Hello,
I have lots of family who use Wechat, and it's a great app. I'd like to install it on my main phone. But I'm afraid of how invasive it is. The first time I did it it read my address book. It automatically contacts people who have my phone number in their address book. It's just really annoying. But also it's a great app with useful features.
Does the new Marshmallow Android app permission system make it easier to manage these types of invasive apps? For example, prevent it from using contact list? I haven't found a good way to setup wechat without giving it my phone number, so there's that issue that can't be solved.
Thanks.
Related
I recently installed CM12 on my Moto G and haven't yet migrated my Outlook Contacts & Calendar items onto it yet. I am surfing the web to become familiar with the due diligence of apps permissions first. From a comment at http://www.androidcentral.com/android-permissions-privacy-security, I found that I can an apps entry in Settings allows me to see the permissions for an app. I haven't yet installed any apps, but the native browser has the permission to access my Contacts. Is this normal for browser? If I draw an analogy with my computer, I wouldn't expect Firefox to be able to delve into my Outlook contacts.
Then again, I was warned that people can freak out at permissions without understanding them. So maybe there are reasons for the browser to be able to access contacts?
my1stSmartPhone said:
I recently installed CM12 on my Moto G and haven't yet migrated my Outlook Contacts & Calendar items onto it yet. I am surfing the web to become familiar with the due diligence of apps permissions first. From a comment at http://www.androidcentral.com/android-permissions-privacy-security, I found that I can an apps entry in Settings allows me to see the permissions for an app. I haven't yet installed any apps, but the native browser has the permission to access my Contacts. Is this normal for browser? If I draw an analogy with my computer, I wouldn't expect Firefox to be able to delve into my Outlook contacts.
Then again, I was warned that people can freak out at permissions without understanding them. So maybe there are reasons for the browser to be able to access contacts?
Click to expand...
Click to collapse
This is why they "officially" need these permissions...
Read contact data – You can send a code using the built in share feature. This enables the program to get your contacts so you can share it.
Write contact data – When you send something, if you send it to someone that isn’t in your phonebook, it will save the data for you to insert later.
In CM12 you can block these permissions.
Hello everyone, new here at XDA forums and just trying to get some feedback from the community on a project I have been working on. This application is not done, but I do think that *most* of the main features are in place and its a good time to get some feedback on the UI and maybe more importantly the overall idea behind the application. Basically this app will connect anyone who is connected to the same wifi network. I think this will be cool in large places that share one wifi network, like a college campus, large office buildings, etc.. When you are connected, the app calls it a "zone", so, when you are in a zone with other users, you can live chat with any other user in the zone, and there is also a public board where any user can make posts (images & text). When you make a post, you are able to see how many views that your post has gotten, and exactly who has viewed the post, which is something people may like, I want you guys to be the judge of this though. Please, play around with it, send me a chat message in the app if you'd like, my name is "Dylan Rose", you will be able to just click my name and send a message.
Something you may be wondering is, if this app only lets users interact when they are connected to the same wifi network, how are we going to interact right now? Good question. I have the app set up in debug mode right now so the system thinks that any user who signs in is in one zone called "Test - Zone", so if you see that in your toolbar after you sign in, you're in the right place! :good:
Overall, let me know in your experience, will people want to use this app? I see it being used in larger areas like college campuses where lots of people are connected to the same network, but I want you guys to be the judge of that, so let me know!
Link to the APK: wikisend.com/download/519920/app-debug.apk
Cant thank you guys enough for trying this out and leaving me with some feedback!
This application does use a Google API to allow you to sign in with any google account. All I actually use is
Display Name
Profile Photo
User ID
GCM-ID (To send push notifications, when you get a chat message)
This application also uses the persmissions
INTERNET
CHANGE_WIFI_STATE
GET_ACCOUNTS
USE_CREDENTIALS (credentials actually used described above)
ACCESS_WIFI_STATE
ACCESS_NETWORK_STATE
WRITE_EXTERNAL_STORAGE (Used to store photos when you take a photo in-app)
READ_EXTERNAL_STORAGE (used to grab a photo that you would like to include in a post)
CAMERA (Used to take a photo in-app that you would like to include in your post)
RECEIVE (Receive GCM push notifications)
C2D_MESSAGE (Receive GCM Push notifications)
Tried to post some screenshots but since I'm a newer user here at this forum I was not allowed to post outside links!
I might try it
This sounds like something that would be fun for a business or school environment. My question: what do the following permissions do:
find accounts on the device
use accounts on the device
I'm concerned of course that this app which isn't vetted yet by anyone, might be doing something I don't want it to do.
Permission concern
kettir said:
This sounds like something that would be fun for a business or school environment. My question: what do the following permissions do:
find accounts on the device
use accounts on the device
I'm concerned of course that this app which isn't vetted yet by anyone, might be doing something I don't want it to do.
Click to expand...
Click to collapse
Hey! Thanks for taking the time to check out my description. As for the accounts permissions that this application uses: The app lets users sign in via google account. In order to use googles sign-in API, I did need to use these permission in my manifest. The find accounts is used when you first click the login button, a dialog of the google accounts that you have linked to your device show up, and you choose which one you would like to sign in to the app with. The use accounts is for allowing my application to know some general data about the account that you sign in with, these include your Display name, Account photo, and your user id.
Please let me know if you have any further concerns, and I look forward to hearing what you think of the app!
Thanks again,
-Dylan R.
Personally I think the contacts provider (and other providers)in Android is a huge security risk. Every app and it's brother wants full access to your contacts so they can mine them for usable information. This can be just to add easy links to friends or to spam them with advertisements or offers to identity theft.
