Hello world
I think android is the best system for smartphones, but its very insecure if you don't secure it and just let it on stock!
Root it, get rid of some apps, optimize it and get the necessary apps and custom it as you wish!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Did you know that a normal app with all permissions can get all your data?
-gps location
-contacts
-logs
-screenshots
-hidden camerashots
-sms/mms
-emails
-photos
-etc
BELIEVE IT OR NOT, THIS IS FACT !!!
There was recently a test in germany within a documentation about internet security, where a developer made a app with all the rights to do the things above and send them hidden in the backround to a specified server to that he had access. So he could read and see all the things above and it was even updating immediately after a new sms or something came in and the testuser who installed it had no clue at all and was shocked when they told it to her.
The App itself was just making photos with a black censor stripe in the eyes and it seemed that it never could do that, but all the real action is going on in the backround.
By the way, he sayd it was very easy and many apps could do that and most of them really do that.
And what I know, many of you don't know or don't care or just don't know how to be safer and spread all your information to some companys that like to have them alot. And they allways want more.
Maybe you should spread this information by quoting this post or linking to it, because many people don't like to be ripped of their information.
Or do you like it, when someone is standing close to you and listens all what you say to your friends, when you have a private conversation ? I think not!
If you have "nothing to hide" and you don't care and its ok for you that some people know ALL about you, just don't read on, close this tab/window and go update your status on facebook!
Just remember, if you are not secured, you give all your data, when do you called who, what did you wrote to who, your actual location and your next meeting points or todos and many more things.
Here are some Informations about the Topic:
• http://www.ppcgeeks.com/2011/08/24/android-now-worst-os-for-malware/
• http://blogs.wsj.com/wtk-mobile
Go here to save your privacy:
www.tinyurl.com/androidprivacy
check out my signature also.
and be safe!
All i ever say to people is use common sense, if it's questionable then don't install it!
d3t0x said:
All i ever say to people is use common sense, if it's questionable then don't install it!
Click to expand...
Click to collapse
Thats right!
But does it help, when the common sense tell you it's just a app to make some stupid easy things that seems to have nothing to do with the funcionality discribed above or even when its the only app of its kind ?
And a big threat are preinstalled systemapps, that have all the rights to do that kind of stuff.
And by the while.. google likes to collect your data most of all.
So no wonder why it's so easy possible to do that kind of things.
Its like a super trojan horse in every mobile device with android..
But I found some tools/apps to protect your privacy, just check my signature, there they are listed!
at least it will help, to get rid of most of the threads and your data will be more saver then before!
common sense x2
(•.•) said:
the testuser who installed it had no clue at all and was shocked when they told it to her.
Click to expand...
Click to collapse
her = no common sense. Nothing new there... ;D
mmmmhhh there are so many apps...
is there a list of really questionable ones?
too lazy to check the permissions of each I have installed....
AND PLEASE put away this flashin' rainbow - you can't read anything without coming near to epilepsy
Honestly privacy and security has gone out the window and within the past few years it has really gotten worse! These major problems aren't exclusive to phones or operating systems but everything. However there are ways to protect yourself or at least try. Common sense is a big one as others have mentioned. Ie: my mom knows ms office, ie9, and some other basic programs however she wouldn't be able to tell If she's on a scam site If it hit her on the head. Its pretty simple though some sites, or apps, just feel malicious. Good luck people!
Sent from my HTC Glacier using XDA App
Common sense
maybe get permission dog free from market to see how dangerous an app can be..
and then get lbe security guard to really block the **** out of the fkn app, that wants to suck your data out of your pretty android smartphone
Just an example... why angry bird needs to have gps permissions ?
common sense will tell you, its a game and don't need that at all.
Or most apps just want to read your imei, but they don't really need that.
For example I untrusted all systemapps and I blocked all IMEI-Permissions and all GPS-Permissions, but not the one from the navigation software, but there i blocked the internet, as well as on many others in a dual way, by droidwall (iptables) and by lbe security guard (permissions).
that should give you some idea... but check it out yourself.
As I said, you will be amazed how many apps want to get your data.
(•.•) said:
maybe get permission dog free from market to see how dangerous an app can be..
and then get lbe security guard to really block the **** out of the fkn app, that wants to suck your data out of your pretty android smartphone
Just an example... why angry bird needs to have gps permissions ?
common sense will tell you, its a game and don't need that at all.
Or most apps just want to read your imei, but they don't really need that.
For example I untrusted all systemapps and I blocked all IMEI-Permissions and all GPS-Permissions, but not the one from the navigation software, but there i blocked the internet, as well as on many others in a dual way, by droidwall (iptables) and by lbe security guard (permissions).
that should give you some idea... but check it out yourself.
As I said, you will be amazed how many apps want to get your data.
Click to expand...
Click to collapse
Thanks! Already had Droidwall but LBE was a nice find. Hit the thanks button earlier but thought I'd post a comment. People might also want to try Autostarts which lets you decide which apps and resources start at start-up kind like msconfig on windows. Also watchdog is a nice monitoring tool so that you can see which apps are taking precious cpu.
