Awesome permissions in Emoji Phone app - Security Discussion

Hi!
A friend of mine installed this app https://play.google.com/store/apps/details?id=com.smart.color.phone.emoji and got lots of problems. I see that the number of allowed permissions is awesome! Maybe a Spyware type app?
How such apps can enter the play store?
Ludo

Well for one Google bundles permissions
You can take pictures and video
Not just pictures or video
They never even mention network access anymore.
The reason that questionable apps get on Google play.is simple.
There is no great outcry to have it more transparent.
No one cares really.
The app you mention has over 1 million installs.
Google only shows that 10thousand gave it 5 stars
So that means less than 1 % think it's a great app
That's all Google shows us.
Think about that. 1% think it's great out of more than a million..
That might mean something.
If it was anything more than a popularity gauge.

Related

found app that keeps location private from google

found an app called Location Cache Map in market and it seems from what it says that it prevents maps and other apps from setting location data on phone and clears map cache while still allowing full use of GPS functions. i tried it and it worked, though it takes an extra couple seconds to lock on.
seems to work. you can see your stored location data with it even if you dont want to block location cache. interested in hearing from others on if this seems to really be working.
Any aftermarket Rom do this.
Sent from my LG-P999 using XDA Premium App
sure if ya delete maps or something. mine always still saved location data on my phone. this lets you use the functions without phone saving cache data. ive never seen this function on any rom ive used. but if so id like to know how and save some time.
Has anyone else tried this?
Google has always kept this type of information---even before android. It's in their terms and conditions. Honestly, anyone who doesn't want to give Google access to this information, shouldn't use their phone.
aczarney said:
Google has always kept this type of information---even before android. It's in their terms and conditions. Honestly, anyone who doesn't want to give Google access to this information, shouldn't use their phone.
Click to expand...
Click to collapse
You should, at minimum, have the choice to turn it off and delete the data that is stored on your phone readily.
Let's get real, corporations have too much freedom when it comes to using us as pawns. It should be an option to opt out period. I use google stuff cause I like the way it works, they don't need my location for that.
Sent from my HTC Vision using XDA App
Google's been collecting information rather openly for years. I just don't get why people are surprised they are collecting it with their phones too. It was never really a secret. There's no option to turn it off simply because that's the terms and conditions for use of the phone--that Google is entitled to access to your location as well as other information regarding how you use your phone. It honestly is like they're watching your every move. If you don't want access given to Google for this information, don't use the phone. That's literally your only option, and legally, Google is completely backed up on that. Now apple, that's a different story. But Google has been doing these things ever since Google as a company was created, its actually part of what has allowed them to grow. To know how their services are used and how their users function more or less.
I could really care less. Ask yourself. What is Google going to do with your information besides direct ads based on you interest. As long as Google execs aren't going to come track me down, I could really care less what data they collect. If your worried about people collecting your data then don't ever buy anything off the internet or for that matter, don't ever use a credit card to make purchases.
read this. its a rant but its how it REALLY is.
Grammer and spelling errors warning!!!
its doesnt matter what they are going to do with it. i have a right to privacy. the more you look into your specfic settings for your google and gmail account, the more you'll see that a lot of what they ask for they don't tell you. they allow you to turn it off.... if you even know how to where to find it, or if you even know they are collecting it.
they keep much more than just location and basic data for ads. im not going to get into all of it because theres too much. go look for yourself.
basically these days to have a phone thats fun (smartphone) you are forced to choose iOS or Android. Both are bull**** when it comes to privacy. THATS WHY THEY ARE DEFENDING THERE ASSES IN COURT!!! Just the fact that it has gotten to the point of major national news shows that it isn't just nothing. $500 million lawsuits aren't to be taken lightly.
