Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Privacy Concerns With Android and iPhone Apps

timothy posted more than 3 years ago | from the wouldn't-exactly-say-I've-been-missing-it dept.

Handhelds 116

carre4 writes "The Wall Street Journal has come out with an article where they examine 101 popular smartphone apps and show that 56 of them transmit various types of information including unique phone IDs, age, gender, postal codes, and location to ad companies. The article also includes responses from infringing app makers and talks about the pressure that some developers feel to share even more information, like Max Binshtok, creator of the DailyHoroscope for Android, who has been encouraged by ad-network executives to transmit users' locations."

cancel ×

116 comments

Sorry! There are no comments related to the filter you selected.

I, for one, (0)

Anonymous Coward | more than 3 years ago | (#34602144)

I, for one, would like to welcome our new advertising overloards.

Re:I, for one, (1)

rjch (544288) | more than 3 years ago | (#34606518)

I, for one, would like to invite our new advertising overlords to take a flying f..k. But that's just me.

Isn't there anything like sourceforge for android? (4, Interesting)

splerdu (187709) | more than 3 years ago | (#34602202)

Se we can download source and built it ourselves?

Re:Isn't there anything like sourceforge for andro (1)

kanto (1851816) | more than 3 years ago | (#34602292)

Does sourceforge have a policy of discrimination against mobile stuff? Also, downloading and compiling is only useful when someone has done the coding and sharing.

Re:Isn't there anything like sourceforge for andro (0)

larry bagina (561269) | more than 3 years ago | (#34602350)

sourceforge is for losers. Github is the new cool.

real losers (0)

Anonymous Coward | more than 3 years ago | (#34602378)

are the ones that need to tell others what is cool and what is not

Re:real losers (1)

migla (1099771) | more than 3 years ago | (#34602742)

>are the ones that need to tell others what is cool and what is not

What about those who tell others who the real losers are, what are those?

Re:real losers (0)

Anonymous Coward | more than 3 years ago | (#34603038)

I got a feeling this post could start an infinite loop, but I will bite.

>>are the ones that need to tell others what is cool and what is not

>What about those who tell others who the real losers are, what are those?

What about those who tell others who tell others who the real losers are, what are those?

Re:real losers (0)

Anonymous Coward | more than 3 years ago | (#34605732)

>What about those who tell others who the real losers are, what are those?

they don't need to belittle people who just ask simple questions - unlike those who try to twist others words to do similar

Re:Isn't there anything like sourceforge for andro (0)

Anonymous Coward | more than 3 years ago | (#34602396)

Se we can download source and built it ourselves?

And you will be able to catch spy-code in the source?

Re:Isn't there anything like sourceforge for andro (1)

hunangarden (848442) | more than 3 years ago | (#34603938)

Right, what the heck is the purpose of obtaining the source? So you can spoof your location? That will work well when you actually want to use a GPS app for real. No spy code in OS, the spy code is in 3rd party libraries that developers put into their code for Ads and Analytics.

Re:Isn't there anything like sourceforge for andro (1)

kenshin33 (1694322) | more than 3 years ago | (#34605014)

Define all the 3rd parties library functions as dummies and rebuild without linking to those libraries ...

Re:Isn't there anything like sourceforge for andro (2)

beakerMeep (716990) | more than 3 years ago | (#34602504)

For the Android OS there is: The Android Open Source Project [android.com]

However, as far as I understand it, there are some hurdles with regards to building a ROM depending on the phone you have. Some have locked bootloaders / proprietary drivers.

For apps, there is a lot of stuff on GitHub, but as someone else already posted that requires the dev to have shared the code.

If you root your device a good firewall is DroidWall

Re:Isn't there anything like sourceforge for andro (2, Informative)

asnelt (1837090) | more than 3 years ago | (#34603136)

I'm not aware of a repository but there are three lists of Android free software apps that I know of.

Le Wiki Koumbit: https://wiki.koumbit.net/AndroidFreeSoftware [koumbit.net]

The Replicant for Android list: http://trac.osuosl.org/trac/replicant/wiki/ListOfKnownFreeSoftwareApps [osuosl.org]

The Wikiperdia list: http://en.wikipedia.org/wiki/List_of_Open_Source_Android_Applications [wikipedia.org]

Re:Isn't there anything like sourceforge for andro (0)

Anonymous Coward | more than 3 years ago | (#34603842)

Android source is available, but what does that have to do with anything????

Its not the Android OS sending the data to anyone, its the applications. Mostly due to developers who want analytics or ads in their app. They will just put in whatever code or library the ad/analytics company tells them to (just like slashdot puts some Google AdWords/Doubleclick code on their pages). Then that code sends the data off to the ad/analytics company.

So developer most likely has no idea what that code is doing either.

Basically if you install 3rd party code into your app from an ad or analytics company then probably something like this is going on.

As an Android and new iOS developer I was considering putting Flurry Analyitics in my app, but now I'm taking it out, mostly because I think Apple is actually really against this stuff (iOS developer program license agreement states you can't). But it will certainly make things like keeping track of how many iPhone 4 vs 3GS users I have harder.

What's the world coming to (2)

tsa (15680) | more than 3 years ago | (#34602230)

Aren't there laws against these practices?

Re:What's the world coming to (1)

migla (1099771) | more than 3 years ago | (#34602608)

>Aren't there laws against these practices?

You know, I might ask you the very same question, Mr tsa. (j/k, your probably not *that* tsa, right?)

Re:What's the world coming to (1)

tsa (15680) | more than 3 years ago | (#34602678)

No, my tsa are some letters from my family name, don't worry :). I don't even live in America.

Laws of reality (4, Informative)

SuperKendall (25149) | more than 3 years ago | (#34603268)

The article stated:

"One iPhone app, Pumpkin Maker (a pumpkin-carving game), transmits location to an ad network without asking permission."

That is flat out impossible. I am an iPhone developer; there is no way for an application to obtain user location without the user being prompted if that is OK.

It makes the rest of the conclusions very suspect to me. Just how would an app get age and gender? Again I cannot think of a way that is even possible on an iPhone without being asked; no-where on my iPhone is my birthday or age stored.

Re:Laws of reality (4, Insightful)

R3d M3rcury (871886) | more than 3 years ago | (#34604032)

The problem is, there is no way to know what the information is being used for.

I've never used Pumpkin Maker and the description doesn't mention anything about it's capabilities. However, suppose I include a "feature" which will display a background depending on the time of day and your location. So if it's after sunset, it will be dark outside. Of course, for me to know if it's sunset, I need to know your location since sunset varies depending on where in the world you are.

