Security

[rc211]

I would like to lockdown maybe via a firewall to prevent apps and the OS from phoning home. I noticed this after I hacked the itouch and installed a firewall, apple phoning home when you open the settings for example. And stuff like this in android- CyanogenMod code fixed to prevent unlock gestures from being logged locally on handsets -- Engadget

How do I prevent all logging without slogging thru millions of lines of code?

Are you concerned about security on these devices?

 

[anon(847090)]

There is no smart Phone which doesn't contact the servers. WP,iOS,Android,BB all contact their respective servers to backup/sync your settings.

You can always disable these settings in Android. lets say maps it has to contact the server to update the map info so there is no point disabling that.

I dont care if they connect to those server but seelling the info is different and most big companies wont do that but if they do i do care.

 

[a1kemist]

Apps yes, Google (and their related apps) not so much, since this is their OS system and everything revolves around them if I want to use android. That's what a privacy policy is for.

Can't vote since that option isn't there.

 

[anon(847090)]

Apps yes, Google (and their related apps) not so much, since this is their OS system and everything revolves around them if I want to use android. That's what a privacy policy is for.

Can't vote since that option isn't there.

didnt vote myself for the exact same reason.

 

[2defmouze]

It's really not something you should stress about. Firstly because you have a Nexus device, so your OS is designed by Google and part of AOSP, not by any carriers or OEMs. Secondly when it comes to apps, just follow the usual common sense suggestions of knowing where you are downloading apps from (if not from the Play Store then be positive you trust the source), and even if downloading from the Play Store then make a judgement call about how trusted and known the developer is, check the ratings and reviews of the app, etc. And finally look at the permissions the app wants granted when it's being installed. No app can do something in your OS unless it declares it needs that permission when you install it. If you are unsure about why a certain app needs said permission, question it!

Other than that, don't stress so much

 

[rc211]

Android Apps Security Risk

http://nakedsecurity.sophos.com/2012/10/23/android-developers-just-how-much-can-we-trust-them/

 

[Unicorn Rancher]

I don't do banking on my Nexus 7 and I'm not worried about Google reading my GMail or knowing what I bought from the Play store with their $25 credit.

 

[2defmouze]

Android Apps Security Risk

Android developers – just how much can we trust them to do web security properly? | Naked Security

Don't believe everything you read on the internet

 

[rc211]

Wow. Are you ignorant.

Your level of technical comprehension is incredibly low- if you don't know how google play works.

Read the paper, there is no vetting mechanism for apps. Basically anyone can design anything and it can suck data from the majority of most popular apps. Just because its in the store hosts it, doesn't mean that google has even looked at the app- security wise.

Your own guys at CyanogenMod just found code that is logging things it shouldn't be. (now I am sure apple, win, etc is just or more insecure- so I am not picking on android)

 

[anon(847090)]

you are paranoid and too concerned. where did you do your tax last time? turbo or hnr? well there know your social security no and bank account.
same with any purchase you make online.
I wouldnt worry about any data given to google/google services. I have my bank account added on google account. does that mean other apps can use by details? NO

about other apps google do have a security scanner called bouncer which would scan for malicious apps.

I hope you dont use the internet because internet has lot of virus. Its just stupid people doing stupid things that get into trouble.

 

[2defmouze]

Wow. Are you ignorant.

Your level of technical comprehension is incredibly low- if you don't know how google play works.

Read the paper, there is no vetting mechanism for apps. Basically anyone can design anything and it can suck data from the majority of most popular apps. Just because its in the store hosts it, doesn't mean that google has even looked at the app- security wise.

Your own guys at CyanogenMod just found code that is logging things it shouldn't be. (now I am sure apple, win, etc is just or more insecure- so I am not picking on android)

If you would like to have a discussion that is fine, we love and encourage that... but I'll ask you to please refrain from launching personal attacks on myself or any other members whose ideas and opinions you either do not agree with or do not fully understand.

