App Permissions - Little Help Please - Verizon Samsung Galaxy S III

I'm still newer to Android and today realized the permissions that apps request. Before I was quick to just accept & go. I was about to install an app that is requesting a LOT of permissions. Phone calls, hardware controls (pics/vids at any time), and network communication (SMS I believe). My questions are simple.
1. Do certain custom mods, like Synergy? Do some mods already implement certain things into itself to disable some of these features? I understand this is a mod-by-mod basis if so. Does Synergy do anything to disable this crap, anybody know?
2. How worried do I have to be about this? Will the app literally take pics and send them out without my knowledge? Or is it only the pics I take it can send out? How does this work?
3. Which of the permissions that apps request do I really need to keep an eye on and watch out for? AKA, what could take info/pics that I dont want it to?
4. Is Anti-Virus software REALLY necessary since I'm all rooted and such? I read articles saying it's useful and others saying it doesn't even provide much protection, and the chance to get something is quite rare if you only use google play/android market?
Thanks in advance for any and all help. I ditched Apple and AT&T for this thing, and with it being rooted, I am unbelievably happy I made the switch to both VZW and the S3! AWESOME phone, screen size, and customization!
Edit: Posted wrong forum....Shoulda been Q&A forum. Devs plz move.

1. Not sure. I haven't played with synergy.
2. What kind of app is it? This is huge into what kkind of permissions it needs. If its a live wallpaper app it shouldn't be asking to be able to read your contacts or send SMS. You just gotta think what does this app do and why does it need this permission. A launcher app like Apex or Nova needs A LOT of permissions. To be able to make calls and send SMS and work the camera as a launcher can do all of those. Does a game need the ability to do that though? No. It may ask to read your contacts so it can share crap with your friends though. It can be hard when you look at permission apps ask for to decide it its legit or not. If you can't decide just don't download.
I try to only download hugely popular apps that I know aren't malware. If its got over 100k downloads chances are it is a safe app.
Permissions are tricky and until you realize all an app can do you wont understand why it wants to do some things. It took me a good year of downloading apps and reading about things toto get a great grip on permissions.
The biggest thing is common sense. What does the app do and why should it need this permission. An SMS app needs permission to the camera and to send SMS that cost money and read your phone book and such. But if I download a live wallpaper or a weather widget...why would they need such abilities. That should raise a HUGE red flag. Anytime you see "can send SMS that may cost you money" in permissions try to figure out why it needs that. Cause the last thing you want is to DL it and tomorrow have $600 in txt fees.
I don't believe in anti virus on my phone. Yeah you can get em and some love em. But really. If you just use common sense and don't download suspicious things you shouldn't need one. I refer back to only download trusted apps. If it has less the 1k downloads. Be wary. It may be a new app that a dev just launched. Or it could be a reason for the lack of downloads. Look at reviews ALWAYS. Yes many are from morons. But some are helpful. Also if you want a popular game go straight to the devs for it in the market. Many times bogus apps are posted that spoof popular apps like angry birds. Download the one with millions of downloads. Not the one with a thousand.
The more you use your device the more you'll understand. I download plenty of apps from XDA with very few downloads in the market and have been safe. But this comes from knowing and trusting a developer. That's why these forums rock. You can get in on an app in its infancy and help test it and make it grow.
--Sent from GlaDos baked potato

Google is eventually going to have to step in and put a stop to this, but more and more apps are requesting permissions that they have no business requesting. It is unfortunate, especially when the intrusive app is one you would like to have.
I choose to completely disregard any app that asks for permissions it is obvious it doesn't need. The exception being internet access for ads, as incorporating ads into an app can be a legitimate way for an app developer to generate revenue. (And the unsightly ads can be removed with an ad blocker like AdAway, so it's kind of a win-win).
However, if there is an app that you just "need" to download or would just like better control of your phone, you could download an app called "Permissions Denied." This app let's you decide what permissions are granted to each app.

i use LBE Privacy Guard to help manage my permissions. You can mark certain apps as trusted and deny specific permissions for other apps. Also lets you know when a specific app is trying to access certain functions. Only had it for a couple days but liking it so far.
i used to run an anti-virus, AVG to be specific, but after a while just decided to get smarter about what i install and have been going without one.

Related

Good News for Developers, Bad News for Pirates!!