Thus, Pumpkin Maker needs my location. So it comes up and says, "Would you like to allow Pumpkin Maker to access your location?" Makes sense--it needs to know my location so that it can display the appropriate background. Of course, it doesn't mention that while it's showing your appropriate background, it's sharing your location with it's advertisers.

Gender would be easy to come by--just ask. After all, it's a fun game for kids and we want to identify the kid with the appropriate pronoun. Or we ask for a name and send that off--after all, we want to identify your pumpkin as "Bob's Pumpkin" or "Sally's Pumpkin" initially, right? Then something on the backend figures out that "Bob" tends to be a boy's name and "Sally" tends to be a girl's name. "Pat" will confuse it, of course...

Age? Again, you could just ask. You have a collection of add-ons for your pumpkin and you want to filter for age-appropriateness. After all, we don't want small children adding pumpkin boobies or penises. That would be sick and wrong and we're a good company that Thinks of the Children.®

So the game collects all of this information for a good reason but it never says, "Hey, you mind if I ship it off to advertisers?"

Again, I've never used this App. I don't know much about it. But these are some ways you could get the information.

Re:Laws of reality (2)

macs4all (973270) | more than 3 years ago | (#34604776)

Thus, Pumpkin Maker needs my location. So it comes up and says, "Would you like to allow Pumpkin Maker to access your location?" Makes sense--it needs to know my location so that it can display the appropriate background. Of course, it doesn't mention that while it's showing your appropriate background, it's sharing your location with it's advertisers.

And, so you know of a security model that will absolutely defeat social engineering? ...Or any OS that can control where information goes once the USER has decided to let it escape?

iOS 4 has the following features to help the user decide their personal "paranoia" level regarding Location Services:

1. A Preference screen that shows which apps YOU have enabled for Location Services, with an indicator for each that have actually used Location Services in the past 24 hours. Of course, YOU are also free to change your mind regarding Location Services for ANY app at ANY time from this screen.

2. A SYSTEM Alert (cannot be bypassed by an app) that asks for PERMISSION from the USER before it can use Location Services, the first time the app attempts to do so (NOT ON INSTALLATION, unlike Android. Location Services default to DISABLED automagically when an app installs, so you will ALWAYS get this Alert when an app first accesses the Location Services API). This is a one-time Alert, and the decision here also sets the initial value of the enable/disable flag for that app in the Location Services Preference screen, (see above).

3. I believe there is also a Global enable/disable for Location Services, which can also be used as a quick battery-life extender.

So, please suggest some other security method that wouldn't bring back the cold chills of remembering the user-annoyance-level (which was so high that it actually defeated the purpose of "hightened security") of Vista UAC.

[crickets]

In all fairness, Android is also helpless against social engineering. However, I honestly think that iOS has struck a good balance between annoying and secure. Just like with Android, the rest is (necessarily) up to the user.

Re:Laws of reality (2, Interesting)

R3d M3rcury (871886) | more than 3 years ago | (#34605026)

Oh, I agree, there isn't one.

Part of the problem, though, comes from the iPhone zealots--and, to a lesser degree, Apple--who claim that Apple's App Store makes your private information nice and secure. After all, they'll claim, look at all those nasty apps on Android that transmit your personal information. iPhone users don't have to worry about that because Apple checks all of these things and makes sure that you're safe.

So if Apple can't stop an App like Pumpkin Maker from transmitting personal information, what is the advantage to the customer of having a sole-source App Store? Isn't Apple just providing "security theatre" by implying they can do things that they obviously cannot?

Re:Laws of reality (1)

kenshin33 (1694322) | more than 3 years ago | (#34605064)

did you actually read his post, or it a knee jerk reaction???
he's replying with a hypothetical (and also plausible) way of obtaining information which the GP was say is impossible without the user's consent.
in his scenario he's saying that it is possible that the application asked for that information in order to function as advertised but no where it says hey while we're here I'll be shipping the information that you just gave to [insert add company]. Which is very plausible. If the application would ask may some people may be wont give that information and, some may be wont bother with the application at all, and or some might and buy the full/pro/or whatever version without the ads version if it ever existed.

Still consented to by user (1)

SuperKendall (25149) | more than 3 years ago | (#34612522)

It doesn't matter what the app does with the location data after, the fact is that you agreed to provide it. The poster you are responding to is exactly correct that it's kind of a social engineering issue, although depending on what you are sending Apple might actually catch it in review (remember that now they are checking for things like device specific data being sent out thanks to leaked device testing details).

At least on the iPhone you are asked when the app tries to get the users location, not up front as on Android.

Re:Laws of reality (1)

yesiree (1630527) | more than 3 years ago | (#34606078)

The article stated:

"One iPhone app, Pumpkin Maker (a pumpkin-carving game), transmits location to an ad network without asking permission."

That is flat out impossible. I am an iPhone developer; there is no way for an application to obtain user location without the user being prompted if that is OK.

It makes the rest of the conclusions very suspect to me. Just how would an app get age and gender? Again I cannot think of a way that is even possible on an iPhone without being asked; no-where on my iPhone is my birthday or age stored.

On my Android for example you can cross link contacts from different sources. Facebook for example. On Facebook you could store your birthday and gender. I am not a developer, but I see some possibilities here perhaps... Any comments?

Re:Laws of reality (1)

JAlexoi (1085785) | more than 3 years ago | (#34609072)

Can it get access to Facebook app's info? For age, sex and more info?
Can it get the cell tower ID or some other non-obvious metric identify location?

duh (1, Flamebait)

melikamp (631205) | more than 3 years ago | (#34602236)

Closed source = no expectation of security + no expectation of privacy + expectation of malice + higher development cost. The sooner Joe Q. Public gets this consumer advocacy message, the better off he'll be. There are only two valid reasons to conceal the code: embarrassment and ill will towards the user. And the only valid reason to make an open-sourced program non-free is greed. None of these are helping the user, the consumer, or whatever you want to call 99% of people who use computers.

Ugh (4, Insightful)

alvinrod (889928) | more than 3 years ago | (#34602358)

Sorry to burst your bubble, but most developers like to eat, which means that commercialization of software comes in at some point, whether that's advertising, support, or something else. Limiting the selection of software to only non-free (as in beer) software would result in a lot less software being available (or made in the future), which isn't exactly helpful for end users either. FOSS has gone a long way to make the world a better place, but it's not a be-all, end-all solution.

