Related
Not sure if any of you ever heard of ngmoco's Plus+ game social network on iPhone, well they were bought out by a japanese company who owns "Mobage", a mobile game network in Japan.. Now they're releasing games on Android, but every single one of their apps has every permission in the book, & they give no explanation for any of them.
Now I'd normally stay away, but they have one game I loved on iOS, Pocket Frogs, here's a link; http://0.mk/72868 check out the permissions tabs.
Is it safe? Is there any way to block all permissions in an app or disable them??
Thanks.
TL;DR, remove app permissions?
I clicked on it and the permissions they have in there now seem normal actually. Except for this one:
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
It looks like they might have removed quite a bit of the permission requests because in the reviews people were saying it requests "super user access" and stuff like that but when I read the permissions, that one isn't listed anymore.
Yeah, that's the one that bothered me the most, but hardly any of those are required for the app to run, it's just unnecessary & annoying for a game to have that many permissions
Is there any way to remove its permission to read contact data?
That app also requested SU access on my phone. I denied it and then immediately removed the app. There is no reason that game should require SU access.
There is a handy linux tool to list permissions that an APK uses via commandline called scanperms. I use it to check out what an app uses before installing.
URL is hxxp://tinyurl.com/cvo6dqw
there's an update ive avoided so far but play seems to have no shutup button. I was weary to update because the apps new permissions included view running apps. I see no reason for this and think its an unneeded invasion. anyone see it as a valid perm? so i guess i need a recommendation for another app is there something better?
If you're rooted, just get permissions denied free from the play store and enable disable which ever of the permissions you want.
Now for some of the permission, they want you to pay for the full app, but if privacy is a concern for you, well worth it.
https://play.google.com/store/apps/details?id=com.stericson.permissions&feature=search_result
jefem24 said:
there's an update ive avoided so far but play seems to have no shutup button. I was weary to update because the apps new permissions included view running apps. I see no reason for this and think its an unneeded invasion. anyone see it as a valid perm? so i guess i need a recommendation for another app is there something better?
Click to expand...
Click to collapse
Permissions Denied is def the way to go with that problem. But if you have being bothered by the Play store about updates, get Titanium Backup and you can use it to sever the market link between the app and your account so you don't get bombarded by update notices.
I suggest LBE for your privacy concerns.
As far as VM, I use Google Voice and have my voicemail number for my GoogleVoice setup in my phone. Now, I have separate greetings for many of my contacts and contact groups... In-line voicemails in my call log, etc.... its WONDERFUL! VMM sucks ****!
Sent from my SAMSUNG-SGH-I727 using xda app-developers app
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Kblavkalash said:
Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Kblavkalash said:
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
edit
MichaelTunnell said:
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Click to expand...
Click to collapse
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Security Apps
Hi,
in my eyes the best way is to use programs like PDroid. You cann adjist the rights of every App regarding send SMS for example.
LBE Privacy Guard may be also an Option. (runs not on my Device - SGS+)
(i use Pdroid 2.0)
you should also read the comments in the store, and the needed rights from the app before install. The best Apps to trust are open source apps.
Kblavkalash said:
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Click to expand...
Click to collapse
Research generally involves a Google search...
Editor's Choice in the market are safe bets, you know, the blue icon.
But then there are the millions of other apps, and frankly, I tend to toe the app name plus xda for instance, Google will show you xda threads about the app, if the posts are normal, you can be sure it's not malicious.
Stuff like that...
Also, fake market comments are really easy to spot and are a dead giveaway
Sent from my GT-I9000 using xda premium
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Toriko said:
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Click to expand...
Click to collapse
are you a thief?? :laugh:
Most of the permissions are for ads bases on location
Batcom2
xxXismakillXxx said:
are you a thief?? :laugh:
Click to expand...
Click to collapse
No, but I'm thinking about it. Seriously, have you ever wonder why you get web searches, translations and other services for free and yet the companies that handle the sites are billionaires? Because they sell your personal data and your commercial preferences to other companies without your permission. Think about it when you post your personal data on the web.
zelendel said:
Most of the permissions are for ads bases on location
Batcom2
Click to expand...
Click to collapse
I'm not so sure about that. However if I buy an ad free app , there shouldn't be any ads. And why an alarm clock need my phone id and can access my call log? It's fishy.
Toriko said:
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Click to expand...
Click to collapse
Rule of thumb: Every app that asks for unique device numbers, location and a backchannel does so because it contains advertisement. Advertisers simply love to track customers and find out as much as possible about them in order to deliver ads that actually result in a sale (contrary to popular belief, they don't do that just to annoy the crap out of everyone).
Personally, I don't use LBE privacy guard. I haven't seen the source and that pretty much means it is as much a blackbox as the apps, it is suppose to protect me from. For me, rooting and installing a firewall to simply block the backchannel does the trick.
If u filter out apps for their permissions, u will have nothing but the system apps left on the phone! even I used to check permissions b4 downloading at the beginning. Then as I downloaded a lot of apps i was lazy enough to give a dang to wat permissions the app wants! just see through the comments (reviews) to know if there are any issues with the app! That's it.! And nowadays the app developer tries to explain the reason for each permission the app asks for. So sooner all apps are gonna be explaining their permissions! (hopefully)
zelendel said:
Most of the permissions are for ads bases on location
Batcom2
Click to expand...
