Database Info

Marketplace "copy protection" cracked

I will not do anything with this, or publish how. But you can be assured the "warez" guys from that one site will figure this out within a day or so as well...
As most of you will know I am a software developer by trade, with some commercial offerings from my company.
And then there was Marketplace. For commercial devs, something nice to have. But if you have followed the news, the piracy protection for commercial developers is not much to speak of. See this document http://download.microsoft.com/downl...tplace for Mobile Anti-Piracy White Paper.pdf.
I will refrain from quoting the obvious mistakes in this document, if you give this thing a read, you will notice them soon enough. What it all comes down to is that there is no copy protection, not even at the advanced level, at least if they implement it in the way I interpret from reading that document.
So today I started up Marketplace and it worked. Hurrah. The current level of protection is making sure the CAB files are deleted upon install - which is obviously not a way to protect anything - but even this, I thought, should easily be circumventable.
Now, because I wanted to see how fast it could be done, I went with a hunch instead of doing any investigation. And that hunch worked like charm. It took me less than five minutes to circumvent this "protection", and get the ability to save the CABs the MarketPlace app downloads to a different folder. As the CAB file is the same for every downloader, you could just give this CAB you payed for out to all your friends.
Obviously I will not disclose the method, because that would be working against other commercial developers, and ultimately myself. It's just to let you know how ridiculously easy it is, and to give fair warning to those looking to sell apps on the Marketplace.
So, the moral of the story is... WTF MICROSOFT?
I know firsthand there is no such thing as perfect copy protection, but this is just plain ridiculous.
What we really need is for apps to be able to use our own copy protection schemes... you know, like the good web-based app stores out there.
EDIT: l3v5y has also succeeded in doing something similar, and it seems the WMPowerUser admin also found another easy way to do it... Yay, and it ain't even out yet!

Not even 12 hours after launch...that's pretty quick

Oh noes.... that's not good!
Imagine Microsoft reads this and decides to offset tomorrow's Marketplace launch...
Or even worse, Microsoft launches the Marketplace but developers decide not to submit their apps because they're concerned that their apps get pirated.

Thats what happens when devices aren't locked down.

That sounds bad, but it's really no different to how things are today. Perhaps there are some apps that have more security than either nothing or a serial key, but none that I use have anything more sophisticated.
Even as a developer myself, I'd easily take this over some DRMfest.

So, if I'm reading this correctly, when you buy something from marketplace it's not tied into your username with a password like most apps? Instead, you just buy it and it installs the app, but doesn't give you a cab? Yeah, I don't think it's that hard to work around that and get a cab for yourself. Some of the cheaper apps at Handango are like that. Can you re-download an app onto a new device or if you have to hard reset, and is it free or do you need to buy download protection like form Handango?

Good, copy protection pisses me off, all it does is piss of the genuine users. We have to deal with codes and activation to be legit, while people getting it free, just click here and there, copy a code here and huzah.
Copy protection doesnt work, someone will always find a way around it. Unless its linked to a windows live profile/xbox live profile. Which I can see probably happening when they bring out Zune on mobile phones, which sounds like it might be sooner rather than later!

I did something like this earlier... MS haven't quite got security done yet, though my guess is the iPhone is no better...

I'm really surprised by the lack of any drm; what's the point of signing in w/ one's Windows Live account? The easiest thing to do is to associate valid applications w/ one's Window's Live account. That's what itunes does for music at least (I don't know about apps as I don't have an iphone/ipod touch). Of course, what would happen is that an internet connection of some form is needed when the application is first installed, which could become inconvenient.

The truth of the matter is that the percentage or ratio of people who would bother to do this is pretty small. Most WinMo usersbarely even know how to setup e-mail not to mention install a cab file.
Most of the people in this forum already know how and where to get cracked apps or warez if they wanted too. I don't see this so called "flaw" as being an issue to MS or developers.

Must admit that I find it a bit worrying that your not able to make a backup of the applications you buy by taking a copy of the cab file somewhere safe.
After having sent back 4 HTC phones (two different models) in the last 10 months, and having an SD die on me I'd really like to know that I have a backup of anything I've paid for.
Can anyone confirm if its possible to reinstall something you've paid for through the Marketplace app if it gets removed from your phone, or you get another phone? ie if you log into Marketplace with the same Lice ID does it show apps that you've bought but which aren't on the phone your connected with?
If I look at an app that I have installed through Marketplace there is no install button anymore and Marketplace tells me that it is installed... so no obvious way to get the application back...
Not enough free apps on the UK store for me to mess about with really (have installed Shazam trial but don't want to risk uninstaling it just to see what happens).
-FM

fatmonk said:
Must admit that I find it a bit worrying that your not able to make a backup of the applications you buy by taking a copy of the cab file somewhere safe.
After having sent back 4 HTC phones (two different models) in the last 10 months, and having an SD die on me I'd really like to know that I have a backup of anything I've paid for.
Can anyone confirm if its possible to reinstall something you've paid for through the Marketplace app if it gets removed from your phone, or you get another phone? ie if you log into Marketplace with the same Lice ID does it show apps that you've bought but which aren't on the phone your connected with?
If I look at an app that I have installed through Marketplace there is no install button anymore and Marketplace tells me that it is installed... so no obvious way to get the application back...
Not enough free apps on the UK store for me to mess about with really (have installed Shazam trial but don't want to risk uninstaling it just to see what happens).
-FM
Click to expand...
Click to collapse
looks like it keeps track of all apps you purchased.

ow well, I guess it's a matter of time when there will be sites that point to all the cabs available on upload sites and stuff. Just like those sites exists for iphone/ipod (appulo.us for example)
I guess that's what happens when people see that there a lot of apps available on other country stores..
what do you think...

double post

thedicemaster said:
looks like it keeps track of all apps you purchased.
Click to expand...
Click to collapse
Hi dicemaster,
How did you try this? Uninstalling and reinstalling on the same phone or another phone? Or the same phone after a hard reboot / content erase?
I'm just interested to know from what state you can get back to your purchased applicationsand whether is purely your windows live id that connects you to your purchases or if there is some device specific stuff checked as well.
Cheers,
FM