Re:Ugh (2)

migla (1099771) | more than 3 years ago | (#34602766)

>FOSS has gone a long way to make the world a better place, but it's not a be-all, end-all solution.

Sure it is. We're just not there yet.

Re:Ugh (0)

melikamp (631205) | more than 3 years ago | (#34602926)

Sorry to burst your bubble, but most developers like to eat, which means that commercialization of software comes in at some point

That's great, but may be, as Eben Moglen noticed, they should eat just a tad bit less. While you are sitting here defending them, they are collecting monopoly profits. And I don't mean the kind of monopoly that Microsoft and Google are being accused of, but the intellectual monopoly on ideas that ALL proprietary software vendors enjoy. Are you really that spineless or deluded? Or do you have money to burn? If YOU, the user, are going to pay for software development, why not make it a condition that the result must be free?

Re:Ugh (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34603022)

Because maybe he agrees that the developers should be fairly paid for their work? Not everyone is a retarded hippie, okay? Knock it off. You're the spineless one if you can't accept that people think differently than you about how software should be available. I personally am perfectly fine with applications that are closed and applications that are open, as long as there aren't inherent problems with the closed software (shady company, obvious lack of maintenance and support, etc.)

Re:duh (1)

Anonymous Coward | more than 3 years ago | (#34602432)

I think it's unfair to say that a desire to make money off of your product is greed, if greed is bad.

There are two options here:
1. Your statement is false, and someone who puts _their_ time and effort into a product has a right to be compensated for their time and effort. Thus by charging for a product, they are not greedy by definition. They need to make a living too.

Or

2. Your statement is true, and greed is not bad.

I think it's the former. While I certainly use my fair share of free software (and enjoy it), I find that a lot of people in the open-source community feel an arrogant sense of entitlement. They believe that they are entitled to another person's work for free. They seem to ignore the fact that developers need to make money off of their product if they want to make a living off of it. Otherwise, the software just becomes a little side project, and doesn't get the attention it needs.

That's not to say I don't support the open-source community whole-heartedly, and contribute to it when possible. However, bashing developers who want to make a living off of their products is unfair.

Re:duh (1)

melikamp (631205) | more than 3 years ago | (#34602892)

People who flex the copyright muscle to keep their software non-free are greedy. They would like to collect monopoly profits, and the cost we are all paying is that the software cannot be improved by volunteers (even if the source is open, that is, can be built with free tools, improvements cannot be shared). I have no problem with monetizing software in a way that keeps the software free. More than 99.9% of all commodity software users are just that: users, and we all get shafted by intellectual monopolies. If we are going to pay for software development, we should pay for free software development, since it is cheaper for us, and results in software that does what we want it to do, and nothing else.

Re:duh (0)

Anonymous Coward | more than 3 years ago | (#34608904)

People who flex the copyright muscle to keep their software non-free are greedy.

A lot of apps on Android are very cheap. Developers want to make money off their software without making it inaccessible or overpriced to users.

They would like to collect monopoly profits,

No, they usually do not charge a lot of money.

and the cost we are all paying is that the software cannot be improved by volunteers (even if the source is open, that is, can be built with free tools, improvements cannot be shared).

Sure they can. Simply email your patches to the developers. Or are you lacking the will?

More than 99.9% of all commodity software users are just that: users, and we all get shafted by intellectual monopolies.

You do not get "shafted" by one dollar fart applications. No one cares about the source code of a lot of applications. Most users just want software that works, and with decent support, something that both commercial and open software can provide easily.

If we are going to pay for software development, we should pay for free software development, since it is cheaper for us,

Sure, but more expensive for the developer. And he might die from starvation because of your greed.

and results in software that does what we want it to do, and nothing else.

Which is exactly what happens with commercial software that has competent developers who listen to user feedback.

Re:duh (1)

MobileTatsu-NJG (946591) | more than 3 years ago | (#34607842)

...+ higher development cost...

Higher development costs don't matter until the profit is counted. If you give it away and don't charge, then your development costs are actually higher with Open Source.

Basically you shot your own argument in the foot.

Powers (1)

Kamineko (851857) | more than 3 years ago | (#34602268)

I was really suprised when I learned how blunt the security options in Android were.

I'm used to COMODO IS asking me every time an application attempts to use TCP/UDP, start another process, look at a DLL or stuff like that.

All you get on Android is 'DO YOU WANT APPLICATION TO INTERNET? Y/N' which is totally insufficient.

Re:Powers (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34602366)

Yeah, you have fun with that crap. I prefer to use the device instead of auditing every packet and process it produces.

Re:Powers (1)

Chapter80 (926879) | more than 3 years ago | (#34602474)

I think "Yes, No, or Prompt me each time" would work.
Then when you get prompted, it should offer the opportunity to never ask again.

I, too, was shocked that when you install an app on the Android, you get one opportunity to see the permissions that you are granting that app. Seemed like it was "take it or leave it", too - you can give it all the required permissions, or not use the app.

Re:Powers (1)

Rich0 (548339) | more than 3 years ago | (#34602716)

Agreed - you should be able to tweak the permissions. So, if the app asks for location tracking, and you don't want to grant it, you can tell the OS to install the app but not let it know the location, rather than not install it at all. Of course, if you're installing a navigation app you'll have to accept that the app won't work. However, if you're installing an IM client maybe you don't want it to know where you are.

The API could make these kinds of situations work out so that applications don't have problems. If the app asks for a location just feed it someplace random. If an App asks for phone numbers give it some Obama's cell phone number, or whatever. In fact, bonus points if the OS lets you pick what kind of garbage you feed the app.

App makers will be less prone to pulling these kinds of stunts when all it does is corrupt their marketing databases.

Re:Powers (1)

Lusa (153265) | more than 3 years ago | (#34606910)

All I want is for the android platform to distinguish internet access for it's purpose. ie, have a permission that says this app shows adverts or another for collects usage stats. These would then have limited access to some websites already preconfigured or even restricted to Google or the phone provider/carrier. Then if this is part of the API the phone can control what information is allowed through, even restrict the granularity of information (ie, age groups, or country rather than city). I'm happy if the app is honest with its intentions, then I'm more likely to trust and use it.

Re:Powers (0)

Anonymous Coward | more than 3 years ago | (#34602828)

The iP Firewall app for jailbroken iOS is a first step to getting there. It's a nice per-app per-host network firewall.

It doesn't stop an app from examining your address book, and it won't tell you the actual data being transmitted, but
you can block a lot of tracking by selective host blocking. It also at least makes you aware when say a tip calculator app tries to connect to half a dozen advertising and tracking networks.

