Taintdroid...android's duff security model - Android Software/Hacking General [Developers Only]

Worrying article on how apps are using personal information.
www.theregister.co.uk/2010/09/30/suspicious_android_apps/
I'm sick that they had to go too such lengths to find out. We need a better net architecture to enable a proper firewall to work.
Sent from my HTC Desire using XDA App

Also, app naming FAIL!

Well, since they only tested 30 apps and won't release the names of the ones they tested, only saying that they are "the most popular", personally I don't buy it.
And the information these apps are sending out is primarily geolocation. Well, no ****. If an app wants your location and you don't think it should have it, it's either using it for ads or you should decline to install the app and just send an email to the dev asking him why he needs that information.

tjhart85 said:
Well, since they only tested 30 apps and won't release the names of the ones they tested, only saying that they are "the most popular", personally I don't buy it.
And the information these apps are sending out is primarily geolocation. Well, no ****. If an app wants your location and you don't think it should have it, it's either using it for ads or you should decline to install the app and just send an email to the dev asking him why he needs that information.
Click to expand...
Click to collapse
Agreed... geolocation is pretty obviously straight forward. I don't know about the 'transmissing every 30 seconds' thing though.
Any thoughts ont he transmitting sim card and IMEI info?

http://www.youtube.com/watch?v=qnLujX1Dw4Y
Also discussed here:
http://forum.xda-developers.com/showthread.php?t=795702
With explanation where to get it from http://www.appanalysis.org/

A very well-written reply by "Steven Knox" on The Register, demonstrating how this 'research' is simply a pile of intentionally-misleading statistical rubbish:
By selecting only from applications that access both personal data and the internet, they're overstating the significance of their study by about 3x. Furthermore, their summaries blur this distinction unnecessarily.
Specifically, their FAQ says "We studied just over 8% of the top 50 popular free applications in each category that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." Since there were 22 categories at the time they did the study, that would imply (22*50=1,100 * 8% =) 88 applications. However, they actually only tested 30, because of the 1,100 top 50 applications only (from the PDF) "roughly a third of the applications (358 of the 1,100 applications) require Internet permissions along with permissions to access
either location, camera, or audio data." -- meaning that the other 742 apps don't have the necessary permissions to play badly. The clause "..that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." from the FAQ is grammatically ambiguous in this case (it may refer to "applications" or "category"), and not specific enough to indicate that over 2/3 of the applications are (relatively) safe by dint of not having the necessary permissions.
They also didn't include in their study apps from 10 of the 22 categories, but they don't explain whether that was due to a) there not being any or enough applications in those categories that required internet and personal data permissions, b) a conscious choice to focus on the other 12 categories, or c) the results of random selection (with an explanation of why they did not use a stratified sample).
Once you factor back in the applications they ignored, the numbers don't look quite so bad. Assuming their sample was representative, 2/3 of the 358, or about 239 applications of the top 1,100 of the time use personal data suspiciously. That's about 21.7% or just over 1 in 5 -- still significant, but a far cry from 2 out of 3. In fact, the worst case maximum is actually 358 of 1,100 or just under 1 in 3 (32.45%) because they are as mentioned above the only ones that actually acquire the permissions necessary to do anything "suspicious".
I understand why both the researchers and the reporter used the 2/3 figure -- you all believe you have to sell the point as hard as possible*. But the real story is that it's likely that at least 1 in 5 Android Apps use private data "suspiciously" -- and that number is still high enough to cause concern and to justify the further use of tools like TaintDroid. It's a pity you didn't trust the facts enough to avoid the unnecessary sensationalism.
*I am assuming, here, that Mr. Goodin did actually read and digest the paper as I did, rather than simply picking out the figures from the study, the FAQ, or a press release.
Click to expand...
Click to collapse

good spot. But one in ten woolf be too many. The point is we should have more fine grained control and transparency off what apps do over the net, and we can't, by design.
Sent from my HTC Desire using XDA App

We need to develop a shim that reports modified IMEI/SIM data for different apps. IMO, very few apps need that information. We may not be able to keep all those apps from sending our private information, but we can make that information useless if it appears that we all are using the same IMEI/SIM...

patp said:
...The point is we should have more fine grained control and transparency off what apps do over the net...
Click to expand...
Click to collapse
agreed....

if you are rooted. With Root Explorer go to /data/system/ and open accounts.db you might be surprised what you find in it... Some people it will be fine for but mine it shows my exchange email and password in plain text and a few others show up as plain text has well...Its not geo they are worried about (for the most part) and...this file has been known about for awhile
Don't worry though unless your downloaded android specific virus holding apps you wont have any problem. And if your getting all your apps legally through the market then its no big deal =) and if your pirating them...well I don't feel bad for you...

echoside said:
if you are rooted. With Root Explorer go to /data/system/ and open accounts.db you might be surprised what you find in it... Some people it will be fine for but mine it shows my exchange email and password in plain text and a few others show up as plain text has well...
Click to expand...
Click to collapse
Opened it, my accounts are there, but no passwords....

rori~ said:
Opened it, my accounts are there, but no passwords....
Click to expand...
Click to collapse
my gmail is somesort of encrypted but doesnt look that great.
Exchange shows up
facebook doesnt show anything at all aha
Thats why I said some might not have anything. Awhile back when I first heard about it one of my friends had two or three right there in plain English I didn't have a phone at the time to check...
Its been reported before but kind of just brushed over no biggy. To go real conspiracy theorist....I think apple is submitting all these articles...

ButtonBoy said:
We need to develop a shim that reports modified IMEI/SIM data for different apps.
Click to expand...
Click to collapse
Great idea

The source code/instructions for TaintDroid are now out:
http://appanalysis.org/download.html

Anybody found a (recent) kernel with built-in TaintDroid-support?

Related

Good News for Developers, Bad News for Pirates!!