Is there anything to stop Software Authors implementing (or continuing to use) their normal Serial number protection systems?
Looking at the Market Place, there are obviously some of the Big Names we all know and love, and I don't see why they would remove protection systems they have in place already, unless it was a MarketPlace requirement.
Personally, I can't say I'm at all impressed with the MarketPlace implementation - it heralds back to the early days of PocketPC. Maybe they're going for lowest common denominator hardware support, but frankly even the relatively poor Android marketplace on Hero is massively better. And the Appstore even more so. And I think Cydia tops most of them!
Let's hope that the MarketPlace at least drives prices down.
V

I am assuming it's more difficult then just going to \Windows\AppMgr\Install folder while the installer is running and copy the CAB file to another location. This is how I get the CAB files from PC only installers.
I personally use SKTracker a lot. I take a snapshot before, and then during the install and see what has changed. That generally tells me right where any install files/CABs are that I need to grab.

vijay555 said:
Is there anything to stop Software Authors implementing (or continuing to use) their normal Serial number protection systems?
Looking at the Market Place, there are obviously some of the Big Names we all know and love, and I don't see why they would remove protection systems they have in place already, unless it was a MarketPlace requirement.
Personally, I can't say I'm at all impressed with the MarketPlace implementation - it heralds back to the early days of PocketPC. Maybe they're going for lowest common denominator hardware support, but frankly even the relatively poor Android marketplace on Hero is massively better. And the Appstore even more so. And I think Cydia tops most of them!
Let's hope that the MarketPlace at least drives prices down.
V
Click to expand...
Click to collapse
Microsoft does not support your own serial systems. There is no information you can compare runtime vs purchases either, so you can't roll your own. Well ok, you DO actually have device ID information you could use, but that way purchasers can only run the application on the phone they actually bought it on. It is not clear how 're-download' information will be transmitted. If that also transmits a device id, then it is possible to roll your own, though it would be pretty nasty.

zim2323 said:
I am assuming it's more difficult then just going to \Windows\AppMgr\Install folder while the installer is running and copy the CAB file to another location. This is how I get the CAB files from PC only installers.
I personally use SKTracker a lot. I take a snapshot before, and then during the install and see what has changed. That generally tells me right where any install files/CABs are that I need to grab.
Click to expand...
Click to collapse
If you go to C:\Program Files\Microsoft ActiveSync on your PC, you'll probably find an archive of many things that you installed over active sync.
SK Tools is a good way to re-pack any installed programs into cabs. I would guess that it works with programs from Market Place.

good find bud..i sent it to engadget for ya
http://www.engadget.com/2009/10/08/dev-finds-windows-marketplace-drm-severely-lacking-easily-circu/

Is google stealing things off my phone?

Last night browsing the market, after having my phone reset for constant rebooting, I downloaded an app called "adult videos." I woke this morning to find the app wiped from my phone and from the market. Now, the problem lies not in the fact that this app is missing from my life, but in the question is google sneaking around in the middle of the night tampering with people's phones? I read that article about google remotely removing apps from phones strictly on a necessity based need. It kind of makes me wonder how selective they will be when determining what is necessary.

Google has the ability to do this and have flexed their muscles with that feature too recently,cant post links but google: "google remove android application". It uses google talk to send these removal requests. In normal conditions google will only delete apps that were malicious. (spyware/damaging/ddos/fraud/etc)
Most smartphone/ebook platforms have remote kill switches now. The more worrying part is that they also have the ability to install apps onto remote phones.

Google does this with android too? This is one of the reasons I dont like apple. This sounds like rediculous invasion of privacy. How does this work exactly?
Read the link.. disturbing both the install assett and the remove asset options. Plus the fact that Android maintains a constant data connection. Is there anyway to kill this constant connection? do you get charged for it? and can you disable the install and remove assett options?

It's Google, they live and survive off your information!
They went round WiFi snooping when they did Streetview, so God knows what they do with your mobile phone...

hungry81 said:
Google does this with android too? This is one of the reasons I dont like apple. This sounds like rediculous invasion of privacy. How does this work exactly?
Read the link.. disturbing both the install assett and the remove asset options. Plus the fact that Android maintains a constant data connection. Is there anyway to kill this constant connection? do you get charged for it? and can you disable the install and remove assett options?
Click to expand...
Click to collapse
This connection is maintained by using google talk. So as long as you are online on google talk you have a hotline to the kill switch. After these security concerns I bet some chefs are working on ROM with the kill switch disabled. But nearly all smartphones have kill switches nowadays, companies like Google, Apple and Microsoft don't want to be seen as unable to get rid of a malicious app which would impact on their reputation.
Edit: Thinking about it, if you have extreme worries about this, install some kind of firewall (like iptables (requires rooting)) and block mtalk.google.com.

The best part about these google phones is the ability to make them your own. I am currently waiting for cyanogen's mod 6 which I am pretty sure won't constantly chat with google, but I think that the fact should be recognized of who the major players are in the cell phone game. Remember that 'incident' google had with china, and how the NSA and google became friends after that. Hmm... The largest data analyzer teaming up with the largest data collector, google also reports higher sales every quarter now as well, that is alot of direct connections with alot of people. I'm not sayin' anything...I'm just sayin'.

El_Zilcho said:
Edit: Thinking about it, if you have extreme worries about this, install some kind of firewall (like iptables (requires rooting)) and block mtalk.google.com.
Click to expand...
Click to collapse
Ummm..... no.

r3s-rt said:
Ummm..... no.
Click to expand...
Click to collapse
Umm why not? Its a Linux system below the dalvik vm. There are people who got iptables running on their system and when done correctly iptables. Be aware when I talk about this, I am talking tin foil hat style here.
What if someone modifies AOSP code to just remove the INSTALL_ASSET and REMOVE_ASSET portions of the code?

Google, don't go Apple way!
http://threatpost.com/en_us/blogs/android-also-gives-google-remote-app-installation-power-062510
Old news, but they've made me "a little bit" angry Is there any way to remove all that crapware?

hmmmmm well figuring they just got in trouble for stealing multiple GB of data from private routers I'd say its a sure bet. Also I recently took a federal job and low and behold they already had my gmail account on file even though I have never given it out and only use it for family and friends, but the feds sure had it.

Taintdroid...android's duff security model

Worrying article on how apps are using personal information.
www.theregister.co.uk/2010/09/30/suspicious_android_apps/
I'm sick that they had to go too such lengths to find out. We need a better net architecture to enable a proper firewall to work.
Sent from my HTC Desire using XDA App

Also, app naming FAIL!

