I've noticed sometime last year that local news apps developed by LSN Inc. requires hardware control of the phone camera. I suspect those apps actually snap pictures every time the app is opened.
Can the experts here help me validate this suspicion? Is there a way you can inspect for malicious codes in those apps?
Why suspicious?
sp_1st_timer said:
I've noticed sometime last year that local news apps developed by LSN Inc. requires hardware control of the phone camera. I suspect those apps actually snap pictures every time the app is opened.
Can the experts here help me validate this suspicion? Is there a way you can inspect for malicious codes in those apps?
Click to expand...
Click to collapse
Permission to use the camera is explicity requested. It probably supports a feature for the user to send pictures/videos back to the news station.
LSN Mobile has a legitimate looking website, including names of the officers
http://www.lsnmobile.com/about_us/our_team.html
... as well names/numbers/email for key contact personnel and physical address of the business:
http://www.lsnmobile.com/contact_us.html
Can I ask what makes you suspicious about these Apps?
Not sure if I should post a paranoid parrot meme, or a conspiracy keanu meme.
First, I can't find in the apps where a user can actually use the camera feature. And when opening the apps, it gives a completely black screen for several seconds before getting to the main interface. It makes me think it snaps an image during the black screen delay.
Why require permission to access the camera when there is no user accessible feature that requires it?
To GermainZ - I have seen you on the Tasker forum and always considered you a knowledgeable and helpful guy. Give this guy a break - he's just asking a question.
sp_1st_timer said:
First, I can't find in the apps where a user can actually use the camera feature. And when opening the apps, it gives a completely black screen for several seconds before getting to the main interface. It makes me think it snaps an image during the black screen delay.
Why require permission to access the camera when there is no user accessible feature that requires it?
Click to expand...
Click to collapse
The software from LSN gets a clean bill of health from mobilesecurity.com
http://appview.mobilesecurity.com/search?q=LSN
I downloaded the Local TV station LSN program to check it out, and I agree with you there is no accessible feature within the software to use the camera within the program that I looked at. Perhaps a capability for users to send pictures/videos is left over from a previous version or reserved for a future version. Perhaps it is a feature built into the general program that needs to be activated by the specific local TV station. At any rate, given the very wide use of this software by a seemingly-legitimate company, I personally wouldn't have a high level of concern about it. Also,perhaps it will help you to know that it can only take pictures when the program is running, not all the time.
There is a feature in the program where you can contact the developer... you might want to try that out to see if they have an explanation that satisfies you (and post any results back here if you do). There is certainly nothing wrong with a cautious and questioning attitude when it comes to permissions.
These posts make my day.
Sent from my cm_tenderloin using xda app-developers app
Electric Pete,
Thanks for not ridiculing my question. Yes, I presume it could only take pictures when the app is on. The are people who likes reading the news or checking the weather forecast while in the bathroom or as they come out of the bathroom. It's up to your imagination.
I'm not sure they would care to answer my question, because when I pointed this out in my user review of the app, my review is made invisible to the public. I actually waited for several days to see if my review would eventually become visible, but never. My reviews on other apps are visible.
If they are not guilty, they should not suppress my "wrong suspicion".
If the review you mentioned is on Google Play, I don't think the developer has any capability to supress that. Google runs the show there.
I do see your point about privacy. Reading the permissions and questioning the ones that don't make sense is good practice in my opinion.
electricpete1 said:
If the review you mentioned is on Google Play, I don't think the developer has any capability to supress that. Google runs the show there...
Click to expand...
Click to collapse
That is interesting. Why would Google suppress my review which can be considered laughable (as indicated by some reactions in this thread).
Anyways, thank you for giving time replying to this thread. If only I got the knowledge to inspect program codes of these apps...
By the way, the local news here where I live switched to different app provider. They listened to my concern.
Bottom line is, you could decompile the apk, edit the manifest and remove the camera permission (you could also check the output; or try a tool that decompiles an apk to java code, which will be much clearer, but it's still in beta if I'm not mistaken).
Monitoring the logcat/using the "ps" shell command might also reveal something useful, but I'm not if taking pics within an app starts a separate camera process ps would show.
Also, the logcat probably won't show anything useful, tho (the same thing applies; and if the app is malicious, it won't output anything malicious-related to the logcat).