http://www.engadget.com/2010/07/28/new-licensing-service-replacing-existing-copy-protection-metho/
Looks like pretty soon the days of people copy and pasting apk's all over the place are coming to an end.
I hope this doesn't make theming harder.. We'll see.
From reading that article,
Seems like airplane mode or a firewall would crush all the hopes and dreams of google and app devs.
It seems that every time we open an app it needs to verify that it's been paid for by contacting a "licensing" server and retrieving a response.
I feel like that could slow down launch times, and being unable to use an app when offline would be like UBISOFT hell all over again.
I really hope google puts a lot of thought into this..
I wonder if this if already being done? Every time I try to play that golf game on my EVO on an airplane while the radios are off I get a FC when it starts. As soon as I an on the ground and turn the radios on the game works fine.
Sent from my PC36100 using XDA App
what if you are in an area with no signal or on a plane or something? you cant open any apps???
This is already in place in a number of apps, one is IP Cam Viewer.
I paid the money for it. I transferred all my files to my wife's Evo 4G, and thought "hell I'll see if it works..." Well it didn't. When I try to open the app, it tells me that I have to purchase it from the marketplace.
I'm all for buying apps when they're good, and I understand single user licensing. Guess I was just hoping I wouldn't have to spend double the money for all the apps I use.
simplyphp said:
This is already in place in a number of apps, one is IP Cam Viewer.
I paid the money for it. I transferred all my files to my wife's Evo 4G, and thought "hell I'll see if it works..." Well it didn't. When I try to open the app, it tells me that I have to purchase it from the marketplace.
I'm all for buying apps when they're good, and I understand single user licensing. Guess I was just hoping I wouldn't have to spend double the money for all the apps I use.
Click to expand...
Click to collapse
I've heard of couples sharing the same email as apps get replicated on the two phone
I can confirm that they don't get replicated..
I have two evo's right now under the same email and they're definitely not replicating crap.
cahiatt said:
I wonder if this if already being done? Every time I try to play that golf game on my EVO on an airplane while the radios are off I get a FC when it starts. As soon as I an on the ground and turn the radios on the game works fine.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Now that's a problem I understand about paying for apps but not working when I'm in a place with no signal. I see a law suit brewing up. I paid for the app I should be able to use the app whenever I want to. Class action law suit coming real soon.
Sent from my PC36100 using Tapatalk
Crap....
"A limitation of copy protection is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, a copy-protected application cannot be downloaded from Market to a device that provides root access"
...Seriously???
EDIT - the above quote was misrepresented in the place I copied from...research shows it to be misleading. the actual bit of Google's text is posted over on page to of this thread. disregard my indignation in this post...
This is discouraging, because a lot of people like to try the full before they buy it expecting more than what full has to offer, only to be disappointed later.
willwgp said:
This is discouraging, because a lot of people like to try the full before they buy it expecting more than what full has to offer, only to be disappointed later.
Click to expand...
Click to collapse
You do get a 24 hour refund option when you buy from the market so I'm not worried about trying before you buy. I do worry about not being able to play something when I'm in the bathroom at work because I don't get a signal there.
well how many ppl do actually piracy apps??? oh my bad forgot that this is Android, for a second i though it was apple!!
Just to clarify a couple of things:
There are 2 ways to use the Licensing - one is Strict - you CAN NOT USE THE APP WITHOUT ACCESS TO MARKETPLACE. Personally, screw that.
Option 2, however, is a non-strict policy. Server managed, where the license is 'cached' to storage. You also can programmatically set how long your app can be used without any license check.
That'd be the way i go
josue85 said:
You do get a 24 hour refund option when you buy from the market so I'm not worried about trying before you buy. I do worry about not being able to play something when I'm in the bathroom at work because I don't get a signal there.
Click to expand...
Click to collapse
That'll be up to the developer. I like this approach, as I'd be happy to do say... a 5-7 day turn around on the license check. After 7 days with no data signal, seriously, where the hell are you? LOL
Besides, if you've used a paid app for 7 days, and by that time can't decide if you need it or not - wow.
And of course, as soon as you got signal again, the license check would go through and you can use the app again, no problem.
I'm sure there will be UbiSoft and EA style implementations though - way too damn draconian for my tastes. I don't care to know every single second that someone's using my app. I would just like to know that they haven't 'copied that floppy' as it were LOL
I have no doubts this will be defeated in time, though. All it would really take is mimicking the server license response, which can be extracted from the locally cached license of an actual paid product.
People that pirate software are going to do it, regardless. Don't make the honest people pay the price of draconian DRM.
The best approach I can make as a developer, is give my customers the features they want, in a stable, good performing package, and discourage 'casual' piracy. Beyond that, it's out of the developer's control, and honestly, any more than that usually just pisses off the customer and annoys the pirates for about a day and a half.
Ok...had to read the SDK paperwork as I really wanted to know this...my previous post was incorrect and here is the update...
From Google:
Android Market Licensing is a flexible, secure mechanism for controlling access to your applications. It effectively replaces the copy-protection mechanism offered on Android Market and gives you wider distribution potential for your applications.
A limitation of the legacy copy-protection mechanism on Android Market is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, an application using the copy-protection mechanism cannot be downloaded from Market to a device that provides root access, and the application cannot be installed to a device's SD card.
With Android Market licensing, you can move to a license-based model in which access is not bound to the characteristics of the host device, but to your publisher account on Android Market and the licensing policy that you define. Your application can be installed and controlled on any compatible device on any storage, including SD card.
Click to expand...
Click to collapse
Also...there are options for the Devs to allow for apps to be used a chosen number of times before they need to check in for licenses. Strict has to check in every time....other option allows dev to choose based on times used or time since last check in.
SO...all in all I am much less worried about this now.
topdnbass said:
I can confirm that they don't get replicated..
I have two evo's right now under the same email and they're definitely not replicating crap.
Click to expand...
Click to collapse
With licensing the dev can choose whether an app can be accessed from different phones. It is an option...
(greeked...multiple times)
Question: Does that mean we won't be able to open, modify, and resign apks? Like...to change the appearance (make a widget clear, etc).
More like bad news for paying consumers. That's who always pays for everything. Those of us who actually buy the products.
I plan on speaking with my wallet. I wont buy any app that requires I have an internet connection.
A limitation of the legacy copy-protection mechanism on Android Market is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, an application using the copy-protection mechanism cannot be downloaded from Market to a device that provides root access, and the application cannot be installed to a device's SD card.
Click to expand...
Click to collapse
Wait so according to google us rooted folk couldn't download copy-protected apps before now?
Urrr, i think im missing something
This is actually a nice implementation for both the software developer and the user. Most will implement this where it only has to check-in every week or two. So the odds of getting caught in a spot where there is no connection is low.
At the end of the day, it is a pretty straightforward way to handle copy protection that really shouldn't inconvenience anyone.
Also it will bring more developers to the platform if they know they don't have to worry as much about piracy.
Piracy will still run rampant. People will find ways to circumvent this, that's just how it is. At least it will curb some piracy since copying and pasting an apk file wasn't much of a deterrent.

Severe security flaw in HTC-sense, sensation affected.!!!