And it's not just my privacy. Many MANY apps and services including googles require access to many things that the app has absolutely no reason to have. theres a dev in the market called FREE WING go download his persmissions apps named after specific permissions example: READ_PHONE_STATE, it shows you some of what that permission pulls from your phone such as your name, device ID, phone number, contacts, and more. SMS permission had not just the ability to "tell if i get a text" but has, and records, everything that was said, who sent it, and their numbers. or go get an app called "Denied permissions" it will show you how many each app has and break them down and explain a little of how they work. then use it to look at Google Docs app permissions. it shouldn't have the ability to change,delete, modify my account passwords, and that's just one of its BS permissions.
any facebook app that uses facebook to as an alternative log in gives that app by DEFAULT the ability to read my contacts, status, my FRIENDS status and apps they are using, where they also go, their photos, mine, and more (go to the apps privacy settings on facebook to find this stuff). my friends apps one THEIR phone have access to MY personal information, just because we are associated in facebook. NOT COOL! Facebook just told its game devs a couple days ago that they had like a week or something to change their games to prevent 3rd party apps that are associated with their games from accessing or keeping their patrons information while they play their games.
basically it comes down to my information can be accessed by places i didn't give the OK to or even have heard of. google shares information with apps. try reading the privacy polices for apps sometime (go read AppPack's - Highlight app and T-mobile Mall's app privacy policies). its like the fine print that no one ever reads in contracts or car advertisements. its there but no one takes the time.
google used to be a damn search engine. now they own android, google, Google Chrome OS (just came out), admob, and more. im ok with ads. and them having info i know i asked them to hold on to. I can't imagine what dirt someone could find on someone running for president in 10 years. dirty pics from when someone texted them when they were 25, 18, 16. or their online diary they kept for some reason. things they said on a forum, damn i couldn't imagine my old myspace stuff. some of that could get me in to trouble. i was a party animal at the time. ya see where i'm going? wouldn't have posted that stuff 10 years ago if i had known what i know now.
theres enough info of ours unintentionally online and accessible. go google yourself. they don't need my location to boot
don't believe any of this then take some time to read what you are saying ok to. some privacy policies are like when in those cartoons (devil and daniel mouse) the devil asks you to sign a contract in your own blood, but you forgot their was stuff written on the back page.
But you don't have a right to privacy.....you agreed to the terms and conditions of Google's use when you began using your phone. You signed those rights to privacy away when you signed that Google account into your phone (which, in fact is where the agreement to the terms and conditions lie). You installed Google docs and said "yeah, its okay if this app has access to these things." You update your Google apps every release of a new version. Apple is having issues with this yes, but that's because it was never previously a part of their terms, and they were doing it without customers knowledge. Google is not having issues, will not have issues, and presented all that information to you upfront when you signed up for your Google account, well within your buyer's remorse. Likewise, they do have an option to opt out of "Location services" during most device's initial setup procedures. I bet if anyone sued Google, they wouldn't even prepare a case. They'd refer the judge to the terms of your Google account or those permissions you were okay with.
Bottom line, Yes you have your right to privacy. But you can't give away those rights away to Google or Facebook or whoever then complain about it. Those terms and conditions aren't just there for show, they create them for these specific reasons. It'd be like If I gave you my social security number, checking account number, and address and then was shocked when my identity was stolen and went to file a police report. Working for T-Mobile, I hear these types of arguments on a daily basis, but let me just say it hasn't once changed a thing. Once you agree to them, you can't change your mind until the terms are changed and presented to you again.
I've said it before and I'll say it again. If you like privacy, DO NOT USE A SMARTPHONE. You see, I use a smartphone because I could give two ****s less what Google has access to in my phone. There are only 9 numbers I don't want anyone having access to and lets be honest. I highly doubt Google is stealing our SS #'s.
A link to google and it's work it does for the NSA and CIA. They are more than a company pushing Internet mobile ads. Do not do anything with your phone that you do not want recorded and handed over to the government.
http://www.pcworld.com/article/188581/the_googlensa_alliance_questions_and_answers.html
Remember what google and others did to to people yearning for freedom in China.
http://www.nytimes.com/2006/02/15/technology/15cnd-internet.html