I happen to understand quite a bit about security in Android, and I believe the concerns you are voicing are off base. I also recommend reading from some more reliable sources. There are countless "news" sites out there who publish plenty of, well, garbage.. but Android Central is one of few who consistently does their homework, refrains from pushing blog posts quickly just to be first, and makes great effort to be able to explain things to both newer and advanced users alike in a manner everyone can understand and appreciate. I invite you to read some or all of the following articles which should allay your concerns a bit, and if you would like to continue to discuss like adults, I'm all for that
Android, security, and you | Android Central
Android developers demystify application security (the sky is not falling!) | Android Central
Security scare of the week: What can an app with no permissions do? | Android Central
Android app permissions - How Google gets it right ... | Android Central

 

[rc211]

Ok so I think I understand the mode of this forum is just to sweep any security issues under the rug. If we don't see them they do not exist.

Look at it this way- You guys are way more committed/invested financially to android- to promote this forum and want to sweep any legitimate, valid concerns under the rug. I get that, but its short sighted, because what you are effectively saying right now is- "we don't care if you get scammed/hacked, CC run up, etc, just click on the ads so I can get paid."

I would counter that instead of this current objective, of just sheer greed, become a center that actually cares about its users here and promotes safe, secure apps.

One could reason that you are pushing this agenda is that you have a vested interest in getting users to adopt custom unvetted, unaccountable ROMS and apps, for possibly nefarious purposes.

Which is how people are interpreting this right now. I hope that this is not the case, and not how it looks.

 

[nrm5110]

Ok so I think I understand the mode of this forum is just to sweep any security issues under the rug. If we don't see them they do not exist.

Look at it this way- You guys are way more committed/invested financially to android- to promote this forum and want to sweep any legitimate, valid concerns under the rug. I get that, but its short sighted, because what you are effectively saying right now is- "we don't care if you get scammed/hacked, CC run up, etc, just click on the ads so I can get paid."

I would counter that instead of this current objective, of just sheer greed, become a center that actually cares about its users here and promotes safe, secure apps.

One could reason that you are pushing this agenda is that you have a vested interest in getting users to adopt custom unvetted, unaccountable ROMS and apps, for possibly nefarious purposes.

Which is how people are interpreting this right now. I hope that this is not the case, and not how it looks.

Smh.... Security issues exist yes same as any os mobile or not root creates a much larger risk as well same as other os's but the same rules apply use your brain pay attention to what you dl pay attention to developers, comments by users, common sense I have android tuner pro and can see exactly what permissions apps have and exactly what they are used for. I will attach screenshot as an example in a bit if you wanna see packet data I'm sure there is a sniffer as far as killing an app's ability to communicate I'm going to go with a that's a long shot

Sent from my SAMSUNG-SGH-I727 using Tapatalk 2

 

[2defmouze]

Ok so I think I understand the mode of this forum is just to sweep any security issues under the rug. If we don't see them they do not exist.

Look at it this way- You guys are way more committed/invested financially to android- to promote this forum and want to sweep any legitimate, valid concerns under the rug. I get that, but its short sighted, because what you are effectively saying right now is- "we don't care if you get scammed/hacked, CC run up, etc, just click on the ads so I can get paid."

I would counter that instead of this current objective, of just sheer greed, become a center that actually cares about its users here and promotes safe, secure apps.

One could reason that you are pushing this agenda is that you have a vested interest in getting users to adopt custom unvetted, unaccountable ROMS and apps, for possibly nefarious purposes.

Which is how people are interpreting this right now. I hope that this is not the case, and not how it looks.

This forum exists for discussion, to educate, to assist, and to enjoy the company of other enthusiasts. I don't blindly promote anything, and I don't pretend there are not issues, as there are with any OS. None of the Moderators or Advisors like myself are paid to be here, nor are we officially endorsed or sponsored by any developers, and we have absolutely no reason to deceive you. We are here because we like Android a lot, foremost, and because we enjoy helping people and chatting. That's it.