Ran accross this article just now, relized you all had to read this. It appears HTC ****** up hard.
http://www.androidpolice.com/2011/1...e-numbers-gps-sms-emails-addresses-much-more/
Scary stuff.
I'm so damn tired of all companies taking the liberty to just monitor our lifes just how they like, no matter if its google, microsoft, facebook, apple or HTC. What anoyys even more is how we passivly is forced into accepting it, and just shrudd our shoulders about it. Reading this, I wish I was smart enough to strike back somehow.
The article says "Some Sensations" I'd like to know what that means
Good find.
Pikabat said:
The article says "Some Sensations" I'd like to know what that means
Click to expand...
Click to collapse
Try running the app...
errr ok this is scary though. i wanna ask what's htcLaputa.apk is?
Sent from my HTC Sensation XE with Beats Audio using xda premium
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
EddyOS said:
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
Click to expand...
Click to collapse
This is the example of how we/some of us just go used to this kind of things and started to accept things we never would have a few years back.
How exactly do you determine whats a trusted source? Obviously weve already had a bunch of malwares entering the market.
I use apps only from the company in question. 'Facebook for Android' from Facebook, 'Twitter' from Twitter, etc...only use about 20 apps all in anyway so I don't think I'm at risk
I'm not saying what's been found out isn't bad - it is - I just don't really care. People are far too paranoid these days
EddyOS said:
I use apps only from the company in question. 'Facebook for Android' from Facebook, 'Twitter' from Twitter, etc...only use about 20 apps all in anyway so I don't think I'm at risk
I'm not saying what's been found out isn't bad - it is - I just don't really care. People are far too paranoid these days
Click to expand...
Click to collapse
Im not using so much apps either, on the other hand I want to be able to try some "fun" app from androidmarket without fearing theft og my personal information.
Its not about paranoia to me, I couldnt care less about wheter or not some random dude can read my sms. But Im rather angry about the companies doing just as they like, mainly to direct commercials and ads conected to your personality. Did you know facebook, after their latest update, now saves a certain cookie after your logout and sends all urls you visit with your browser back to their server..?
Well, now Im going offtopic in my own thread.
Id like to see HTC comment on this atleast.
Again, if Facebook care if I open a YouTube video every now and then then that's up to them - I'm not interesting!!
Would be nice to see what HTC say but I'm not going to hold my breath!
Im starting to loose faith in htc
Sent from my HTC Sensation 4G using xda premium
I tried to run the app, seems like my Sensation is not affected (Dutch one, that is)
so, in order to gain any kind of advantage, those apps need to know this vulnerability exists, am i right? just deleted that apk file, along with some other ones.
As the Android Police blog appears to have melted, here's Aunty's take on it
http://www.bbc.co.uk/news/technology-15149588
Oh noes naughty people can access:
The list of user accounts, including email addresses (but apparently not usernames or passwords)
A log of recent GPS locations (so you can be stalked!!!!)
Phone numbers taken from recent call logs (so people you call can be stalked!!!)
SMS data, including recent numbers and encoded messages (meh if they want to read "Park 123 543" be my guest)
HTC's response:
"HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible," the company said in a statement.
"We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."
EddyOS said:
The offending app is HtcLogger.apk and I've only seen it in the newer ROMs - I automatically removed it before this story broke as it didn't sound useful. End of the day you just have to be careful when you install new apps (e.g. direct from trusted sources)
I really wouldn't worry too much about it, typical media hype
Click to expand...
Click to collapse
Is there a way to tell if the offending app (Htclogger.apk) is on your phone without rooting?
jggonzalez said:
Is there a way to tell if the offending app (Htclogger.apk) is on your phone without rooting?
Click to expand...
Click to collapse
Remember it appears you are absolutely fine unless you install an app which is written to access the log files.
As Androidpolice says, the info could be used to clone your device, not only read some of your contacts. Now of course, you are fine as long as you do not install any malicious app, but I would even feel uncomfortable knowing that HTC can read ANY activity from my device at ANY point in time WITHOUT asking for my permission (or even after I denied that permission as shown in the video). The VNC thingie would also bug me cuz it is an app without any apparent use for the user and it does not serve a specific purpose - its just there until "someone" needs it. Now of course HTC wants to improve on user feedback and pulling it is much more convenient than asking for it, but if they want my opinion and see what I'm using they should at least ask me for it. That said, let's hope HTC addresses this problem in the very near future and does clarify why those apps are there and what purpose they serve. I will run the test app again after the next OTA for sure.
kwiggington said:
Im starting to loose faith in htc
Sent from my HTC Sensation 4G using xda premium
Click to expand...
Click to collapse
I don't think HTC is the problem.
I believe the problem is Google.
Ever go to the Google Android market place and see what they want to run in the background before they let you in?
I don't go near the place.
majesensei said:
As Androidpolice says, the info could be used to clone your device, not only read some of your contacts. Now of course, you are fine as long as you do not install any malicious app, but I would even feel uncomfortable knowing that HTC can read ANY activity from my device at ANY point in time WITHOUT asking for my permission (or even after I denied that permission as shown in the video).
Click to expand...
Click to collapse
You're misssing the point.
The phone has this feature so that should you enable "Tell HTC" it can then send the info to HTC, if you don't enable that it just sits on your phone as a system log.
xaccers said:
You're misssing the point.
The phone has this feature so that should you enable "Tell HTC" it can then send the info to HTC, if you don't enable that it just sits on your phone as a system log.
Click to expand...
Click to collapse
True, and I agree that this is not a scary thing for itself. I am not a fan of conspiracy theories, but think about a combination of things: The log is created and sits there. There is a VNC client embedded deeply in your system by your manufacturer for no reason, which gives access to your device from a remote location. I am from Germany and used to a debate about data preservation (which is illegal, in Germany), but there are other countries that have a much broader "grey-zone" for these kind of things. I wonder where those Sensations with the HtcLogger.apk are ([email protected]?). We are all running the same Android build (as long as we don't root our phones), some are affected, others aren't. I just find it weird, and I doubt that some rogue dev at HTC programmed these apk's just for the fun of it.