Google Play App history

What do you think of Google Play's App history? There's no way of removing your app history, it logs every app you have ever installed.
At the moment, there are two tabs in the "My Apps" menu. One is "Installed" and the other one is "All". It seems like finding the apps you have previously bought (but not installed yet) isn't that easy anymore, either you use search or try to find them in the huge "All" list.
Just stupid.
Do I have to create another Google Account or what? Why can't Google allow us to remove our app history?
edit: Report the issue here to get Google's attention: http://support.google.com/googleplay/bin/static.py?hl=en&page=known_issues.cs&ki_topic=1319135
I agree. That sucks about the new Play Store. I was happy with the way it was before showing only installed and purchased apps. Most apps I've uninstalled because I didn't need them or they didn't work well, so why would I care about still having them in my apps list? Pretty ridiculous. I found it to be pointless in the Web Store itself, but now it's just a pain scrolling through that list of unnecessary apps on my phone trying to find one I actually need. Not to mention everytime you tap on an app and go back to the list, it jumps to the top and I have to scroll all the way again. There should be an option to purge/remove apps that you don't want in the history list.
Sent from my Desire HD using xda premium
Google should keep a list of their horrible ideas instead.
Sent from my SGS II
Haha +1
Sent from my Desire HD using xda premium
Maybe if enough of us complain, they'll change it
Watching this app history on my google play account on the pc I was wondering why there are apps listed I used a very long time before.
Well, google needs the history for stats but why saving it for so long?
I am strained when the first apps will remove from the history.
Gesendet von meinem GT-I9001
I find this very annoying as well.
There is no need to keep a list of our previously installed apps.
Some apps i just install just to see what it is and have no interest in it after a while.
If this continues then i will probably have the a whole list of apps in the google play store in my history.
yes it's really boring, i just changed my cellphone and i have all all all the history from 2y of download it's hard to filter the one that i wanna keep and the others...
Anoying you cant choose to remove apps
I complained to Google about this the day 3.5.15 was released. I also started a Google code entry on this just now. Would be great if all that are concerned would head over there and star it!
http://code.google.com/p/android/issues/detail?id=28964&colspec=ID Type Status Owner Summary Stars
XideXL said:
I complained to Google about this the day 3.5.15 was released. I also started a Google code entry on this just now. Would be great if all that are concerned would head over there and star it!
http://code.google.com/p/android/issues/detail?id=28964&colspec=ID Type Status Owner Summary Stars
Click to expand...
Click to collapse
Good idea!! I really hate this "memory".
I agree, I have starred and commented the google code page.
I remember reading somewhere that this app history might affect play store download counts and that's why Google haven't changed it. I sure hope the do something about it though!
I was searching for a way to "fix" or filter my ALL list and see that im not alone, uber retarded "feature".
/sigh
oh well i starred & commented on the issue, thanks.
We can report them in know issues
zerox_100 said:
...
Do I have to create another Google Account or what? Why can't Google allow us to remove our app history?
Click to expand...
Click to collapse
In this link Google Play support /googleplay/bin/static.py?hl=en&page=known_issues.cs&ki_topic=1319135
We can "Report this" on Deleting apps from My Apps/My Orders in Know issues
The more people who do, most will be taken into account
The more we push, the more they'll hear
Took a while for them to allow you to delete credit cards from your account, but maybe they'll get around to fixing this eventually.
claudiobastos said:
In this link Google Play support /googleplay/bin/static.py?hl=en&page=known_issues.cs&ki_topic=1319135
We can "Report this" on Deleting apps from My Apps/My Orders in Know issues
The more people who do, most will be taken into account
The more we push, the more they'll hear
Click to expand...
Click to collapse
Fixed link: http://support.google.com/googleplay/bin/static.py?hl=en&page=known_issues.cs&ki_topic=1319135
+1
Should remove ALL list
Sent from my GT540 using xda premium
The very new Google Play is a joke by its name. It's not you using Google to play, but Google plays with us. Starting with restricted countries to use its services and its "we-add-search-use-it-and-be-thankful" search and ending with such in-account irritating stuffs like the above mentioned.
So: Play with Google but remember it's Google who plays with you.
I don't think all your reports are able to change anything. They need it for some purposes, I don't think it's just their mistake or lack of foresight.
I wish there was some way to filter through it, or make groupings of applications.

(Potential) Malware found on Elephone S3 right out of box?