Well, since they only tested 30 apps and won't release the names of the ones they tested, only saying that they are "the most popular", personally I don't buy it.
And the information these apps are sending out is primarily geolocation. Well, no ****. If an app wants your location and you don't think it should have it, it's either using it for ads or you should decline to install the app and just send an email to the dev asking him why he needs that information.

tjhart85 said:
Well, since they only tested 30 apps and won't release the names of the ones they tested, only saying that they are "the most popular", personally I don't buy it.
And the information these apps are sending out is primarily geolocation. Well, no ****. If an app wants your location and you don't think it should have it, it's either using it for ads or you should decline to install the app and just send an email to the dev asking him why he needs that information.
Click to expand...
Click to collapse
Agreed... geolocation is pretty obviously straight forward. I don't know about the 'transmissing every 30 seconds' thing though.
Any thoughts ont he transmitting sim card and IMEI info?

http://www.youtube.com/watch?v=qnLujX1Dw4Y
Also discussed here:
http://forum.xda-developers.com/showthread.php?t=795702
With explanation where to get it from http://www.appanalysis.org/

A very well-written reply by "Steven Knox" on The Register, demonstrating how this 'research' is simply a pile of intentionally-misleading statistical rubbish:
By selecting only from applications that access both personal data and the internet, they're overstating the significance of their study by about 3x. Furthermore, their summaries blur this distinction unnecessarily.
Specifically, their FAQ says "We studied just over 8% of the top 50 popular free applications in each category that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." Since there were 22 categories at the time they did the study, that would imply (22*50=1,100 * 8% =) 88 applications. However, they actually only tested 30, because of the 1,100 top 50 applications only (from the PDF) "roughly a third of the applications (358 of the 1,100 applications) require Internet permissions along with permissions to access
either location, camera, or audio data." -- meaning that the other 742 apps don't have the necessary permissions to play badly. The clause "..that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." from the FAQ is grammatically ambiguous in this case (it may refer to "applications" or "category"), and not specific enough to indicate that over 2/3 of the applications are (relatively) safe by dint of not having the necessary permissions.
They also didn't include in their study apps from 10 of the 22 categories, but they don't explain whether that was due to a) there not being any or enough applications in those categories that required internet and personal data permissions, b) a conscious choice to focus on the other 12 categories, or c) the results of random selection (with an explanation of why they did not use a stratified sample).
Once you factor back in the applications they ignored, the numbers don't look quite so bad. Assuming their sample was representative, 2/3 of the 358, or about 239 applications of the top 1,100 of the time use personal data suspiciously. That's about 21.7% or just over 1 in 5 -- still significant, but a far cry from 2 out of 3. In fact, the worst case maximum is actually 358 of 1,100 or just under 1 in 3 (32.45%) because they are as mentioned above the only ones that actually acquire the permissions necessary to do anything "suspicious".
I understand why both the researchers and the reporter used the 2/3 figure -- you all believe you have to sell the point as hard as possible*. But the real story is that it's likely that at least 1 in 5 Android Apps use private data "suspiciously" -- and that number is still high enough to cause concern and to justify the further use of tools like TaintDroid. It's a pity you didn't trust the facts enough to avoid the unnecessary sensationalism.
*I am assuming, here, that Mr. Goodin did actually read and digest the paper as I did, rather than simply picking out the figures from the study, the FAQ, or a press release.
Click to expand...
Click to collapse

good spot. But one in ten woolf be too many. The point is we should have more fine grained control and transparency off what apps do over the net, and we can't, by design.
Sent from my HTC Desire using XDA App

We need to develop a shim that reports modified IMEI/SIM data for different apps. IMO, very few apps need that information. We may not be able to keep all those apps from sending our private information, but we can make that information useless if it appears that we all are using the same IMEI/SIM...

patp said:
...The point is we should have more fine grained control and transparency off what apps do over the net...
Click to expand...
Click to collapse
agreed....

if you are rooted. With Root Explorer go to /data/system/ and open accounts.db you might be surprised what you find in it... Some people it will be fine for but mine it shows my exchange email and password in plain text and a few others show up as plain text has well...Its not geo they are worried about (for the most part) and...this file has been known about for awhile
Don't worry though unless your downloaded android specific virus holding apps you wont have any problem. And if your getting all your apps legally through the market then its no big deal =) and if your pirating them...well I don't feel bad for you...

echoside said:
if you are rooted. With Root Explorer go to /data/system/ and open accounts.db you might be surprised what you find in it... Some people it will be fine for but mine it shows my exchange email and password in plain text and a few others show up as plain text has well...
Click to expand...
Click to collapse
Opened it, my accounts are there, but no passwords....

rori~ said:
Opened it, my accounts are there, but no passwords....
Click to expand...
Click to collapse
my gmail is somesort of encrypted but doesnt look that great.
Exchange shows up
facebook doesnt show anything at all aha
Thats why I said some might not have anything. Awhile back when I first heard about it one of my friends had two or three right there in plain English I didn't have a phone at the time to check...
Its been reported before but kind of just brushed over no biggy. To go real conspiracy theorist....I think apple is submitting all these articles...

ButtonBoy said:
We need to develop a shim that reports modified IMEI/SIM data for different apps.
Click to expand...
Click to collapse
Great idea

The source code/instructions for TaintDroid are now out:
http://appanalysis.org/download.html

Anybody found a (recent) kernel with built-in TaintDroid-support?

[Q] Why my application was removed from the market?

I hope this time it's the correct forum.
So long story short.
I've written an app that allows to hijack FaceBook profiles over the WiFi. So when you're connected to WiFi you can "hack" into other users profiles. It doesn't work for profiles using SSL (yes you have that option in FB). So it can be treated as a "bad app". BUT! it is not dangerous for the one using it. I am aware that this is "questionable" application, but is there any other way to tell people - "HEY! use secure connections, it is not safe to use public WIFI!". I'd bet that a lot of you don't use SSL now and after using/reading this app you will turn SSL on.
That could be the #1 reason for deleting my app.
The second one is that I've put a 'demo' app in the market with a limit to sniffing only 3 profiles. But you could buy it through paypal. And today I've found out that this also could lead to app deletion. However i've bought launcherpro through paypal so I don't see why my app was removed in less than 24 hours.
What is your opinion and what can I do to sell my app somehow (i need my 25$ back that I've paid to register in google wrr...). Is there an option I could do put it in market without google deleting it like putting a disclaimer or something? The app itself is safe for the user downloading it.
Edit: If I put a link to this app here will this thread be deleted? If so, is there an option to promote it here?
Per forum rules, link removed

bponury said:
I've written an app that allows to hijack FaceBook profiles over the WiFi
Click to expand...
Click to collapse
There's your answer.

JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
+1 on that
if it allows you to hijack fb you can steal other information from the users account so why would they allow it and put themselves into a legal bind for doing so

JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
So if it wasn't for this app you would be safe? No, facebook is ignoring users privacy and this app is nothing more then a good way to show people what could be the cost of not using secure connections. Of course this can be used in a bad way, a lot of apps can. Like sms bombing or phone number spoofing. But they are not removed from the marked do they?

Ethics
And even worse you want to get paid for it.

wdl1908 said:
Ethics
And even worse you want to get paid for it.
Click to expand...
Click to collapse
Yes, I know what ethic is however we're not living in a perfect world and just believing that everyone is good and ethical so I can just leave my door open when leaving the house is not going to protect me against the reality. I believe in http://en.wikipedia.org/wiki/Full_disclosure and this case is even better because FaceBook is aware of the problem and just ignore it. A few people are aware that there's an option to use SSL on facebook. In my opinion FB should just get it done right and force users to use it. It's not a problem these days right? And what is wrong in getting paid for my work. I've spent some time developing it. Security by obscurity is not working, really. Take my app for example it would take max 1h to crack it. It's not security it's just being to lazy to secure it. And hoping that no one would care to crack it.

sms bombing is not hacking someones account! you are just spamming someone with messages.
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.

traumatism said:
sms bombing is not hacking someones account! you are just spamming someone with messages.
Click to expand...
Click to collapse
People are killed for spamming in russia (http://www.theregister.co.uk/2005/07/26/russian_spammer_killed/)
And what about spoofing caller id? AFAIK that things are valid in court cases in Poland.
traumatism said:
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.
Click to expand...
Click to collapse
I don't know how to tell people - secure yourself any other way. I know i'm devils (myself) advocate right now, but really do you think that forgetting about insecurity is a good way? I don't force anyone to use it in a bad way. But after I showed how it works in my house all my room-mates turned SSL on instantly. And they were not mad about it, shocked a bit but now they are safer now. Sure you can just tell people - hey turn ssl on and 90% of them will ignore you. But when you show them - look! i can see your messages that easily if you don't do it. Then they would listen.

haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook

By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.

MarkusPO said:
haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook
Click to expand...
Click to collapse
So if you have a car that can be opened by someone who has a screwdriver wouldn't you want car manufacturer to secure your car. Buying a bulletproof car isn't exactly the same as pushing a button in a web browser isn't it? And you're comparing killing a man to posting "I'm a jackass on someones FB wall". But still, you can buy a gun right? Also pretending that there's no problem isn't fixing a problem.
And hey, this app isn't new you know, if it wasn't for this thread maybe you wouldn't know that people use this apps on PC's maybe one day you would find that all your mail is gone (yes, this app could be modified to work with other sites like this forum). And ask yourself wouldn't you be pissed if you've found out that anyone using your network could get into your bank account? Well I would. But most (all?) banks use SSL by default. Google does. Why FB doesn't?

hazard99 said:
By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.
Click to expand...
Click to collapse
Yes, in fact it needs root to modify iptables and send raw arp messages and I know people get scared when an app needs root. If someone is interested I could write here how it's done and anyone could write it. It's actually nothing magical.
I wrote this app as a project for my mobile programming class. In the first version it also sniffed for Gadu-Gadu messages (it's a polish messenger). But I sure hope that when and if this app let's loose than FB will react and enable ssl by default. Maybe other websites will use it too. It's just that easy to protect your users, I don't understand why they don't do it?

most people who do not want their details stolen, do not use public access internet. does FB take money transactions over their site?
google does and the banks do so they will have a secure section. fb may do this using paypal or google checkout or otherwise so may not need the ssl that the banks need. sure it still renders people vulnerable to attack and theft of other information but even so that information is very limited dependant on the user of the account.

traumatism said:
most people who do not want their details stolen, do not use public access internet.
Click to expand...
Click to collapse
Yes, so other people want their details stolen? You are aware of the problem 'cause your "into computers" but out of 500 milion fb users how many of them ever heard of SSL? How many know that they are unsafe?

well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.

traumatism said:
well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.
Click to expand...
Click to collapse
Sure I could write an e-mail to facebook, but this issue is known for years! http://en.wikipedia.org/wiki/Session_hijacking I am sure FaceBook is aware of it. In fact they've enabled SSL only a month ago (maybe two months) but why it isn't enabled by default?

who knows. perhaps issues with other applications on the website, or applications made to access facebook. they may have left it so they can cater for other applications for and on the site. only they can answer that question.

anyway, he just showed the spirit of a developer and created something new
he never told anyone "hey go hack facebook profiles" or "sniff those profiles, its fun"
he just showed the possibilites of android development and did nothing wrong in my opinion
it's not his fault if facebook is unable to close a security leak known for a long time

yeah dont get me wrong blezz i understand that completely. but the argument was as to why they would remove it. legality reasons would be tne main issue. to cover their own backs as they can in fact face legal action for allowing the app to become available in their market.

I don't see anything wrong with the app.
It shows the flaws of facebook, and the fact that no one in facebook cares enough to do anything about it. But then I understand whygoogle would remove it... If facebook decided to sue for this google would be sued not YOU.
so it would be best if you released it HERE on xda rather than the market