Question: How's LBE on battery? Hope it's not bad, I need my power
ACis0014 said:
Thanks!
...
Question: How's LBE on battery? Hope it's not bad, I need my power
Click to expand...
Click to collapse
Really no problem at all, in fact you will have even more battery, because those controlled apps don't activate some services in the backround anymore and that actually could drain battery from your phone, like gps or something..
I suggest you to add the link of DroidWall and the (excellent!) LBE in the OT
I personnally set GoogleMap on "prompt" for my location, it's quite impressive how often GMap ask for location...
I hate to throw this out there, but there seems to be a little bit of misinformation going on here.
1)Those apps that protect you, they very well may be the very apps that are stealing your information. Most malicious apps masquerade as security apps.
2)Google collects all your information anyway. And they are hacked a lot. If you have an android smartphone, your information is not secure anyway. But in the end, what's the big deal, really? Some extra spam for you to filter in your inbox? So what if they know where you are, are they going to pull up in an unmarked van when you are alone and kidnap you? The freedom of information is what makes android so great, and Google so effective. It makes your lives easier. If you don't like it, go to Apple. At least hey don't track you....oh, wait...
3)Apps need permissions for a variety of reasons, some not so obvious. Ad-mob, and other ad related software, needs GPS data to tailor ads to your location. Ad supported Angry Birds needs GPS to run the ad software. They aren't tracking you, they are making the annoying ads less annoying by making them relevant to you. Do you care about that great 5-star restaurant in California if you live in Maine? No. But having GPS info enabled allows them to show you that great lobster place you never would have known about, and is now your favorite place to eat. And IME? Do you not like typing, or performing any action in a game? It needs IME permissions because IME = Input Method Editor. So sure, if the game is solely based on motion controls, then having access to the IME isn't so important, and you might want to be suspicious. Otherwise, it is needed for the app to function.
Look, I'm not saying don't be wary of what apps are doing to your phone, and I'm not supporting the stealing of information. I'm just saying, I hate misinformation, and I have been seeing too much of this kind of paranoid security concerns. Do what you want, its your phone. But just remember, don't be too cautious to live a little.
If you're using it for corporate uses and have sensitive information that could actually be used for gain, then you need to get a blackberry maybe. For personal use, its just a phone and the info you put on there really shouldn't be life changing enough for someone to go through the work to get. I think sometimes our Ego tells us that someone cares enough to hack our device when in fact, no one gives a crap.
It's a serious problem!!
read on
devator22 said:
I hate to throw this out there, but there seems to be a little bit of misinformation going on here.
1)Those apps that protect you, they very well may be the very apps that are stealing your information. Most malicious apps masquerade as security apps.
2)Google collects all your information anyway. And they are hacked a lot. If you have an android smartphone, your information is not secure anyway. But in the end, what's the big deal, really? Some extra spam for you to filter in your inbox? So what if they know where you are, are they going to pull up in an unmarked van when you are alone and kidnap you? The freedom of information is what makes android so great, and Google so effective. It makes your lives easier. If you don't like it, go to Apple. At least hey don't track you....oh, wait...
3)Apps need permissions for a variety of reasons, some not so obvious. Ad-mob, and other ad related software, needs GPS data to tailor ads to your location. Ad supported Angry Birds needs GPS to run the ad software. They aren't tracking you, they are making the annoying ads less annoying by making them relevant to you. Do you care about that great 5-star restaurant in California if you live in Maine? No. But having GPS info enabled allows them to show you that great lobster place you never would have known about, and is now your favorite place to eat. And IME? Do you not like typing, or performing any action in a game? It needs IME permissions because IME = Input Method Editor. So sure, if the game is solely based on motion controls, then having access to the IME isn't so important, and you might want to be suspicious. Otherwise, it is needed for the app to function.
Look, I'm not saying don't be wary of what apps are doing to your phone, and I'm not supporting the stealing of information. I'm just saying, I hate misinformation, and I have been seeing too much of this kind of paranoid security concerns. Do what you want, its your phone. But just remember, don't be too cautious to live a little.
Click to expand...
Click to collapse
@devator22
You have some points, but overall the wrong point of view I think.
1. Right, security apps are a big security flaw also, many antivirus apps / security suites on your pc are the perfect tools to do all the bad things they should protect you from, but now they have the monopol to do that, if they are installed.
Better just use a sandbox tool and good firewall. I sayd a good firewall, not Zonealarm!
But LBE Security Guard isn't a bad tool at all, its opposite, really good!
And by the way you can block any internetrequest with droidwall for lbe and all other tools, so even if they would like to do some bad things, they could not get it away from your phone!!
2. Whats the big deal? That any company can come along with their "nice" app and spy your whole life out of your phone! All your really private data, like photos,passwords and stuff like this. And why should anyone get so far into your life without your permission ? Ok, yeah lol, you gave the permission when you installed the app, so you could use it, but noone would really give a permission to all the spythings some apps do..