Hi guys
I recently purchased a Elephone S3 from Everbuying.com. I heard people talking about how notorious these Chinese phones are having malware installed on them, so I decided to give the malware check a go and use about 10+ popular Malware detection apps (Avast, Kaspersky, Avira, Trojan Killer, you name it) currently available on Play Store.
Out of all those, excluding warnings that doesn't really matter in this regards (Malware specific), the below two apps gave me those respective warning results.
I have done some research, but i don't think I found any relevant info in this regards. So, for all the guru out there, the question is obvious, should I be worried about these "non-deletable" apps (if not rooted)? If they ARE malicious, can I be worried free by turning off ALL permissions for the apps and in some case, disable the app (I can disable the Beauty Center, not ELE Launcher).
Thanks to you all for any input!
Malwarebytes Anti-Malware
App - Beauty Center
Message - Android/PUP.Riskware.Cooee.a
App - ELE Launcher
Message - Android/PUP.Riskware.Cooee.H
Stubborn Trojan Killer
App - Beauty Center
Message - General Trojan
App - ELE Launcher
Message - General Trojan
bagachin said:
Hi guys
I recently purchased a Elephone S3 from Everbuying.com. I heard people talking about how notorious these Chinese phones are having malware installed on them, so I decided to give the malware check a go and use about 10+ popular Malware detection apps (Avast, Kaspersky, Avira, Trojan Killer, you name it) currently available on Play Store.
Out of all those, excluding warnings that doesn't really matter in this regards (Malware specific), the below two apps gave me those respective warning results.
I have done some research, but i don't think I found any relevant info in this regards. So, for all the guru out there, the question is obvious, should I be worried about these "non-deletable" apps (if not rooted)? If they ARE malicious, can I be worried free by turning off ALL permissions for the apps and in some case, disable the app (I can disable the Beauty Center, not ELE Launcher).
Thanks to you all for any input!
Malwarebytes Anti-Malware
App - Beauty Center
Message - Android/PUP.Riskware.Cooee.a
App - ELE Launcher
Message - Android/PUP.Riskware.Cooee.H
Stubborn Trojan Killer
App - Beauty Center
Message - General Trojan
App - ELE Launcher
Message - General Trojan
Click to expand...
Click to collapse
go ahead and disable Beauty Center, as far as ELE Launcher, that seems legit. But if you don't like it, just replace it with something like Nova Launcher.
mattzeller said:
go ahead and disable Beauty Center, as far as ELE Launcher, that seems legit. But if you don't like it, just replace it with something like Nova Launcher.
Click to expand...
Click to collapse
Hi mattzeller, thanks heaps for the info! This might not be a good question, but just for my information, generally speaking, is there a way to distinguish between a real harmful malware (actively stealing personal info) and an app that has more access and integration to the phone's OS than others by looking at the information provided? In other words, is there any obvious give away sign?
Thanks again for the help!
bagachin said:
Hi mattzeller, thanks heaps for the info! This might not be a good question, but just for my information, generally speaking, is there a way to distinguish between a real harmful malware (actively stealing personal info) and an app that has more access and integration to the phone's OS than others by looking at the information provided? In other words, is there any obvious give away sign?
Thanks again for the help!
Click to expand...
Click to collapse
Well look at reviews of the app, see if it is installing other apps without your consent, or constantly nagging you to download other apps. Generally 99.99% of apps on Google play are safe. Occasionally some crapware gets on there, but if you take a look at its rating and reviews (not just the highlights) you should be good.
Sent from my SCH-R220
bagachin said:
Hi mattzeller, thanks heaps for the info! This might not be a good question, but just for my information, generally speaking, is there a way to distinguish between a real harmful malware (actively stealing personal info) and an app that has more access and integration to the phone's OS than others by looking at the information provided? In other words, is there any obvious give away sign?
Thanks again for the help!
Click to expand...
Click to collapse
Always check the apps permissions. I absolutely refuse to install an app that has permissions that it shouldn't be using. However, if the app you're about to download needs permissions related to the app features, that's OK with me.
I see so many Play Store apps that are just total spyware in my book. Flashlight apps are a good example of this. There is zero reasons a flashlight app needs to read my contacts or a data connection. Just be mindful of reviews and permissions and you'll be OK.
KernelCorn said:
Always check the apps permissions. I absolutely refuse to install an app that has permissions that it shouldn't be using. However, if the app you're about to download needs permissions related to the app features, that's OK with me.
I see so many Play Store apps that are just total spyware in my book. Flashlight apps are a good example of this. There is zero reasons a flashlight app needs to read my contacts or a data connection. Just be mindful of reviews and permissions and you'll be OK.
Click to expand...
Click to collapse
I don't worry about apps with excessive permissions, I just revoke the permissions I don't like.