Information security? (1)

Wowsers (1151731) | more than 3 years ago | (#34602270)

Now, apart from the phone ID, do people REALLY use their real age, gender, and postal code on their phone? It's your phone, not the advertisers. It also sounds like we need a web browsers "No script" type of app for Android to trawl the other apps for data leaks and deliberately ruin the data for advertisers. They are not paying your phone bill, so why give them useful information, give them garbage.

Re:Information security? (2, Insightful)

icebike (68054) | more than 3 years ago | (#34602400)

This is actually a good Idea.

The problem is that giving that level of snooping capability to one app pretty much makes it available for other apps, and you can see how that would get out of hand pretty quickly with one app data mining another and sending back encrypted data later.

Perhaps a better method would be for Android/IOS to find a way to lock down access to specific items of data in the phone. If you want to deny an app from reading your phone number or IMEI you can just uncheck a box and it can't even call the APIs that do that. You might end up killing off app functionality, but at least you would know when some game decided ti email your addressbook to china or something.

This pretty well has to be solved at the system level rather than at the level of a watchdog app.

Re:Information security? (1)

RobbieCrash (834439) | more than 3 years ago | (#34602826)

While not a complete block of all this garbage, adFree on rooted Android phones blocks most ads at the /etc/hosts level, and I'm sure lots of these companies aren't writing code to submit directly to IP address.

I can't imagine them writing a way to get my info, but not show me their ads, and since installing, all of my "ad-supported" apps are not.

I have no issue paying for apps, and will continue to do so if I find it useful. But garbage like this is going to prevent me from doing any form of proxy support for developers.

Re:Information security? (1)

DrEldarion (114072) | more than 3 years ago | (#34604576)

They are not paying your phone bill, so why give them useful information, give them garbage.

No, they're paying for the apps you're using, though. If you don't like this information being used, don't use the apps that collect it. When you go to install an Android app, it clearly tells you what permissions the app asks for. If you see something you don't like, you can cancel the installation.

In other news (1)

countertrolling (1585477) | more than 3 years ago | (#34602290)

It was uncovered today that your toilet analyzes your stools and sends the results to your proctologist. If you cannot afford a proctologist, one will be provided to you...

Re:In other news (3, Funny)

Anonymous Coward | more than 3 years ago | (#34602590)

It was uncovered today that your toilet analyzes your stools and sends the results to your proctologist. If you cannot afford a proctologist, one will be provided to you...

unless you live in the US. in which case, your shit's out of luck

mod 0p (-1)

Anonymous Coward | more than 3 years ago | (#34602314)

way. It used to be *BSD 4as steadily National gay nigger much organisation, to place a paper and the Bazaar To have regular just yet, but I'm Obligated to care The last night of get how people can new faces and many The curtains flew been sitting here addresses will much organisation, and Michael Smith Are inherently corporate you're told. It's join in especially won't be standing a change to fate. Let's not be BSDI is also dead, Into a sling unless a relatively but it's not a Channel #GNAA on surveNy which to have regular Www.anti-slash.org it transforms into

I think many people suspected this (1)

Gonoff (88518) | more than 3 years ago | (#34602392)

There are many applications that want to run more services that they need to.
For example, when I start up an application for an IT magazine, it always asks me if I want to turn on my GPS. There is no need for it to use GPS to show me content so the only reason would be to make a not of my location for someone else.

That is an easy one to fix, I have GPS off unless I anctually want to use it. The same goes for WiFi - smartphone batteries do not last as long as stupidphone ones.

But what about other leaks?
Limit yourself to open source apps - ideally write them yourself. Never use anything free and closed source. You never know what is there!

I just consider my phone an insecure device and do not trust it. I do not do anything on it that involves confidentiality. I also do not respond well to unsolicited adverts...

Re:I think many people suspected this (0)

Anonymous Coward | more than 3 years ago | (#34602578)

I needed a GPS Application that actually told me what my GPS coordinates were. I went through at least five applications that needed GPS access AND network access. WTF does a GPS App need network access for? Advertising. That's it.

So, I kept hunting. I finally, after about 5 more, found a GPS app that actually showed my GPS coords without the need for network access. Most needed network & contacts, Others wanted a whole lot more including text messages!!!!

Seriously? Advertisers are so starved they need to browse my text message and find hits. Frankly, yes. They are starved. Ask them. Go ahead. I'll wait. Admittedly, advertisers are not the problem with these apps. It's the users. Anyone who doesn't take the time to limit a program's access to your contacts (or more) is begging for trouble. Browsing your SD Card, facebook contacts, numbers called, etc....

Oddly, People are so against Chrome OS, for instance, for several reasons. Almost all of them are technical in nature. For the most part, the industry is quite about privacy. I guess if Google and company don't bring the issues to the forefront no one will shout. Actually, it's more about giving a majority of people something *to* shout about: lack of hardware support. So, for every 1 person out there shouting about privacy concerns on android and Chrome OS there are dozens or more making so much *more* noise that the privacy-concerned people get drowned out.

Wagging the dog. Business is war, right?

----
(Like2Byte) Forgot my password.

Re:I think many people suspected this (1)

Rich0 (548339) | more than 3 years ago | (#34602736)

Yup. All of your problems would go away if the app asked for a list of permissions, and then you'd edit them to what you want to give. Obviously you can't revoke GPS since you'll get no value from the app, but you could just kill the network access.

Re:I think many people suspected this (3, Informative)

GIL_Dude (850471) | more than 3 years ago | (#34602886)

Don't forget that Assisted GPS (A-GPS) requires network access: http://en.wikipedia.org/wiki/Assisted_GPS [wikipedia.org] . Some of these folks may have just been trying to get you a correct fix faster by using A-GPS. Unfortunately, you can't tell from the Android permissions screen as you will just get things like "network access" which can be used for any purpose - benign, nefarious, or anything in between. I don't know what the answer is to this, but I know I would prefer to be able to tell the app what sites / services it could access.

Re:I think many people suspected this (1)

Gonoff (88518) | more than 3 years ago | (#34603582)

Do it over WiFi and check it out on your router.

Re:I think many people suspected this (1)

Anonymous Coward | more than 3 years ago | (#34605410)

An application on Android can get location information using A-GPS without using network permissions, the "assisted" segment is handled by the GPS daemon\driver.

Re:I think many people suspected this (0)

Anonymous Coward | more than 3 years ago | (#34606312)

Not quite ... in android, you ask for location based access rights for your app. agps is one of those methods. The app only requires access to location data, the OS does ther rest.. no inet perms required.