3.
So why should give the apps on your phone some specific permissions, if you could just denie, but use the app anyway?
And why should you take the risk, when you could avoid it!?
It's not a heroic risk or a risk, that could move you forward in anyway, but it's a risk, that can make you naked and off guard in some way.
and it's not even a risk, but a fact, that they take what they can in the digital world as you should know! But only if they can take it, they will. When they can't get anything from you for their statistics and datamining tools, for profilecollecting etc. they will not have them, at least not your photos, not your passwords, not your life!
And if you choose to use Apple, you can't even choose your privacy, because they track you and all your private data anyway.
GPS, your actual position, where you actually stand with your human body.
You can have it enabled for all your apps that want to give you "some ads" to maybe find a good restaurant by mistake.. lol.
If you want to use gps to find some good restaurants your should get a specific app for that and only allow it for this app for some time and not all the time for all apps, that want to geocache (catch) your specific movement in the world and put it into profiles.
Its not IME, but IMEI = International Mobile Equipment Identity that many apps like to record/read, to identify your phone.
Ok hope you got some motivation to use the tools, I and some professional dataprotectors would recommend you to use!
Maybe I will write a "How to" to be really secured.
So now get finally some privacy and install at least lbe security guard and droidwall. and don't forget to untrust the systemapps to under app management, the 3rd tab at the bottom.
I wish you a good year and alot of fun with your smartphone.
Apps ask for YOUR permission if you allow them to access your data/information when you download. If a game asks for your Data information you will obviously be suspicious. Pre-installed bloatware/apps are safe and you should not stress out because some can look at your data. If a big carrier/google pre-installed malicious applications on the phone they would face huge problems. There's really no need to be afraid. Just look at permissions, comments, and rating of the app. I think your misleading people to think it's a bigger deal then it is. Yes there are malicious applications, but you just got to use your brain.
Feeshie said:
Apps ask for YOUR permission if you allow them to access your data/information when you download. If a game asks for your Data information you will obviously be suspicious. Pre-installed bloatware/apps are safe and you should not stress out because some can look at your data. If a big carrier/google pre-installed malicious applications on the phone they would face huge problems. There's really no need to be afraid. Just look at permissions, comments, and rating of the app. I think your misleading people to think it's a bigger deal then it is. Yes there are malicious applications, but you just got to use your brain.
Click to expand...
Click to collapse
You are wrong a little bit wrong here in some points.
The main thing is of course they ask you for permission.. but you must accept it in order to use it.
Maybe it's the best app of it's kind and you want to use it.
But they ask you for permissions you don't want to give at all ? Why should you allways give your position to the app > to the server > to the company > to some worker of the company > to some stranger ?
Do you really think, only because they are preinstalled they are safe ?
You kidding? Just look it for yourself what the pre-installed wants from you..
And Google don't need to use malicious apps etc.. they just call it sync.
AutoSync your contacts, passwords, emails, sms, calendarentrys...
Nothing else is what a trojan does, it gets your sensitive data, but the main difference is, that you have access to your data on google and on the trojan someone else has access but you don't. But doesn't it mean, that google have access too ?
They collecting as much as they can.... they have the biggest database of human activity, besides facebook!
Just don't at least give them 1 more private profile..
devator22 said:
I hate to throw this out there, but there seems to be a little bit of misinformation going on here.
1)Those apps that protect you, they very well may be the very apps that are stealing your information. Most malicious apps masquerade as security apps.
Click to expand...
Click to collapse
This is a good point. While the LBE Privacy Guard seems like a nice app, there's no source and the author is some anon Chinese guy. So no auditing by third parties or myself for suspicious code added by Chinese intelligence or whoever. Doesn't inspire much confidence at all. Misidentifying the software in this thread doesn't help either, did they just change the name or was it ever called "LBE Security Guard"?
2)Google collects all your information anyway.
Click to expand...
Click to collapse
If they can do that, then all is lost. But this kind of claim needs proof as well. We should have some idea from the hackers if this really is the case.
3)Apps need permissions for a variety of reasons, some not so obvious. Ad-mob, and other ad related software, needs GPS data to tailor ads to your location. Ad supported Angry Birds needs GPS to run the ad software.
Click to expand...
Click to collapse
Angry Birds surely doesn't need to have your exact location down to a few feet via GPS just for ads?!? No, GPS location could be used to see who you might be playing Angry Birds or doing anything else with. Enables rather sinister overwatch don't you think? Even though they might claim to maybe offer some couples oriented ads based on this information too.
They aren't tracking you, they are making the annoying ads less annoying by making them relevant to you.
Click to expand...
Click to collapse
Let's just keep in mind who we're talking about here, people who root their phones. No advertiser is going to care about a small fringe group like us. BTW, it looks like stopping network access in Angry Birds makes the ads a whole lot less annoying in that it doesn't show them at all in that case... And again, our small fringe group isn't going to kill off Rovio even if we don't see the ads.
whats that
IS it True ,, it mean our data is not save on andriod?
is there any option or software to save data.
i m really shocked about it
its a latest news for me becouse i m android smart ph user.
help me and satisfied me which option make my cell safe.