If you read the articles I linked to you would find plenty of information teaching you safe practices, stressing how and why you should know about app security, etc. Additionally you will see plenty of rational, knowledgeable discussion about why the 2 articles from unknown sites you linked to are not delivering you accurate info.

Additionally.. while I'd be considered a power-user because I enjoy the rooting/rom side of things, and I love helping others along that path who are interested, I've never pressed it on anybody and honestly have no reason to.

To insinuate that there are other purposes, evil and greedy and nefarious, behind this hobby of ours that we love doing, is insulting and demonstrative of a great deal of ignorance about the subject... that or a desire to start a forum war, which you won't be successful in with us.

Again.. I'm happy to discuss things and invite others to join in. I'm sure you aren't the only one who has read things about security issues and has concerns. But please don't bother posting if it's just to incite panic, or attack the hobbies of other people here. Thank you

 

[anon(847090)]

Ok so I think I understand the mode of this forum is just to sweep any security issues under the rug. If we don't see them they do not exist.

Look at it this way- You guys are way more committed/invested financially to android- to promote this forum and want to sweep any legitimate, valid concerns under the rug. I get that, but its short sighted, because what you are effectively saying right now is- "we don't care if you get scammed/hacked, CC run up, etc, just click on the ads so I can get paid."

I would counter that instead of this current objective, of just sheer greed, become a center that actually cares about its users here and promotes safe, secure apps.

One could reason that you are pushing this agenda is that you have a vested interest in getting users to adopt custom unvetted, unaccountable ROMS and apps, for possibly nefarious purposes.

Which is how people are interpreting this right now. I hope that this is not the case, and not how it looks.

hm.. security issue exist in Android but you are making it so big of a deal which in fact is very small. install trusted app. thats it.

I figure you are too concerned when u said ios phone the home when u go to settings!! i hope you dont use ur credit/card anywhere because they pretty much store ur card no.
Apple/Google/Microsoft is the least organization who would sell your personal info. they dont!!!! read the privacy policy.


I have never seen a person who is paranoid as you! do you even have a bank account because if you dont then no one can hack in to ur account.

I was wondering if you do online shopping at all???

 

[nrm5110]

Oh btw I'm sec+ certified and am a 25b for the US army I'm not going to lie to you about security I have invested years to my trade I've seen things lol

Sent from my SAMSUNG-SGH-I727 using Tapatalk 2

 

[nrm5110]

hm.. security issue exist in Android but you are making it so big of a deal which in fact is very small. install trusted app. thats it.

I figure you are too concerned when u said ios phone the home when u go to settings!! i hope you dont use ur credit/card anywhere because they pretty much store ur card no.
Apple/Google/Microsoft is the least organization who would sell your personal info. they dont!!!! read the privacy policy.


I have never seen a person who is paranoid as you! do you even have a bank account because if you dont then no one can hack in to ur account.

I was wondering if you do online shopping at all???

Ssh wont save anyone lmao

Sent from my SAMSUNG-SGH-I727 using Tapatalk 2

 

[Jerry Hildenbrand]

Ok so I think I understand the mode of this forum is just to sweep any security issues under the rug. If we don't see them they do not exist.

Look at it this way- You guys are way more committed/invested financially to android- to promote this forum and want to sweep any legitimate, valid concerns under the rug. I get that, but its short sighted, because what you are effectively saying right now is- "we don't care if you get scammed/hacked, CC run up, etc, just click on the ads so I can get paid."

I would counter that instead of this current objective, of just sheer greed, become a center that actually cares about its users here and promotes safe, secure apps.

One could reason that you are pushing this agenda is that you have a vested interest in getting users to adopt custom unvetted, unaccountable ROMS and apps, for possibly nefarious purposes.

Which is how people are interpreting this right now. I hope that this is not the case, and not how it looks.

Read the permissions requested when installing an app.
When you find you don't understand them, or why they are there, refer to the documentation provided by Google about each declaration.

You phone is only as insecure as you give it permission to be.