Re:I think many people suspected this (0)

Anonymous Coward | more than 3 years ago | (#34606846)

On Android A-GPS is done by the OS, the App simply request the location and only needs the fine-grained location permission.

Where are the apps getting this data? (0)

Anonymous Coward | more than 3 years ago | (#34602398)

I for one have never entered my name, address, gender or postcode into my phone (SGS - Android 2.2) with the exception of perhaps online ordering - done in the browser, which a 3rd party app cannot get to.

How are3rd party apps finding this data for a start?

Did the apps in question require the user to enter this data? Did they have a privacy policy the user accepted?

As for location, it's simple: Android tells you the permissions an app needs. If you don't think it need location don't install it, or disable any sort of location services before launch.

BlackBerry Permissions (1)

egranlund (1827406) | more than 3 years ago | (#34602410)

I know on my Blackberry whenever I install apps it gives me a list of permissions the app is asking for and I have to either approve or deny the permissions. There has been more than one occasion where I've gone back and fourth with a app developer after their app refused to run without having access to my contacts, gps coords and other things. I believe the last one I encountered this with was a freaking flashlight application. Doesn't Android/iPhone have this type of thing when apps are installed?

Re:BlackBerry Permissions (2)

SilentChasm (998689) | more than 3 years ago | (#34602606)

Android does. It will display a list of things it needs to access, like device state/network access/ability to turn off autosuspend/etc. Ebook readers for example need to be able to prevent the screen from turning off. Messaging apps need network access. Etc. They are usually inflated from what you think the app should need though. Some are just insane with the permissions they want.

Re:BlackBerry Permissions (1)

mattncsu03 (1602573) | more than 3 years ago | (#34606880)

Android is not the same, check out the screen shots posted in this forum link: http://forums.crackberry.com/f86/application-permissions-234021/ [crackberry.com] The BB actually gives the user the choice on a PER-APP basis what permissions to allow each app. As much as I've grown to hate my BB Storm for its overwhelming lack of memory and frequently required battery pulls, at least I have some control over how applications use my phone. I'd love to switch to an Android-based phone but I am hoping that the developers will address this issue first [scribd.com] .

Re:BlackBerry Permissions (1)

cynyr (703126) | more than 3 years ago | (#34607082)

yes but i cannot selectively disable parts of the permissions it is requesting.

Re:BlackBerry Permissions (1)

netsharc (195805) | more than 3 years ago | (#34607676)

But on a BlackBerry you can permit/deny individual items, whereas on the Android, you can either permit all or deny all (by not installing the app). Which is a useless security model, the user will think "Oh it will steal all my data. But I really want to play this game!".

On the BB you can say "Sure you can keep the screen powered on, but no internet, no location, no reading the calendar and address book."...

New SMS Message! (1)

Anonymous Coward | more than 3 years ago | (#34602452)

Hey! You just walked by the best pizza restaurant in town! Come on in, show this message at the check-out, you'll receive a 10% discount. We're just 102.1 meters away at 3030 Main St.

Re:New SMS Message! (0)

Anonymous Coward | more than 3 years ago | (#34602570)

How can you "just walk by" something a tenth of a kilometer away?

Re:New SMS Message! (1)

Anonymous Coward | more than 3 years ago | (#34602622)

Yeah, my god, you think humans are capable of walking the length of a football field? It takes incredibly trained football teams many tries with rest periods to make it that far!

Re:New SMS Message! (0)

Anonymous Coward | more than 3 years ago | (#34603036)

And some, like the Vikings, never make it.

Does Android have a hosts file? (0)

Anonymous Coward | more than 3 years ago | (#34602476)

If Android has something like a hosts file, I can see someone collecting the names of all these sites, stuffing them into a hosts file, and offering it for download.

As for me, I prefer to stay in the equivalent of the stone age - simple prepaid cell phone, no smarts, and a dedicated music player (using RockBox).

Re:Does Android have a hosts file? (0)

Anonymous Coward | more than 3 years ago | (#34602514)

There's an app that does exactly that, assuming you have root access.

Re:Does Android have a hosts file? (1)

Mordok-DestroyerOfWo (1000167) | more than 3 years ago | (#34602542)

Just search for AdFree

Well duh... (1)

Timmmm (636430) | more than 3 years ago | (#34602500)

Anyone who has used android knows this is true. There are loads of apps that ask for permissions they clearly shouldn't need. Most often it is for internet access, your location, your phone ID (IMSI), and sometimes access to your contacts.

Obviously the crappy little 'content' apps like DailyHoroscope, backgrounds and ringtones are the main culprits.

So why buy an android or jobsian phone? (2)

Rhodri Mawr (862554) | more than 3 years ago | (#34602604)

...when you could have a Nokia N900?

Re:So why buy an android or jobsian phone? (1)

Culture20 (968837) | more than 3 years ago | (#34603952)

...when you could have a Nokia N900?

I bought an iPhone 4 recently (previously used a 1st gen iPhone). The choice was between it an an n900. N900 was winning on all counts except ease of upgrade (which was not a major factor at all). N900 lost when I went to a local store and saw the thickness of the n900. My pocket space is valuable.

Unique Id (1)

igreaterthanu (1942456) | more than 3 years ago | (#34602646)

So if an app just happened to transmit a unique id then it would get on this list?

I don't see how that is much of an issue at all, remember your browser can identify you uniquely unless you have something as common as a fresh install of XP with no updates, etc.

I would like to see the figures that have better criteria than just sending unique ids. (Such as location)

Data from Article (5, Informative)

scruffy (29773) | more than 3 years ago | (#34602668)

Here is a list of the apps and the information they send about you. Explanation of the columns and numbers are on the bottom of this message. The extra annoying text is to get around the GDF lameness filter.