Related
Last night browsing the market, after having my phone reset for constant rebooting, I downloaded an app called "adult videos." I woke this morning to find the app wiped from my phone and from the market. Now, the problem lies not in the fact that this app is missing from my life, but in the question is google sneaking around in the middle of the night tampering with people's phones? I read that article about google remotely removing apps from phones strictly on a necessity based need. It kind of makes me wonder how selective they will be when determining what is necessary.
Google has the ability to do this and have flexed their muscles with that feature too recently,cant post links but google: "google remove android application". It uses google talk to send these removal requests. In normal conditions google will only delete apps that were malicious. (spyware/damaging/ddos/fraud/etc)
Most smartphone/ebook platforms have remote kill switches now. The more worrying part is that they also have the ability to install apps onto remote phones.
Google does this with android too? This is one of the reasons I dont like apple. This sounds like rediculous invasion of privacy. How does this work exactly?
Read the link.. disturbing both the install assett and the remove asset options. Plus the fact that Android maintains a constant data connection. Is there anyway to kill this constant connection? do you get charged for it? and can you disable the install and remove assett options?
It's Google, they live and survive off your information!
They went round WiFi snooping when they did Streetview, so God knows what they do with your mobile phone...
hungry81 said:
Google does this with android too? This is one of the reasons I dont like apple. This sounds like rediculous invasion of privacy. How does this work exactly?
Read the link.. disturbing both the install assett and the remove asset options. Plus the fact that Android maintains a constant data connection. Is there anyway to kill this constant connection? do you get charged for it? and can you disable the install and remove assett options?
Click to expand...
Click to collapse
This connection is maintained by using google talk. So as long as you are online on google talk you have a hotline to the kill switch. After these security concerns I bet some chefs are working on ROM with the kill switch disabled. But nearly all smartphones have kill switches nowadays, companies like Google, Apple and Microsoft don't want to be seen as unable to get rid of a malicious app which would impact on their reputation.
Edit: Thinking about it, if you have extreme worries about this, install some kind of firewall (like iptables (requires rooting)) and block mtalk.google.com.
The best part about these google phones is the ability to make them your own. I am currently waiting for cyanogen's mod 6 which I am pretty sure won't constantly chat with google, but I think that the fact should be recognized of who the major players are in the cell phone game. Remember that 'incident' google had with china, and how the NSA and google became friends after that. Hmm... The largest data analyzer teaming up with the largest data collector, google also reports higher sales every quarter now as well, that is alot of direct connections with alot of people. I'm not sayin' anything...I'm just sayin'.
El_Zilcho said:
Edit: Thinking about it, if you have extreme worries about this, install some kind of firewall (like iptables (requires rooting)) and block mtalk.google.com.
Click to expand...
Click to collapse
Ummm..... no.
r3s-rt said:
Ummm..... no.
Click to expand...
Click to collapse
Umm why not? Its a Linux system below the dalvik vm. There are people who got iptables running on their system and when done correctly iptables. Be aware when I talk about this, I am talking tin foil hat style here.
What if someone modifies AOSP code to just remove the INSTALL_ASSET and REMOVE_ASSET portions of the code?
Google, don't go Apple way!
http://threatpost.com/en_us/blogs/android-also-gives-google-remote-app-installation-power-062510
Old news, but they've made me "a little bit" angry Is there any way to remove all that crapware?
hmmmmm well figuring they just got in trouble for stealing multiple GB of data from private routers I'd say its a sure bet. Also I recently took a federal job and low and behold they already had my gmail account on file even though I have never given it out and only use it for family and friends, but the feds sure had it.
Worrying article on how apps are using personal information.
www.theregister.co.uk/2010/09/30/suspicious_android_apps/
I'm sick that they had to go too such lengths to find out. We need a better net architecture to enable a proper firewall to work.
Sent from my HTC Desire using XDA App
Also, app naming FAIL!
Well, since they only tested 30 apps and won't release the names of the ones they tested, only saying that they are "the most popular", personally I don't buy it.
And the information these apps are sending out is primarily geolocation. Well, no ****. If an app wants your location and you don't think it should have it, it's either using it for ads or you should decline to install the app and just send an email to the dev asking him why he needs that information.
tjhart85 said:
Well, since they only tested 30 apps and won't release the names of the ones they tested, only saying that they are "the most popular", personally I don't buy it.
And the information these apps are sending out is primarily geolocation. Well, no ****. If an app wants your location and you don't think it should have it, it's either using it for ads or you should decline to install the app and just send an email to the dev asking him why he needs that information.
Click to expand...
Click to collapse
Agreed... geolocation is pretty obviously straight forward. I don't know about the 'transmissing every 30 seconds' thing though.