Click to collapse
This is true although some use it to collect app usage information for the purpose of improving the app. Unfortunately, it can be difficult to determine exactly why a particular permission is requested.
onyxbits said:
Personally, I don't use LBE privacy guard. I haven't seen the source and that pretty much means it is as much a blackbox as the apps, it is suppose to protect me from. For me, rooting and installing a firewall to simply block the backchannel does the trick.
Click to expand...
Click to collapse
Installing a firewall won't solve the problem, because you can't stop apps that need connection : together with the access to the net they send your data. LBE allows the access for the app but block the transmission of your id together with other data.
Anyway LBE also works as a firewall. There's another app that works the same way (Pdroid) but supports only Gingerbread.
Hi guys
I recently purchased a Elephone S3 from Everbuying.com. I heard people talking about how notorious these Chinese phones are having malware installed on them, so I decided to give the malware check a go and use about 10+ popular Malware detection apps (Avast, Kaspersky, Avira, Trojan Killer, you name it) currently available on Play Store.
Out of all those, excluding warnings that doesn't really matter in this regards (Malware specific), the below two apps gave me those respective warning results.
I have done some research, but i don't think I found any relevant info in this regards. So, for all the guru out there, the question is obvious, should I be worried about these "non-deletable" apps (if not rooted)? If they ARE malicious, can I be worried free by turning off ALL permissions for the apps and in some case, disable the app (I can disable the Beauty Center, not ELE Launcher).
Thanks to you all for any input!
Malwarebytes Anti-Malware
App - Beauty Center
Message - Android/PUP.Riskware.Cooee.a
App - ELE Launcher
Message - Android/PUP.Riskware.Cooee.H
Stubborn Trojan Killer
App - Beauty Center
Message - General Trojan
App - ELE Launcher
Message - General Trojan
bagachin said:
Hi guys
I recently purchased a Elephone S3 from Everbuying.com. I heard people talking about how notorious these Chinese phones are having malware installed on them, so I decided to give the malware check a go and use about 10+ popular Malware detection apps (Avast, Kaspersky, Avira, Trojan Killer, you name it) currently available on Play Store.
Out of all those, excluding warnings that doesn't really matter in this regards (Malware specific), the below two apps gave me those respective warning results.
I have done some research, but i don't think I found any relevant info in this regards. So, for all the guru out there, the question is obvious, should I be worried about these "non-deletable" apps (if not rooted)? If they ARE malicious, can I be worried free by turning off ALL permissions for the apps and in some case, disable the app (I can disable the Beauty Center, not ELE Launcher).
Thanks to you all for any input!
Malwarebytes Anti-Malware
App - Beauty Center
Message - Android/PUP.Riskware.Cooee.a
App - ELE Launcher
Message - Android/PUP.Riskware.Cooee.H
Stubborn Trojan Killer
App - Beauty Center
Message - General Trojan
App - ELE Launcher
Message - General Trojan
Click to expand...
Click to collapse
go ahead and disable Beauty Center, as far as ELE Launcher, that seems legit. But if you don't like it, just replace it with something like Nova Launcher.
mattzeller said:
go ahead and disable Beauty Center, as far as ELE Launcher, that seems legit. But if you don't like it, just replace it with something like Nova Launcher.
Click to expand...
Click to collapse
Hi mattzeller, thanks heaps for the info! This might not be a good question, but just for my information, generally speaking, is there a way to distinguish between a real harmful malware (actively stealing personal info) and an app that has more access and integration to the phone's OS than others by looking at the information provided? In other words, is there any obvious give away sign?
Thanks again for the help!
bagachin said:
Hi mattzeller, thanks heaps for the info! This might not be a good question, but just for my information, generally speaking, is there a way to distinguish between a real harmful malware (actively stealing personal info) and an app that has more access and integration to the phone's OS than others by looking at the information provided? In other words, is there any obvious give away sign?
Thanks again for the help!
Click to expand...
Click to collapse
Well look at reviews of the app, see if it is installing other apps without your consent, or constantly nagging you to download other apps. Generally 99.99% of apps on Google play are safe. Occasionally some crapware gets on there, but if you take a look at its rating and reviews (not just the highlights) you should be good.
Sent from my SCH-R220
bagachin said:
Hi mattzeller, thanks heaps for the info! This might not be a good question, but just for my information, generally speaking, is there a way to distinguish between a real harmful malware (actively stealing personal info) and an app that has more access and integration to the phone's OS than others by looking at the information provided? In other words, is there any obvious give away sign?
Thanks again for the help!
Click to expand...
Click to collapse
Always check the apps permissions. I absolutely refuse to install an app that has permissions that it shouldn't be using. However, if the app you're about to download needs permissions related to the app features, that's OK with me.
I see so many Play Store apps that are just total spyware in my book. Flashlight apps are a good example of this. There is zero reasons a flashlight app needs to read my contacts or a data connection. Just be mindful of reviews and permissions and you'll be OK.