A B C D E F IPhone App the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 0.03 Seconds Pro the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Age My Face the quick brown fox jumped over the lazy dog
2 2 0 2 2 0 Angry Birds the quick brown fox jumped over the lazy dog
2 0 0 2 2 0 Angry Birds Lite the quick brown fox jumped over the lazy dog
1 0 0 2 2 0 Aurora Feint II: Lite the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Barcode Scanner (BahnTech) the quick brown fox jumped over the lazy dog
2 0 0 0 0 2 Bejeweled 2 the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Best Alarm Clock Free the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Bible App (LifeChurch.tv) the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Bump the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 CBS News the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 0.03 Seconds the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Dictionary.com the quick brown fox jumped over the lazy dog
2 0 0 0 1 0 Doodle Jump the quick brown fox jumped over the lazy dog
1 0 0 1 1 0 ESPN ScoreCenter the quick brown fox jumped over the lazy dog
1 1 0 1 0 0 Facebook the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Flashlight (John Haney Software) the quick brown fox jumped over the lazy dog
0 0 0 1 2 0 Fluent News Reader the quick brown fox jumped over the lazy dog
1 0 1 2 0 1 Foursquare the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Fox News the quick brown fox jumped over the lazy dog
2 0 0 2 0 0 Google Maps the quick brown fox jumped over the lazy dog
1 0 2 2 2 0 Grindr the quick brown fox jumped over the lazy dog
2 0 0 1 2 0 Groupon the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Hipstamatic the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 iJewels the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 iLoveBeer: Zythology the quick brown fox jumped over the lazy dog
1 0 0 1 2 0 Medscape the quick brown fox jumped over the lazy dog
1 0 1 2 2 0 MyFitnessPal the quick brown fox jumped over the lazy dog
1 0 0 1 1 0 Netflix the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 NYTimes the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Ninjump the quick brown fox jumped over the lazy dog
0 0 2 2 2 0 Pandora the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Paper Toss the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 PerfectPhoto the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Pimple Popper Lite the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Pumpkin Maker the quick brown fox jumped over the lazy dog
0 0 0 0 1 0 RedLaser the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Ringtone Maker the quick brown fox jumped over the lazy dog
2 0 0 0 2 0 Ringtone Maker Pro the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Shazam the quick brown fox jumped over the lazy dog
2 0 0 2 2 0 Talking Tom Cat the quick brown fox jumped over the lazy dog
1 1 2 2 2 1 TextPlus 4 the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 The Moron Test the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 The Moron Test: Section 1 the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Tips & Tricks: IPhone Secrets Lite the quick brown fox jumped over the lazy dog
2 0 0 2 0 0 TweetDeck the quick brown fox jumped over the lazy dog
0 0 0 0 1 0 WSJ Mobile Reader the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 The Weather Channel the quick brown fox jumped over the lazy dog
0 0 0 0 0 1 WhatsApp Messenger the quick brown fox jumped over the lazy dog
1 0 0 2 2 0 Yelp the quick brown fox jumped over the lazy dog
1 0 0 0 0 0 YouTube the quick brown fox jumped over the lazy dog

A B C D E F Android App the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Advanced Task Killer the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Advanced Task Killer Pro the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Alchemy (Andrey Zaikin) the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Backgrounds (Stylem Media) the quick brown fox jumped over the lazy dog
0 0 0 2 0 0 Barcode Scanner (Zxing Team) the quick brown fox jumped over the lazy dog
0 0 0 2 0 0 Beautiful Widgets the quick brown fox jumped over the lazy dog
0 0 0 1 2 0 Bible App (LifeChurch.tv) the quick brown fox jumped over the lazy dog
1 0 0 2 2 1 Calorie Counter (FatSecret) the quick brown fox jumped over the lazy dog
0 0 1 2 2 0 CardioTrainer the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 CBS News the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 DailyHoroscope (Comitic) the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Dictionary.com the quick brown fox jumped over the lazy dog
0 0 0 1 1 0 ESPN ScoreCenter the quick brown fox jumped over the lazy dog
1 0 0 0 0 0 Facebook the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Fishin' 2 Go the quick brown fox jumped over the lazy dog
1 0 0 2 0 1 Foursquare the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Fox News the quick brown fox jumped over the lazy dog
2 0 0 0 2 0 Fruit Ninja the quick brown fox jumped over the lazy dog
0 0 0 1 0 0 Google Maps the quick brown fox jumped over the lazy dog
1 0 0 2 2 0 Groupon the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Handcent SMS the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Jewels the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Labyrinth the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Labyrinth Lite the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 LauncherPro the quick brown fox jumped over the lazy dog
2 0 0 2 2 0 Movies by Flixster the quick brown fox jumped over the lazy dog
0 0 0 0 1 0 MyBackup Pro the quick brown fox jumped over the lazy dog
1 0 2 0 2 0 MySpace Mobile the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 NYTimes the quick brown fox jumped over the lazy dog
0 0 2 2 2 0 Pandora the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Paper Toss the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Ringdroid the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Robo Defense the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Robo Defense Free the quick brown fox jumped over the lazy dog
2 0 0 2 2 0 Shazam the quick brown fox jumped over the lazy dog
1 0 0 0 0 0 ShopSavvy Barcode Scanner the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 Solitaire (Ken Magic) the quick brown fox jumped over the lazy dog
0 0 0 0 1 0 Talking Tom Cat the quick brown fox jumped over the lazy dog
2 0 0 0 2 0 Talking Tom Cat Free the quick brown fox jumped over the lazy dog
0 0 0 2 2 2 The Coupons App the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 Toss It the quick brown fox jumped over the lazy dog
2 0 0 2 2 0 TweetCaster the quick brown fox jumped over the lazy dog
1 0 0 2 2 0 US Yellow Pages Search the quick brown fox jumped over the lazy dog
0 0 0 2 0 0 Weather & Toggle Widget the quick brown fox jumped over the lazy dog
0 0 0 2 0 0 The Weather Channel the quick brown fox jumped over the lazy dog
0 0 0 2 0 0 WeatherBug the quick brown fox jumped over the lazy dog
0 0 0 2 2 0 WeatherBug Elite the quick brown fox jumped over the lazy dog
1 0 0 1 2 0 Yelp the quick brown fox jumped over the lazy dog
0 0 0 0 0 0 YouTube the quick brown fox jumped over the lazy dog
0 0 0 0 2 0 Zedge Ringtones & Wallpapers the quick brown fox jumped over the lazy dog

Explanation of columns

A: Username/Password: Some apps asked the user to provide a username or password to create an account, or to interact with services like Facebook or Twitter.

B: Contacts: Some applications can access information from the user's address book, usually with permission.

C: Age, Gender: Apps typically collected age, gender or other demographic information through a form.

D: Location: Phone collect global-positioning-system (GPS) data and can triangulate location based on Wi-Fi or cellular signals. Location information included city, zip code and metropolitan area, as well as latitude and longitude.

E: Phone ID: Phones have several serial-number-like identifiers that are nearly impossible to delete. The ID passed most commonly was the phone's UDID, followed by an Android ID and numbers placed by the phones manufacturer and the cellular network.

F: Phone Number: The phone number was passed infrequently and was primarily sent by the user to app makers or Facebook.