I've started using a pim manager that does not access Androids contact provider, calendar provider , tasks or other providers in it's operations.(And I really wish it was open source)
I have already removed the Google sync apks from my device and have removed contacts, calendar in the past. But not the providers.
It might cause some badly written apps to crash.
But I can't forsee any other serious problems.
Ideas? Thoughts?
Honestly sounds like a good idea..
Myself I decided to go for a while without any gapps and any other "store" installed on my phone.
My contacts are imported from a .vcf file which i update manually when needed.
I also have installed AFWall+ and i blocked the internet access to pretty much all the other apps including the system ones.. (everything i could get away with basically )
This could be a solution as well but it's rudimentary one at the moment.
nutpants said:
Personally I think the contacts provider (and other providers)in Android is a huge security risk. Every app and it's brother wants full access to your contacts so they can mine them for usable information. This can be just to add easy links to friends or to spam them with advertisements or offers to identity theft.
I've started using a pim manager that does not access Androids contact provider, calendar provider , tasks or other providers in it's operations.(And I really wish it was open source)
I have already removed the Google sync apks from my device and have removed contacts, calendar in the past. But not the providers.
It might cause some badly written apps to crash.
But I can't forsee any other serious problems.
Ideas? Thoughts?
Click to expand...
Click to collapse
I already don't have Google apps on my device.
Everything blocked with afwall+ using profiles so things only get net when I'm using them on the net.
Fdroid is where I get 90% of my software and from the internet for much of the other 10%
I have a old phone with nothing on it personal at all. Which has play store for the 3 or 4 paid apps I need, it does updates for them and a few free ones. I copy the apks over to my daily driver.
I constantly hound developers on play store to support offline devices and not to implement features that break the app when there is no internet. Even app I don't use lol.
(I have 2 tablets and far too many old phones.only two devices are online(some are local lan only))
Someone should start a offline foundation. But being online it might be ridiculous..
I too removed contacts by using /system/app mover from f-droid. It was unintended as I wanted them as a user application but they wouldn't work like this and the icon vanished, that was fine with me for a long time. The other day I wanted contacts for signal (and telegram also won't work without them). I restored the application files from a backup,
For reference in /system/app/ the missing files were
SecContacts.apk
SecContactsProvider.apk
Other contacts programs like Simple Contacts can't run without a system permission called com.android.contacts and without those files in /system/app the permission doesn't get created at boot. The result being that no contact creation is possible.
What I would really like is a modified version of the system app that passes contacts data to the calling program depending on individual contact entry permissions with regard to each calling app; one list for telegram, another for signal etc. I gather that recent android versions above 6.0.0 have functionality to check calling application certificates so something along these lines should be possible. For earlier versions it might be necessary to switch between multiple contacts databases before starting the messaging app and also removing it from the autoboot list.
https://developer.android.com/guide/topics/permissions/defining
Hi.
I thought I would clean my app permissions a little bit leave apps only permissions that they really need. I have Gmail app on Android 6 (Galaxy S7 Edge) and now it asks me every few second to give it the following permissions:
calendar - why would it access this?
camera - does it want to take photos of me with out me knowing it and send these to google so that they could sell my data?
contacts - is it because google wants to send spamm to my friends who are in phone book?
Mic - does google want to record what I speaks so that they could find out what I talk about at home and possibly steal my startup ideas?
telephone - what useful can this app do with that?
body sensors - why would google want this? Do they sell even this data?
SMS - does google want to read the contents of my private SMSes so that they would know what I talk about? What useful could google do with it?
1) Does anybody know how these are useful for Gmail or is it just because google wants to steal everything it can steal?
2) Is there any trustworthy alternatives that do not harm my privacy so much?
3) Is there way to use some kinds of containers or something to protect my privacy? Like run apps like Gmail in it's own sandbox where it has all rights it wants but sandbox would emulate it empty phone book so that it would be able to steal stuff but wouldn't complain either?
Any ideas?
Since almost everything I do is on a tablet or desktop I had no idea when I was asked this question recently. So I started looking and found nothing that did not hook into Android contracts which sync online or the database is not protected from any app searching it.
So I'm asking the community. What is the best dialer and contacts app for Android.
Something that does not..
Connect to the internet for number lookup or sync
Does not use the Android contacts database or at least encrypts anything it saves there
Zero internet access preferred.
nutpants said:
Since almost everything I do is on a tablet or desktop I had no idea when I was asked this question recently. So I started looking and found nothing that did not hook into Android contracts which sync online or the database is not protected from any app searching it.
So I'm asking the community. What is the best dialer and contacts app for Android.
Something that does not..
Connect to the internet for number lookup or sync
Does not use the Android contacts database or at least encrypts anything it saves there
Zero internet access preferred.
Click to expand...
Click to collapse
it's not exactly what you were looking for but I used to use Flock Sync (from Open Whisper Sys) on my private phone, unfortunately they have stopped development but as it was open source you should be able to find the apk and as you can set up your own server it should still work, though don't know about new nougat ROM's.
Original press release
https://whispersystems.org/blog/flock/
There is also at least one alternative called Cucumber Sync or maybe consider Owncloud or similar?
However apps like Flock are not much use if you are trying to keep all your contacts private from the likes of Google or the state as most of your friends will just sync YOUR details to Google/Apple/etc, furthermore the likes of Google could quickly make a fairly accurate assumption that you would know some other contacts that did also use apps like Flock as they would be able to easily build a network of each of those Flock users contacts 99% of which did sync, pick out common contacts with you and make an assumption you probably know the other Flock user. And of course as soon as you make a phone call or send a msg, email etc your network provider and others would be able to tell you are in contact, so not much use if you are trying to hid from the big boys! That said it does offer another layer of security/privacy in normal scenarios ......