Android OS Design Considerations

Well Folks,
So I've been using this OS now for 2 full months and by full I mean I have spent most of my free time learning about it and as much as I find this OS exciting and I believe this is where computing is really at now, I thought I'd share some thoughts on its irritants and get your feedback and opinions about it, so that it could be improved upon in future iterations.
I would like to mention that I have been using computers since the days of punched cards back in the 70s and that I'm no stranger to writing programs, although I am not a computing or IT professional and have only dabbled working on a few programs and scripts only to the extent of doing what was necessary for my work.
That being said, here's some of what I think of this OS, its strengths and weaknesses, its bugs (some, most probably from Google, would insist they are features - more on this later) and its successes. I hope that by posting this others will add their comments, rants and raves as well.
To moderators, if this has already been discussed or of this should be moved to another forum or in any way wish to criticize it, feel free to do so.
***
As much as I was a Microsoft fan during the 90s, this OS sold me as the only one where freedom to innovate and a large community of enthusiasts seem to thrive, whereas Microsoft has become sclerotic and is now under control of corporate culture and thinking, in other words, it's lost its soul and is just running on inertia. I'll stop here so as not to insult the grays who have taken control of it and think it's the best thing since sliced bread.
The open source / free software (lets not get into semantics, please!) sure has fostered a lot of friendly development and sharing and this is definitely the way of the future, notwithstanding what corporate America believes. History has proven that small entities have always been the most productive in society, and it shows in real life and especially here: Although Google, who is the de-facto giant in control of the platform, officially frowns on user control and participation into the OS, it actually benefits from it and doesn't interfere too much with its evolution and as far as I can see, has actually embraced quite a few innovations that we've seen coming to life here and on other forums.
In other words, they don't like it when developers modify it, but are happy to benefit from it in the end, except perhaps those innovations that give more control to users that they wish users should have, but at least and contrarily to Apple and Microsoft, they are not persecuting those who innovate. God knows we already have way too much of that military-style control in our society where major corporations and their lawyers dictate pretty much what citizens can and cannot do.
As much as this OS is promising with its fundamental openness (at least at its roots) and is the least oppressive of them all, there is still a lot to do, or should I say, a lot of restrictions to lift and doors to open to make it a truly open and free platform for software development, and this goes straight back to Google and its overbearing influence on the development of this OS. But I guess we have had to sacrifice some freedom in order to get some support from this corporate giant; so here are some things that, over the past two months experience with the platform, I find severely lacking and in dire need of rethinking:
- Google's overbearing attitude and control over users, especially personified in the Play Store, where one cannot comment freely anymore and the use of which has been aggravating to no end and THE cause of crashes and dysfunction of the device: It only works some times and is so ingrained in the OS that when it misbehaves, you often have to no choice but to reinitialize the OS (aka the 'cold boot'), which, of course, causes havoc with your data and personal settings, which brings me to my next issue:
- The File System: Where is my stuff stored and why is it so difficult to find it and save it? You'd think it's a crime to save your own data! What gives? Why is it so difficult for apps or user settings to be saved in a location chosen by the user? Just try this: of all you apps, how many of them can you access the data from outside of the application and keep safe for the next time when your phone needs to be reinitialized?
- Connection to external devices: We all agree that connection is king and the key to efficient use of portable devices. Can someone explain to me then why does Android make is so difficult to access and transfer files between LOCAL DEVICES such as USB drives and computers and why it must hide some parts of itself and makes every effort to hide user data and keep it out of reach from its owner?
- The Cloud Fad: why is it that Google insists so much on taking over my Data? Why is it not telling me where it is stored and why is it hiding it from me? Knowing how Google manipulates and basically snoops in on everything you do (it's been proven), why would anyone in their right mind trust to have their stuff stored out of their reach when external hard drive so cheap it's almost free? Can someone explain what the advantage is to me, especially when wireless connections are precarious at best and data transport costs more and more? You find that 'convenient'?
- Background Data: Can someone tell me why my device needs to transport SO MUCH stuff in the background and why it needs to do so when it can operate quite happily otherwise when it notices that there isn't a data connection available? Doesn't Google realize that Wireless Data is horrendously expensive? Why can I not, as a user, control what data is sent back in the background in a granular way instead of having to shut it down at system level? Is Google afraid what users might find out about what information is sent to their servers without their explicit knowledge? Which brings me finally to
- Permissions: Why is it so difficult for users to control application permissions? Just like licenses, we only have the choice to 'take it or leave it', without any true knowledge what we sold the devil. Permissions are pernicious and should be under total control of the user. Those developers who need those permissions should explain them all and make it possible for users to deactivate them all so that users could see if the reduced functionality is worth it or not. LET USERS DECIDES WHAT GOES ON THEIR DEVICE!
***
So that's it for my Saturday afternoon rant. Like I said, these things have irritated me for a long time. If you have objections, comments or accolades and additions, here's the place to do so, unless of course the moderators decide otherwise: if this has been discussed somewhere else and I've bothered you with this post, by all means let me know.

All of this that you mention can be done. Not necessarily from pure vanilla AOSP Android. But you can do all of this with the power of custom ROMs such as CyanogenMod.
User data is stored in the /data partition. Apps can be found in /data/app and app data is found in /data/data
You can disable background data using an app that needs root access. There are many available on the Play Store.
You can control an apps permissions, again with an app that needs root access. Found on the Play Store.
Sent from my Slim E4GT using xda premium

Mattix724 said:
All of this that you mention can be done. Not necessarily from pure vanilla AOSP Android. But you can do all of this with the power of custom ROMs such as CyanogenMod.
Click to expand...
Click to collapse
And that is the beauty of Android
Mattix724 said:
User data is stored in the /data partition. Apps can be found in /data/app and app data is found in /data/data
Click to expand...
Click to collapse
Great to know! But you must admit that having to ask, or more precisely not being told where it is, is disturbing! Because what is more important than your data? WHY does it have to be so difficult to get to it? Why the secrecy? Don't users deserve to know where their files are and be able to select where to store them? Why am I not AUTOMATICALLY given the CHOICE as to its name and its location on my device?
Mattix724 said:
You can disable background data using an app that needs root access. There are many available on the Play Store.
Click to expand...
Click to collapse
True, but why is such an essential function NOT part of the OS and what more, why does it require the user to VIOLATE his warranty (by rooting) to do so? Don't you see what's WRONG with this?
Mattix724 said:
You can control an apps permissions, again with an app that needs root access. Found on the Play Store.
Click to expand...
Click to collapse
Again, I understand; but doing so often breaks the apps. WHY do we need these permissions IMPOSED upon us in the first place? Doesn't it strike you as WRONG that so many apps need to access your most private information?
And coming back to the Google Play Store: I've used my device for two months and had to wipe it clean TWICE already and EVERY TIME because the Play Store refused to work anymore! Don't you think there's something wrong with this picture? Doesn't it hint at some homeland-security-esque infiltration deep into the OS from the part of Google?
***
In any case, I thank you for pointing out the practical solutions and workarounds and for getting the ball rolling, so to speak; but my point was more philosophical: WHY should we have to essentially "fight system" with these workarounds to do such straightforward things as as saving documents in a place of the user's choosing, being able to transfer files directly to his PC and being able to keep user privacy?
doesn't that bother anyone?
Shouldn't Android become more open and accessible as a platform that truly empowers its users and leave Apple and Microsoft to cater to those who couldn't be bothered?
Looking forward to your answers!