http://www.engadget.com/2010/07/28/new-licensing-service-replacing-existing-copy-protection-metho/
Looks like pretty soon the days of people copy and pasting apk's all over the place are coming to an end.
I hope this doesn't make theming harder.. We'll see.
From reading that article,
Seems like airplane mode or a firewall would crush all the hopes and dreams of google and app devs.
It seems that every time we open an app it needs to verify that it's been paid for by contacting a "licensing" server and retrieving a response.
I feel like that could slow down launch times, and being unable to use an app when offline would be like UBISOFT hell all over again.
I really hope google puts a lot of thought into this..
I wonder if this if already being done? Every time I try to play that golf game on my EVO on an airplane while the radios are off I get a FC when it starts. As soon as I an on the ground and turn the radios on the game works fine.
Sent from my PC36100 using XDA App
what if you are in an area with no signal or on a plane or something? you cant open any apps???
This is already in place in a number of apps, one is IP Cam Viewer.
I paid the money for it. I transferred all my files to my wife's Evo 4G, and thought "hell I'll see if it works..." Well it didn't. When I try to open the app, it tells me that I have to purchase it from the marketplace.
I'm all for buying apps when they're good, and I understand single user licensing. Guess I was just hoping I wouldn't have to spend double the money for all the apps I use.
simplyphp said:
This is already in place in a number of apps, one is IP Cam Viewer.
I paid the money for it. I transferred all my files to my wife's Evo 4G, and thought "hell I'll see if it works..." Well it didn't. When I try to open the app, it tells me that I have to purchase it from the marketplace.
I'm all for buying apps when they're good, and I understand single user licensing. Guess I was just hoping I wouldn't have to spend double the money for all the apps I use.
Click to expand...
Click to collapse
I've heard of couples sharing the same email as apps get replicated on the two phone
I can confirm that they don't get replicated..
I have two evo's right now under the same email and they're definitely not replicating crap.
cahiatt said:
I wonder if this if already being done? Every time I try to play that golf game on my EVO on an airplane while the radios are off I get a FC when it starts. As soon as I an on the ground and turn the radios on the game works fine.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Now that's a problem I understand about paying for apps but not working when I'm in a place with no signal. I see a law suit brewing up. I paid for the app I should be able to use the app whenever I want to. Class action law suit coming real soon.
Sent from my PC36100 using Tapatalk
Crap....
"A limitation of copy protection is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, a copy-protected application cannot be downloaded from Market to a device that provides root access"
...Seriously???
EDIT - the above quote was misrepresented in the place I copied from...research shows it to be misleading. the actual bit of Google's text is posted over on page to of this thread. disregard my indignation in this post...
This is discouraging, because a lot of people like to try the full before they buy it expecting more than what full has to offer, only to be disappointed later.
willwgp said:
This is discouraging, because a lot of people like to try the full before they buy it expecting more than what full has to offer, only to be disappointed later.
Click to expand...
Click to collapse
You do get a 24 hour refund option when you buy from the market so I'm not worried about trying before you buy. I do worry about not being able to play something when I'm in the bathroom at work because I don't get a signal there.
well how many ppl do actually piracy apps??? oh my bad forgot that this is Android, for a second i though it was apple!!
Just to clarify a couple of things:
There are 2 ways to use the Licensing - one is Strict - you CAN NOT USE THE APP WITHOUT ACCESS TO MARKETPLACE. Personally, screw that.
Option 2, however, is a non-strict policy. Server managed, where the license is 'cached' to storage. You also can programmatically set how long your app can be used without any license check.
That'd be the way i go
josue85 said:
You do get a 24 hour refund option when you buy from the market so I'm not worried about trying before you buy. I do worry about not being able to play something when I'm in the bathroom at work because I don't get a signal there.
Click to expand...
Click to collapse
That'll be up to the developer. I like this approach, as I'd be happy to do say... a 5-7 day turn around on the license check. After 7 days with no data signal, seriously, where the hell are you? LOL
Besides, if you've used a paid app for 7 days, and by that time can't decide if you need it or not - wow.
And of course, as soon as you got signal again, the license check would go through and you can use the app again, no problem.
I'm sure there will be UbiSoft and EA style implementations though - way too damn draconian for my tastes. I don't care to know every single second that someone's using my app. I would just like to know that they haven't 'copied that floppy' as it were LOL
I have no doubts this will be defeated in time, though. All it would really take is mimicking the server license response, which can be extracted from the locally cached license of an actual paid product.
People that pirate software are going to do it, regardless. Don't make the honest people pay the price of draconian DRM.
The best approach I can make as a developer, is give my customers the features they want, in a stable, good performing package, and discourage 'casual' piracy. Beyond that, it's out of the developer's control, and honestly, any more than that usually just pisses off the customer and annoys the pirates for about a day and a half.
Ok...had to read the SDK paperwork as I really wanted to know this...my previous post was incorrect and here is the update...
From Google:
Android Market Licensing is a flexible, secure mechanism for controlling access to your applications. It effectively replaces the copy-protection mechanism offered on Android Market and gives you wider distribution potential for your applications.
A limitation of the legacy copy-protection mechanism on Android Market is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, an application using the copy-protection mechanism cannot be downloaded from Market to a device that provides root access, and the application cannot be installed to a device's SD card.
With Android Market licensing, you can move to a license-based model in which access is not bound to the characteristics of the host device, but to your publisher account on Android Market and the licensing policy that you define. Your application can be installed and controlled on any compatible device on any storage, including SD card.
Click to expand...
Click to collapse
Also...there are options for the Devs to allow for apps to be used a chosen number of times before they need to check in for licenses. Strict has to check in every time....other option allows dev to choose based on times used or time since last check in.
SO...all in all I am much less worried about this now.
topdnbass said:
I can confirm that they don't get replicated..
I have two evo's right now under the same email and they're definitely not replicating crap.
Click to expand...
Click to collapse
With licensing the dev can choose whether an app can be accessed from different phones. It is an option...
(greeked...multiple times)
Question: Does that mean we won't be able to open, modify, and resign apks? Like...to change the appearance (make a widget clear, etc).
More like bad news for paying consumers. That's who always pays for everything. Those of us who actually buy the products.
I plan on speaking with my wallet. I wont buy any app that requires I have an internet connection.
A limitation of the legacy copy-protection mechanism on Android Market is that applications using it can be installed only on compatible devices that provide a secure internal storage environment. For example, an application using the copy-protection mechanism cannot be downloaded from Market to a device that provides root access, and the application cannot be installed to a device's SD card.
Click to expand...
Click to collapse
Wait so according to google us rooted folk couldn't download copy-protected apps before now?
Urrr, i think im missing something
This is actually a nice implementation for both the software developer and the user. Most will implement this where it only has to check-in every week or two. So the odds of getting caught in a spot where there is no connection is low.
At the end of the day, it is a pretty straightforward way to handle copy protection that really shouldn't inconvenience anyone.
Also it will bring more developers to the platform if they know they don't have to worry as much about piracy.
Piracy will still run rampant. People will find ways to circumvent this, that's just how it is. At least it will curb some piracy since copying and pasting an apk file wasn't much of a deterrent.