[Q] Permissions from Apps-concerns

Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Rebel60 said:
Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Click to expand...
Click to collapse
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Dark3n said:
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Click to expand...
Click to collapse
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Rebel60, feel free to peruse these threads and see if either is the right fit for you.
http://forum.xda-developers.com/showthread.php?t=1357056
http://forum.xda-developers.com/showthread.php?t=1179809
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
How is viewing aquired wakelocks helping the OP understand what aquiring a wakelock does, and why the app did it? It's not about who, but what and why. Any type of wakelock an app aquires prevents deep sleep and a wakelock can not be used to interrupt a device that is in deep sleep.
Again the question was not about blocking permissions, but why some apps want all those permissions and why no one seems concerned with the obvious privacy issue.
While PDroid does not require root to operate, it does require it to be installed, so in the end it still needs a rooted device.
Why did you install an app that needs a worrying permission for no discernable reason anyways?
Thanks for the general developer insult. Developers really are the greediest folks *sarcasm* of them all.
Where did you take that from? How many developers of greedy apps did you ask about the permissions they request?
You can't really make that assumption as just a requested permission doesn't do anything at all by itself and what the app is actually doing with it, is unknown without sourcecode.
...and now i jumped aboard the off topic train, damn
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is important. It allows the user to identify the trouble app and either tinker with its settings to reduce the wakelock or delete it altogether if the app is not important to the user. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes and change them to longer sync periods which would dramatically decrease those pesky wakelocks and save some battery life. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. This of course is only one of many applications this program can be used for.
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Rebel60, I hope you find a way to fully utilize your device without fear of privacy infringement or apps that excessively deplete your battery. There are many people on XDA with a passion for these devices. And many different opinions. Take the time to evaluate your options and pick the right solution for you.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is the issue. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. With that knowledge one could change their sync intervals and save precious battery life.
Click to expand...
Click to collapse
True, it would definitely help a user identifying battery drainers and in those cases it does not matter why the wakelock was aquired if it is what causes the drain. But the question was not about batteries, but about what/why wakelocks are and the description of the wakelock permission itself.
While BetterBatteryStats being a great tool, it does not answer that question. (Hence my offtopic remark)
Aerocaptain said:
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Click to expand...
Click to collapse
While bug reports or anonymous statistics are one part of it, i think most of the internet permission needs come from ads that are displayed. I don't use ads, so i'm a bit unfamiliar on that topic.
If solely googles licensing service is used, the internet permission is not needed, just the 'CHECK_LICENSE' permission (which is an extra permission just for that purpose).
It is also often used to update the welcome dialogs with news, if a dev does not want to release a new version everytime he wants to tell his users something.
Aerocaptain said:
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Click to expand...
Click to collapse
I'm not denying that there are greedy and or malicous devs out there. It was the 'plethora of greedy sometimes malicious developers' that threw me a bit off. I see you meant it differently, as you wrote 'in that minority'. As english is not my main language, i might have understood it a bit too harsh too .
Most of my work falls into the 'Tools' category, if you have question about them (or the permissions ), write me a PM.
I fully agree that everyone should have full control over their devices and i also think that users should have the possibility of choice (i.e. apple selecting apps that are published vs androids more or less freedom of apps, though one might have to sort through a 'plethora' of useless apps, i wouldn't trade it for apples store).
[I needed all those big quotes to reflect what i'm responding to as you seem to edit your posts alot after you made the. Makes it a bit difficult to answer ]
Thanks
Dark3n said:
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
Click to expand...
Click to collapse
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Rebel60 said:
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Click to expand...
Click to collapse
Whether your new to android or a veteran, XDA has all of the information you'll need to educate yourself. Rooting is not for everyone and should only be attempted by someone comfortable with the process. It does however open huge doors to more control and customization with your device. My advice to you is first get to know the Android platform for a few months. In the meantime do some research and see for yourself the pros and cons of rooting. There are dozens of threads with people that are in the same situation as you. Learn from them and talk with them. If you have a direct question about android, feel free to PM me. I'd be more than happy to help in any way I can. Good luck & enjoy your device.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Rooting is pretty simple if you invest some reading time. Just make sure to search alot before asking .
Also be aware that giving an app root access is equivalent to granting every possible permission there is and more.
I'm sure most users are not fully aware of that.
So allowing an app root access is a huge trust investment in the dev, don't do it for fishy looking apps .
Read the description
Try reading through the apps full description. A lot of developers will explain why their app needs those scary sounding permissions.
If they don't explain, you could always contact the developer (seems almost like google requires app listings to include a 'contact the developer' link somewhere).

[Q] Privacy issues with Google Now

If you have recently tried to update your Google Now, you may have seen the new requested permissions. These include, but are not limited to, access to your phone's microphone at any time without your permission, and access to your phone's camera (assuming front-facing and rear) at any time without your permission.
Questions: Why is Google attempting to completely dissolve any sort of privacy in order to use Google Now? It is a handy tool, but is a slap in the face in the "all-or-nothing" permission request it puts forth. This is incendiary and needs to be stopped. Google does not need the ability to see and hear me in the privacy of my home.
Followup - Is this something that can be circumvented by an application, or baked into the ROM's our dev's make? Is there any way that the tech geniuses here at XDA can fight the good fight in this struggle for end-user privacy?
Is anyone else creeped out by this???
Pdroid?
Pffffffffffffffffffftt.
R3CKL355 said:
Pdroid?
Pffffffffffffffffffftt.
Click to expand...
Click to collapse
+1 - I won't run any ROM without pdroid - it requires a lot of effort up front, but is entirely worth it and it's an excellent way to learn how to secure your device. You'll be amazed at the unnecessary access some apps can get by default.
The Feds (Google counts as part since they operate under them) could always do that since the 90s even with the phone off. It was always denied but now it's just out in the open kinda how your blood was stored in data banks at birth since the 60s and it was denied by the government until Mr. George w. Bush said they can do it legally. Nothing to be creeped out by, just have a few weapons and lots of ammo ready.
Sent from the Matrix
---------- Post added at 06:49 PM ---------- Previous post was at 06:43 PM ----------
http://abcnews.go.com/blogs/headlines/2006/12/can_you_hear_me/
http://www.childrenscolorado.org/wellness/info/parents/23018.aspx
Sent from the Matrix
I imagine the microphone at all times might be for a future release so you can say 'google' at any time and the search box will come up, which would be pretty sweet. Not sure about the camera though. I ended up disabling now because the maps process took too much battery for how little I used the service.
That's creepy, but I guess that's the price we pay for Google's "free" services because nothing is really free. The only way to stop is not using it.
I always get paranoid with these types of services. Havent even tried Google Now since getting it in the OTA JB update. The whole idea about it tracking you, learning your preferences to suggest you search results, etc. Just seems a little spooky.
Please read forum rules before posting
Questions go in Q&A
Thread moved
Thank you for your cooperation
Friendly Neighborhood Moderator
Best advice: Get a dumb phone, don't use Google or any search engine on your home computer...the list is endless....
So, I got a PDroid compatible ROM. The interface isn't that intuitive to me. Can someone tell me what the different icons mean?
Clearly the green check mark means that this particular permission has been granted, and the circle/slash means blocked. What about the "?" and "AB"?
When would one use "Notify on access" or "Log access"?
What's the difference between Save, X, and Trash?
Are we suppose to be suprised that an app that has the capability to run our entire phone by voice and predict our movement and actions has permission to access all our movements and actions?
If privacy is an issue, you either shouldn't use it or at the least use PDroid. But that's Google MO, they give you convenience at the price of your privacy.
I believe "?' means there are no settings for that app in place yet. I forget what AB is. There should be a legend somewhere in there? *currently on a ROM without PDroid so I cant look it up*
corbn89 said:
Are we suppose to be suprised that an app that has the capability to run our entire phone by voice and predict our movement and actions has permission to access all our movements and actions?
If privacy is an issue, you either shouldn't use it or at the least use PDroid. But that's Google MO, they give you convenience at the price of your privacy.
I believe "?' means there are no settings for that app in place yet. I forget what AB is. There should be a legend somewhere in there? *currently on a ROM without PDroid so I cant look it up*
Click to expand...
Click to collapse
Lol... Internet tough guy. Are we to assume Google Now needs video and or audio feed to tell me what time I leave for work? I'm no oracle, but that answer, corbn89, is a resounding NO. Thanks for your relevant post. Pfft...
Replying to my useless post (considering my info was wrong) with another useless post. Real classy.
Anyways, did you find out what AB was?
The options in PDroid 2.0 are allow, deny, prompt when asking for permission. Prompting would be used with an app where you wouldn't want to allow it all the time but spoofing your info may result unwanted results (e.g. locations)
AB appears to be a spoofing mechanism as it allows for a new value to be inputted by the user. For instance, when I go into the FB app and click on the AB next to Phone Number, it allows another string to enter (I entered a viable fake number). However, it appears that ANY change to permissions renders the application (FB in this case) unusable as it will FC before it even opens. Any change to permissions automatically defaults the app to be labeled as "Untrusted". I have not been able to get PDroid functional at all. Any ideas???
If you don't like it, don't use it. Obviously, they aren't going to "spy" on you with your camera and mic. What a joke.
Sent from my SCH-I535 using XDA Premium HD app