 

[PvilleComp]

Security on any connected device should be a concern to any user, however it is also a responsibility of the user to take some of that burden upon themselves. If you root your phone and then download "CuteGirlsOnWallpapeWantYour" from some 3rd party site (or, really let's be honest, don't download that junk from the Play Store either!) then you kinda get what you deserve.

There is a reason that no mobile device comes with admin or root privileges. It's to help protect users from themselves. If you root then the responsibility is on you. If you are stock and go looking for trouble, trouble will also eventually find you.

As far as logging goes... Smart apps need to manage the "state" of the application. Code is inherently stupid, it only knows and executes what is available in the moment. So, in order to maintain state, or "awareness" of what you are doing and where you are in the process, logs and/or databases need to be kept in order to manage your session. Contacting servers are also a necessary part of that. There is only so much data that can be held on the phone. If Google Maps downloaded every map to your phone on install, you would (rightfully) be even madder! Contacting the Google Maps server with your current location and destination to download only those maps is an efficient way of managing a complex task.

I'm using Google Maps here as an example only because it's something everyone can relate to and there is a lot of data being tracked and downloaded that are relevant to the discussion.

At the end of the day, if an app looks too good to be true, or an ad looks too good to be true, then you are correct! Don't download it.

If you are not paying for the product... you are the product.

Hope this helps.

 

[dmmarck]

Wow. Are you ignorant.

Your level of technical comprehension is incredibly low- if you don't know how google play works.

Read the paper, there is no vetting mechanism for apps. Basically anyone can design anything and it can suck data from the majority of most popular apps. Just because its in the store hosts it, doesn't mean that google has even looked at the app- security wise.

Your own guys at CyanogenMod just found code that is logging things it shouldn't be. (now I am sure apple, win, etc is just or more insecure- so I am not picking on android)

Ok so I think I understand the mode of this forum is just to sweep any security issues under the rug. If we don't see them they do not exist.

Look at it this way- You guys are way more committed/invested financially to android- to promote this forum and want to sweep any legitimate, valid concerns under the rug. I get that, but its short sighted, because what you are effectively saying right now is- "we don't care if you get scammed/hacked, CC run up, etc, just click on the ads so I can get paid."

I would counter that instead of this current objective, of just sheer greed, become a center that actually cares about its users here and promotes safe, secure apps.

One could reason that you are pushing this agenda is that you have a vested interest in getting users to adopt custom unvetted, unaccountable ROMS and apps, for possibly nefarious purposes.

Which is how people are interpreting this right now. I hope that this is not the case, and not how it looks.

This forum is about discussion. We're here to help, to aid, to guide users when they're trying to figure out Android. We have, in my honest opinion, the absolute best support staff of any Android website/forum out there. In no way are we--the staff of AC, myself, 2def, whomever--telling you to ignore safety concerns in the hopes of garnering hits, $$, whatever. I'm not paid, 2def's not paid--we're volunteer staff. There's no agenda, there's no financial incentive, no conflict of interest. Like I said, we do this out of love for the platform and community. If you have an issue with one of the staff, please use the report feature .

That being said, bring your topics. Bring your concerns. But leave the personal insults and attacks behind. Not only are they against forum rules but they're also poor form, bad etiquette, and usually subtract any and all legitimate weight and authority from a post. I don't want that and you don't want that. We're here to argue--and arguing is fun! But using insults/attacks instead of actual points, opinions, logic, etc. is neither fun nor effective. So again, please--argue, debate, enjoy yourself. But don't take away that enjoyment from others.

Thanks .

Now, to answer your general concern--assumption of the risk. The garden that Google grows is wild and unruly. There will be snakes, poisonous fungi, and potentially a tiger. So while you may find El Dorado, you may also run into a few seedy things on the way. Know what to look for and and always use caution if the developer's reputation is (1) nonexistent, (2) indiscernible, or (3) somewhat new and unestablished. And this is exactly what Jerry said--your phone is only as insecure as you allow it to be through not only the granting of permissions but also downloading the app itself.