Android Security Warning!

Hello world
I think android is the best system for smartphones, but its very insecure if you don't secure it and just let it on stock!
Root it, get rid of some apps, optimize it and get the necessary apps and custom it as you wish!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Did you know that a normal app with all permissions can get all your data?
-gps location
-contacts
-logs
-screenshots
-hidden camerashots
-sms/mms
-emails
-photos
-etc
BELIEVE IT OR NOT, THIS IS FACT !!!
There was recently a test in germany within a documentation about internet security, where a developer made a app with all the rights to do the things above and send them hidden in the backround to a specified server to that he had access. So he could read and see all the things above and it was even updating immediately after a new sms or something came in and the testuser who installed it had no clue at all and was shocked when they told it to her.
The App itself was just making photos with a black censor stripe in the eyes and it seemed that it never could do that, but all the real action is going on in the backround.
By the way, he sayd it was very easy and many apps could do that and most of them really do that.
And what I know, many of you don't know or don't care or just don't know how to be safer and spread all your information to some companys that like to have them alot. And they allways want more.
Maybe you should spread this information by quoting this post or linking to it, because many people don't like to be ripped of their information.
Or do you like it, when someone is standing close to you and listens all what you say to your friends, when you have a private conversation ? I think not!
If you have "nothing to hide" and you don't care and its ok for you that some people know ALL about you, just don't read on, close this tab/window and go update your status on facebook!
Just remember, if you are not secured, you give all your data, when do you called who, what did you wrote to who, your actual location and your next meeting points or todos and many more things.
Here are some Informations about the Topic:
• http://www.ppcgeeks.com/2011/08/24/android-now-worst-os-for-malware/
• http://blogs.wsj.com/wtk-mobile
Go here to save your privacy:
www.tinyurl.com/androidprivacy
check out my signature also.
and be safe!
All i ever say to people is use common sense, if it's questionable then don't install it!
d3t0x said:
All i ever say to people is use common sense, if it's questionable then don't install it!
Click to expand...
Click to collapse
Thats right!
But does it help, when the common sense tell you it's just a app to make some stupid easy things that seems to have nothing to do with the funcionality discribed above or even when its the only app of its kind ?
And a big threat are preinstalled systemapps, that have all the rights to do that kind of stuff.
And by the while.. google likes to collect your data most of all.
So no wonder why it's so easy possible to do that kind of things.
Its like a super trojan horse in every mobile device with android..
But I found some tools/apps to protect your privacy, just check my signature, there they are listed!
at least it will help, to get rid of most of the threads and your data will be more saver then before!
common sense x2
(•.•) said:
the testuser who installed it had no clue at all and was shocked when they told it to her.
Click to expand...
Click to collapse
her = no common sense. Nothing new there... ;D
mmmmhhh there are so many apps...
is there a list of really questionable ones?
too lazy to check the permissions of each I have installed....
AND PLEASE put away this flashin' rainbow - you can't read anything without coming near to epilepsy
Honestly privacy and security has gone out the window and within the past few years it has really gotten worse! These major problems aren't exclusive to phones or operating systems but everything. However there are ways to protect yourself or at least try. Common sense is a big one as others have mentioned. Ie: my mom knows ms office, ie9, and some other basic programs however she wouldn't be able to tell If she's on a scam site If it hit her on the head. Its pretty simple though some sites, or apps, just feel malicious. Good luck people!
Sent from my HTC Glacier using XDA App
Common sense
maybe get permission dog free from market to see how dangerous an app can be..
and then get lbe security guard to really block the **** out of the fkn app, that wants to suck your data out of your pretty android smartphone
Just an example... why angry bird needs to have gps permissions ?
common sense will tell you, its a game and don't need that at all.
Or most apps just want to read your imei, but they don't really need that.
For example I untrusted all systemapps and I blocked all IMEI-Permissions and all GPS-Permissions, but not the one from the navigation software, but there i blocked the internet, as well as on many others in a dual way, by droidwall (iptables) and by lbe security guard (permissions).
that should give you some idea... but check it out yourself.
As I said, you will be amazed how many apps want to get your data.
(•.•) said:
maybe get permission dog free from market to see how dangerous an app can be..
and then get lbe security guard to really block the **** out of the fkn app, that wants to suck your data out of your pretty android smartphone
Just an example... why angry bird needs to have gps permissions ?
common sense will tell you, its a game and don't need that at all.
Or most apps just want to read your imei, but they don't really need that.
For example I untrusted all systemapps and I blocked all IMEI-Permissions and all GPS-Permissions, but not the one from the navigation software, but there i blocked the internet, as well as on many others in a dual way, by droidwall (iptables) and by lbe security guard (permissions).
that should give you some idea... but check it out yourself.
As I said, you will be amazed how many apps want to get your data.
Click to expand...
Click to collapse
Thanks! Already had Droidwall but LBE was a nice find. Hit the thanks button earlier but thought I'd post a comment. People might also want to try Autostarts which lets you decide which apps and resources start at start-up kind like msconfig on windows. Also watchdog is a nice monitoring tool so that you can see which apps are taking precious cpu.