Android OS Design Considerations

Well Folks,
So I've been using this OS now for 2 full months and by full I mean I have spent most of my free time learning about it and as much as I find this OS exciting and I believe this is where computing is really at now, I thought I'd share some thoughts on its irritants and get your feedback and opinions about it, so that it could be improved upon in future iterations.
I would like to mention that I have been using computers since the days of punched cards back in the 70s and that I'm no stranger to writing programs, although I am not a computing or IT professional and have only dabbled working on a few programs and scripts only to the extent of doing what was necessary for my work.
That being said, here's some of what I think of this OS, its strengths and weaknesses, its bugs (some, most probably from Google, would insist they are features - more on this later) and its successes. I hope that by posting this others will add their comments, rants and raves as well.
To moderators, if this has already been discussed or of this should be moved to another forum or in any way wish to criticize it, feel free to do so.
***
As much as I was a Microsoft fan during the 90s, this OS sold me as the only one where freedom to innovate and a large community of enthusiasts seem to thrive, whereas Microsoft has become sclerotic and is now under control of corporate culture and thinking, in other words, it's lost its soul and is just running on inertia. I'll stop here so as not to insult the grays who have taken control of it and think it's the best thing since sliced bread.
The open source / free software (lets not get into semantics, please!) sure has fostered a lot of friendly development and sharing and this is definitely the way of the future, notwithstanding what corporate America believes. History has proven that small entities have always been the most productive in society, and it shows in real life and especially here: Although Google, who is the de-facto giant in control of the platform, officially frowns on user control and participation into the OS, it actually benefits from it and doesn't interfere too much with its evolution and as far as I can see, has actually embraced quite a few innovations that we've seen coming to life here and on other forums.
In other words, they don't like it when developers modify it, but are happy to benefit from it in the end, except perhaps those innovations that give more control to users that they wish users should have, but at least and contrarily to Apple and Microsoft, they are not persecuting those who innovate. God knows we already have way too much of that military-style control in our society where major corporations and their lawyers dictate pretty much what citizens can and cannot do.
As much as this OS is promising with its fundamental openness (at least at its roots) and is the least oppressive of them all, there is still a lot to do, or should I say, a lot of restrictions to lift and doors to open to make it a truly open and free platform for software development, and this goes straight back to Google and its overbearing influence on the development of this OS. But I guess we have had to sacrifice some freedom in order to get some support from this corporate giant; so here are some things that, over the past two months experience with the platform, I find severely lacking and in dire need of rethinking:
- Google's overbearing attitude and control over users, especially personified in the Play Store, where one cannot comment freely anymore and the use of which has been aggravating to no end and THE cause of crashes and dysfunction of the device: It only works some times and is so ingrained in the OS that when it misbehaves, you often have to no choice but to reinitialize the OS (aka the 'cold boot'), which, of course, causes havoc with your data and personal settings, which brings me to my next issue:
- The File System: Where is my stuff stored and why is it so difficult to find it and save it? You'd think it's a crime to save your own data! What gives? Why is it so difficult for apps or user settings to be saved in a location chosen by the user? Just try this: of all you apps, how many of them can you access the data from outside of the application and keep safe for the next time when your phone needs to be reinitialized?
- Connection to external devices: We all agree that connection is king and the key to efficient use of portable devices. Can someone explain to me then why does Android make is so difficult to access and transfer files between LOCAL DEVICES such as USB drives and computers and why it must hide some parts of itself and makes every effort to hide user data and keep it out of reach from its owner?
- The Cloud Fad: why is it that Google insists so much on taking over my Data? Why is it not telling me where it is stored and why is it hiding it from me? Knowing how Google manipulates and basically snoops in on everything you do (it's been proven), why would anyone in their right mind trust to have their stuff stored out of their reach when external hard drive so cheap it's almost free? Can someone explain what the advantage is to me, especially when wireless connections are precarious at best and data transport costs more and more? You find that 'convenient'?
- Background Data: Can someone tell me why my device needs to transport SO MUCH stuff in the background and why it needs to do so when it can operate quite happily otherwise when it notices that there isn't a data connection available? Doesn't Google realize that Wireless Data is horrendously expensive? Why can I not, as a user, control what data is sent back in the background in a granular way instead of having to shut it down at system level? Is Google afraid what users might find out about what information is sent to their servers without their explicit knowledge? Which brings me finally to
- Permissions: Why is it so difficult for users to control application permissions? Just like licenses, we only have the choice to 'take it or leave it', without any true knowledge what we sold the devil. Permissions are pernicious and should be under total control of the user. Those developers who need those permissions should explain them all and make it possible for users to deactivate them all so that users could see if the reduced functionality is worth it or not. LET USERS DECIDES WHAT GOES ON THEIR DEVICE!
***
So that's it for my Saturday afternoon rant. Like I said, these things have irritated me for a long time. If you have objections, comments or accolades and additions, here's the place to do so, unless of course the moderators decide otherwise: if this has been discussed somewhere else and I've bothered you with this post, by all means let me know.
All of this that you mention can be done. Not necessarily from pure vanilla AOSP Android. But you can do all of this with the power of custom ROMs such as CyanogenMod.
User data is stored in the /data partition. Apps can be found in /data/app and app data is found in /data/data
You can disable background data using an app that needs root access. There are many available on the Play Store.
You can control an apps permissions, again with an app that needs root access. Found on the Play Store.
Sent from my Slim E4GT using xda premium
Mattix724 said:
All of this that you mention can be done. Not necessarily from pure vanilla AOSP Android. But you can do all of this with the power of custom ROMs such as CyanogenMod.
Click to expand...
Click to collapse
And that is the beauty of Android
Mattix724 said:
User data is stored in the /data partition. Apps can be found in /data/app and app data is found in /data/data
Click to expand...
Click to collapse
Great to know! But you must admit that having to ask, or more precisely not being told where it is, is disturbing! Because what is more important than your data? WHY does it have to be so difficult to get to it? Why the secrecy? Don't users deserve to know where their files are and be able to select where to store them? Why am I not AUTOMATICALLY given the CHOICE as to its name and its location on my device?
Mattix724 said:
You can disable background data using an app that needs root access. There are many available on the Play Store.
Click to expand...
Click to collapse
