I want to develop and application that effects the entire device, even after you have minimized the app. I have been told by developers that I need to get Android and Apple's permission to do this.
How can I contact someone from Android or Apple that can approve my request?
Related
Hello
I'm the author of a popular Antivirus application for Android, and I'd like to request the assistance of some smart hackers around here for a few hours, to shoot with me some ideas about what malicious apps could do wrongfully on user's (unrooted) phones. I'd like to counter-attack all possible malware apps.
Please send me a private message, and I'll get back to you.
Thanks!
Hi pals
As many apps developers here on XDA what I develop and publish on Android market is device-specific.
(Free and Commercial)
Those apps
- require certain hardware features (like an Audio codec, Super AMOLED screen & driver), often related to additional Kernel features.
- can only support a limited set of devices but also Kernel versions.
And like everyone I'm really annoyed by 1-star comment.
"pure crap, doesn't work on my beloved phone"
Of course, it's not the majority, but its always increasing with the popularity.
It's annoying when its free apps, but when you decide to sell apps and try to give the best service, it becomes really bad.
And people disappointed is really not what you hope when you share your creation.
This is why I'll appreciate some backup from you by leaving a comment on this thread named
Missing filter by Build.DEVICE and ability to contact customers from comments
I propose the idea of filter by Build.DEVICE because it's useful for my app. You need additional filters too right ?
By custom ROM? By Kernel version? Explain you needs
− in this thread on official Market forum of course - writing your comment here is nice too.
We are all used to an unprecedented level of user support here on forums, by the hackers themselves or the community of users. This is really something special.
Its maybe a bit bold to say that, but I'm sure Android Market has a lot to learn from communities like ours in order to improve its consumer satisfaction... so lets show them how to
PS: sorry for inviting people to another page (Google's one) at the occasion.
This is, I guess the best way to be heard by them: by posting on their dedicated tool for requesting features (they'll read)
supercurio said:
I propose the idea of filter by Build.DEVICE because it's useful for my app. You need additional filters too right ?
By custom ROM? By Kernel version? Explain you needs
Click to expand...
Click to collapse
Filtering by ROM / kernel is way too specific, but by device is great. I support this proposal.
this would be an incredibly useful feature for developers on XDA. since many hobbyist developers put an app that only works on the device they're developing it for, it would make sense to be able to whitelist or blacklist certain phones so they can be restricted to certain phones.
for instance, I'm sure the developer of RealHDMI (the Droid X HDMI mirroring app) would have loved this feature when people with EVO's were trying to install and were (not shockingly) unable to use it and giving the developer negative feeback. for a community such as this, I can't help but see how this could be an amazing addition to the marketplace.
I don't think its realistic. Google may well come round to a warning message (after accepting permissions perhaps?) saying 'your device is not supported'. This would help in situations such as the Android 2.1 Galaxy S's inability to play ball with Skype, and various games that don't support or fully support some chipsets, as well as your own, very real, problem.
Filtering per device will only pave the way for more fragmentation jibes and claims by Apple/Microsoft that Google are inflating number of apps available. We have to remember Google's priorities: PR > OEMs > Developers > Consumers > Facebook. They *need* to stop any fragmentation claims and *need* to boost app numbers in line with App Store, all to prevent counter PR.
HazzBazz said:
I don't think its realistic. Google may well come round to a warning message (after accepting permissions perhaps?) saying 'your device is not supported'. This would help in situations such as the Android 2.1 Galaxy S's inability to play ball with Skype, and various games that don't support or fully support some chipsets, as well as your own, very real, problem.
Filtering per device will only pave the way for more fragmentation jibes and claims by Apple/Microsoft that Google are inflating number of apps available. We have to remember Google's priorities: PR > OEMs > Developers > Consumers > Facebook. They *need* to stop any fragmentation claims and *need* to boost app numbers in line with App Store, all to prevent counter PR.
Click to expand...
Click to collapse
Its not by ignoring facts and developer needs that you prevent fragmentation.
Introduction
I have not seen much talk about security in XDA, and not at all on Neo Section.
SO here's just one informative link talking about using and developing apps and security risks involved
http://www.technologyreview.com/computing/25921/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.
The most important thing is to read the permissions before installing.
If you had read the article I linked. Those permissions don't matter anything really if stuff developers use doesn't reveal what it does, or developer itself doesn't disclose what the app does.
We can safely say that those permissions asked are just to make ordinary users of Android think that all is under their control.
I use Privacy Blocker app and it keeps finding app permissions that are not listed. Even that app doesn't find those permissions which Cyanogenmod permission manager shows. And I've sanitized all my apps, still I find my phone connecting to some odd servers while using certain paid and seemingly legit apps. I even found shapshots from front camera made by some app... and I am checking all permissions I can, even for those not listed.
What seems harmless but could reveal your IP address and potentially other data about you is... advertisements used by apps.
Ads can be far more than just a little annoyance that slows your device. Any file, picture loaded from some location in internet can be used to locate you.
I had a problem of getting phone call bills for calls lasting 10 to 20 secs that I never made after using a slew of market apps, flashlights, fun stuff, etc.
I paid two months for such calls trying to find out which app did it and still don't know which one it was. Skype(phone app has fake IP of Holland but actual connection goes to Moscow... oh come one what is this? Why such hiding? Like anyone would trust their phone's Skype connection stream through Moscow... no thank you! Then wonder still if the phone gets so slow and Skype call quality is so bad even over wifi while Windows Skype does just fine?), Brighest flashlight, some photo editors, and slew of other garbage I've already forgotten about cause I don't use any of it anymore.
First post updated
How about the new 4.3 update..in includes some security and privacy control..will this thing prevent you had mentioned?
Is there any way to reactivate this post? maybe start working on a security enhanced android ROM? I'm agree, Security does matter!
Hello I am an entrepreneur and I am trying to determine technical feasibility of an application idea. If this is viable, I am willing to hire developers.
Please let me know if this is feasible.
The basic idea is an app that blocks users from opening other apps for a specific time period. for example, you open an app, determine the time frame that you do not want to allow yourself to be on facebook. save the information. then if you try to access the facebook android app, you will get a notification from the other app that says you cannot access the app turning the specified time period.
I'm aware of the sandbox structure but I want to know if permissions can be altered so that the information entered in one app can block facebook usage for a set time.
I greatly appreciate this.
Luke B
I am not familiar with Android per se, but am pretty familiar with several comparable app sandboxing schemes.
Sandboxing is specifically used to prevent this kind of thing. If you go low-level (break\mod the operating system), you can go around it.
Low-level techniques are not "mainstream" and will not work for a consumer app, as most users will not be willing to run in a custom configuration required for this to work.
sorry bro me not familr
I'm new to the android platform, and app development for it in general. On iOS, every app must ask for and confirm push notifications as required by apple, not necessarily the app. I have not noticed any apps that I've downloaded on my new Samsung phone prompting me if I want to receive push notifications, it just automatically registers me for them. Is this normal Android convention, to automatically register users for push notifications and they can disable them later? I am developing an Android application myself right now and i'm wondering.... Should I be prompting users and asking if they want them before I register them? Obviously it would be the polite thing to do to ask users permission before signing them up for push notifications. However, if that's not common practice I see no reason to potentially lose some receivers of them. Any insights / documentation to best practices for Android would be awesome.
Thanks