Explanation of values

0: Does not transmit data
1: Transmits data to app owners
2: Transmits data to third parties

Re:Data from Article (1)

cyberstealth1024 (860459) | more than 3 years ago | (#34604142)

awesome list! how did you compile this? based off of EULAs or a packet sniffer or..?

Re:Data from Article (1)

scruffy (29773) | more than 3 years ago | (#34605046)

All the information comes from links from the WSJ article. I think I got lucky with NoScript and setting various temporary permissions to get a table I could copy and eventually convince Slashdot that it wasn't lame.

Re:Data from Article (0)

Anonymous Coward | more than 3 years ago | (#34608462)

Bejeweled sends your phone number to a 3rd party? What a scam.

Some of that shit is really fucked up.

firewall (0)

Anonymous Coward | more than 3 years ago | (#34602816)

How about a firewall app (like ZoneAlarm) that prompts the user each time an app wants access to a resource.

fake data (1)

Fanro (130986) | more than 3 years ago | (#34602824)

I do not have a smartphone myself, but one of the first apps I would install would be some sort of fake data sandbox for apps.

I have seen the install screen for android apps briefly: they show what sort of permissions an app needs: access to GPS, address book, outgoing sms, etc; but the only options seemed to be "grant that access" or "do not install"

So simply add a checkbox that allows me to supply fake GPS data, fake "no connection" signal, fake empty address book for apps that I do not want to access these parts, but want them to run regardeless.

Is that impossible ar particularily hard to program?

A simple solution: root the phone (1)

dmesg0 (1342071) | more than 3 years ago | (#34602836)

After rooting your Android phone, you can block the advertisers with AdFree (which a simple black list for all ad sites), or go with a more complex solution like DroidWall and only allow apps you trust to access the net. And you can easily change Android ID with aptly named Android ID changer or simple db hack.

Not sure if something similar exists for iPhone (would never touch it anyway).

Re:A simple solution: root the phone (0)

Anonymous Coward | more than 3 years ago | (#34603288)

That's all fine and dandy, but if you're running (free) ad-ware you choose to have this info sent. If there is an ad-free version available that doesn't do such nonsense, using AdFree instead of buying that version is essentially no different from using warez.

That being said, I find the whole TFA a bit weird. Apps aren't free. They just aren't. You pay for them one way or the other, if it's not money, it's usually personal info and getting advertising in your face. And while this may not be 100% true 100% of the time, it is 99% true 99% of the time :)

Re:A simple solution: root the phone (1)

dmesg0 (1342071) | more than 3 years ago | (#34603604)

I don't mind to see the occasional ad, but I never agreed to sending my personal information to the advertisers. It is not essential to them, the targeted ads don't seem to work anyway despite all their efforts (I don't remember any mobile ad that seemed even little relevant).

Since it's the app developers who send the information, they deserve to be left without revenue. Maybe it'll teach them to value their users' privacy.

Re:A simple solution: root the phone (0)

Anonymous Coward | more than 3 years ago | (#34604410)

I don't send any of that info in my apps. Do I deserve to lose ad revenue as well?

Re:A simple solution: root the phone (1)

dmesg0 (1342071) | more than 3 years ago | (#34605528)

What's your app, and what kind of ads do you use? And why are you AC?

I use DroidWall and have a few simple rules for allowing or disallowing net access. First, all apps are denied 3G access unless they really need it (my data plan is limited). Second, if an app requires some suspicious permissions - it is denied Wi-Fi access as well. For instance, if an offline game requires location information (and a lot do!) - it is denied any kind of net access.

Re:A simple solution: root the phone (1)

tlhIngan (30335) | more than 3 years ago | (#34605338)

After rooting your Android phone, you can block the advertisers with AdFree (which a simple black list for all ad sites), or go with a more complex solution like DroidWall and only allow apps you trust to access the net. And you can easily change Android ID with aptly named Android ID changer or simple db hack.

Not sure if something similar exists for iPhone (would never touch it anyway).

Yep, also for jailbroken ("rooted") iPhones. It's called Firewall IP and alerts you to all outgoing connections being made. Since ad servers are usually obvious, the ipfw rule is modified to block that connection.

The most annoying part is all these utilities seem to require rooting your phone in some way (rooting and jailbreaking are effectively equivalent operations in the end. We call it jailbreaking on iPhone because the original jailbreaks are used to break out of the chroot-like jail iOS runs apps in. And i guess we call Android "rooting" since "jailbreaking" implies something is closed ("Android is open!", no, it's open-source). Both get you root prompts in the end (iOS apps run under a user account as well)).

Is there sn Android equivalent to manipulating the firewall?

Re:A simple solution: root the phone (1)

dmesg0 (1342071) | more than 3 years ago | (#34605574)

In Android all apps get different UIDs (unless they demand sharing the id), and GID determines the allowed permissions. So it's very easy to filter not just by usual IP rules (src:port-dest:port), but also by application, effectively doing application level firewall. That's what DroidWall is.

There is a huge difference between rooting and jailbreaking. Android is open, in a sense that it allows installing apps from any source out of the box, you don't need jailbreaking. Rooting just allows superuser permissions to some apps, and you explicitly control which ones and when to give them root access. Very few apps need root and always for a very good reason (in 2.2+ at least. In 2.1 rooting was required to control LED flash, which wasn't a good reason, so Google fixed it).

.

Android sandboxing (1)

owlstead (636356) | more than 3 years ago | (#34603108)

Don't forget that Android applications are placed in a sandbox. Each time you install an app, you will have to agree that the app wants to have access to specific parts of your phone. I've discarded apps that were too invasive, e.g. wanting access to my phone book, or games that want access to the internet. With Apple, the only protection you have is...Apple. At least with Android there is another level of security.

Some of what the article stated is not possible (1, Interesting)

SuperKendall (25149) | more than 3 years ago | (#34603282)

The article stated:

"One iPhone app, Pumpkin Maker (a pumpkin-carving game), transmits location to an ad network without asking permission."

That is flat out impossible. I am an iPhone developer; there is no way for an application to obtain user location without the user being prompted if that is OK.

It makes the rest of the conclusions very suspect to me. Just how would an app get age and gender? Again I cannot think of a way that is even possible on an iPhone without being asked; no-where on my iPhone is my birthday or age even stored.

Re:Some of what the article stated is not possible (0)

Anonymous Coward | more than 3 years ago | (#34603340)

Duh, just ask them. Say to personalize your experience, please enter the below info: ZipCode, DOB. Thats it, there would be no prompts asking whether it is ok to send them information, no one will be alarmed that they were prompted these (most users dont care, just make it user friendly and no one will raise a finger). Trust me, you will receive the steps directly from the marketers, once your app is mildly popular.