True, but why is such an essential function NOT part of the OS and what more, why does it require the user to VIOLATE his warranty (by rooting) to do so? Don't you see what's WRONG with this?
Mattix724 said:
You can control an apps permissions, again with an app that needs root access. Found on the Play Store.
Click to expand...
Click to collapse
Again, I understand; but doing so often breaks the apps. WHY do we need these permissions IMPOSED upon us in the first place? Doesn't it strike you as WRONG that so many apps need to access your most private information?
And coming back to the Google Play Store: I've used my device for two months and had to wipe it clean TWICE already and EVERY TIME because the Play Store refused to work anymore! Don't you think there's something wrong with this picture? Doesn't it hint at some homeland-security-esque infiltration deep into the OS from the part of Google?
***
In any case, I thank you for pointing out the practical solutions and workarounds and for getting the ball rolling, so to speak; but my point was more philosophical: WHY should we have to essentially "fight system" with these workarounds to do such straightforward things as as saving documents in a place of the user's choosing, being able to transfer files directly to his PC and being able to keep user privacy?
doesn't that bother anyone?
Shouldn't Android become more open and accessible as a platform that truly empowers its users and leave Apple and Microsoft to cater to those who couldn't be bothered?
Looking forward to your answers!
I sware people will complain nomatter what
Sent by Hellybelly 4.2.2
Disabling Background Data Completely?
Mattix724 said:
All of this that you mention can be done. Not necessarily from pure vanilla AOSP Android. But you can do all of this with the power of custom ROMs such as CyanogenMod.
You can disable background data using an app that needs root access. There are many available on the Play Store.
Sent from my Slim E4GT using xda premium
Click to expand...
Click to collapse
OK, so I have looked very extensively, spending hours searching for a way to disable background data and although they are many ways to do so when on cellular data, short of shutting off WiFi altogether, I have not found any discussion, much less a way to do so completely when on WiFi.
One of my concerns is to know WHY background data is even required, because shutting off all data connections certainly does not prevent my apps from working , even those that do require data such as weather, email and news. I just want to be able to fetch the data I need and have total control over what I broadcast, especially what goes on in the background without my explicit knowledge.
So the question remains: short of shutting off data altogether, how can I disable background data completely?
Wouldn't it be possible to either fake a connection so as to fool the system into thinking there is a connection for its hidden background processes, or to wake a connection up on demand when initiating querries and put it to sleep immediately after the answer has arrived?
Old faithful said:
OK, so I have looked very extensively, spending hours searching for a way to disable background data and although they are many ways to do so when on cellular data, short of shutting off WiFi altogether, I have not found any discussion, much less a way to do so completely when on WiFi.
One of my concerns is to know WHY background data is even required, because shutting off all data connections certainly does not prevent my apps from working , even those that do require data such as weather, email and news. I just want to be able to fetch the data I need and have total control over what I broadcast, especially what goes on in the background without my explicit knowledge.
So the question remains: short of shutting off data altogether, how can I disable background data completely?
Wouldn't it be possible to either fake a connection so as to fool the system into thinking there is a connection for its hidden background processes, or to wake a connection up on demand when initiating querries and put it to sleep immediately after the answer has arrived?
Click to expand...
Click to collapse
A simple data firewall program will take care of that. It will allow you to control what and when things get a data connection.
zelendel said:
A simple data firewall program will take care of that. It will allow you to control what and when things get a data connection.
Click to expand...
Click to collapse
Hmmm... I'm using Avast and its firewall doesn't have the option to turn off background data on Wi-Fi, it's either turn off Wi-Fi or not, no option to just turn off background data and leave access to foreground data. I've tried a few other apps that don't have this option either; it's all or nothing.
Do you know of any apps that have that granular choice? Could you suggest a few?
Sent from my Samsung Galaxy Note 2
Old faithful said:
...
One of my concerns is to know WHY background data is even required, because shutting off all data connections certainly does not prevent my apps from working , even those that do require data such as weather, email and news. I just want to be able to fetch the data I need and have total control over what I broadcast, especially what goes on in the background without my explicit knowledge.
Click to expand...
Click to collapse
what sort of background data do you want to disable? regarding weather, email, and news, turn off auto sync (disable it all, or by program).
edscholl said:
what sort of background data do you want to disable? regarding weather, email, and news, turn off auto sync (disable it all, or by program).
Click to expand...
Click to collapse
Precisely ... WHAT sort of background data needs to go on anyway?
Fetching the weather info takes up a few tens of KB. What then does it need to transfer megabytes in the background for then? My wife's weather widget in particular has used over 200 MB over the past month in background data whereas it has only needed a couple of megs to update itself! Doesn't that seem exaggerated?
My point is, what is background data needed for when these apps work perfectly well on demand with a tiny fraction of the bandwidth? Why is there no disclosure what exactly it is used for, if shutting data off when not in use has absolutely no detrimental effect on the function of the app, in other words, what's really going on?
Sent from my Samsung Galaxy Note 2
Count your blessings!
I agree with you to some extent. Of course, you can do anything with root access, but why isn't this right here in front of me out of the box. With my Galaxy S III, managing the file system is a pain, and considering my USB Sync cable doesn't work long enough to make file transfers of 100MB+, this is a real problem. I don't want everything in the cloud, I want it here. I don't have internet (fast data speeds, at the least) everywhere. I would hope that Android advances with these features. I also wish there was a way, out of the box with skinned (by carrier or manufacturer) devices that you could disable all skins and themes and use the glorious Stock Android.
Seriously though, count your blessings, at least you're not using iOS!
Old faithful said:
Precisely ... WHAT sort of background data needs to go on anyway?
Fetching the weather info takes up a few tens of KB. What then does it need to transfer megabytes in the background for then? My wife's weather widget in particular has used over 200 MB over the past month in background data whereas it has only needed a couple of megs to update itself! Doesn't that seem exaggerated?
My point is, what is background data needed for when these apps work perfectly well on demand with a tiny fraction of the bandwidth? Why is there no disclosure what exactly it is used for, if shutting data off when not in use has absolutely no detrimental effect on the function of the app, in other words, what's really going on?
Click to expand...
Click to collapse
So shut sync off if you prefer. I like my apps up to date when I wake my phone, but nobody is going to force you to keep sync on. This is such a non-issue.
As for weather, I guess it depends what app she's using. Looks like my weather widget used less than 1mb of data in the last month...
Background Data Implications
edscholl said:
So shut sync off if you prefer. I like my apps up to date when I wake my phone, but nobody is going to force you to keep sync on. This is such a non-issue.