Sent from my SCH-R220
mattzeller said:
I don't worry about apps with excessive permissions, I just revoke the permissions I don't like.
Click to expand...
Click to collapse
That's the best way to do it.
I do the same thing, but I see lots of people posting here that aren't too tech savvy. For them be mindful of what you download.
mattzeller said:
Well look at reviews of the app, see if it is installing other apps without your consent, or constantly nagging you to download other apps. Generally 99.99% of apps on Google play are safe. Occasionally some crapware gets on there, but if you take a look at its rating and reviews (not just the highlights) you should be good.
Sent from my SCH-R220
Click to expand...
Click to collapse
Thanks for the advice. Yes, I am aware that common source/cause of malwares are side load apps and rooted device. So I am always fairly cautious about any apps i installed via non-play store source. However, these two caught apk are installed right out of box. That kinda annoys me. I don't jump on the bandwagon and say Chinese phones are infested with malwares and I believe a lot of the time people just over exaggerate and blow some minority out of proportion.
However, the truth is, this is the first Chinese phone I got and it came with two identified malwares. To be fair, it might not be particularly malicious, but it's enough to make me have second thought about my purchase....
KernelCorn said:
Always check the apps permissions. I absolutely refuse to install an app that has permissions that it shouldn't be using. However, if the app you're about to download needs permissions related to the app features, that's OK with me.
I see so many Play Store apps that are just total spyware in my book. Flashlight apps are a good example of this. There is zero reasons a flashlight app needs to read my contacts or a data connection. Just be mindful of reviews and permissions and you'll be OK.
Click to expand...
Click to collapse
Thanks for the comment! Yes, I am quite careful about the app I get to choose to install, but I have little control over these apps that come pre-installed on these chinese phone and got detected as "malwares"
mattzeller said:
I don't worry about apps with excessive permissions, I just revoke the permissions I don't like.
Sent from my SCH-R220
Click to expand...
Click to collapse
Yap, what I did for those two apps I mentioned are turning off all permissions access to them, disable app for the one I can and turn off background data access. Hopefully it will freeze them for good and stop them from playing naughty.
Just a question though, say I do all those above (e.g. switching off permission, force stopped etc), technically speaking, can a malware still be "active and do what they "meant" to do"? I meant after all, they are meant to do something "out of control" right?
bagachin said:
Yap, what I did for those two apps I mentioned are turning off all permissions access to them, disable app for the one I can and turn off background data access. Hopefully it will freeze them for good and stop them from playing naughty.
Just a question though, say I do all those above (e.g. switching off permission, force stopped etc), technically speaking, can a malware still be "active and do what they "meant" to do"? I meant after all, they are meant to do something "out of control" right?
Click to expand...
Click to collapse
No, if you revoke the permission to view your contacts, it is the system that is blocking the apps ability to view your contacts.
Though I think you are being a little paranoid.
Everyone freaks out out all the permissions apps require, when the app actually never uses most of the permissions it asks for, at least not in the way you think. You wouldn't think the launcher needs permissions to access your contacts, but it does. How else is it going to allow you to make a call, or display an incoming all, or missed call/text badges.
I mean take a look at the litany of permissions Nova Launcher and TeslaUnread require, yet we all know the app is not malware. As long as you install from legitimate sources, you will be fine. Like I said in my first post, disable the Beauty app, the other is the Launcher. If you don't like it, install a different one.
Sent from my SCH-R220
Who would you rather have snoop in on your calls? China, or USA.. Because it is one or the other.. me personally, I will take the country in which I do not reside...
mattzeller said:
No, if you revoke the permission to view your contacts, it is the system that is blocking the apps ability to view your contacts.
Though I think you are being a little paranoid.
Everyone freaks out out all the permissions apps require, when the app actually never uses most of the permissions it asks for, at least not in the way you think. You wouldn't think the launcher needs permissions to access your contacts, but it does. How else is it going to allow you to make a call, or display an incoming all, or missed call/text badges.
I mean take a look at the litany of permissions Nova Launcher and TeslaUnread require, yet we all know the app is not malware. As long as you install from legitimate sources, you will be fine. Like I said in my first post, disable the Beauty app, the other is the Launcher. If you don't like it, install a different one.
Sent from my SCH-R220
Click to expand...
Click to collapse
Unfortunately the way things are with the permissive Android system, we have to be a little paranoid. The built in system apps like launchers and permissions can't be disabled easily unless the user is technical enough to know about rooting using apps like xposed/xprivacy.