Any thoughts ont he transmitting sim card and IMEI info?
http://www.youtube.com/watch?v=qnLujX1Dw4Y
Also discussed here:
http://forum.xda-developers.com/showthread.php?t=795702
With explanation where to get it from http://www.appanalysis.org/
A very well-written reply by "Steven Knox" on The Register, demonstrating how this 'research' is simply a pile of intentionally-misleading statistical rubbish:
By selecting only from applications that access both personal data and the internet, they're overstating the significance of their study by about 3x. Furthermore, their summaries blur this distinction unnecessarily.
Specifically, their FAQ says "We studied just over 8% of the top 50 popular free applications in each category that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." Since there were 22 categories at the time they did the study, that would imply (22*50=1,100 * 8% =) 88 applications. However, they actually only tested 30, because of the 1,100 top 50 applications only (from the PDF) "roughly a third of the applications (358 of the 1,100 applications) require Internet permissions along with permissions to access
either location, camera, or audio data." -- meaning that the other 742 apps don't have the necessary permissions to play badly. The clause "..that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." from the FAQ is grammatically ambiguous in this case (it may refer to "applications" or "category"), and not specific enough to indicate that over 2/3 of the applications are (relatively) safe by dint of not having the necessary permissions.
They also didn't include in their study apps from 10 of the 22 categories, but they don't explain whether that was due to a) there not being any or enough applications in those categories that required internet and personal data permissions, b) a conscious choice to focus on the other 12 categories, or c) the results of random selection (with an explanation of why they did not use a stratified sample).
Once you factor back in the applications they ignored, the numbers don't look quite so bad. Assuming their sample was representative, 2/3 of the 358, or about 239 applications of the top 1,100 of the time use personal data suspiciously. That's about 21.7% or just over 1 in 5 -- still significant, but a far cry from 2 out of 3. In fact, the worst case maximum is actually 358 of 1,100 or just under 1 in 3 (32.45%) because they are as mentioned above the only ones that actually acquire the permissions necessary to do anything "suspicious".
I understand why both the researchers and the reporter used the 2/3 figure -- you all believe you have to sell the point as hard as possible*. But the real story is that it's likely that at least 1 in 5 Android Apps use private data "suspiciously" -- and that number is still high enough to cause concern and to justify the further use of tools like TaintDroid. It's a pity you didn't trust the facts enough to avoid the unnecessary sensationalism.
*I am assuming, here, that Mr. Goodin did actually read and digest the paper as I did, rather than simply picking out the figures from the study, the FAQ, or a press release.
Click to expand...
Click to collapse
good spot. But one in ten woolf be too many. The point is we should have more fine grained control and transparency off what apps do over the net, and we can't, by design.
Sent from my HTC Desire using XDA App
We need to develop a shim that reports modified IMEI/SIM data for different apps. IMO, very few apps need that information. We may not be able to keep all those apps from sending our private information, but we can make that information useless if it appears that we all are using the same IMEI/SIM...
patp said:
...The point is we should have more fine grained control and transparency off what apps do over the net...
Click to expand...
Click to collapse
agreed....
if you are rooted. With Root Explorer go to /data/system/ and open accounts.db you might be surprised what you find in it... Some people it will be fine for but mine it shows my exchange email and password in plain text and a few others show up as plain text has well...Its not geo they are worried about (for the most part) and...this file has been known about for awhile
Don't worry though unless your downloaded android specific virus holding apps you wont have any problem. And if your getting all your apps legally through the market then its no big deal =) and if your pirating them...well I don't feel bad for you...
echoside said:
if you are rooted. With Root Explorer go to /data/system/ and open accounts.db you might be surprised what you find in it... Some people it will be fine for but mine it shows my exchange email and password in plain text and a few others show up as plain text has well...
Click to expand...
Click to collapse
Opened it, my accounts are there, but no passwords....
rori~ said:
Opened it, my accounts are there, but no passwords....
Click to expand...
Click to collapse
my gmail is somesort of encrypted but doesnt look that great.
Exchange shows up
facebook doesnt show anything at all aha
Thats why I said some might not have anything. Awhile back when I first heard about it one of my friends had two or three right there in plain English I didn't have a phone at the time to check...
Its been reported before but kind of just brushed over no biggy. To go real conspiracy theorist....I think apple is submitting all these articles...
ButtonBoy said:
We need to develop a shim that reports modified IMEI/SIM data for different apps.
Click to expand...
Click to collapse
Great idea
The source code/instructions for TaintDroid are now out:
http://appanalysis.org/download.html
Anybody found a (recent) kernel with built-in TaintDroid-support?
I hope this time it's the correct forum.
So long story short.
I've written an app that allows to hijack FaceBook profiles over the WiFi. So when you're connected to WiFi you can "hack" into other users profiles. It doesn't work for profiles using SSL (yes you have that option in FB). So it can be treated as a "bad app". BUT! it is not dangerous for the one using it. I am aware that this is "questionable" application, but is there any other way to tell people - "HEY! use secure connections, it is not safe to use public WIFI!". I'd bet that a lot of you don't use SSL now and after using/reading this app you will turn SSL on.