As for weather, I guess it depends what app she's using. Looks like my weather widget used less than 1mb of data in the last month...
Click to expand...
Click to collapse
On my device, with sync off, background data off, I still get 119 KB foreground, 2.33 MB in the background for the past week, on WiFi, whcih I already turn off most of the time, because it's the only way I have found so far to stop the data leak.
I understand this may be a non issue for folks who have gigabytes of bandwidth a month and don't pay $50 per megabyte off contract like we do or $10 for 100MB, but my concern is deeper than that: what's happening in the background? Why do YOU implicitly trust what's happening in the background without full disclosure?
Also, regarding the voracity of Android for data, when I was on windows mobile with push email on a four hour basis, I used to use no more than a few MB per month, and that was with cellular data on at all times and I'd hardly use more than 50MB per month browsing on wap sites which did a great job of cutting out the non-content garbage that is so prevalent on regular 'full' sites these days.
I understand this may seem like a non-issue to those for whom data is plentiful and cheap, and that most of you implicitly trust what apps do with your data in the background, but to find this being dismissed is deeply worrisome to me: why SHOULD we trust Google and others corporations with our personal information, without even as much as a look at what's being transferred and for what reason? Doesn't that disturb anyone at all???
In any case, thank you for answering and keeping the debate open, so to speak.
To turn off background data go to settings, select Data Usage, press menu button and the check the restrict background data check box.
Sent from my SAMSUNG-SGH-I747 using xda premium
You can go even further and customize each apps background data usage from the same screen.
Sent from my SAMSUNG-SGH-I747 using xda premium
Sent from my SAMSUNG-SGH-I747 using xda premium
Sorry, just saw where you were talking about background data via WiFi....:banghead:
Sent from my SAMSUNG-SGH-I747 using xda premium
Old faithful said:
On my device, with sync off, background data off, I still get 119 KB foreground, 2.33 MB in the background for the past week, on WiFi, whcih I already turn off most of the time, because it's the only way I have found so far to stop the data leak.
Click to expand...
Click to collapse
So what apps are using data? Why don't you turn off background data if you care? Heck, turn off WiFi and mobile networks when thou don't want to sync if you're worried about leakage.
Old faithful said:
I understand this may be a non issue for folks who have gigabytes of bandwidth a month and don't pay $50 per megabyte off contract like we do or $10 for 100MB, but my concern is deeper than that: what's happening in the background? Why do YOU implicitly trust what's happening in the background without full disclosure?
Click to expand...
Click to collapse
You implicitly trust apps with some data access when you install it, with the specific access given to you. If you think otherwise, your fooling yourself. I'm not sure why foreground vs background data makes much difference to you once you've trusted the app with data access anyway- it's not like it tells you how much data it's going to use per network transaction if you manually tell it to update...
Old faithful said:
Also, regarding the voracity of Android for data, when I was on windows mobile with push email on a four hour basis, I used to use no more than a few MB per month, and that was with cellular data on at all times and I'd hardly use more than 50MB per month browsing on wap sites which did a great job of cutting out the non-content garbage that is so prevalent on regular 'full' sites these days.
Click to expand...
Click to collapse
50mb a month... I'm not sure I'd bother with a smartphone if I used data so little.
Old faithful said:
I understand this may seem like a non-issue to those for whom data is plentiful and cheap, and that most of you implicitly trust what apps do with your data in the background, but to find this being dismissed is deeply worrisome to me: why SHOULD we trust Google and others corporations with our personal information, without even as much as a look at what's being transferred and for what reason? Doesn't that disturb anyone at all???
In any case, thank you for answering and keeping the debate open, so to speak.
Click to expand...
Click to collapse
We trust them because it makes our lives simpler, and quite frankly, most of us really aren't doing anything all that interesting with our data and Google and others really aren't interested in your personal info (not to be mistaken for an assertion that they're not interested in serving up ads relevant to you). But there's certainly a tradeoff. If you're not comfortable with it, turn it all off, or don't use a smartphone - nobody will hold it against thou.
Konvey said:
I agree with you to some extent. Of course, you can do anything with root access
Click to expand...
Click to collapse
If you can direct me to an app that allows me to COMPLETELY shut off background data for all apps including the OS, for any type of connection, incuding WiFi, I wouldn't be so concerned, but I have looked for the past two months now and found nothing so far that does that, even the acclaimed Droidwall can't turn background data off, even when everything is turned off, meaning, NO data access whatsoever: the bloody "OS Services" still happily does its thing in the backrground, and there is no way to find out what it does (I tried tPacketCapture - I only get 24 byte long files that I can't read anything out of)
Since it would seem that the problem is deep within the operating system, it would seem that the only way to completely shut off background data would be to give a local host redirect for every BACKGROUND process, such as what is possible in Windows using a 127.0.0.1 riderect. Since I'm a newbie when it comes to Android I don't know how to do it, but surely there must be a way, or a way to connect to WiFi only on demand?
Konvey said:
but why isn't this right here in front of me out of the box. With my Galaxy S III, managing the file system is a pain, and considering my USB Sync cable doesn't work long enough to make file transfers of 100MB+, this is a real problem. I don't want everything in the cloud, I want it here. I don't have internet (fast data speeds, at the least) everywhere. I would hope that Android advances with these features. I also wish there was a way, out of the box with skinned (by carrier or manufacturer) devices that you could disable all skins and themes and use the glorious Stock Android.
Click to expand...
Click to collapse
Exactly. I am still looking for a file explorer with the functionality of my old Norton File Manager (remember that one?). I can't understand why the so-called 'expert' ones such as Root Explorer don't have accessible sorting features (why hide it in settings? Isn't that a basic, essential feature of any file management system to be able to sort based on these common criteria?).
Furthermore, I'd love nothing more than being able to swipe left from the home screen directly into the file system for direct access to shortcuts, packages and data, and to be able to specify where the OS shoudl store MY data (instead of keeping it hidden as is most often the case).
Konvey said:
Seriously though, count your blessings, at least you're not using iOS!
Click to expand...
Click to collapse
I couldn't agree more, I'll never have an Apple product in my house, no need to say more, we all know about Apple's control of its users and tyrannical ways. George Orwell had it mostly right, but where he failed is where Big Brother would come from: Not the government. Or perhaps we should say that Major Corporations, through the power of their lobbies, have indeed become the de-facto Government .
Thanks again for your answer, Ed.
edscholl said:
So what apps are using data? Why don't you turn off background data if you care? Heck, turn off WiFi and mobile networks when thou don't want to sync if you're worried about leakage.
Click to expand...
Click to collapse
Shutting WiFi off after use is what I've been doing of late, but it's an uphill battle. The minute I turn WiFi back on, the OS, like a ravenous dog, immediately gets into background data mode, trumping the foreground querries by volume. But it's a start