I sware people will complain nomatter what
Sent by Hellybelly 4.2.2

Disabling Background Data Completely?
Mattix724 said:
All of this that you mention can be done. Not necessarily from pure vanilla AOSP Android. But you can do all of this with the power of custom ROMs such as CyanogenMod.
You can disable background data using an app that needs root access. There are many available on the Play Store.
Sent from my Slim E4GT using xda premium
Click to expand...
Click to collapse
OK, so I have looked very extensively, spending hours searching for a way to disable background data and although they are many ways to do so when on cellular data, short of shutting off WiFi altogether, I have not found any discussion, much less a way to do so completely when on WiFi.
One of my concerns is to know WHY background data is even required, because shutting off all data connections certainly does not prevent my apps from working , even those that do require data such as weather, email and news. I just want to be able to fetch the data I need and have total control over what I broadcast, especially what goes on in the background without my explicit knowledge.
So the question remains: short of shutting off data altogether, how can I disable background data completely?
Wouldn't it be possible to either fake a connection so as to fool the system into thinking there is a connection for its hidden background processes, or to wake a connection up on demand when initiating querries and put it to sleep immediately after the answer has arrived?

Old faithful said:
OK, so I have looked very extensively, spending hours searching for a way to disable background data and although they are many ways to do so when on cellular data, short of shutting off WiFi altogether, I have not found any discussion, much less a way to do so completely when on WiFi.
One of my concerns is to know WHY background data is even required, because shutting off all data connections certainly does not prevent my apps from working , even those that do require data such as weather, email and news. I just want to be able to fetch the data I need and have total control over what I broadcast, especially what goes on in the background without my explicit knowledge.
So the question remains: short of shutting off data altogether, how can I disable background data completely?
Wouldn't it be possible to either fake a connection so as to fool the system into thinking there is a connection for its hidden background processes, or to wake a connection up on demand when initiating querries and put it to sleep immediately after the answer has arrived?
Click to expand...
Click to collapse
A simple data firewall program will take care of that. It will allow you to control what and when things get a data connection.

zelendel said:
A simple data firewall program will take care of that. It will allow you to control what and when things get a data connection.
Click to expand...
Click to collapse
Hmmm... I'm using Avast and its firewall doesn't have the option to turn off background data on Wi-Fi, it's either turn off Wi-Fi or not, no option to just turn off background data and leave access to foreground data. I've tried a few other apps that don't have this option either; it's all or nothing.
Do you know of any apps that have that granular choice? Could you suggest a few?
Sent from my Samsung Galaxy Note 2

Old faithful said:
...
One of my concerns is to know WHY background data is even required, because shutting off all data connections certainly does not prevent my apps from working , even those that do require data such as weather, email and news. I just want to be able to fetch the data I need and have total control over what I broadcast, especially what goes on in the background without my explicit knowledge.
Click to expand...
Click to collapse
what sort of background data do you want to disable? regarding weather, email, and news, turn off auto sync (disable it all, or by program).

edscholl said:
what sort of background data do you want to disable? regarding weather, email, and news, turn off auto sync (disable it all, or by program).
Click to expand...
Click to collapse
Precisely ... WHAT sort of background data needs to go on anyway?
Fetching the weather info takes up a few tens of KB. What then does it need to transfer megabytes in the background for then? My wife's weather widget in particular has used over 200 MB over the past month in background data whereas it has only needed a couple of megs to update itself! Doesn't that seem exaggerated?
My point is, what is background data needed for when these apps work perfectly well on demand with a tiny fraction of the bandwidth? Why is there no disclosure what exactly it is used for, if shutting data off when not in use has absolutely no detrimental effect on the function of the app, in other words, what's really going on?
Sent from my Samsung Galaxy Note 2

Count your blessings!
I agree with you to some extent. Of course, you can do anything with root access, but why isn't this right here in front of me out of the box. With my Galaxy S III, managing the file system is a pain, and considering my USB Sync cable doesn't work long enough to make file transfers of 100MB+, this is a real problem. I don't want everything in the cloud, I want it here. I don't have internet (fast data speeds, at the least) everywhere. I would hope that Android advances with these features. I also wish there was a way, out of the box with skinned (by carrier or manufacturer) devices that you could disable all skins and themes and use the glorious Stock Android.
Seriously though, count your blessings, at least you're not using iOS!

Old faithful said:
Precisely ... WHAT sort of background data needs to go on anyway?
Fetching the weather info takes up a few tens of KB. What then does it need to transfer megabytes in the background for then? My wife's weather widget in particular has used over 200 MB over the past month in background data whereas it has only needed a couple of megs to update itself! Doesn't that seem exaggerated?
My point is, what is background data needed for when these apps work perfectly well on demand with a tiny fraction of the bandwidth? Why is there no disclosure what exactly it is used for, if shutting data off when not in use has absolutely no detrimental effect on the function of the app, in other words, what's really going on?
Click to expand...
Click to collapse
So shut sync off if you prefer. I like my apps up to date when I wake my phone, but nobody is going to force you to keep sync on. This is such a non-issue.
As for weather, I guess it depends what app she's using. Looks like my weather widget used less than 1mb of data in the last month...

Background Data Implications
edscholl said:
So shut sync off if you prefer. I like my apps up to date when I wake my phone, but nobody is going to force you to keep sync on. This is such a non-issue.
As for weather, I guess it depends what app she's using. Looks like my weather widget used less than 1mb of data in the last month...
Click to expand...
Click to collapse
On my device, with sync off, background data off, I still get 119 KB foreground, 2.33 MB in the background for the past week, on WiFi, whcih I already turn off most of the time, because it's the only way I have found so far to stop the data leak.
I understand this may be a non issue for folks who have gigabytes of bandwidth a month and don't pay $50 per megabyte off contract like we do or $10 for 100MB, but my concern is deeper than that: what's happening in the background? Why do YOU implicitly trust what's happening in the background without full disclosure?
Also, regarding the voracity of Android for data, when I was on windows mobile with push email on a four hour basis, I used to use no more than a few MB per month, and that was with cellular data on at all times and I'd hardly use more than 50MB per month browsing on wap sites which did a great job of cutting out the non-content garbage that is so prevalent on regular 'full' sites these days.
I understand this may seem like a non-issue to those for whom data is plentiful and cheap, and that most of you implicitly trust what apps do with your data in the background, but to find this being dismissed is deeply worrisome to me: why SHOULD we trust Google and others corporations with our personal information, without even as much as a look at what's being transferred and for what reason? Doesn't that disturb anyone at all???
In any case, thank you for answering and keeping the debate open, so to speak.