That could be the #1 reason for deleting my app.
The second one is that I've put a 'demo' app in the market with a limit to sniffing only 3 profiles. But you could buy it through paypal. And today I've found out that this also could lead to app deletion. However i've bought launcherpro through paypal so I don't see why my app was removed in less than 24 hours.
What is your opinion and what can I do to sell my app somehow (i need my 25$ back that I've paid to register in google wrr...). Is there an option I could do put it in market without google deleting it like putting a disclaimer or something? The app itself is safe for the user downloading it.
Edit: If I put a link to this app here will this thread be deleted? If so, is there an option to promote it here?
Per forum rules, link removed
bponury said:
I've written an app that allows to hijack FaceBook profiles over the WiFi
Click to expand...
Click to collapse
There's your answer.
JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
+1 on that
if it allows you to hijack fb you can steal other information from the users account so why would they allow it and put themselves into a legal bind for doing so
JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
So if it wasn't for this app you would be safe? No, facebook is ignoring users privacy and this app is nothing more then a good way to show people what could be the cost of not using secure connections. Of course this can be used in a bad way, a lot of apps can. Like sms bombing or phone number spoofing. But they are not removed from the marked do they?
Ethics
And even worse you want to get paid for it.
wdl1908 said:
Ethics
And even worse you want to get paid for it.
Click to expand...
Click to collapse
Yes, I know what ethic is however we're not living in a perfect world and just believing that everyone is good and ethical so I can just leave my door open when leaving the house is not going to protect me against the reality. I believe in http://en.wikipedia.org/wiki/Full_disclosure and this case is even better because FaceBook is aware of the problem and just ignore it. A few people are aware that there's an option to use SSL on facebook. In my opinion FB should just get it done right and force users to use it. It's not a problem these days right? And what is wrong in getting paid for my work. I've spent some time developing it. Security by obscurity is not working, really. Take my app for example it would take max 1h to crack it. It's not security it's just being to lazy to secure it. And hoping that no one would care to crack it.
sms bombing is not hacking someones account! you are just spamming someone with messages.
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.
traumatism said:
sms bombing is not hacking someones account! you are just spamming someone with messages.
Click to expand...
Click to collapse
People are killed for spamming in russia (http://www.theregister.co.uk/2005/07/26/russian_spammer_killed/)
And what about spoofing caller id? AFAIK that things are valid in court cases in Poland.
traumatism said:
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.
Click to expand...
Click to collapse
I don't know how to tell people - secure yourself any other way. I know i'm devils (myself) advocate right now, but really do you think that forgetting about insecurity is a good way? I don't force anyone to use it in a bad way. But after I showed how it works in my house all my room-mates turned SSL on instantly. And they were not mad about it, shocked a bit but now they are safer now. Sure you can just tell people - hey turn ssl on and 90% of them will ignore you. But when you show them - look! i can see your messages that easily if you don't do it. Then they would listen.
haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook
By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.
MarkusPO said:
haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook
Click to expand...
Click to collapse
So if you have a car that can be opened by someone who has a screwdriver wouldn't you want car manufacturer to secure your car. Buying a bulletproof car isn't exactly the same as pushing a button in a web browser isn't it? And you're comparing killing a man to posting "I'm a jackass on someones FB wall". But still, you can buy a gun right? Also pretending that there's no problem isn't fixing a problem.
And hey, this app isn't new you know, if it wasn't for this thread maybe you wouldn't know that people use this apps on PC's maybe one day you would find that all your mail is gone (yes, this app could be modified to work with other sites like this forum). And ask yourself wouldn't you be pissed if you've found out that anyone using your network could get into your bank account? Well I would. But most (all?) banks use SSL by default. Google does. Why FB doesn't?
hazard99 said:
By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.
Click to expand...
Click to collapse
Yes, in fact it needs root to modify iptables and send raw arp messages and I know people get scared when an app needs root. If someone is interested I could write here how it's done and anyone could write it. It's actually nothing magical.
I wrote this app as a project for my mobile programming class. In the first version it also sniffed for Gadu-Gadu messages (it's a polish messenger). But I sure hope that when and if this app let's loose than FB will react and enable ssl by default. Maybe other websites will use it too. It's just that easy to protect your users, I don't understand why they don't do it?
most people who do not want their details stolen, do not use public access internet. does FB take money transactions over their site?
google does and the banks do so they will have a secure section. fb may do this using paypal or google checkout or otherwise so may not need the ssl that the banks need. sure it still renders people vulnerable to attack and theft of other information but even so that information is very limited dependant on the user of the account.
traumatism said:
most people who do not want their details stolen, do not use public access internet.
Click to expand...
Click to collapse
Yes, so other people want their details stolen? You are aware of the problem 'cause your "into computers" but out of 500 milion fb users how many of them ever heard of SSL? How many know that they are unsafe?
well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.
traumatism said:
well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.