Still think it's paranoid, tho. Why not contact the devs?
Related
Can't say I'm surprised, but you'd think MSFT would push out a quickfix to solve this issue after Apple's problems if it's true. Read for yourself...
http://www.mobilemag.com/2011/09/02...-location-data-from-wp7-without-user-consent/
Is not that I'd not believe something like this but is it a fact?
I mean all I've seen is brief and factless (I'm inventing here ) articles.
I remember iphone case to be proven, a fact.
Is this the case?
This isn't, or shouldn't be, news. Everytime you use location services on the phone data is collected and sent to Microsoft, and the phone/OS warns you numerous times about this. For e.g. every time you install an app that uses location services, it asks if you want to give that app permission to use location, and warns that every time location is used that data is sent back.
I don't like that it does this, and I especially don't like that you can't enable location services without also sending data back, but they have at least been upfront and honest about it.
stevenmu said:
This isn't, or shouldn't be, news. Everytime you use location services on the phone data is collected and sent to Microsoft, and the phone/OS warns you numerous times about this. For e.g. every time you install an app that uses location services, it asks if you want to give that app permission to use location, and warns that every time location is used that data is sent back.
I don't like that it does this, and I especially don't like that you can't enable location services without also sending data back, but they have at least been upfront and honest about it.
Click to expand...
Click to collapse
I agree, also, every major developer does this;
Facebook
Google
Microsoft
Apple
etc.
This is how they improve the user experience & add new features. I don't like it either, but if you want new better features, this is one main way they get the information on what is needed to be added.
I've been scratching my head about how this is such earth-shattering news as well. Sure, if there's a bug in the camera app (and it would be a bug, not some nefarious plan), and it sends location data when you have the option disabled in settings, then it should be fixed. But other than that, this seems like a huge non-issue, and I doubt that any class action lawsuit - if one really has been filed - would stand much of a chance.
I mean, let's be honest. How would people expect new features such as Local Scout to work without sending location info? It would be kind of difficult for the Bing server to provide a rich localized experience without it, wouldn't it?
You know what, there's a rather big mistake in this whole suit from the start. The setting is to turn of location setting when you upload a picture, not turn off feedback to MS. This is under Settings > Feedback.
Right, but there are two location-related settings specific to the camera. One controls including location data when uploading a picture (the "Keep location info on uploaded pictures" setting), and one controls whether to record it at all (the "Include location (GPS) info in pictures you take" setting). I can see how people would interpret that setting to mean "don't record or send any location info at all for pictures" if it is disabled.
RoboDad said:
Right, but there are two location-related settings specific to the camera. One controls including location data when uploading a picture (the "Keep location info on uploaded pictures" setting), and one controls whether to record it at all (the "Include location (GPS) info in pictures you take" setting). I can see how people would interpret that setting to mean "don't record or send any location info at all for pictures" if it is disabled.
Click to expand...
Click to collapse
True, but in the end that'd be end user error. Not MS specifically ignoring the denial of consent. It's basically mean MS, just needs to "fix" the issue. The again, if MS really wanted they could just force everyone to agree by adding it to the license agreement you must agree to to use the software for that matter.
Oh, I completely agree. I'm just saying I can see how some people might interpret the wording of the setting, and it would probably be a good PR move if Microsoft acknowledged it in some way.
With that said, the lawsuit is completely frivolous, and really rather silly in today's smartphone world.
RoboDad said:
Oh, I completely agree. I'm just saying I can see how some people might interpret the wording of the setting, and it would probably be a good PR move if Microsoft acknowledged it in some way.
With that said, the lawsuit is completely frivolous, and really rather silly in today's smartphone world.
Click to expand...
Click to collapse
Saw an article on this earlier (trying to relocate the link ), but independent testing confirmed that when the setting is turned off, the camera at least does *not* record GPS info to the images. That doesn't necessarily mean it doesn't capture or transmit that data, but it's at least some indicator that the claims are probably frivolous.
jasongw said:
Saw an article on this earlier (trying to relocate the link ), but independent testing confirmed that when the setting is turned off, the camera at least does *not* record GPS info to the images. That doesn't necessarily mean it doesn't capture or transmit that data, but it's at least some indicator that the claims are probably frivolous.