To turn off background data go to settings, select Data Usage, press menu button and the check the restrict background data check box.
Sent from my SAMSUNG-SGH-I747 using xda premium

You can go even further and customize each apps background data usage from the same screen.
Sent from my SAMSUNG-SGH-I747 using xda premium

Sent from my SAMSUNG-SGH-I747 using xda premium

Sorry, just saw where you were talking about background data via WiFi....:banghead:
Sent from my SAMSUNG-SGH-I747 using xda premium

Old faithful said:
On my device, with sync off, background data off, I still get 119 KB foreground, 2.33 MB in the background for the past week, on WiFi, whcih I already turn off most of the time, because it's the only way I have found so far to stop the data leak.
Click to expand...
Click to collapse
So what apps are using data? Why don't you turn off background data if you care? Heck, turn off WiFi and mobile networks when thou don't want to sync if you're worried about leakage.
Old faithful said:
I understand this may be a non issue for folks who have gigabytes of bandwidth a month and don't pay $50 per megabyte off contract like we do or $10 for 100MB, but my concern is deeper than that: what's happening in the background? Why do YOU implicitly trust what's happening in the background without full disclosure?
Click to expand...
Click to collapse
You implicitly trust apps with some data access when you install it, with the specific access given to you. If you think otherwise, your fooling yourself. I'm not sure why foreground vs background data makes much difference to you once you've trusted the app with data access anyway- it's not like it tells you how much data it's going to use per network transaction if you manually tell it to update...
Old faithful said:
Also, regarding the voracity of Android for data, when I was on windows mobile with push email on a four hour basis, I used to use no more than a few MB per month, and that was with cellular data on at all times and I'd hardly use more than 50MB per month browsing on wap sites which did a great job of cutting out the non-content garbage that is so prevalent on regular 'full' sites these days.
Click to expand...
Click to collapse
50mb a month... I'm not sure I'd bother with a smartphone if I used data so little.
Old faithful said:
I understand this may seem like a non-issue to those for whom data is plentiful and cheap, and that most of you implicitly trust what apps do with your data in the background, but to find this being dismissed is deeply worrisome to me: why SHOULD we trust Google and others corporations with our personal information, without even as much as a look at what's being transferred and for what reason? Doesn't that disturb anyone at all???
In any case, thank you for answering and keeping the debate open, so to speak.
Click to expand...
Click to collapse
We trust them because it makes our lives simpler, and quite frankly, most of us really aren't doing anything all that interesting with our data and Google and others really aren't interested in your personal info (not to be mistaken for an assertion that they're not interested in serving up ads relevant to you). But there's certainly a tradeoff. If you're not comfortable with it, turn it all off, or don't use a smartphone - nobody will hold it against thou.

Konvey said:
I agree with you to some extent. Of course, you can do anything with root access
Click to expand...
Click to collapse
If you can direct me to an app that allows me to COMPLETELY shut off background data for all apps including the OS, for any type of connection, incuding WiFi, I wouldn't be so concerned, but I have looked for the past two months now and found nothing so far that does that, even the acclaimed Droidwall can't turn background data off, even when everything is turned off, meaning, NO data access whatsoever: the bloody "OS Services" still happily does its thing in the backrground, and there is no way to find out what it does (I tried tPacketCapture - I only get 24 byte long files that I can't read anything out of)
Since it would seem that the problem is deep within the operating system, it would seem that the only way to completely shut off background data would be to give a local host redirect for every BACKGROUND process, such as what is possible in Windows using a 127.0.0.1 riderect. Since I'm a newbie when it comes to Android I don't know how to do it, but surely there must be a way, or a way to connect to WiFi only on demand?
Konvey said:
but why isn't this right here in front of me out of the box. With my Galaxy S III, managing the file system is a pain, and considering my USB Sync cable doesn't work long enough to make file transfers of 100MB+, this is a real problem. I don't want everything in the cloud, I want it here. I don't have internet (fast data speeds, at the least) everywhere. I would hope that Android advances with these features. I also wish there was a way, out of the box with skinned (by carrier or manufacturer) devices that you could disable all skins and themes and use the glorious Stock Android.
Click to expand...
Click to collapse
Exactly. I am still looking for a file explorer with the functionality of my old Norton File Manager (remember that one?). I can't understand why the so-called 'expert' ones such as Root Explorer don't have accessible sorting features (why hide it in settings? Isn't that a basic, essential feature of any file management system to be able to sort based on these common criteria?).
Furthermore, I'd love nothing more than being able to swipe left from the home screen directly into the file system for direct access to shortcuts, packages and data, and to be able to specify where the OS shoudl store MY data (instead of keeping it hidden as is most often the case).
Konvey said:
Seriously though, count your blessings, at least you're not using iOS!
Click to expand...
Click to collapse
I couldn't agree more, I'll never have an Apple product in my house, no need to say more, we all know about Apple's control of its users and tyrannical ways. George Orwell had it mostly right, but where he failed is where Big Brother would come from: Not the government. Or perhaps we should say that Major Corporations, through the power of their lobbies, have indeed become the de-facto Government .

