I couldn't just search for a friend's house in Goolge Maps), but this didn't prevent it from working.
* - which may not necessarily be a function you want the app to have.
-
Thursday 11th September 2014 15:11 GMT Matt 21
Re: maybe
I think there's an app for rooted Androids which lets you fake contact lists etc. That way the app works but doesn't steal your data.
I haven't done it but I've got sympathy for those that do. As things stand I can't store anything private on my phone as I know it the data can be nicked. Not the end of the world but it does limit what I might get out of having a smart phone.
-
-
Thursday 11th September 2014 16:15 GMT Jamie Jones
Re: maybe
Googles argument (which I consider weak - and wouldn't be an issue with properly written software) is that it makes support harder for the developer, as he/she has to then debug/support many more possible configurations.
In my opinion, it would mean programmers being more specific in what permissions they require (and besides, coding for unexpected failures is a basic requirement of reliable software)
-
Thursday 11th September 2014 12:23 GMT Joe Harrison
Not as big a problem as it looks
You could always reflash your phone with Cyanogenmod, whose built-in "Privacy Guard" allows you to set a default "no access" for apps. It's not a perfect solution but takes care of the major risks.
The message in the article is right though in that most of the apps which over-enthusiastically grab permissions never actually attempt to use those permissions. On a few occasions privacy guard does pop up "this app is trying to access your contacts" or some such with no valid reason. Answering "no" mostly seems to crash the app unfortunately.
-
Thursday 11th September 2014 13:25 GMT Nate Amsden
Re: Not as big a problem as it looks
I don't agree with that myself. Even as a 18-year linux veteran I still have not even tried to root my Note 3, yet alone even consider replacing the operating system (I'd wager the s-pen wouldn't work well etc). If you choose your phone carefully based on Cyanogenmod support then maybe yes but obviously not many do that.
For me it's not too critical I just don't use any app that needs too much permissions. I do hope that future android versions fix this as it seems to be becoming an ever bigger problem.
Samsung keeps pestering me to accept a new license agreement on my phone and I keep declining.
Only been using Android since December so still somewhat of a newbie (was WebOS before that)
-
Thursday 11th September 2014 14:28 GMT Anonymous Coward
Re: Not as big a problem as it looks
I'm in the same boat; loads of experience in systems from embedded to mainframe, but I'm not ready to flash my nook. Currently, I simply don't install apps that don't have any need for permissions, but ask for them.
As an aside, can someone comment on the number of ads that have to be shown in-app before the author would break even if the app was $1.00 in the app store?
-
-
-
Thursday 11th September 2014 12:31 GMT Jim 59
The decline of apps
Agree with all the above. I have been saddened and disappointed at the number of tiny apps that demand absurd amounts of personal information, and at the way larger apps regularly ramp-up their info demands. As a result, I now cannot (ie. will not) use many apps that I previously trusted and enjoyed. Or I am stuck on very old versions because I refuse the upgrade.
I have also been disappointed by the sneaky way that Android now hides an app's increasing permissions. If app X wants to upgrade and add a permission, Andoid won't tell you which permissions are new, as it used to, it just shows you the list of all perms granted to the app, so it is far from obvious which ones are new.
Among the cuplrits:
Backcountry Navigator - excellent mapping app, gives you an OS map of anywhere. Used it for a year before it suddenly ramped up the gouging. Refused upgrade.
Google maps - great but the perms ramp up almost hourly. Refused upgrade for the last year.
Amazon - was great, now too stalky. Refused upgrade.
Ebay - same as Amazon
National Rail Enquiries - a rail timetable FFS, wants to watch me go to the toilet for some reason. Refused upgrade.
Tune-in Radio - was great until it wanted to be my "special friend". Refused upgrade.
Loss of trust is going to be the downfall of apps. Google thinks they can regain our trust by better concealing their shoplifting, but trust doesn't work like that.
-
Thursday 11th September 2014 13:33 GMT Anonymous Coward
Re: The decline of apps
Google themselves are indeed one of the biggest offenders. This is of particular concern given (a) their control over the system, what's included, and what's non-removable; (b) the amount of data from other sources they have available to match and amalgamate with it; and (c) the fact that they exist to do exactly this, so there's not much doubt it's no accident. Do no evil - yeah, right.