Click to expand...
Click to collapse
Here it is;
Microsoft denies they are watching us
Thanks for the link. As I mentioned in a comment to that article, there are valid reasons a person might be afraid to have the photos they upload to Facebook geotagged, so it is great that the feature works correctly.
But the rest of the lawsuit should be summarily dismissed (IMO), since there is no basis in fact for any of their claims. Anonymous location information does not represent any privacy violation, and may be necessary for other features that a user has enabled on their phone to work correctly (such as "where you are" live tile weather updates).
And am I the only one who is more than a little peeved that "Mrs. Cousineau" has the stupid audacity to file a lawsuit "on behalf of all Windows Phone 7 users", without my knowledge or consent? Throw the bum out of court!
RoboDad said:
Thanks for the link. As I mentioned in a comment to that article, there are valid reasons a person might be afraid to have the photos they upload to Facebook geotagged, so it is great that the feature works correctly.
But the rest of the lawsuit should be summarily dismissed (IMO), since there is no basis in fact for any of their claims. Anonymous location information does not represent any privacy violation, and may be necessary for other features that a user has enabled on their phone to work correctly (such as "where you are" live tile weather updates).
And am I the only one who is more than a little peeved that "Mrs. Cousineau" has the stupid audacity to file a lawsuit "on behalf of all Windows Phone 7 users", without my knowledge or consent? Throw the bum out of court!
Click to expand...
Click to collapse
Agreed, after hearing Microsoft's rebuttal, with evidence, the case has no merit.
You know everytime you use Local Scout of Microsoft, Check-in Button in Facebook apps, Check In Button of Foursquare , you give away your position. (the apps have already asked you if you allow them to use your position)
The Maps apps of Windows Phone itself also ask if you want to use your location to have better search experience.
Introduction
I have not seen much talk about security in XDA, and not at all on Neo Section.
SO here's just one informative link talking about using and developing apps and security risks involved
http://www.technologyreview.com/computing/25921/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.
The most important thing is to read the permissions before installing.
If you had read the article I linked. Those permissions don't matter anything really if stuff developers use doesn't reveal what it does, or developer itself doesn't disclose what the app does.
We can safely say that those permissions asked are just to make ordinary users of Android think that all is under their control.
I use Privacy Blocker app and it keeps finding app permissions that are not listed. Even that app doesn't find those permissions which Cyanogenmod permission manager shows. And I've sanitized all my apps, still I find my phone connecting to some odd servers while using certain paid and seemingly legit apps. I even found shapshots from front camera made by some app... and I am checking all permissions I can, even for those not listed.
What seems harmless but could reveal your IP address and potentially other data about you is... advertisements used by apps.
Ads can be far more than just a little annoyance that slows your device. Any file, picture loaded from some location in internet can be used to locate you.
I had a problem of getting phone call bills for calls lasting 10 to 20 secs that I never made after using a slew of market apps, flashlights, fun stuff, etc.
I paid two months for such calls trying to find out which app did it and still don't know which one it was. Skype(phone app has fake IP of Holland but actual connection goes to Moscow... oh come one what is this? Why such hiding? Like anyone would trust their phone's Skype connection stream through Moscow... no thank you! Then wonder still if the phone gets so slow and Skype call quality is so bad even over wifi while Windows Skype does just fine?), Brighest flashlight, some photo editors, and slew of other garbage I've already forgotten about cause I don't use any of it anymore.
First post updated
How about the new 4.3 update..in includes some security and privacy control..will this thing prevent you had mentioned?
Is there any way to reactivate this post? maybe start working on a security enhanced android ROM? I'm agree, Security does matter!
I threw a thread in Android general to bring awareness of an article about a webkit vulnerability that will be/is being demo'd on the Android platform.
Thread:
http://forum.xda-developers.com/showthread.php?p=24154035#post24154035
Article:
http://news.cnet.com/8301-27080_3-57386319-245/researcher-to-demo-smartphone-attack-at-rsa/
Discuss?