KernelCorn said:
Always check the apps permissions. I absolutely refuse to install an app that has permissions that it shouldn't be using. However, if the app you're about to download needs permissions related to the app features, that's OK with me.
I see so many Play Store apps that are just total spyware in my book. Flashlight apps are a good example of this. There is zero reasons a flashlight app needs to read my contacts or a data connection. Just be mindful of reviews and permissions and you'll be OK.
Click to expand...
Click to collapse
I don't worry about apps with excessive permissions, I just revoke the permissions I don't like.
Sent from my SCH-R220
mattzeller said:
I don't worry about apps with excessive permissions, I just revoke the permissions I don't like.
Click to expand...
Click to collapse
That's the best way to do it.
I do the same thing, but I see lots of people posting here that aren't too tech savvy. For them be mindful of what you download.
mattzeller said:
Well look at reviews of the app, see if it is installing other apps without your consent, or constantly nagging you to download other apps. Generally 99.99% of apps on Google play are safe. Occasionally some crapware gets on there, but if you take a look at its rating and reviews (not just the highlights) you should be good.
Sent from my SCH-R220
Click to expand...
Click to collapse
Thanks for the advice. Yes, I am aware that common source/cause of malwares are side load apps and rooted device. So I am always fairly cautious about any apps i installed via non-play store source. However, these two caught apk are installed right out of box. That kinda annoys me. I don't jump on the bandwagon and say Chinese phones are infested with malwares and I believe a lot of the time people just over exaggerate and blow some minority out of proportion.
However, the truth is, this is the first Chinese phone I got and it came with two identified malwares. To be fair, it might not be particularly malicious, but it's enough to make me have second thought about my purchase....
KernelCorn said:
Always check the apps permissions. I absolutely refuse to install an app that has permissions that it shouldn't be using. However, if the app you're about to download needs permissions related to the app features, that's OK with me.
I see so many Play Store apps that are just total spyware in my book. Flashlight apps are a good example of this. There is zero reasons a flashlight app needs to read my contacts or a data connection. Just be mindful of reviews and permissions and you'll be OK.
Click to expand...
Click to collapse
Thanks for the comment! Yes, I am quite careful about the app I get to choose to install, but I have little control over these apps that come pre-installed on these chinese phone and got detected as "malwares"
mattzeller said:
I don't worry about apps with excessive permissions, I just revoke the permissions I don't like.
Sent from my SCH-R220
Click to expand...
Click to collapse
Yap, what I did for those two apps I mentioned are turning off all permissions access to them, disable app for the one I can and turn off background data access. Hopefully it will freeze them for good and stop them from playing naughty.
Just a question though, say I do all those above (e.g. switching off permission, force stopped etc), technically speaking, can a malware still be "active and do what they "meant" to do"? I meant after all, they are meant to do something "out of control" right?
bagachin said:
Yap, what I did for those two apps I mentioned are turning off all permissions access to them, disable app for the one I can and turn off background data access. Hopefully it will freeze them for good and stop them from playing naughty.
Just a question though, say I do all those above (e.g. switching off permission, force stopped etc), technically speaking, can a malware still be "active and do what they "meant" to do"? I meant after all, they are meant to do something "out of control" right?
Click to expand...
Click to collapse
No, if you revoke the permission to view your contacts, it is the system that is blocking the apps ability to view your contacts.
Though I think you are being a little paranoid.
Everyone freaks out out all the permissions apps require, when the app actually never uses most of the permissions it asks for, at least not in the way you think. You wouldn't think the launcher needs permissions to access your contacts, but it does. How else is it going to allow you to make a call, or display an incoming all, or missed call/text badges.
I mean take a look at the litany of permissions Nova Launcher and TeslaUnread require, yet we all know the app is not malware. As long as you install from legitimate sources, you will be fine. Like I said in my first post, disable the Beauty app, the other is the Launcher. If you don't like it, install a different one.
Sent from my SCH-R220
Who would you rather have snoop in on your calls? China, or USA.. Because it is one or the other.. me personally, I will take the country in which I do not reside...
mattzeller said:
No, if you revoke the permission to view your contacts, it is the system that is blocking the apps ability to view your contacts.
Though I think you are being a little paranoid.
Everyone freaks out out all the permissions apps require, when the app actually never uses most of the permissions it asks for, at least not in the way you think. You wouldn't think the launcher needs permissions to access your contacts, but it does. How else is it going to allow you to make a call, or display an incoming all, or missed call/text badges.
I mean take a look at the litany of permissions Nova Launcher and TeslaUnread require, yet we all know the app is not malware. As long as you install from legitimate sources, you will be fine. Like I said in my first post, disable the Beauty app, the other is the Launcher. If you don't like it, install a different one.
Sent from my SCH-R220
Click to expand...
Click to collapse
Unfortunately the way things are with the permissive Android system, we have to be a little paranoid. The built in system apps like launchers and permissions can't be disabled easily unless the user is technical enough to know about rooting using apps like xposed/xprivacy.