Question: How's LBE on battery? Hope it's not bad, I need my power
ACis0014 said:
Thanks!
...
Question: How's LBE on battery? Hope it's not bad, I need my power
Click to expand...
Click to collapse
Really no problem at all, in fact you will have even more battery, because those controlled apps don't activate some services in the backround anymore and that actually could drain battery from your phone, like gps or something..
I suggest you to add the link of DroidWall and the (excellent!) LBE in the OT
I personnally set GoogleMap on "prompt" for my location, it's quite impressive how often GMap ask for location...
I hate to throw this out there, but there seems to be a little bit of misinformation going on here.
1)Those apps that protect you, they very well may be the very apps that are stealing your information. Most malicious apps masquerade as security apps.
2)Google collects all your information anyway. And they are hacked a lot. If you have an android smartphone, your information is not secure anyway. But in the end, what's the big deal, really? Some extra spam for you to filter in your inbox? So what if they know where you are, are they going to pull up in an unmarked van when you are alone and kidnap you? The freedom of information is what makes android so great, and Google so effective. It makes your lives easier. If you don't like it, go to Apple. At least hey don't track you....oh, wait...
3)Apps need permissions for a variety of reasons, some not so obvious. Ad-mob, and other ad related software, needs GPS data to tailor ads to your location. Ad supported Angry Birds needs GPS to run the ad software. They aren't tracking you, they are making the annoying ads less annoying by making them relevant to you. Do you care about that great 5-star restaurant in California if you live in Maine? No. But having GPS info enabled allows them to show you that great lobster place you never would have known about, and is now your favorite place to eat. And IME? Do you not like typing, or performing any action in a game? It needs IME permissions because IME = Input Method Editor. So sure, if the game is solely based on motion controls, then having access to the IME isn't so important, and you might want to be suspicious. Otherwise, it is needed for the app to function.
Look, I'm not saying don't be wary of what apps are doing to your phone, and I'm not supporting the stealing of information. I'm just saying, I hate misinformation, and I have been seeing too much of this kind of paranoid security concerns. Do what you want, its your phone. But just remember, don't be too cautious to live a little.
If you're using it for corporate uses and have sensitive information that could actually be used for gain, then you need to get a blackberry maybe. For personal use, its just a phone and the info you put on there really shouldn't be life changing enough for someone to go through the work to get. I think sometimes our Ego tells us that someone cares enough to hack our device when in fact, no one gives a crap.
It's a serious problem!!
read on
devator22 said:
I hate to throw this out there, but there seems to be a little bit of misinformation going on here.
1)Those apps that protect you, they very well may be the very apps that are stealing your information. Most malicious apps masquerade as security apps.
2)Google collects all your information anyway. And they are hacked a lot. If you have an android smartphone, your information is not secure anyway. But in the end, what's the big deal, really? Some extra spam for you to filter in your inbox? So what if they know where you are, are they going to pull up in an unmarked van when you are alone and kidnap you? The freedom of information is what makes android so great, and Google so effective. It makes your lives easier. If you don't like it, go to Apple. At least hey don't track you....oh, wait...
3)Apps need permissions for a variety of reasons, some not so obvious. Ad-mob, and other ad related software, needs GPS data to tailor ads to your location. Ad supported Angry Birds needs GPS to run the ad software. They aren't tracking you, they are making the annoying ads less annoying by making them relevant to you. Do you care about that great 5-star restaurant in California if you live in Maine? No. But having GPS info enabled allows them to show you that great lobster place you never would have known about, and is now your favorite place to eat. And IME? Do you not like typing, or performing any action in a game? It needs IME permissions because IME = Input Method Editor. So sure, if the game is solely based on motion controls, then having access to the IME isn't so important, and you might want to be suspicious. Otherwise, it is needed for the app to function.
Look, I'm not saying don't be wary of what apps are doing to your phone, and I'm not supporting the stealing of information. I'm just saying, I hate misinformation, and I have been seeing too much of this kind of paranoid security concerns. Do what you want, its your phone. But just remember, don't be too cautious to live a little.
Click to expand...
Click to collapse
@devator22
You have some points, but overall the wrong point of view I think.
1. Right, security apps are a big security flaw also, many antivirus apps / security suites on your pc are the perfect tools to do all the bad things they should protect you from, but now they have the monopol to do that, if they are installed.
Better just use a sandbox tool and good firewall. I sayd a good firewall, not Zonealarm!
But LBE Security Guard isn't a bad tool at all, its opposite, really good!
And by the way you can block any internetrequest with droidwall for lbe and all other tools, so even if they would like to do some bad things, they could not get it away from your phone!!
2. Whats the big deal? That any company can come along with their "nice" app and spy your whole life out of your phone! All your really private data, like photos,passwords and stuff like this. And why should anyone get so far into your life without your permission ? Ok, yeah lol, you gave the permission when you installed the app, so you could use it, but noone would really give a permission to all the spythings some apps do..
3.
So why should give the apps on your phone some specific permissions, if you could just denie, but use the app anyway?