-
-
Thursday 11th September 2014 12:31 GMT Snowy
Yes most apps want to many permissions
Take the Arriva Bus App on Android for example it wants
Version 1.1.3 can access:
Location
approximate location (network-based)
precise location (GPS and network-based)
Photos / Media / Files
modify or delete the contents of your USB storage
test access to protected storage
Camera / Microphone
take pictures and videos
Wi-Fi connection information
view Wi-Fi connections
Other
read Google service configuration
full network access
view network connections
Okay a network connection and location I can understand but the rest no.
-
This post has been deleted by its author
-
Thursday 11th September 2014 16:15 GMT I ain't Spartacus
Re: Yes most apps want to many permissions
I've got the Arrivabus app on my iPhone, so I thought I'd check. It has access to location. iOS doesn't have an option for network - so I assume all apps have access to that. But it's stayed out of the photos, mic, contacts and camera.
I prefer the Apple security model. You can go to a specific list, and see which apps have access to your contacts say. None in my case, but Google are the only ones asking. And the first time they do anything, apps have to ask permission via an OS pop-up. Then, even if you've accepted (or say your nephew has before you could stop him), you just pop to that list and disallow.
I believe in Android you still check by going to the app's section of settings. Although my 'Droid knowledge is increasingly out-of-date.
I hope things improve. I really want a stylus on my next tablet, and Apple don't believe in them. So I think Android is going to be the one.
-
Friday 12th September 2014 12:41 GMT Jim 59
Re: Yes most apps want to many permissions
The less convenient antidote is just to use the web page rather then the app. For many apps (timetables, maps etc) there is an associated web site that provides the same functionality with no bottom inspecting. A web page can't interrogate your GPS/wireless/bluetooth/accelerometer/diary/address book. Often the provider's mobile web experience is almost the same as the app.
Or indeed use a PC, which does not even have GPS/accelerometer.
-
-
-
Thursday 11th September 2014 12:49 GMT Anonymous Coward
I regularly reject installation of apps on kids' phones
When these ask for a ridiculous amount of permissions related to what they supposedly do. Which is exactly the same I do on my phone. There's no good reason for a poker game (made up example) asking for permissions to read the SMS inbox or similar ridiculous permissions set.
And I feel how they get angry at me because of that. Arguments are always around that all their friends have it and nothing bad has happened. I'm always answering that's not something they can be sure of, and that everything appears ok does not mean that tomorrow their photos can't start appearing in some reddit forum.
I'm trying to teach them that blindly saying "yes" to every prompt in order to get something on their phones is not a good idea and why, but so far they don't seem to get it. I hope that they learn by the time they are the ones managing the devices, else the lesson is going to be imparted by means of having their privacy exposed.
My feeling is that while a clever user interface design can help, no one really can protect one from oneself except... oneself. There's no technology that can replace people's ability to read and think by themselves.
-
Thursday 11th September 2014 13:03 GMT Zog_but_not_the_first
What to do?
Talk to your family, friends and neighbours and I'll bet that most have them have NO IDEA about permissions or that they are a "user" of their phone (in the IT sense), while Apple or Google are the administrators.
This isn't a criticism of them - many people drive well without having a clue as to the mechanical processes that underpin their cars. But there remains a sense that we are all to some degree being "had" by these and other IT practices.
I suppose my great grandfather had to put up with some low life baker putting antinomy in his bread while we have to grapple with a compass app that "needs" to take stealth video recordings.
Sigh!
-
Thursday 11th September 2014 13:09 GMT Filippo
Poor model
I wish I could just install some other app instead of the one I want that requires so many permissions. But usually damn near every other app has the same problem, or just isn't as good as the original one.
What we need is the ability to install an app, run it, and grant or deny the permissions it requires individually, at the moment it requires them, with an option to remember the choice or not.
The fact that such a blindingly obvious and easily implemented improvement has not appeared yet tells me that the OS providers just don't want it.
-
Thursday 11th September 2014 16:22 GMT I ain't Spartacus
Re: Poor model
What we need is the ability to install an app, run it, and grant or deny the permissions it requires individually, at the moment it requires them, with an option to remember the choice or not.