Click to expand...
Click to collapse
Sure I could write an e-mail to facebook, but this issue is known for years! http://en.wikipedia.org/wiki/Session_hijacking I am sure FaceBook is aware of it. In fact they've enabled SSL only a month ago (maybe two months) but why it isn't enabled by default?
who knows. perhaps issues with other applications on the website, or applications made to access facebook. they may have left it so they can cater for other applications for and on the site. only they can answer that question.
anyway, he just showed the spirit of a developer and created something new
he never told anyone "hey go hack facebook profiles" or "sniff those profiles, its fun"
he just showed the possibilites of android development and did nothing wrong in my opinion
it's not his fault if facebook is unable to close a security leak known for a long time
yeah dont get me wrong blezz i understand that completely. but the argument was as to why they would remove it. legality reasons would be tne main issue. to cover their own backs as they can in fact face legal action for allowing the app to become available in their market.
I don't see anything wrong with the app.
It shows the flaws of facebook, and the fact that no one in facebook cares enough to do anything about it. But then I understand whygoogle would remove it... If facebook decided to sue for this google would be sued not YOU.
so it would be best if you released it HERE on xda rather than the market
Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Rebel60 said:
Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Click to expand...
Click to collapse
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Dark3n said:
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Click to expand...
Click to collapse
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Rebel60, feel free to peruse these threads and see if either is the right fit for you.
http://forum.xda-developers.com/showthread.php?t=1357056
http://forum.xda-developers.com/showthread.php?t=1179809
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
How is viewing aquired wakelocks helping the OP understand what aquiring a wakelock does, and why the app did it? It's not about who, but what and why. Any type of wakelock an app aquires prevents deep sleep and a wakelock can not be used to interrupt a device that is in deep sleep.
Again the question was not about blocking permissions, but why some apps want all those permissions and why no one seems concerned with the obvious privacy issue.
While PDroid does not require root to operate, it does require it to be installed, so in the end it still needs a rooted device.
Why did you install an app that needs a worrying permission for no discernable reason anyways?
Thanks for the general developer insult. Developers really are the greediest folks *sarcasm* of them all.
Where did you take that from? How many developers of greedy apps did you ask about the permissions they request?
You can't really make that assumption as just a requested permission doesn't do anything at all by itself and what the app is actually doing with it, is unknown without sourcecode.
...and now i jumped aboard the off topic train, damn
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is important. It allows the user to identify the trouble app and either tinker with its settings to reduce the wakelock or delete it altogether if the app is not important to the user. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes and change them to longer sync periods which would dramatically decrease those pesky wakelocks and save some battery life. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. This of course is only one of many applications this program can be used for.
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Rebel60, I hope you find a way to fully utilize your device without fear of privacy infringement or apps that excessively deplete your battery. There are many people on XDA with a passion for these devices. And many different opinions. Take the time to evaluate your options and pick the right solution for you.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is the issue. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. With that knowledge one could change their sync intervals and save precious battery life.
Click to expand...
Click to collapse
True, it would definitely help a user identifying battery drainers and in those cases it does not matter why the wakelock was aquired if it is what causes the drain. But the question was not about batteries, but about what/why wakelocks are and the description of the wakelock permission itself.
While BetterBatteryStats being a great tool, it does not answer that question. (Hence my offtopic remark)
Aerocaptain said:
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Click to expand...
Click to collapse
While bug reports or anonymous statistics are one part of it, i think most of the internet permission needs come from ads that are displayed. I don't use ads, so i'm a bit unfamiliar on that topic.
If solely googles licensing service is used, the internet permission is not needed, just the 'CHECK_LICENSE' permission (which is an extra permission just for that purpose).
It is also often used to update the welcome dialogs with news, if a dev does not want to release a new version everytime he wants to tell his users something.
Aerocaptain said:
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Click to expand...
Click to collapse
I'm not denying that there are greedy and or malicous devs out there. It was the 'plethora of greedy sometimes malicious developers' that threw me a bit off. I see you meant it differently, as you wrote 'in that minority'. As english is not my main language, i might have understood it a bit too harsh too .
Most of my work falls into the 'Tools' category, if you have question about them (or the permissions ), write me a PM.
I fully agree that everyone should have full control over their devices and i also think that users should have the possibility of choice (i.e. apple selecting apps that are published vs androids more or less freedom of apps, though one might have to sort through a 'plethora' of useless apps, i wouldn't trade it for apples store).
[I needed all those big quotes to reflect what i'm responding to as you seem to edit your posts alot after you made the. Makes it a bit difficult to answer ]
Thanks
Dark3n said:
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
Click to expand...
Click to collapse
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Rebel60 said:
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Click to expand...
