Last week, a study was published that showed how 15 popular applications in the Android Market shared location data with advertisement servers, while 10 shared unique identifiers with them, as well. Glad you're using an iPhone? Not so fast - another study, published over the weekend, shows that the iOS ain't much better in this regard.
Post a Comment
Member since:
2010-05-19
Member since:2009-06-30
On the technical side, the user should be able to selectively deny the application access to some of the resources. (ie. each permission should be associated with a checkbox, and its description should not only answer the question "what" resources are needed but also "why")
On the policy side - if the application is found to abuse this contract - it should be removed from the Market and optionally from user devices.
It's not an unsolvable problem. It's just that no one simply thought about it in the first place. Which is not that surprising if you recall what is the privacy policy of Google itself.
Member since:2010-05-19
Member since:2006-02-15
This isn't really a platform issue at all, this is a developer issue: the application developers do things they are not supposed to. As such a simple fix is most likely the best one: if your application transmits identifying data anywhere it must clearly tell the user what it is going to transmit and where, and if the application doesn't comply then it is removed from Android Market.
Simple, and efficient.
Member since:2010-05-19
Member since:2006-02-15
That's exactly what they do, so there's no problem.
No, they don't. The app asks for permission to personal information and internet and yes, user is presented with the dialog, but then the application is not required to actually inform the user of what the personal information is used for and if it is transferred to another party, and to whom. That's the whole point: Google should require the developers to have the application then clearly state all that.
RE[6]: What's the issue?
Member since:2005-07-06
Member since:2005-07-06
It's not very likely as Google is part of the problem, they are not any better than lots of the 3rd party developers. Some Goolge apps actually require access to far more than their capabilities, functionality and usecase requires.
On some areas they are a little "better", since at least some of their apps have EULAs. If you bother to read, as an example, the one for the Android Google maps application. It more or less spells out that it's spyware(it don't collect passwords and such, but anything else), giving Google rights to use all the information it collects in any way they see fit.
Call me old fashioned, but i would kind of prefer if they had the decency to shot me in the rear with a tranqualizer gun when they wanted to radio tag me.
Edited 2010-10-05 09:25 UTC
Member since:2005-07-06
Member since:2006-07-25
That's a bit naive. In general (fancy tainting aside) there is no way to tell what an app does with data it receives. The only way to solve this is to prevent the app from getting the data in the first place, *and* make it hard for it to know this. That is, if the app knows it is being denied private data it will just say "Let me access your private data or I won't run."
The solution is fairly simple and obvious: basically extend droidwall to all the other Android permissions, so if you 'block' GPS access, it doesn't fail with an exception, it just reports a random/generic location.
This has been suggested many times on the Android bug tracker and mailing lists, but Google think their current approach works. Clearly it doesn't.
Member since:2010-03-30
Very true.
That line of logic goes nowhere fast.
You can't make every possible capability of every application able to be disabled.
It's not 'abuse' of anything if you agreed to it.
Read the contracts you sign. Simple.
Also true. That's the very reason why I didn't install Yahoo Mail and Opera while I had the firm intention to install these apps... until I saw the permissions needed: access to non-free services, to the contact list, the SMS, control of system services, and what else. Why does Yahoo Mail wants to be able to send text messages from my phone? Having an unlimited number of short messages in my contract doesn't make it acceptable.
On another subject, I was looking for a virtual keyboard app to replace the default one in HTC Sense. And I read somewhere that one of the major contenders in that field has started asking for network connections in one the latest releases while in the past, it didn't have that network access permission. Really, why does a virtual keyboard app need network access? What could prevent them from logging all my usernames and passwords? One user (of their non-network version) contacted the developer about that issue and never got an answer... How carefree are the people who install such an app? That's what I am appalled at.
Member since:2010-03-08
Well, AFAIK, the real situation is that on both OS, the applications can access part of or all of your personal data.
The differences between OSs being that on iOS we're sure that there's a unique device identifier (on Android we don't know) and that on Android applications have to tell the user that they want to access said data during install time.
So it's rather iOS that's a bit wrong from a security point of view. But well, the App store is a perfectly safe ecosystem so the local OS does not have to be secure, isn't it ?
Edited 2010-10-04 16:37 UTC
Member since:2010-05-25
OK, I scanned thru the linked paper and I found that Amazon, facebook and Twitter all track your identity.
I'm SHOCKED!!! that users would provide info to sites that require your identity to be functional.
In every case actually described, the UDID is a simple shortcut for associating info that you've allowed (maybe, even "demanded") to be sent to the website.
And this is what kind of issue? None of the examples I described were in any way a compromise of users' identity, rather, they were facilitators of users' requests.