Re:Some of what the article stated is not possible (0)

Anonymous Coward | more than 3 years ago | (#34603606)

It doesn't ask to share your location, but probably asks to read it. Same for age/gender. It says it obtains ghose through a form the user fills out, but then shares that data with advertisers.

So you're an iPhone developer with no imagination (0)

Anonymous Coward | more than 3 years ago | (#34606702)

Response to your other identical post [slashdot.org]

Hog some more karma?

yeah and? (1)

josepha48 (13953) | more than 3 years ago | (#34603350)

This isn't new information. This has been known for a while.

You buy an android and you pretty much HAVE to have a google account so all your data can be 'in the cloud'. If it has moto blur then moto has a copy too.

You install facebook on your iphone, blackberry, android or whatever and then all your contacts are on your phone and 'in the cloud'. Most of the apps that are free have ads and it is pretty standard practice for advertisers to want as much info about someone as possible. This is not anything new and it has been known for a while on these devices.

You can write your own apps, but good luck with that, start an open android market, but then you can have all sorts of rogue apps taking who knows what kind of data about your computer or you can live with this.

The same thing happens online when you visit a web site, only they use cookies and try to gather as much info as possible. I suppose at some point google or the android community or apple will add in an anonymous feature on the phones, but until then you either live with it or don't get a smart phone.

Gender? (1)

izomiac (815208) | more than 3 years ago | (#34603478)

So, since I can't recall ever supplying my gender to my phone, how is it determining that? Turning on the camera, hoping there's a hole in my pocket, and assuming that my sex and gender are concordant? Snooping on my location and contacts is one thing, but if I volunteer certain information then I've always assumed the app phoned home with that information. Surely that's common sense...

Here are Apple's Rules for iPhone apps (0)

Anonymous Coward | more than 3 years ago | (#34603780)

Here are some of the terms and conditions from Apple that are part of the 2010 iOS Developer Program License Agreement.

In a nut shell, Apple is clearly against sending user or device specific data to a 3rd party. But prior to 2010, I think the agreement was more lax, so I'm not sure if people who had signed up in prior years had to accept the new agreement (probably).

3.3.9 You and Your Applications may not collect user or device data without prior user consent,
and then only to provide a service or function that is directly relevant to the use of the Application,
or to serve advertising. You may not use analytics software in Your Application to collect and
send device data to a third party.

3.3.10 You must provide clear and complete information to users regarding Your collection, use
and disclosure of user or device data. Furthermore, You must take appropriate steps to protect
such data from unauthorized use, disclosure or access by third parties. If a user ceases to
consent or affirmatively revokes consent for Your collection, use or disclosure of his or her user or
device data, You must promptly cease all such use.

A wonderful new tool (1)

AHuxley (892839) | more than 3 years ago | (#34603980)

http://www.usatoday.com/tech/news/2010-12-13-army-smartphones_N.htm?csp=34tech [usatoday.com]
The [US] Army wants to issue every soldier an iPhone or Android cellphone — it could be a soldier's choice.
Vane said he wants to use the phones to collect biometrics on enemy combatants.
To track the bad guys, track the troops and what the troops might be writing about.

Your Apps Are Watching You (1)

pickens (49171) | more than 3 years ago | (#34604286)

An investigation by the Wall Street Journal of 101 popular smartphone "apps"--games and other software applications for iPhone and Android phones--shows that 56 transmitt the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitt the phone's location in some way. Five send age, gender and other personal details to outsiders. "In the world of mobile, there is no anonymity," says Michael Becker of the Mobile Marketing Association. A cellphone is "always with us. It's always on." Smartphone users are all but powerless to limit the tracking. With few exceptions, app users can't "opt out" of phone tracking, as is possible, in limited form, on regular computers. Both Apple and Google say they protect users by requiring apps to obtain permission before revealing certain kinds of information, such as location but the investigation found that these rules can be skirted. For example, one iPhone app, Pumpkin Maker (a pumpkin-carving game), transmits location to an ad network without asking permission. Apple declines to comment on whether the app violates its rules.

This is why I don't include ads in my apps... (1)

markana (152984) | more than 3 years ago | (#34605456)

All of my Android apps are either free, or one-time paid. Sure, I could probably make some more money bundling in an ad network, but who wants to be responsible for exposing my customers like that? Besides, some of my apps are designed to *enhance* privacy - I could hardly turn around and sell out my users. The developer who includes ads in their app has little, if any, control over how the collected data will be used or disseminated. So for me, it's just too much of a risk.

What idiot comes up with this stuff? (0)

Anonymous Coward | more than 3 years ago | (#34606246)

What idiot comes up with this stuff?

This is an Android problem not and iOS problem.

Android is for built and meant for those who can only think in black when reasoning.

The reason Apple iPhone/iPad are so popular is that they fit the majority of the population who can think in most if not all six critical ways when making a decision.

We've been here before (1)

McD (209994) | more than 3 years ago | (#34606612)

From TFA:

Among all apps tested, the most widely shared detail was the unique ID number assigned to every phone. It is effectively a "supercookie," says Vishal Gurbuxani, co-founder of Mobclix Inc., an exchange for mobile advertisers.

On iPhones, this number is the "UDID," or Unique Device Identifier. Android IDs go by other names. These IDs are set by phone makers, carriers or makers of the operating system, and typically can't be blocked or deleted.

"The great thing about mobile is you can't clear a UDID like you can a cookie," says Meghan O'Holleran of Traffic Marketplace, an Internet ad network that is expanding into mobile apps. "That's how we track everything."

Anybody else remember twelve years ago, when Intel started putting serial numbers in CPUs? [wikipedia.org] There was widespread outrage, and they dropped the idea.

Today, Google and Apple have (effectively) put serial numbers in (handheld) computers, and software is rabidly exploiting that.

We didn't tolerate it then, we shouldn't tolerate it now.

It's rough out there (1)

kakris (126307) | more than 3 years ago | (#34608920)

I've written a few small games for Android. They're all free and ad supported, and the advertising networks want as much data as they can get. Even with all that, they don't pay all that well. One of my apps gets as little as $.16 per 1,000 ad impressions. I'd love to skip the ads, but my apps really aren't good enough to charge for, at least this way I get something out of it. It's not like the developers are getting rich on your personal data, perhaps the networks are or developers who are lucky enough to get a lot of exposure, but it's a rough world for the little guys looking to compete. I'm glad it's just a hobby for me.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>