Long as people practice the same rules as receiving fake facebook,banking ,etc emails than you should be ok. One advantage to desktops is you easily can hoover over the embedded link to see if its legit,report it as spam if not,& forward it to the actual company if they have department that handles phishing emails/fraud. Also from the article it doesnt say how the message was being faked as a carrier message. I normally save the short codes I use in my address book so I know whats what but I know from working customer service alotta people skip over the users manual that list the short codes & info for online saftey etc.
Yep, absolutely some common sense and safe browsing practices are important in something that is probably linked to your identity, and likely financial information.
What got me was the control over the real-time tracking ability of the device and recordings of audio (and video would not be a stretch I bet)
I haven't had a lot of time to look into it further yet, and it is a highly focused attack that is probably not of concern to the average user just yet - but given the scope of what this attack allows it's definitely something to be aware of.
Anything that lets joe-blow become a junior On-Star type peeping tom with my Android is something to worry about.
I never use the front-facing camera for anything, so it has a little piece of electrical tape cut to fit over it. No matter of software engineering can overcome that physical obstruction, but what of the microphone, gps and so on?
I'm eagerly awaiting the chance to look into this more after work tonight, meantime just wanted to throw it out there and try to get some awareness out and see what other people had to say.
I'm glad to see the first post in response here was a reminder about user-level security and explicitly cautioning people about clicking random links!
Also:
pimppoet said:
... Also from the article it doesnt say how the message was being faked as a carrier message...
Click to expand...
Click to collapse
This is the part where you get to be creative about it - you could make it anything, that was just the method they chose to get to the needed trigger, the user clicking the link.
I'm curious how they faked the carrier message too, but that doesn't mean that's the only method of injecting the desire to click into the users head.
Good points so far!
Edit:
To be honest, if it's not a click that's needed but just a visit to the website, an injection method could be to compromise an ad-serving machine that serves ads in apps and get an 'ad' that would take the user to the website inserted to what's already served to their device.
Heck, if that's viable, then you might even get them to accidentally go there with a stray touch and bam, you win.
Identification explicitly of the problem is step 1 on the path to a solution.
i am kind of in the habit that, whether an sms message is truly from the carrier or not, it's a scam either way **DELETE**
definitely worrisome, but i guess not surprising that stuff like this exists. good tho to bring it to light so that the race for patches can begin.
i'd be more worried if there was something that can attack your device without you clinking on a link or opening a message.... wait a minute, i guess a carrier could do that! tho it seems that their main interest is gathering data as research for how to sell more stuff, or to sell the data to others wanting to sell more stuff.
Blue6IX said:
Yep, absolutely some common sense and safe browsing practices are important in something that is probably linked to your identity, and likely financial information.
What got me was the control over the real-time tracking ability of the device and recordings of audio (and video would not be a stretch I bet)
I haven't had a lot of time to look into it further yet, and it is a highly focused attack that is probably not of concern to the average user just yet - but given the scope of what this attack allows it's definitely something to be aware of.
Anything that lets joe-blow become a junior On-Star type peeping tom with my Android is something to worry about.
I never use the front-facing camera for anything, so it has a little piece of electrical tape cut to fit over it. No matter of software engineering can overcome that physical obstruction, but what of the microphone, gps and so on?
I'm eagerly awaiting the chance to look into this more after work tonight, meantime just wanted to throw it out there and try to get some awareness out and see what other people had to say.
I'm glad to see the first post in response here was a reminder about user-level security and explicitly cautioning people about clicking random links!
Also:
This is the part where you get to be creative about it - you could make it anything, that was just the method they chose to get to the needed trigger, the user clicking the link.
I'm curious how they faked the carrier message too, but that doesn't mean that's the only method of injecting the desire to click into the users head.
Good points so far!
Edit:
To be honest, if it's not a click that's needed but just a visit to the website, an injection method could be to compromise an ad-serving machine that serves ads in apps and get an 'ad' that would take the user to the website inserted to what's already served to their device.
Heck, if that's viable, then you might even get them to accidentally go there with a stray touch and bam, you win.
Identification explicitly of the problem is step 1 on the path to a solution.
Click to expand...
Click to collapse
That too. I think tools like lbe,droidwall,adaway etc should come standard but I doubt it will ever since it would cut into google profits aswell.
One ad blocker I would love to see on smartphones is ad muncher since you can see the scripts,urls,etc being loaded,set your user agent for your browser to whatever you like etc.