New apps impossible to find

The Sansung Gear Apps app is much improved, but it is frustrating for a seller like me. I create an app and upload. Then I sit and wait for weeks for someone to discover it by accident.
Example: I have a novelty watchface that shows the time in a cipher -- a code that looks like gibberish, but if you know how to "decode" it, you can tell the time, date, battery power, etc. pretty easily. Sure, it's geeky, but it's unique as far as I can tell.
The problem is that even with the new "New" apps list, it does not appear in the 350 app list (I think that is how many there are. Not sure.)
I sent feedback to Samsung and they explained:
"Regarding your inquiry, we would like to inform to inform you that our store is operated as 'Curated Store', it means all applications cannot be displayed under each category.
"The applications are displayed on the list based on the number of downloads, price’s value and sales period, so please understand our store concept."​
How can a new app that no one knows about be downloaded if it doesn't appear in the available lists?
In my case, the app is called "Alien Invasion Cypher" and I now have one download after many weeks. The guy must have searched on one of those words from the app name and my app popped up. Otherwise he never would have seen it.
There's got to be a better way. Why not a web site with unlimited lists of apps? Or a new app list that shows new apps, not new apps that have been downloaded?
While it seems no one is interested, I have an update. The new Gear App shows new apps even if they have not been purchased yet. Thanks, Samsung!
yeah I think absolutly the same as you...the gear store is such a chaos...and very hard for new developer so for examples I made some watchfaces and some has still only 10 download after a month...and it is really too hard to find new good apps like your new app :/

FOSS on Android - Where are all the apps i can Trust? There isn't Any!

I think Android has a Big Problem - There is little Real FOSS on Android. It's partly Google's fault. It's partly the Linux communities fault. It's partly the Developers fault. Yeah guys i'm talking about You. Or perhaps I'm just really bad at searching but no, I won't accept that. I've seen whats on the Google Play Store.
Sure there is F-Droid which is Awesome but it's not enough. I get that people want to make money. If you have a good app you want to charge for that's fine but Don't expect me to use a Keyboard App for example that wants to access my SD Card and have permission to delete files or view my contact list. Whats wrong with you developers? Don't you even care that most of your apps use unscrupulous practices?
I go about looking for a simple app to increase the size of the icons so my tired eyes can actually read the text below the icon. (Marshmallow 6.0.1) F-Droid doesn't seem to have one. Google Play has lots of ways to do this but they all have ads. O.k. I think, perhaps I can live with an ad or two but then I look at the Permissions and balk! Why does an icon app need to view my network connections or have full network access or change my system settings when all I need it to do is make a bigger icon - It doesn't. ( I won't even go into the Flashlight spying on you issue, Goggle it)
I consider these apps spyware that should NOT be offered on Google Play. That's 99 % of all apps on Google Play. No telling what these apps may be doing in the background and here is the problem. Why this practice seems to be accepted in our society is way beyond me. Or I can admit the truth that we live in a corrupt society where people no longer care.
My 89 year old Mom has had the same IPhone for the past 7 years. It has a tiny screen, poor resolution. She uses it for a phone - that's all. She wont use the internet or any apps on it at all - yet she calls me to look stuff up for her all the time. I'd like to switch her to a much cheaper and more modern Android phone that she can actually use but I Can't and Won't because she don't need the nightmares of ads every 5 minutes and apps that want to access things they have no business accessing.
Android doesn't need virus's, the apps have become the virus. It's sad this has become the norm. Perhaps things will change but I doubt it. Why doesn't Google Play offer a Foss category? Where are all the real Foss apps, does anyone know cus I'm just not seeing them and I think that's sad. It screams volumes that reflect badly on this community. Thank you for reading my rant.
https://medium.com/insurge-intelligence/how-the-cia-made-google-e836451a959e
Google = CIA
F-droid = can replace most embedded spyware apps. Rooting your device and going nuts with a good root uninstaller are the first steps. Get rid of all Google crap. Installing AdAway is next. Replacement of nearly all bundled spyware is possible.
You will never achieve perfection while using the most popular spyware OS on the planet. But you will not get perfection on Windows or iOS or blackberry or Symbian either. Though it's much worse now.

Categories

Resources