Help me understand why this is an issue again?
Member since:2005-11-14
The problem is that this kind of notice is rarely very clear.
There are some apps that will track your movement with the GPS, have full access to the internet, access your Google account and read your memory card and your identity – all for perfectly benign reasons. For instance, one of the sports tracking apps I use wouldn't work well without it. Most actual phone apps (i.e. the ones that aren't games or make fart sounds) are made for some kind of information sharing. One problem with the articles is that they treat most kinds of information sharing as "suspicious", so they're almost tailor-made for FUD.
However, even though it's easy enough to avoid fart apps that demand access to your contact list, the GPS and network, the privacy policy of ad-supported apps that do make use of private information for good reasons isn't often readily available. Google really ought to upgrade their access rights lists with more relevant information.
Member since:2010-05-19
It's not hard to read a contract, and if you don't understand what your computer is doing, you're going to get taken in, and that's no one's fault but your own.
If you understand your computer, you'll realise there's no need for a fart application to share anything.
If you don't understand how your car works, you're going to get sold blinker fluid and tire lubricant.
"Ignorance of the law is no excuse".
Member since:2005-11-14
Member since:2010-05-19
I read it, and I read the article.
I haven't used the market because the phone companies keep discontinuing things rather than lowering the price.
Your first comment seems full of information not relevant to the situation at hand, though the next one is.
If there's no EULA-like thing shown, then there's a problem, but I doubt that there isn't one.
That said, I'm unlikely to get much from it, as most of it is non-free.
Member since:2005-11-14
Member since:2010-05-19
Look, I'm saying I don't know if it's shown.
I'm not taking your word for it that they're not showing this, though Google requires it and says they do it.
IIRC there's a setting for automatic agreement. I could be wrong there, as that's the sort of thing that one can set on/off in Linux/BSD package managers.
Member since:2005-11-14
Member since:
2010-10-04
The main difference is that from iOS you can download only UDID. And that's it. For server it's only anonymous number. If you give more info to the app - your decision.
From Android apps can steal phone number, SIM ID, position (via GPS) and phone ID. I don't think that the risk is even comparable. The UDID is only possible way to connect user and it's profile on server. It can be used to identify user's across services from WITHIN apps. Not web.
What's the difference between this and your profile on i.e. facebook? Or any other side. If you give them your name - their have it. If you won't - they won't. It's the same.
You can remove cookies but as soon as you log in -they know that it's you.
Member since:2005-11-14
Uhm, no. The main difference is that one article focused on the use of UDIDs on iOS and the other focused on how an Android app called Taintdroid could help you eavesdrop on how various apps use various bits of information. iOS apps can read your phone number and contact list as well. The article says nothing about whether they do or don't.
Member since:2010-05-19
Member since:
2006-04-03
On one hand they complain that the data is encrypted and as such could be secretly transmitting who knows what, then they complain that other apps transmit stuff in plain text so anyone can see it. If I give an app permission to use my data then I've given it permission, but I'd sure as hell want it transmitted securely...
Member since:
2006-04-07
Member since:
2005-07-07
What?!
Why would highscores be linked to a device and not to an individual?
Does that mean if someone sells the phone, the new owner also gets to trash the first owner's highscores?
Or that buying a new device means you'll have to do all your scores all over again?
Member since:2005-10-10
Member since:2006-09-15
Member since:
2005-11-17
I actually had my LAN class in college with this guy.
He's very smart, and really does know what he is talking about.
However, what he shows is common sense. Developers naturally take shortcuts and do the least amount of work possible to secure information. The fact that insecurely coded applications send information that they should not over insecure channels is not news in itself. The fact that they're doing this in 2010, as opposed to 1996 (when I had this class with Eric and we discussed this openly), is just sloppy.
The PCI-DSS standards provide some assurance against storing of credit card numbers and mag stripe data by reputable vendors.
Apple and the carriers need to enact similar standards to prevent developers from doing this, especially with the push to use Mobile Phones as payment devices.
While this won't stop people from getting ripped off by unscrupulous app vendors (think of the people who pirate applications and always try to get something for free), Apple does give the implied assurance (not the 55 page EULA that no one reads that probably says otherwise) to App Store customers that they applications that they purchase or acquire via their systems will not compromise their privacy.
Apple really needs to take this to heart and add some steps to their review process to ensure that their customers' privacy is protected with the transmission of data. People care more about their privacy than whether or not an app meets their design standards.
Like I said, Eric Smith is a very smart person. However, it doesn't take someone with his brains to figure out Apple has major egg on their face because they set themselves up as the arbiter of standards with their App Store, and were caught with their pants down.