And why should you take the risk, when you could avoid it!?
It's not a heroic risk or a risk, that could move you forward in anyway, but it's a risk, that can make you naked and off guard in some way.
and it's not even a risk, but a fact, that they take what they can in the digital world as you should know! But only if they can take it, they will. When they can't get anything from you for their statistics and datamining tools, for profilecollecting etc. they will not have them, at least not your photos, not your passwords, not your life!
And if you choose to use Apple, you can't even choose your privacy, because they track you and all your private data anyway.
GPS, your actual position, where you actually stand with your human body.
You can have it enabled for all your apps that want to give you "some ads" to maybe find a good restaurant by mistake.. lol.
If you want to use gps to find some good restaurants your should get a specific app for that and only allow it for this app for some time and not all the time for all apps, that want to geocache (catch) your specific movement in the world and put it into profiles.
Its not IME, but IMEI = International Mobile Equipment Identity that many apps like to record/read, to identify your phone.
Ok hope you got some motivation to use the tools, I and some professional dataprotectors would recommend you to use!
Maybe I will write a "How to" to be really secured.
So now get finally some privacy and install at least lbe security guard and droidwall. and don't forget to untrust the systemapps to under app management, the 3rd tab at the bottom.
I wish you a good year and alot of fun with your smartphone.
Apps ask for YOUR permission if you allow them to access your data/information when you download. If a game asks for your Data information you will obviously be suspicious. Pre-installed bloatware/apps are safe and you should not stress out because some can look at your data. If a big carrier/google pre-installed malicious applications on the phone they would face huge problems. There's really no need to be afraid. Just look at permissions, comments, and rating of the app. I think your misleading people to think it's a bigger deal then it is. Yes there are malicious applications, but you just got to use your brain.
Feeshie said:
Apps ask for YOUR permission if you allow them to access your data/information when you download. If a game asks for your Data information you will obviously be suspicious. Pre-installed bloatware/apps are safe and you should not stress out because some can look at your data. If a big carrier/google pre-installed malicious applications on the phone they would face huge problems. There's really no need to be afraid. Just look at permissions, comments, and rating of the app. I think your misleading people to think it's a bigger deal then it is. Yes there are malicious applications, but you just got to use your brain.
Click to expand...
Click to collapse
You are wrong a little bit wrong here in some points.
The main thing is of course they ask you for permission.. but you must accept it in order to use it.
Maybe it's the best app of it's kind and you want to use it.
But they ask you for permissions you don't want to give at all ? Why should you allways give your position to the app > to the server > to the company > to some worker of the company > to some stranger ?
Do you really think, only because they are preinstalled they are safe ?
You kidding? Just look it for yourself what the pre-installed wants from you..
And Google don't need to use malicious apps etc.. they just call it sync.
AutoSync your contacts, passwords, emails, sms, calendarentrys...
Nothing else is what a trojan does, it gets your sensitive data, but the main difference is, that you have access to your data on google and on the trojan someone else has access but you don't. But doesn't it mean, that google have access too ?
They collecting as much as they can.... they have the biggest database of human activity, besides facebook!
Just don't at least give them 1 more private profile..
devator22 said:
I hate to throw this out there, but there seems to be a little bit of misinformation going on here.
1)Those apps that protect you, they very well may be the very apps that are stealing your information. Most malicious apps masquerade as security apps.
Click to expand...
Click to collapse
This is a good point. While the LBE Privacy Guard seems like a nice app, there's no source and the author is some anon Chinese guy. So no auditing by third parties or myself for suspicious code added by Chinese intelligence or whoever. Doesn't inspire much confidence at all. Misidentifying the software in this thread doesn't help either, did they just change the name or was it ever called "LBE Security Guard"?
2)Google collects all your information anyway.
Click to expand...
Click to collapse
If they can do that, then all is lost. But this kind of claim needs proof as well. We should have some idea from the hackers if this really is the case.
3)Apps need permissions for a variety of reasons, some not so obvious. Ad-mob, and other ad related software, needs GPS data to tailor ads to your location. Ad supported Angry Birds needs GPS to run the ad software.
Click to expand...
Click to collapse
Angry Birds surely doesn't need to have your exact location down to a few feet via GPS just for ads?!? No, GPS location could be used to see who you might be playing Angry Birds or doing anything else with. Enables rather sinister overwatch don't you think? Even though they might claim to maybe offer some couples oriented ads based on this information too.
They aren't tracking you, they are making the annoying ads less annoying by making them relevant to you.
Click to expand...
Click to collapse
Let's just keep in mind who we're talking about here, people who root their phones. No advertiser is going to care about a small fringe group like us. BTW, it looks like stopping network access in Angry Birds makes the ads a whole lot less annoying in that it doesn't show them at all in that case... And again, our small fringe group isn't going to kill off Rovio even if we don't see the ads.
whats that
IS it True ,, it mean our data is not save on andriod?
is there any option or software to save data.
i m really shocked about it
its a latest news for me becouse i m android smart ph user.
help me and satisfied me which option make my cell safe.