Hello everyone! I am new to the forum. Been thinking of joining for a while but my current issue has been the push I needed to join. I have looked high and low for the answer but to be completely honest I am not entirely sure what to look for. Not sure what my question is. I have also looked around this forum for a a good little while stopping on this thread to ask my question. I hope it's the right place to start. I will try to ask this in a way that is understandable and relevant. In your answer please take into consideration that I am new-ish to Android Development. =) (I can do the basics, Root, hack, crack, etc,.) I know enough though I think to follow your answerer and understand it.
** Question: For my Project should I go with a full Android App, go with a website that can be viewed on a mobile phone, or should I build the back-end on a web server and have an android app that delivers the front-end? (Front-end being the login, the styling of the pages, where the interaction between users take place, etc,. ) I'll elaborate on my question below. **
Alright. I started building a website. Conceptual anyway. I have been designing it on paper, white board, Photoshop etc,. The website is going to be a social site of sorts. Unique in it's own way. At first I was going to do just a website. Then I realized as my creation grew that I wanted it to be an App. Then decided, due to all the back-end server programming and functionality required, I would most likely have to build it as a website or web application. To give a brief summery of the site. There will be a login system with profiles, instant messaging. video chats, group chats, ability to play simple games like cards, chess, and more. I will also need to be able to control sessions. Write new session information on the fly based on certain actions the users take.
My problem, I think, is that i'm not sure the most efficient or effective way to go about doing this. If it was going to be on a computer I would write it up in PHP and obviously display the site with HTML/CSS. The display part I think is where I am at a loss. At least one of my issues. Since I would like for this to be an app for Android I may need a new way to display the 'site' if that's what It will even be called once it's an app. If I'm going to shoot for it to be on mobile phones then I'm thinking I can get the cosmetics looking good as well as using it to my advantage. I prefer the 'app-like-interface' rather than scroll with mouse and click on the page as if it were a website. ( 'app-like-interface': I am referring to buttons, and menus, and a overall 'pretty' interface. touch screen etc,.)
So should I write it as a website in it's entirety and just display it as a mobile site?
Should I completely trash the idea of doing this for mobile phones?
Should I (if it's possible) write everything on the back-end with PHP but create an app with java to display the styling and build the interface?
Or should I do something else entirely that I've not mentioned?
My apologies if this question was a bit to long. Tried to be thorough. Thanks so much in advance as well. This answer is something I need before I can even consider continuing. Thanks!
Az Tek
Our app has been banned on Google Play and we don't understand the reason.
We are a small company that developed a rather simple application that shows the users a list of tasks and tracks completion of these tasks. Similar to JunoWallet but a different one.
The app had been released in May and everything was fine until a few days ago the app has been suspended in Google Play Market. The reason was described in the e-mail:
"This is a notification that your application, XXXXX , with package ID YYYYYY, has been removed from the Google Play Store.
REASON FOR REMOVAL: Violation of section 4.4 of the Developer Distribution Agreement.
After a regular review we have determined that your app interferes with or accesses another service or product in an unauthorised manner. This violates the provision of your agreement with Google referred to above."
We had no idea of could be possibly wrong, so we asked the Google if it might be a mistake, or result of miscommunication. In response I received this e-mail:
"We have reviewed your appeal and will not be reinstating your app. This decision is final and we will not be responding to any additional emails regarding this removal.
If your account is still in good standing and the nature of your app allows for republishing you may consider releasing a new, policy compliant version of your app to Google Play under a new package name. We are unable to comment further on the specific policy basis for this removal or provide guidance on bringing future versions of your app into policy compliance. Instead, please reference the REASON FOR REMOVAL in the initial notification email from Google Play."
Great but not really helpful. I'm not even sure where to ask or if I'm ever allowed to ask anything how to fix the app.
The list of tasks is provided by a famous global vendor that's integrated into thousands of apps, so it might not be the problem. The only idea we have regarding possible "unauthorised access" is that the app scans the list of installed packages to detect fraud with BlueStacks emulators. But this action doesn't require special authorization, and there are lots of application in the Play market that scan installed apps, even specialised ones, like "App List Backup".
We even could delete this functionality, if we were sure that it's a problem.