Thanks again for your answer, Ed.
edscholl said:
So what apps are using data? Why don't you turn off background data if you care? Heck, turn off WiFi and mobile networks when thou don't want to sync if you're worried about leakage.
Click to expand...
Click to collapse
Shutting WiFi off after use is what I've been doing of late, but it's an uphill battle. The minute I turn WiFi back on, the OS, like a ravenous dog, immediately gets into background data mode, trumping the foreground querries by volume. But it's a start
edscholl said:
You implicitly trust apps with some data access when you install it, with the specific access given to you. If you think otherwise, your fooling yourself. I'm not sure why foreground vs background data makes much difference to you once you've trusted the app with data access anyway- it's not like it tells you how much data it's going to use per network transaction if you manually tell it to update...
Click to expand...
Click to collapse
Yes, but to see the data exchange so lopsided (most of it being background) is what makes me wonder what it really does. Perhaps it can be trusted but what bothers me is these apps don't tell you what they really do 'for you' in background mode and why they need so much bandwidth... I mean, how much data is required to transmit temperatures, weather conditions and the such? Heck any update would surely fit in a sub KB transmission even for 3 or 4 cities like I have in my setup...
edscholl said:
50mb a month... I'm not sure I'd bother with a smartphone if I used data so little.
Click to expand...
Click to collapse
To each his own, Ed. When data costs $10 for 100MB and the most you can get is 1GB for $60 (or as low as $30 on promo), you quickly come to your senses. That's, of course, another issue altogether.
Fact is, apart from media such as youtube and other streaming sites, text based information (or information update using apps that are supposed to have built in presentation such as snow fluries for "snow") should require very little data, typically 1KB per full size page. You have to admit that something is wrong with this picture that when I read a 500 word article it requires the same amount of bandwidth as the contents of a whole book!
edscholl said:
We trust them because it makes our lives simpler, and quite frankly, most of us really aren't doing anything all that interesting with our data and Google and others really aren't interested in your personal info (not to be mistaken for an assertion that they're not interested in serving up ads relevant to you). But there's certainly a tradeoff. If you're not comfortable with it, turn it all off, or don't use a smartphone - nobody will hold it against thou.
Click to expand...
Click to collapse
They do make our lives simpler and there is a trade-off, agreed. The point I make is where the line should be crossed. Are we willing to get shoved with 99% non content garbage in order to access the remaining 1% meaningful content? Because that is certainly the going rate for full websites such as cnet, tech republic and others, and when looking at background data on Android, at least from my perspective. I was online back in 1993 when the www started (before on Co$tly Compuserve) and with the limited technology we had at the time we could get access to more meaningful content faster than we can now, and with very, very limited bandwidth!
Ok, ok, enough of the oldtimer rant Maybe you are right and I'm just an old fool. But I'd rather be considered an old fool for asking stupid questions than to accept it all without any question

Old faithful said:
Yes, but to see the data exchange so lopsided (most of it being background) is what makes me wonder what it really does. Perhaps it can be trusted but what bothers me is these apps don't tell you what they really do 'for you' in background mode and why they need so much bandwidth... I mean, how much data is required to transmit temperatures, weather conditions and the such? Heck any update would surely fit in a sub KB transmission even for 3 or 4 cities like I have in my setup...
Click to expand...
Click to collapse
and as I said, my weather widget uses (beautiful widgets) like 1mb a month. On my phone, the HTC sense widget uses like 5mb.
So if your weather app - again, what apps, specifically, are you having issues with? - is using hundreds of MBS, maybe it's doing a lot more (like live radar or videos), or maybe it's just crap and you should uninstall it.
Old faithful said:
Fact is, apart from media such as youtube and other streaming sites, text based information (or information update using apps that are supposed to have built in presentation such as snow fluries for "snow") should require very little data, typically 1KB per full size page. You have to admit that something is wrong with this picture that when I read a 500 word article it requires the same amount of bandwidth as the contents of a whole book!
Click to expand...
Click to collapse
You are tilting at windmills. The average page size is pushing 1.5mb, and was more than 1k back in the Netscape beta days (15k average ~1995).
It's not uncommon for a http HEADER to be bigger than 1k.
Old faithful said:
They do make our lives simpler and there is a trade-off, agreed. The point I make is where the line should be crossed. Are we willing to get shoved with 99% non content garbage in order to access the remaining 1% meaningful content? Because that is certainly the going rate for full websites such as cnet, tech republic and others, and when looking at background data on Android, at least from my perspective. I was online back in 1993 when the www started (before on Co$tly Compuserve) and with the limited technology we had at the time we could get access to more meaningful content faster than we can now, and with very, very limited bandwidth!
Click to expand...
Click to collapse
Your looking at the past through rose colored glasses if you remember more meaningful content being available in 1993. In mid 1993, there were 130 webpages, total. End of 1993, around 1000. End of 1994, around 10000. And a lot of them were useless crap that students were putting up (I know, I was one of them).
Old faithful said:
Ok, ok, enough of the oldtimer rant Maybe you are right and I'm just an old fool. But I'd rather be considered an old fool for asking stupid questions than to accept it all without any question
Click to expand...
Click to collapse
It's not about accepting it without question. It's mainly you haven't given much specifics, so the only general answer is, well, it's for convenience, so turn off your data if you're worried. The details you did give - email and weather - it's very clear why they would use background data.
---------- Post added at 12:36 PM ---------- Previous post was at 12:18 PM ----------
Regarding your other points:
Old faithful said:
Great to know! But you must admit that having to ask, or more precisely not being told where it is, is disturbing! Because what is more important than your data? WHY does it have to be so difficult to get to it? Why the secrecy? Don't users deserve to know where their files are and be able to select where to store them? Why am I not AUTOMATICALLY given the CHOICE as to its name and its location on my device?
Click to expand...
Click to collapse
That you didn't know where it was doesn't mean it is hidden or a secret; guidelines are published and clear, and apps generally follow them. You're not given a choice in name and location for simplicity.
Old faithful said:
True, but why is such an essential function NOT part of the OS and what more, why does it require the user to VIOLATE his warranty (by rooting) to do so? Don't you see what's WRONG with this?
Click to expand...
Click to collapse
Commonly claimed, but rooting does not void your warranty. Problems you cause by rooting will do not need to be honored by the warranty.
Old faithful said:
Again, I understand; but doing so often breaks the apps. WHY do we need these permissions IMPOSED upon us in the first place? Doesn't it strike you as WRONG that so many apps need to access your most private information?
Click to expand...
Click to collapse
No app imposes anything on you - apps require the permissions they do and they're spelled out before you install. Don't install apps that required permissions thou don't like.
Old faithful said:
And coming back to the Google Play Store: I've used my device for two months and had to wipe it clean TWICE already and EVERY TIME because the Play Store refused to work anymore! Don't you think there's something wrong with this picture? Doesn't it hint at some homeland-security-esque infiltration deep into the OS from the part of Google?
Click to expand...
Click to collapse
Sounds like your phone is broken. Get a replacement under warranty.