If someone writes an app and intends to steal google passwords, and puts it on the app store, and people download it, can they get all those people's google passwords?
For example I see several gmail notifier apps. When asking to install it, the phone notifies me that it has access to my gmail password. So what's to stop a thief from creating an app and stealing passwords this way?
bump .... anyone?
Related
Hi all.
I've recently bought my very first smartphone which is running Android 2.1. I'm absolutely loving it so far but I have a couple of questions regarding security.
Soon after setting up Android I configured the Google Mail app to sync with my Google Mail account, which is my primary email address.
I've noticed that whenever I open the Google Mail app it displays thousands of my emails, some of which contain very personal and sensitive information. My concern is that if somebody was to steal my phone and get passed the pretty basic key lock, they will have access to all of my emails over the past few years!
I've been told that it's not possible to password protect it or log out of the account; is that true?
I've tried to remove my Google Mail account from the app but it gives me the message:
This account is required by some applications. You can only remove it by resetting the phone to factory defaults (which deletes all your personal data). You do that in the Settings application, under Privacy.
Click to expand...
Click to collapse
Surely I don't have to do a factory reset just to remove my Google Mail account?
Any help would be appreciated.
Clear data for gmail in manage applications.
May I know why u want to delete ur gmail account ?
XperiaX10iUser said:
Clear data for gmail in manage applications.
Click to expand...
Click to collapse
I've done that already but as soon as I reopen the Google Mail app all of my messages reappear.
I've now archived all of my emails in Gmail and removed them from my inbox so they have now stopped showing in the Google Mail app but any new messages will appear.
I just don't understand why it's not possible to remove my account from the application.
sanketprabhu said:
May I know why u want to delete ur gmail account ?
Click to expand...
Click to collapse
I only want to remove it from the Google Mail application on Android so that if my phone was stolen or got into the wrong hands they don't have access to thousands of personal and sensitive emails.
I've had a GMail account for years, and never once had a problem. I recently got an Android phone, and started getting GMail delivery failures for emails about "acai berry" slimming, which obviously is spam I didnt send. As a developer, I can understand that servers can be hacked, and nothing is perfect.
Earlier in the week I couldn't check my GMail email from my Android phone. I then logged in from my PC & was told there was suspicious activity. I got an access code sent by SMS & reset my password. I then checked the suspicious activity & found 2 accesses to my account from Poland. Definately not me. I still thought someone had hacked the server.
But last night alarm bells started ringing. I was running some API example code in Eclipse through the debugger on the emulator, and saw in the LogCat window some messages about permissions being requested by the app. One of them being requested was "ACCESS_GMAIL_PASSWORD" (may not have been the exact wording - I forgot to make a note of it) but it definately said GMAIL & PASSWORD in the permission name.
Now it was only in the Emulator, which didnt have any personal info in it. But when installing apps from the Marketplace on my real phone, I always check the permissions very carefully & wouldnt have installed anything that requested my GMail password. I cant believe Google would have provided API methods to access my GMail password ? Is this right ? Is it possible for an app to do so without me knowing it has permission to do so ? If its possible, I may have to reconsider using GMail.
Thanks for any feedback.
Well some apps do actually require the Google login credentials. Like appbrain for example. And I've been using appvrain forever with no problem.
Sent from my DROIDX using Tapatalk
Yeah, but shouldn't we be aware of these permissions when we are installing. I know I haven't installed any apps that explicitly said they would access my GMail account.
Well I've checked for the following applications I've got on my phone and that use Gmail password:
- Android Market
- Chrome to Phone
- Gmail
- Google Reader
- GTasks
- Google Maps
and for all of them in the Authorisations list it is clearly written "Use an account authentification information" (I've translated from what I read in French so it may not be the exact wording in English).
So IMO if you use at least Android Market and Gmail application you have inevitably given access to your Gmail password.
On that list I have
- Android Market
- GMail
- Google Maps
All were pre-installed on the phone. Also, I trust the authors of these pieces of software. The problem is my GMail account has been accessed by a spammer sending "Acai berry" slimming emails. I dont think Google would misuse my GMail password for this purpose.
I am more concerned that I have been downloading apps from the Marketplace & one of them got my GMail password. I realise that apps have "Full internet access" when they are ad sponsored, I suspect a rogue app accessed my GMail password & then used its internet access to send the password to a spammer.
I have several apps from sources I dont fully trust, with "Full Internet Access". But I dont have any that asked for Account Authorisation when installed.
Is there any way I can recheck what apps can access my GMail password ?
Thanks.
There is an app on the market called task identifier that should help you out.
Sent from my DROIDX using Tapatalk
Looks exactly what I'm after. Thanks.
gungh0 said:
Looks exactly what I'm after. Thanks.
Click to expand...
Click to collapse
No problem. Good luck with it all.
Sent from my DROIDX using Tapatalk
I know a work around is to set the same gmail account in your email app. But imo that's kind of duplicate and potentially could cause conflict or redundant data in your contact/calendar/email.
So, by any chance, is there a way we can simply make the email app to also show that gmail account without adding that account again in email app? Since when we activate the phone, this account is already there registered on our phones... gmail app can capture it, why not email app? just some thoughts...
Why would you want to do this? I just use the gmail app
jayohwhy said:
Why would you want to do this? I just use the gmail app
Click to expand...
Click to collapse
I agree, you would lose all the functionality of Gmail if you did this...
The gmail app gives you push notifications. If you use the email app it will effect your battery life depending on how often you set it to poll.
Hi
I just found an app for my school scheme (which set alarm, notifications about new classes and so).
But I'm curious if such an app can see my login details and what I do in it when I use i.
The rights it asks for is
Identity
Pictures/media/files
So what i'm asking, is what this app more specific can do. As it's some random dude who made it. The app itself is more than great, but I don't want that he have my login details to my school.
Thanks in advance
Login details to what?
sndsnd said:
Login details to what?
Click to expand...
Click to collapse
If I login on the app to my school. Can the app send the data to the "guy" who made the programs with the listed permissions the app use?
So you're asking if some random school app is able to share your login details with the app developer, right? So, I'm asking again, login details to what?
I think that the application is made by some of the students, and every student have its username/pass to login to the school system and see schedules, exams, etc. I think that the developer can somehow collect usernames and passwords.
Oh, then it's dependent on the server and not the application itself. Passwords can be either stored in plain text or encrypted/salted/hashed. I wouldn't worry too much about the admin getting hands on my account on his own server. Bad things can happen if you use the same password for other stuff too - but you should never do it anyway.
Greetings,
This is likely not unique to my OnePlus 6, but rather android in general..
I am trying to set third party email account. I downloaded the app for that email account, NOT going through gmail app. I would like my phone to remeber password for that account,, so that I do not have to log in every time. However, I DO NOT want the passwords to be stored anywhere on the Google or their servers, and NOT in Chrome. Just locally on my device, preferably so that Google does not have any way to access it there. Is there such a solution?
Thanks very much