ChompSMS flagged as malware by several AV's

Hi ppl in the xda hood
I just write to let you know that ChompSMS has now been flagged as malware, both on 2 phone here locally with Avast as scanner, and subsequently by upload to Virustotal, and flagged by some of the major names too.
This concerns both the 5.30 and the update from tonight to v5.31
As Im new, I cannot post urls, but you can dump the apk from both versions, upload for a scan, and have a look at the report yourself from virustotal dot com
XDA must decide if its worth it alarming the community, but better safe than sorry, right?
I guess it could be a false positive, and I do know things should not be rushed about accusations of malware developing, but seeing that several of the major scanners is flagging it both before and after the update, certainly raises my concerns.
I hope those of you who knows your way around decompiling and analyzing code will look into this, so that we can get more eyes on it than "just" the AV companies reports.
Sincerely, Omnius
After a bit of micro-investigating I have so far found these domains in the code, so if you do HAVE to use ChompSMS, (I do) you can ad them to your HOST file, just for the sake of it.
I dont know when or why they will be used but as they are in the code, there is a potential connection lurking in it. Decide for yourself, untill further ppl have a close look than mine.
Im not a dev of any sort, but I do know how to poke around to learn. Therfore please do not just take my words for granted until more competent ppl here have their say.
I do know that a few of these is for "normal" android app ads, and analytics and so on, but these are my finding so far, so filter our what you like it to connect to yourself. If you dont mind ads connections in-app, serve your wish, so to speak.
millennialmedia.com
gateway.textfreek.com
report.bitesms.com
nexage.com
inapp.chompsms.com
adserver.com
greystripe.com
smsgateway.chompsms.com
m.advc.us
cvt.mydas.mobi
rest.starttalking.com
mobileads.google.com
I used to love chompsms... now i guess I'm using GoSMS...
Sent from my Nexus S using XDA App
All of them appear to be valid to the program. Half are ad for ads, the other half are for functionality in ChompSMS.
I would be careful on using go SMS as well.
Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.
Anything with ads will always be flagged as it connects to an unknown server.
zelendel said:
I would be careful on using go SMS as well.
Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.
Anything with ads will always be flagged as it connects to an unknown server.
Click to expand...
Click to collapse
chomp was never flagged before the 5.30 update a few days ago...
really bothers me, i love chomp. i donated to remove the ads. i'm hoping they fixed it with 5.31 and the virus scanners are just still reporting it as a false positive. until it's sorted out though, i uninstalled...
Update : avg doesn't detect anything wrong with the newest version, 5.31.
Lemme tell you...
I noticed the new permissions requested in 5.30 (special access to browser history/bookmarks), and kinda shrugged it off. Dumb move on my part. Immediately upon launching 5.30, I get a notification from ADWLauncher that it cannot fit a new shortcut on my desktop (because the main page was full). So I'm naturally all like WTF... so I flip through my desktop pages to notice that ChompSMS had made itself a shortcut to searchmobileonline.com.
I also heard that it replaces your default browser home page and search method with the same. I use xScope exclusively, so I haven't been able to check that yet.
Delicious, Inc. has really crossed the line with this latest stunt. What were they thinking!? ChompSMS was the best Android messaging app IMHO. Why jeopardize such a great reputation? If it's money they were after, I'd imagine they could've raked in a nice bundle of cash for selling the product to another company.
Does anyone have a copy of this apk that I could take a look at?
kyokeun1234 said:
I used to love chompsms... now i guess I'm using GoSMS...
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
GoSMS is a security risk
Sent from Narnia
xHausx said:
Does anyone have a copy of this apk that I could take a look at?
Click to expand...
Click to collapse
I know this is a old thread but better than starting a new one.
I would like to ask if there is any news on this. I love chomp SMS, imo the best messanger for my taste. I have bought the pro version, to stay away from ads and unnecessary internet data. I have chomp on a brand new phone, no sim card, no messages, just activated chomp and my firewall instantly found chomp active on internet. I watched this for some time and really chomp was trying to do something even I did nothing with it.
important note: there is no data mining in any of their terms. Or at least I did not find anything.
So I contacted chomp about the behavior and they said that "they never seen this before" and suggested reinstall. I did, didn't help.
On the second try, they told me that it is connecting because of ads, but I had the pro version (and they knew it). So no luck.
After the third attempt, they said that chomp is sending once a day info that it is installed so they know how many installs they have.
This sucks a lot. Security concerns appears instantly.
I think it would be worthy to literally sniff a bit around this, since so many people is using chomp.