I'm pretty sure that we are not the only one who fell in such situation. Does anyone have any experience on how to work this out? Is it possible to approach Google and get practically useful feedback?
My was recently suspended too, for a different reason. Can you please tell me how long they took to reply to your appeal?
shararti said:
My was recently suspended too, for a different reason. Can you please tell me how long they took to reply to your appeal?
Click to expand...
Click to collapse
Not sure about the exact number of hours but it was certainly less than a day
I remember there is a on-line feedback in google play, you could ask questions by online phones calls, although it may be not related to the apps, but i think it`s better to be solved by voice communication rather than pale messages,
PS. we`ve met this kind of problem with Apple, as they claim we`re violating the "unauthorized" kind of problem. And we`ve done the resummit that app(revised) back and forth, it`s a quite tough experience.:crying:
Iankicksass said:
I remember there is a on-line feedback in google play, you could ask questions by online phones calls, although it may be not related to the apps, but i think it`s better to be solved by voice communication rather than pale messages,
PS. we`ve met this kind of problem with Apple, as they claim we`re violating the "unauthorized" kind of problem. And we`ve done the resummit that app(revised) back and forth, it`s a quite tough experience.:crying:
Click to expand...
Click to collapse
Yeah. But I was never able to get any number or anything from them. Officially I meant. The most informative thing I get from them was this text: "Thank you for your email. At the moment we're only able to respond to the emails submitted through our contact form in the Developer Help Center." And they simply do not have the form for direct questions. They suggest to use forum and never answer there.
My app was suspended 2 times
My experience:
1. I developed my next app. I Called it "Gmail Reader", and used a gmail-like icon with additional graphics around it. Not very wise probably - but as I saw hundred another apps having gmail logo in their icon, I thought it was OK. Aaand.. Suspended.
2. I wrote a reply to the suspension notification, and I got a machine reply. Then I replied second time, and finaly a man answered:
"While we are unable to provide specifics as to how to bring your app into compliance, please understand that usage of certain app titles and images may cause confusion among users who are searching for the legitimate app from the original creator. Please visit our Policy Help Center for more information and examples on our policy regarding Intellectual Property.
If we can assist you further, please let us know."
So That was it - the icon and the title, I thought.
3. So I repackaged, renamed, changed icon (drawn it myself). Instead of Gmail in the frist place I put "XYZ for Gmail". However, I noticed later, that I forgot in my screenshots on 2 places the previous icon - so not even in the main place, just somewhere in the screenshot.
Suspended again. This time, no answer, I filed an appeal, answered in half day - no dispute, app terminated. But i RECOMMEND to file an appeal - there is a form for that - as you might get closer to the reason why. I got this:
If your account is still in good standing and the nature of your app allows for republishing you may consider releasing a new, policy compliant version of your app to Google Play under a new package name. You can learn more about why your app was suspended by reviewing our policy on impersonation. We are unable to comment further on the specific policy
I have NO idea WHO the hell I impersonated. I would really like to know.. And even more I'd like to receive a warning before suspension.
Up in the corner of developers console there is a questionmark and in certain hours if you click it, instead of EMAIL you will see LIVE CHAT. From that chat I learned, they will not and cannot give you ANY support regarding the policies.
I also learned, that a "account in good standing" means that you can still publish apps.
4. Previous app had thousand unique installs in 3 days. So of course I repackaged....etc.. everything again, now extremely carefully, no Gmail word used in title. But I'm aware now, that I cannot know everything and they can suspend for any reason I'm not aware of - I maybe used some words mattel copyrighted DD SO it is really "fun". Let's see.
That's my story until now, will post again - hopefully will get wiser without further suspensions - it is time consuming sh** !!!
BTW, I wrote a letter to Google Dev Support, so they think of creating support for policies - as there are many developers with good intentions contributing a lot, not knowing WHY they are stopped.
Best of luck to all...
Hello, we are facing same problem for one of our app which is as of now available in India only.
We are curating videos from youtube. We have not taken written permission from youtube or content owner.
We are not monetising anyhow as of now.
However, there are various app who are indexing videos from youtube similarly like us.
Please help us with this sorting it out. As this is very important to us. Also how do we contact youtube for written approval?