edscholl said:
You implicitly trust apps with some data access when you install it, with the specific access given to you. If you think otherwise, your fooling yourself. I'm not sure why foreground vs background data makes much difference to you once you've trusted the app with data access anyway- it's not like it tells you how much data it's going to use per network transaction if you manually tell it to update...
Click to expand...
Click to collapse
Yes, but to see the data exchange so lopsided (most of it being background) is what makes me wonder what it really does. Perhaps it can be trusted but what bothers me is these apps don't tell you what they really do 'for you' in background mode and why they need so much bandwidth... I mean, how much data is required to transmit temperatures, weather conditions and the such? Heck any update would surely fit in a sub KB transmission even for 3 or 4 cities like I have in my setup...
edscholl said:
50mb a month... I'm not sure I'd bother with a smartphone if I used data so little.
Click to expand...
Click to collapse
To each his own, Ed. When data costs $10 for 100MB and the most you can get is 1GB for $60 (or as low as $30 on promo), you quickly come to your senses. That's, of course, another issue altogether.
Fact is, apart from media such as youtube and other streaming sites, text based information (or information update using apps that are supposed to have built in presentation such as snow fluries for "snow") should require very little data, typically 1KB per full size page. You have to admit that something is wrong with this picture that when I read a 500 word article it requires the same amount of bandwidth as the contents of a whole book!
edscholl said:
We trust them because it makes our lives simpler, and quite frankly, most of us really aren't doing anything all that interesting with our data and Google and others really aren't interested in your personal info (not to be mistaken for an assertion that they're not interested in serving up ads relevant to you). But there's certainly a tradeoff. If you're not comfortable with it, turn it all off, or don't use a smartphone - nobody will hold it against thou.
Click to expand...
Click to collapse
They do make our lives simpler and there is a trade-off, agreed. The point I make is where the line should be crossed. Are we willing to get shoved with 99% non content garbage in order to access the remaining 1% meaningful content? Because that is certainly the going rate for full websites such as cnet, tech republic and others, and when looking at background data on Android, at least from my perspective. I was online back in 1993 when the www started (before on Co$tly Compuserve) and with the limited technology we had at the time we could get access to more meaningful content faster than we can now, and with very, very limited bandwidth!
Ok, ok, enough of the oldtimer rant Maybe you are right and I'm just an old fool. But I'd rather be considered an old fool for asking stupid questions than to accept it all without any question
Old faithful said:
Yes, but to see the data exchange so lopsided (most of it being background) is what makes me wonder what it really does. Perhaps it can be trusted but what bothers me is these apps don't tell you what they really do 'for you' in background mode and why they need so much bandwidth... I mean, how much data is required to transmit temperatures, weather conditions and the such? Heck any update would surely fit in a sub KB transmission even for 3 or 4 cities like I have in my setup...
Click to expand...
Click to collapse
and as I said, my weather widget uses (beautiful widgets) like 1mb a month. On my phone, the HTC sense widget uses like 5mb.
So if your weather app - again, what apps, specifically, are you having issues with? - is using hundreds of MBS, maybe it's doing a lot more (like live radar or videos), or maybe it's just crap and you should uninstall it.
Old faithful said:
Fact is, apart from media such as youtube and other streaming sites, text based information (or information update using apps that are supposed to have built in presentation such as snow fluries for "snow") should require very little data, typically 1KB per full size page. You have to admit that something is wrong with this picture that when I read a 500 word article it requires the same amount of bandwidth as the contents of a whole book!
Click to expand...
Click to collapse
You are tilting at windmills. The average page size is pushing 1.5mb, and was more than 1k back in the Netscape beta days (15k average ~1995).
It's not uncommon for a http HEADER to be bigger than 1k.
Old faithful said:
They do make our lives simpler and there is a trade-off, agreed. The point I make is where the line should be crossed. Are we willing to get shoved with 99% non content garbage in order to access the remaining 1% meaningful content? Because that is certainly the going rate for full websites such as cnet, tech republic and others, and when looking at background data on Android, at least from my perspective. I was online back in 1993 when the www started (before on Co$tly Compuserve) and with the limited technology we had at the time we could get access to more meaningful content faster than we can now, and with very, very limited bandwidth!
Click to expand...
Click to collapse
Your looking at the past through rose colored glasses if you remember more meaningful content being available in 1993. In mid 1993, there were 130 webpages, total. End of 1993, around 1000. End of 1994, around 10000. And a lot of them were useless crap that students were putting up (I know, I was one of them).
Old faithful said:
Ok, ok, enough of the oldtimer rant Maybe you are right and I'm just an old fool. But I'd rather be considered an old fool for asking stupid questions than to accept it all without any question
Click to expand...
Click to collapse
It's not about accepting it without question. It's mainly you haven't given much specifics, so the only general answer is, well, it's for convenience, so turn off your data if you're worried. The details you did give - email and weather - it's very clear why they would use background data.
---------- Post added at 12:36 PM ---------- Previous post was at 12:18 PM ----------
Regarding your other points:
Old faithful said:
Great to know! But you must admit that having to ask, or more precisely not being told where it is, is disturbing! Because what is more important than your data? WHY does it have to be so difficult to get to it? Why the secrecy? Don't users deserve to know where their files are and be able to select where to store them? Why am I not AUTOMATICALLY given the CHOICE as to its name and its location on my device?
Click to expand...
Click to collapse
That you didn't know where it was doesn't mean it is hidden or a secret; guidelines are published and clear, and apps generally follow them. You're not given a choice in name and location for simplicity.
Old faithful said:
True, but why is such an essential function NOT part of the OS and what more, why does it require the user to VIOLATE his warranty (by rooting) to do so? Don't you see what's WRONG with this?
Click to expand...
Click to collapse
Commonly claimed, but rooting does not void your warranty. Problems you cause by rooting will do not need to be honored by the warranty.
Old faithful said:
Again, I understand; but doing so often breaks the apps. WHY do we need these permissions IMPOSED upon us in the first place? Doesn't it strike you as WRONG that so many apps need to access your most private information?
Click to expand...
Click to collapse
No app imposes anything on you - apps require the permissions they do and they're spelled out before you install. Don't install apps that required permissions thou don't like.
Old faithful said:
And coming back to the Google Play Store: I've used my device for two months and had to wipe it clean TWICE already and EVERY TIME because the Play Store refused to work anymore! Don't you think there's something wrong with this picture? Doesn't it hint at some homeland-security-esque infiltration deep into the OS from the part of Google?
Click to expand...
Click to collapse
Sounds like your phone is broken. Get a replacement under warranty.

Categories

Resources