[Q] Permissions from Apps-concerns

Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Rebel60 said:
Ok, I'm a Noob on here. I just got a Android phone & I am interested in various apps from the Android Market but when I read the permissions that most of the apps have listed as to what they can do to the phone and to your privacy I am quite concerned. Is this really an issue as people seem to download apps without worrying about what the app is or could do without your knowledge. I have searched on here & elsewhere & no one seems to be address the issue. Am I just being paranoid?
I have seen that a lot of these apps will prevent the phone or tablet from going into sleep mode, is this true?
Thanks hope I haven't stepped on any toes by asking this, but I can't seem to find anything on the subject. So far I have decided not to download much a select few apps.
Click to expand...
Click to collapse
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
If rooted, search for "PDroid" on XDA to control permissions, or search for "Betterbatterystats" to find programs producing wakelocks and preventing deep sleep.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Dark3n said:
But then don't complain if the apps malfunction as a result of interferring with permissions or wakelocks.
Also this is kinda missing the question of the thread.
Click to expand...
Click to collapse
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Rebel60, feel free to peruse these threads and see if either is the right fit for you.
http://forum.xda-developers.com/showthread.php?t=1357056
http://forum.xda-developers.com/showthread.php?t=1179809
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
Trying to figure out how either of the options I listed does not address the concerns in the OP......
I think you should re-read the OP. Perhaps slower.
Betterbatterystats- used to indicate apps that are using wakelocks that prevent or interrupt deep sleep. Does nothing else. Does not stop them or even hinder them in any way. Its simply a tool to identify problem apps. How does that interfere with the apps themselves?
Pdroid-gives the ability to block (or regulate) unwanted actions from the apps specified by the user. Basically solves the permissions concern in the OP. And does not require root access to operate. The whole point of this software is to interfere with the users apps. If a program is looking into my contacts, I'd like to be able to stop it. If a downloaded app stops functioning because it wants access to my contacts for no discernable reason, delete the app. This app is only needed because of the plethora of greedy sometimes malicious developers releasing software that invades user privacy.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Click to expand...
Click to collapse
How is viewing aquired wakelocks helping the OP understand what aquiring a wakelock does, and why the app did it? It's not about who, but what and why. Any type of wakelock an app aquires prevents deep sleep and a wakelock can not be used to interrupt a device that is in deep sleep.
Again the question was not about blocking permissions, but why some apps want all those permissions and why no one seems concerned with the obvious privacy issue.
While PDroid does not require root to operate, it does require it to be installed, so in the end it still needs a rooted device.
Why did you install an app that needs a worrying permission for no discernable reason anyways?
Thanks for the general developer insult. Developers really are the greediest folks *sarcasm* of them all.
Where did you take that from? How many developers of greedy apps did you ask about the permissions they request?
You can't really make that assumption as just a requested permission doesn't do anything at all by itself and what the app is actually doing with it, is unknown without sourcecode.
...and now i jumped aboard the off topic train, damn
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is important. It allows the user to identify the trouble app and either tinker with its settings to reduce the wakelock or delete it altogether if the app is not important to the user. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes and change them to longer sync periods which would dramatically decrease those pesky wakelocks and save some battery life. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. This of course is only one of many applications this program can be used for.
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Rebel60, I hope you find a way to fully utilize your device without fear of privacy infringement or apps that excessively deplete your battery. There are many people on XDA with a passion for these devices. And many different opinions. Take the time to evaluate your options and pick the right solution for you.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Aerocaptain said:
In most cases, it does not matter why an app uses wakelocks. The fact that it does alone is the issue. Generally speaking, if I would like to maximize my battery endurance, the need to minimize wakelocks is a necessity. After several months of use, a user may not remember every setting he/she setup in their apps. Utilizing betterbatterystats, one could identify the apps that use short sync intervals such as email syncing every 15 minutes or weather syncing every 30 minutes. Both of those simple examples illustrate in general terms, how important knowledge of wakelocks could be to the battery hungry user. With that knowledge one could change their sync intervals and save precious battery life.
Click to expand...
Click to collapse
True, it would definitely help a user identifying battery drainers and in those cases it does not matter why the wakelock was aquired if it is what causes the drain. But the question was not about batteries, but about what/why wakelocks are and the description of the wakelock permission itself.
While BetterBatteryStats being a great tool, it does not answer that question. (Hence my offtopic remark)
Aerocaptain said:
My Pdroid example, once again was a generic sample of the many ways app privacy is a concern. There are a ton of apps on the market that uses the internet even though the internet isn't needed to run the program. Yes more than not, the app is either varifying license files or uploading "anonymous user stats," however that is not all cases and users should be able to control that app and the information it transmits.
Click to expand...
Click to collapse
While bug reports or anonymous statistics are one part of it, i think most of the internet permission needs come from ads that are displayed. I don't use ads, so i'm a bit unfamiliar on that topic.
If solely googles licensing service is used, the internet permission is not needed, just the 'CHECK_LICENSE' permission (which is an extra permission just for that purpose).
It is also often used to update the welcome dialogs with news, if a dev does not want to release a new version everytime he wants to tell his users something.
Aerocaptain said:
Finally, yes I looked up your information and noticed the developer notation and knew you would be offended by my developer comment. But I did not mean to insinuate that you were in that minority. I am unfamiliar with your work. Android is an open source platform and users should have full control over their devices. That is why I through those options out there. Anyone that disagrees with my full control statement should move to the iPhone and enjoy its closed platform.
Click to expand...
Click to collapse
I'm not denying that there are greedy and or malicous devs out there. It was the 'plethora of greedy sometimes malicious developers' that threw me a bit off. I see you meant it differently, as you wrote 'in that minority'. As english is not my main language, i might have understood it a bit too harsh too .
Most of my work falls into the 'Tools' category, if you have question about them (or the permissions ), write me a PM.
I fully agree that everyone should have full control over their devices and i also think that users should have the possibility of choice (i.e. apple selecting apps that are published vs androids more or less freedom of apps, though one might have to sort through a 'plethora' of useless apps, i wouldn't trade it for apples store).
[I needed all those big quotes to reflect what i'm responding to as you seem to edit your posts alot after you made the. Makes it a bit difficult to answer ]
Thanks
Dark3n said:
No worries, no toes are being stepped on.
I agree that the permissions required by apps can sometimes look worrying.
But the description is often misleading. Some times it just looks very intrusive but that permission is needed for something alot more simple. It's a broad topic.
Also alot of users are just not concerned by this or just go with the crowd.
Write the developer and ask him what the permissions are needed for, if his apps description is unclear on that or the permissions seem unrelated to the apps purpose.
When it says, prevents your device from sleeping, it is most likely used to prevent the screen from turning off or dimming while something is progressing on screen. It is also needed to ensure that the cpu finishes the current operation if you press the devices sleep button, so it doesn't stop at some random point which might lead to problems for the app.
If there is a specific app and its permissions you are worried you could just SEARCH and then make a thread and ask about it.
Click to expand...
Click to collapse
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Rebel60 said:
Thanks for the answer. I think this best answers what I was concerned about. A lot of apps say that they can dial numbers in your contacts, alter settings, and a lot of other things that make me hesitant to download the app.
My phone is not rooted, although I would like for it to be, but am afraid I will brick it if I don't do something right. I don't know anything about wavelocks etc.
Click to expand...
Click to collapse
Whether your new to android or a veteran, XDA has all of the information you'll need to educate yourself. Rooting is not for everyone and should only be attempted by someone comfortable with the process. It does however open huge doors to more control and customization with your device. My advice to you is first get to know the Android platform for a few months. In the meantime do some research and see for yourself the pros and cons of rooting. There are dozens of threads with people that are in the same situation as you. Learn from them and talk with them. If you have a direct question about android, feel free to PM me. I'd be more than happy to help in any way I can. Good luck & enjoy your device.
Sent from CDMA V6 SC GNexus w/Liquid & Franco.kernel
Rooting is pretty simple if you invest some reading time. Just make sure to search alot before asking .
Also be aware that giving an app root access is equivalent to granting every possible permission there is and more.
I'm sure most users are not fully aware of that.
So allowing an app root access is a huge trust investment in the dev, don't do it for fishy looking apps .
Read the description
Try reading through the apps full description. A lot of developers will explain why their app needs those scary sounding permissions.
If they don't explain, you could always contact the developer (seems almost like google requires app listings to include a 'contact the developer' link somewhere).