The fact that such a blindingly obvious and easily implemented improvement has not appeared yet tells me that the OS providers just don't want it.
That's pretty much what you get from Apple. I would complain slightly that when you download an app, you don't get a warning of everything it'll want in future, but you do get warned when it tries to access, contacts, photos or whatever.
And then a list of what apps have access to each area, and a simple slider to switch that permission off again.
The only thing they don't have is the ability to temporarily allow an app something for five minutes, and then expire it. Though you can do this manually. Also they don't have a way to deny an app network access, that's a given with everything.
-
Thursday 11th September 2014 13:10 GMT Swarthy
An idea for an App strore
Either a full-on App store a la Amazon, or a value-added front-end like AppBrain: taking the results of these security/permissions surveys and using them to rank the apps, rather than(or in addition to) fickle popularity.
Currently, there is no benefit to the app developer to moderate their permissions, and collection of personal data is encouraged monetarily. Perhaps if the over-reaching permissions and hemorrhaging of data caused them to be at the bottom of the list, the developers might be persuaded to develop better behaving apps.
-
Thursday 11th September 2014 13:10 GMT wowfood
I am somewhat reminded of the whole contreversy of the Facebook Messenger application, personally I think the seperate messanger was daft, but I went through and disabled a load of the 'features' and now it acts just like normal messenger, so much so that I again wonder why they bothered splitting off.
ANYWAY
The furore I saw when people saw the list of permissions it needed, "Why does it want my camera / contacts / gps / first borns soul" etc. People up in arms about how facebook are going to farm this data from messenger to sell on to the highest bidder or some other fantasy... Happily ignorant of the fact that facebook already has every one of these permissions, and possibly more.
It makes me wonder if people are just plain ignorant of what folks can do with these permissions, until they're told to be angry about it in a particular case by the tabloids.
I will admit that I don't pay much attention to these permissions, not nearly as much as I should, and I do wish they'd make it a requirement to list why features are used / needed. Or better yet, disable access to certain features. (I'm getting fed of facebook and google asking if they can use my location)
No I don't use my camera straight from facebook, so you don't need camera accesss, nope nor do I use the GPS. Give us little check boxes, and a list of features that'll no longer opperate and I'll be happy (I guess)
-
Thursday 11th September 2014 13:24 GMT vahid
firewall is the way forward
Until Google put together a proper plugin approval process for application creation I would recommend you all install android firewall.
If you have rooted your phone then go for andorid firewall - which works really well and stops any app from sending info out, if not then go for the non root f/w which is as good but a little more annoying.
Google need to employ developers that looki at the potential result of plugin and permissions set by developer. Deny any badly written plugin.
the answers are all very simple the bloody time it is taking to sort this mess out is ridiculous,
-
Thursday 11th September 2014 13:30 GMT mo_roodi
Not enough granular control!
I think part of the problem is the granularity of control which the OS provides, and there's probably the laziness/bad habits on the part of the developer.
For example Android permissions are split into individual permissions and permission groups. For example I want to be able to access the flash on the camera... I can either use the "flashlight" permission or the "camera" permission group. The same goes for storage. I can either use the "storage" permission group, or I can request the individual storage permission for example read/write external storage.
If for example my app starts life reading external storage because it stores something on the SD card but later in it's life it needs to write to the external storage... Wouldn't it be easier for me to just request the storage permission group rather than starting off with read then asking the user to change the permission level of the application in the future?
I also think this is where the laziness comes in. The developer could go through and work out what permissions the application needs explicitly, or they can just request the broader groups, in the case of the flashlight application though this will mean that the store will show the app wanting access to the camera.
The same probably applies to quite a lot of other apps. Rather than working out the explicit permission that the app needs the developers have probably just requested the group permissions. For example the Arriva Bus App mentioned - These are the permissions that aren't connection and location related:
Photos / Media / Files
modify or delete the contents of your USB storage
test access to protected storage
Camera / Microphone
take pictures and videos
Other
read Google service configuration
All of these permissions can be explained by a simple "share" function which may let you share and image to a Google account...
-
Thursday 11th September 2014 13:31 GMT royston_vasey
A few tweaks to Data Protection legislation could help here. Make it illegal to collect data that's unnecessary for the application to function correctly & a lot of this would go away overnight. Sure there'd be a few scumbag developers who would add functions that require all the extra data they don't really need to get round the laws, but it could at least deal with the lazy developers. The nefarious ones will always be out there anyway.