Click to collapse
Whether your new to android or a veteran, XDA has all of the information you'll need to educate yourself. Rooting is not for everyone and should only be attempted by someone comfortable with the process. It does however open huge doors to more control and customization with your device. My advice to you is first get to know the Android platform for a few months. In the meantime do some research and see for yourself the pros and cons of rooting. There are dozens of threads with people that are in the same situation as you. Learn from them and talk with them. If you have a direct question about android, feel free to PM me. I'd be more than happy to help in any way I can. Good luck & enjoy your device.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Rooting is pretty simple if you invest some reading time. Just make sure to search alot before asking .
Also be aware that giving an app root access is equivalent to granting every possible permission there is and more.
I'm sure most users are not fully aware of that.
So allowing an app root access is a huge trust investment in the dev, don't do it for fishy looking apps .
Read the description
Try reading through the apps full description. A lot of developers will explain why their app needs those scary sounding permissions.
If they don't explain, you could always contact the developer (seems almost like google requires app listings to include a 'contact the developer' link somewhere).
I'm still newer to Android and today realized the permissions that apps request. Before I was quick to just accept & go. I was about to install an app that is requesting a LOT of permissions. Phone calls, hardware controls (pics/vids at any time), and network communication (SMS I believe). My questions are simple.
1. Do certain custom mods, like Synergy? Do some mods already implement certain things into itself to disable some of these features? I understand this is a mod-by-mod basis if so. Does Synergy do anything to disable this crap, anybody know?
2. How worried do I have to be about this? Will the app literally take pics and send them out without my knowledge? Or is it only the pics I take it can send out? How does this work?
3. Which of the permissions that apps request do I really need to keep an eye on and watch out for? AKA, what could take info/pics that I dont want it to?
4. Is Anti-Virus software REALLY necessary since I'm all rooted and such? I read articles saying it's useful and others saying it doesn't even provide much protection, and the chance to get something is quite rare if you only use google play/android market?
Thanks in advance for any and all help. I ditched Apple and AT&T for this thing, and with it being rooted, I am unbelievably happy I made the switch to both VZW and the S3! AWESOME phone, screen size, and customization!
Edit: Posted wrong forum....Shoulda been Q&A forum. Devs plz move.
1. Not sure. I haven't played with synergy.
2. What kind of app is it? This is huge into what kkind of permissions it needs. If its a live wallpaper app it shouldn't be asking to be able to read your contacts or send SMS. You just gotta think what does this app do and why does it need this permission. A launcher app like Apex or Nova needs A LOT of permissions. To be able to make calls and send SMS and work the camera as a launcher can do all of those. Does a game need the ability to do that though? No. It may ask to read your contacts so it can share crap with your friends though. It can be hard when you look at permission apps ask for to decide it its legit or not. If you can't decide just don't download.
I try to only download hugely popular apps that I know aren't malware. If its got over 100k downloads chances are it is a safe app.
Permissions are tricky and until you realize all an app can do you wont understand why it wants to do some things. It took me a good year of downloading apps and reading about things toto get a great grip on permissions.
The biggest thing is common sense. What does the app do and why should it need this permission. An SMS app needs permission to the camera and to send SMS that cost money and read your phone book and such. But if I download a live wallpaper or a weather widget...why would they need such abilities. That should raise a HUGE red flag. Anytime you see "can send SMS that may cost you money" in permissions try to figure out why it needs that. Cause the last thing you want is to DL it and tomorrow have $600 in txt fees.
I don't believe in anti virus on my phone. Yeah you can get em and some love em. But really. If you just use common sense and don't download suspicious things you shouldn't need one. I refer back to only download trusted apps. If it has less the 1k downloads. Be wary. It may be a new app that a dev just launched. Or it could be a reason for the lack of downloads. Look at reviews ALWAYS. Yes many are from morons. But some are helpful. Also if you want a popular game go straight to the devs for it in the market. Many times bogus apps are posted that spoof popular apps like angry birds. Download the one with millions of downloads. Not the one with a thousand.
The more you use your device the more you'll understand. I download plenty of apps from XDA with very few downloads in the market and have been safe. But this comes from knowing and trusting a developer. That's why these forums rock. You can get in on an app in its infancy and help test it and make it grow.
--Sent from GlaDos baked potato
Google is eventually going to have to step in and put a stop to this, but more and more apps are requesting permissions that they have no business requesting. It is unfortunate, especially when the intrusive app is one you would like to have.
I choose to completely disregard any app that asks for permissions it is obvious it doesn't need. The exception being internet access for ads, as incorporating ads into an app can be a legitimate way for an app developer to generate revenue. (And the unsightly ads can be removed with an ad blocker like AdAway, so it's kind of a win-win).
However, if there is an app that you just "need" to download or would just like better control of your phone, you could download an app called "Permissions Denied." This app let's you decide what permissions are granted to each app.
i use LBE Privacy Guard to help manage my permissions. You can mark certain apps as trusted and deny specific permissions for other apps. Also lets you know when a specific app is trying to access certain functions. Only had it for a couple days but liking it so far.
i used to run an anti-virus, AVG to be specific, but after a while just decided to get smarter about what i install and have been going without one.