App Permissions - Need a little help

I'm still newer to Android and today realized the permissions that apps request. Before I was quick to just accept & go. I was about to install an app that is requesting a LOT of permissions. Phone calls, hardware controls (pics/vids at any time), and network communication (SMS I believe). My questions are simple.
1. Do some mods already implement certain things into itself to disable some of these features? I understand this is a mod-by-mod basis if so. Does Synergy do anything to disable this crap, anybody know?
2. How worried do I have to be about this? Will the app literally take pics and send them out without my knowledge? Or is it only the pics I take it can send out? How does this work?
3. Which of the permissions that apps request do I really need to keep an eye on and watch out for? AKA, what could take info/pics that I dont want it to?
4. Is Anti-Virus software REALLY necessary since I'm all rooted and such? I read articles saying it's useful and others saying it doesn't even provide much protection, and the chance to get something is quite rare if you only use google play/android market?
Thanks in advance for any and all help. I ditched Apple and AT&T for this thing, and with it being rooted, I am unbelievably happy I made the switch to both VZW and the S3! AWESOME phone, screen size, and customization!
Bump...
Ok, so maybe this is getting ignored because it's too much of a noob question, or self explanatory? Not sure, but I want to know how far this crap goes...To my worst fears, like hardware control can take pics any time they want and I never know about it, or is it not that bad?
Thanks in advance for any help!
It is somewhat self explanatory... just use common sense when downloading an app... If you don't think it really needs the permission that it's asking for then don't download it. For example, there's no reason a music app that plays your sdcard contents needs your GPS location, etc... Look at the reviews of apps in question also... that's your best indicator right there if the app is trustworthy or not... If it's a bad app then its going to have bad reviews.
See your other thread on this
http://forum.xda-developers.com/showthread.php?t=1860600
I tried to explain as best I can
--Sent from GlaDos baked potato

Categories

Resources