1. SweetBearCub's Avatar
    Greetings.

    UPS should be delivering my Optimus S into my waiting hands sometime this Thursday. This will be my very first "real" Android device, beyond a seemingly gimped emulator image of Android 1.6 I was able to run on my PC, and a highly unstable build I was able to run on my Touch Pro 2.

    When I played with a few of the demo phones in stores, installing a couple free games from the Market (I don't recall the names), I noticed that I was prompted to agree to several areas that the apps wanted to access, areas that struck me as un-needed. For example, I remember one of the games wanting to access the phone/call history and the handsets' direct (as opposed to Google Voice) phone number, among others.

    I'm very security and privacy conscious, and this raised a giant red warning flag in my mind.

    First, is it very common to come across apps in the Market that typically ask for permissions well above only the access they truly need to function as advertised?

    Second, is it possible, after downloading an app that over-reaches, to fine tune what it is and is not allowed to access before any possibly un-necessary/private data is sent to who knows where, possibly with the assistance of a system-level type of firewall app?

    Third, I've read that the Market has facilities to report inappropriate apps to Google. Does this kind of data snooping qualify as something that I should report, and if I report it, will it do any good?

    Thanks!
    12-02-2010 02:01 AM
  2. vel7wil's Avatar
    I've been on android since June and When it comes to downloading I carefully read what the app is and what its accessing...If I feel its asking for something that Im not comfortable giving i'll decline the download of that app and search for something compatable that will give me the same thing with less acess.
    12-02-2010 07:30 AM
  3. mfldmike's Avatar
    ***Starting to make a tinfoil hat***


    Just kidding, but do you guys seriously think an app in the marketplace would try to "steal" "your" information. That developer would be SOL...
    12-02-2010 08:23 AM
  4. SweetBearCub's Avatar
    I thought of just canceling the download of any apps that seem to overreach as far as what sort of permissions they ask for, and it's probably the most sound option when it comes to maintaining the security of my personal data on the phone.

    On the other hand, I can imagine a situation where I find only one or two apps that do what I need, and if both ask for way too many permissions, I'd want a way to use the apps while still both maintaining my security and also, I'd like to be able to let Google know of the issue so that there is hopefully less of a chance that other future users will unknowingly let their data be snooped.


    I've been on android since June and When it comes to downloading I carefully read what the app is and what its accessing...If I feel its asking for something that Im not comfortable giving i'll decline the download of that app and search for something compatable that will give me the same thing with less acess.
    12-02-2010 01:21 PM
  5. SweetBearCub's Avatar
    Tinfoil hats aside, I can see the data your phone contains being a valuable commodity. For example, unscrupulous developers could use your call log data and contacts list to spam people. I don't know for absolutely sure, but I'd guess that spammers would be willing to pay good money for that sort of data. And anything that I can do to make a spammer's life more difficult is a good thing.

    Also, even if a developer isn't selling your data to the highest bidder so to speak - Doesn't it concern you (for example) that a game is asking for access to your call log data?

    Also, even if all of a developers apps were banned from the Market and the devs themselves were banned from submitting more apps - Any data gathered up to that point would still be there. Some unscrupulous people are only in it for the moment, and the threat of being banned holds no sway over their conduct.


    ***Starting to make a tinfoil hat***


    Just kidding, but do you guys seriously think an app in the marketplace would try to "steal" "your" information. That developer would be SOL...
    12-02-2010 01:28 PM
  6. zefie's Avatar
    On one hand, a dev could log data, but everything on the market has QA testing prior to release, AFAIK. Non-market downloads you can worry about if you want.

    Likely though they aren't logging anything. The way the Android APIs are set up require dramatic permissions to do something simple.

    Just an example, if you make an app only change the ringtone of contacts, you need to access all of the contact data, not just their ringtone.
    12-02-2010 01:38 PM
  7. SweetBearCub's Avatar
    Is there a way to be able to see in some detail why an app is requesting the various permissions it wants, and/or to deny some permissions and allow others?


    On one hand, a dev could log data, but everything on the market has QA testing prior to release, AFAIK. Non-market downloads you can worry about if you want.

    Likely though they aren't logging anything. The way the Android APIs are set up require dramatic permissions to do something simple.

    Just an example, if you make an app only change the ringtone of contacts, you need to access all of the contact data, not just their ringtone.
    12-02-2010 01:52 PM
  8. gabbott's Avatar
    ***Starting to make a tinfoil hat***


    Just kidding, but do you guys seriously think an app in the marketplace would try to "steal" "your" information. That developer would be SOL...
    It is very possible. Yesterday there was a paid app that supposedly enabled LTE on Verizon phones and it at least made it into the marketplace where someone was trying to scam a few bucks.

    So while we don't necessarily need to be super paranoid, the possibility is there and we should at least read what permissions an app requests.
    12-02-2010 02:27 PM
  9. KSmithInNY's Avatar
    I think it's important to separate scamming money from people and stealing information. The end result of the 2 are DRAMATICALLY different. If someone wants to steal $2 from me because i purchased a crappy app, well I guess I'm kind of at fault too and hopefully i learned a lesson. Not saying it's the moral thing to do, just saying, it's only $. Like the old saying goes, fool me once ...

    Now stealing information ... that's a whole different ball game.

    If you do some looking THERE'S PLENTY OF GOOD INFORMATION. What you need to keep in mind is, no matter how secure the market, SOME ***** IS GOING TO TRY AND TAKE ADVANTAGE OF PEOPLE. Unfortunately, It's in some peoples nature to be malicious and something you need to be prepared for no matter what device you use, period. There are always going to be SCARES AND THE TIN FOIL HAT CROWD, but then again it could all come down to a simple misunderstanding where the person making the foil hat didn't understand the COMPLETELY VALID REASON the app needed to access that data and maybe blew the fire alarm too early.

    If you follow along the little story i told up there you can kind of see my points illustrated ...
    1) All devices are susceptible ... period
    2) Sometimes people may blow an alarm and be mistaken
    3) just because you don't know why the app is requesting the data, doesn't mean there's not a completely valid reason it needs access, it simply means you don't know why.

    But all of this doesn't exempt you from making proper decisions. If you see something that doesn't look correct, find a safe alternative, try to contact the developer and determine is the reason it needs that access valid? Then make an educated decision. All foil hat jokes aside, you need to protect you and not count on anyone (google/apple/3rd party company) to do it for you. They may help, but ultimately, they don't care about your phone.

    Cheers!
    12-02-2010 03:13 PM
  10. gabbott's Avatar
    I think it's important to separate scamming money from people and stealing information. The end result of the 2 are DRAMATICALLY different. If someone wants to steal $2 from me because i purchased a crappy app, well I guess I'm kind of at fault too and hopefully i learned a lesson. Not saying it's the moral thing to do, just saying, it's only $. Like the old saying goes, fool me once ...

    Now stealing information ... that's a whole different ball game.
    Oh I completely agree, my point was that the poster was saying why would a developer do something unscrupulous and just pointing out that it can happen in different forms. So we should be wary that there are developers out there that would take advantage in one way or another and why it becomes important for one to read app permissions when installing something.
    12-02-2010 03:25 PM
  11. KSmithInNY's Avatar
    Oh I completely agree, my point was that the poster was saying why would a developer do something unscrupulous and just pointing out that it can happen in different forms. So we should be wary that there are developers out there that would take advantage in one way or another and why it becomes important for one to read app permissions when installing something.
    yep, agreed 100%
    12-02-2010 03:40 PM
LINK TO POST COPIED TO CLIPBOARD