-
-
Thursday 11th September 2014 16:41 GMT I ain't Spartacus
I like mobile email, sat-nav, train timetables. Most importantly I have 4,500 work contacts on my phone, and a separately managed personal contact list.
That's not possible on a dumbphone. So I have a smartphone. But no sneering, as I'd really like some sort of hybrid where I could have both.
In an ideal world, I'd have something like the Motorola RAZR 3, but with 4G access and the ability to be a WiFi hotspot. Or use Bluetooth. Then another device, probably a tablet in my case, which would do all the smart stuff and piggyback its connection off the phone. I could then choose the function to have with me at any time. Maybe the phone thingy could do a bit of email and sat-nav.
I'm unusual though, I carry a bag. Almost everywhere. It's often got 4 pairs of glasses in it, plus jewellers screwdriver (to fix them), other useful things and a tablet.
Hmm... I've just realised that makes me a mugger's delight. I rarely leave the house without over £2k worth of kit on my. £500 iPad, £500 reading glasses, £500 (work) iPhone, £200 ordinary glasses, £50 sunglasses (sometimes x2), £50 of tools (leatherman, screwdriver set, jewellers driver), £200 watch, £50 in the wallet, £200 iPod... Should I get a gun? Nah that'd be even more worth stealing. How about a bomb? Mugger turns up, reveal grenade, pull out pin, smile...
-
Friday 12th September 2014 00:47 GMT Tannin
I like the way you think, not-Spartacus. :) Like you, I split tasks between mobile devices, albeit with a differently placed dividing line. My laptop does the bulk of the heavy lifting (yes a full-size laptop with 2 1TB hard drives and enough grunt to more-or-less replace a desktop); the phone just does phone calls and the odd SMS. Oddly enough, it's not so much the size and weight of the laptop that cuts into the ideal of use-anywhere, use-anytime, it's the mucking about you need to do with unfolding it and finding something like a table to rest it on and adding the essential accessories - real pointing device 'coz I hate those horrible touchpad thingies; broadband dongle on a longish cable 'coz the outback places I go often have marginal reception and built-in often doesn't cut the mustard. A tablet would make much more sense for travelling, but I'm not interested in anything that doesn't have the essentials of a proper keyboard and lots of storage .... and there we are, straight back into laptop land! Maybe I'll look at these new very large phones that are almost tablets; that might work for me. Or maybe I'll just carry on as usual until the ancient dumbphone self-destructs in half a decade or so.
-
-
-
Friday 12th September 2014 07:17 GMT Wzrd1
Heh
I remember trying to install a banking app from my bank, on Google's store.
Bloody thing wanted access to my phone memory, contacts, camera, microphone and a DNA sample from my testicle.
Needless to say, the DNA thing would be acceptable, the rest, nope. I do without their app that desired greater access than GCHQ or the NSA to my information.
-
Friday 12th September 2014 09:00 GMT Anonymous Coward
Re: Heh
DNA sample from my testicle.
Sounds like the app already knew you had a pair so I wouldn't trust something that I feel is new experience and yet the thing knows all about me, a bit like a new sign up to feace book and out poops out frenemies wanting to add you on to their list - hangon I am just signing up I didn't go looking for these poopers
-
-
Friday 12th September 2014 14:53 GMT jelabarre59
security intermediary
I'd think a good addition to Android would be a security intermediary/filter utility that would simply tell an app it was getting access to settings it actually wasn't. So that flashlight app could happily think it was looking at your contact list, yet actually be getting zilch.
It would probably have to be part of the core OS, rather than a 3rd-party apop, but with the way Google is running Android, we'll have to wait for the R-Daneel fork of Android to see any such thing happen.
-
Monday 27th October 2014 07:57 GMT Matthew Collier
Re: security intermediary
It already exists. You need root and install the Xposed Framwork, then the XPrivacy plugin. You can randomise just about everything the apps want to get hold of, or, provide a specific "fake" (IMEI, UUID, Contacts, Networks, MAC addy, Location etc. etc.).
Very good, use it all the time :)
-