Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Why Users Don't Trust Mobile Apps

Soulskill posted more than 3 years ago | from the all-of-the-convenience-none-of-the-security dept.

Cellphones 153

snydeq writes "Fatal Exception's Neil McAllister writes of the growing unease among consumers around mobile data privacy, and how this distrust will impact mobile app development. 'When every week seems to bring another news story about a data breach resulting in the theft of customer data, customers are growing increasingly jealous of their privacy. Given the unique nature of the data to be found on smartphones, it's only natural that they have begun to view mobile apps with a skeptical eye. If you're developing apps that use customers' mobile data, you need to do more than recognize these realities. You need to develop a policy that places secure, ethical, and appropriate handling of user data at the core of your application development process.'"

cancel ×

153 comments

Sorry! There are no comments related to the filter you selected.

Wow (5, Insightful)

0123456 (636235) | more than 3 years ago | (#35975408)

It's almost as though downloading random apps from the Internet to run on a device you use for personal information might be a bad idea.

Re:Wow (1)

chemicaldave (1776600) | more than 3 years ago | (#35975506)

Lets be honest, there's no accountability on the part of mobile app developers. Before you download an Android app it asks for permission to use certain features, but the developers aren't required to say how they'll use those features, or what they'll do with it. The markets that distribute these apps should be obligated to compel developers into disclosing what their apps do with your information.

Re:Wow (1)

Anonymous Coward | more than 3 years ago | (#35975570)

Do you really think half the users even know what all the technobabble you're asking for even means? The reality based on what I've seen and heard from others is that if you're upfront about what you do with data and permissions people get spooked and don't want the app even if it's harmless, but if you don't say a word about it then people don't even give it a second thought and happily download the app.

Re:Wow (4, Insightful)

tripleevenfall (1990004) | more than 3 years ago | (#35975652)

The thing is, they CAN'T be upfront about how free apps get converted into revenue. All these "markets" (facebook, etc.) revolve around harvesting consumer data.

People don't want their information harvested, and will say "No" to that if confronted honestly.

But that blows the trend we've seen in recent years where you can use software for free that we used to walk into a store and buy in a box for $50.

Will we go back to the $50 model, or will people surrender privacy in exchange for "free"?

Re:Wow (1)

Cwix (1671282) | more than 3 years ago | (#35975698)

I have a hard time imagining alot of these places actually make 50 dollars per person. Some maybe, most.. I'd hazard a guess of no. So because I'm going to guess that ad based revenue might only be 5 or 10 dollars a person per program, I'd be glad to purchase most of the software I needed for 15. Developers get a little bit extra, and I don't have my private data scraped and sold off to the highest bidder. Win-win in my book.

Re:Wow (1)

badran (973386) | more than 3 years ago | (#35975804)

They do not need to get 50 USD from each person, as 10x if not 100x number of people will use the free app as opposed to pay for it.

Re:Wow (1)

Cwix (1671282) | more than 3 years ago | (#35976492)

If there cant be a happy medium where I get to keep my privacy, and the developers get fair compensation, then I'm not interested. I'm not the only one either, more and more people are not interested.

Re:Wow (4, Insightful)

h4rr4r (612664) | more than 3 years ago | (#35975770)

I take the third option.

I don't pay for the linux kernel, so far Mr. Torvalds has not stolen nor leaked my Credit Card data. I buy Crossover from Codeweavers, the folks who make Wine just to support Wine. I use Wine instead though, and still Alexandre Julliard has not sold my private details to scammers and advertisers.

I could go on, but you see where I am going. You are putting forward a false dichotomy. None of the above come in a $50 box and still my information is not sold to every scumbag with a marketing degree.

Re:Wow (1)

tripleevenfall (1990004) | more than 3 years ago | (#35975808)

Well, as soon as we get the Year of Linux on the Desktop out of the way I'm sure the whole world will adopt this model.

(insert obligatory snoot about "It's been on MY desktop since 199x!") :)

Re:Wow (1)

h4rr4r (612664) | more than 3 years ago | (#35975888)

Obligatory snoot about "It's been on MY desktop since 199x!

I suggested as an alternative, not as the only choice. If you want to go another route then go for it, but pay cash and/or privacy your choice.

That reminds me, GOG has witcher without DRM, better go see if it runs in wine.

Re:Wow (1)

Tetsujin (103070) | more than 3 years ago | (#35976426)

Well, as soon as we get the Year of Linux on the Desktop out of the way I'm sure the whole world will adopt this model.

(insert obligatory snoot about "It's been on MY desktop since 199x!") :)

You must be really happy - you posted a really standard troll, and anticipated the easily-predictable response. Wow, you've really got an amazing understanding of Slashdot.

Re:Wow (0)

Anonymous Coward | more than 3 years ago | (#35976106)

$50 is an arbitrary sum. They'd sell it at $200 if you'd pay that much. One of the big benefits to Facebook right now is that no-one really knows the value of data. The market speculation and IPO reflect that.

It's sad that people undervalue personal data, especially when identity theft can take a user for tens of thousands of dollars at a time (car purchase?). Is Facebook worth THAT much to you??

Re:Wow (2)

tlhIngan (30335) | more than 3 years ago | (#35976658)

Do you really think half the users even know what all the technobabble you're asking for even means? The reality based on what I've seen and heard from others is that if you're upfront about what you do with data and permissions people get spooked and don't want the app even if it's harmless, but if you don't say a word about it then people don't even give it a second thought and happily download the app.

It's partly why the Android model isn't that great, either. It's good to enumerate and require the services presented, but after using it a little while, its deficiencies start showing.

1) If the app demands extra data not in the APK, it means it needs external storage permissions and internet access. (I kinda miss the iOS method where you download it all self-contained, sans DLC of course, but getting a 200MB file and it has everything).

2) Users don't read dialogs. As tech people we should know this. Even if it's a highly inofrmative dialog like "Could not write file - the disk is full. Please delete something and try again" the user will still ask for support even though they're able to solve the problem themselves.

3) Dialogs get in the way. As part of 2, they'll make a beeline for whatever gets them to their goal the fastest. If your app really wants to do something bad, I suggest not enumerating just the permissions you need, but every permission you can request. Somewhere between the third and forth permission item they'll just get bored and scroll and tap "install". It's human nature.

4) If the user likes apps, they'll probably just blindly click Install anyways without bothering with permissions. After all, that dialog is just another step during app install People just get very mechanical and do things from muscle memory.

5) Users want to get things done. Installing/deleting/maintenance tasks are chores and get in the way of getting things done. If they want the app, anything you throw in the way just annoys and they'll dismiss it without reading.

It's the reason why few people read EULAs (see 3 and 4), people get called over to handle some stupid task request (2) and the like.

It's an annoying reality of the world and it really makes things like alerts/popups/etc. utterly worthless and makes it difficult to impossible to design things to get the user informed. iOS's notification system is broken in that way (it pops up and screws up your current task). Doing a deny-by-default just ends up with users getting frustrated when the app constantly complains it needs access to something, etc (see Vista) - devs just make it so anything useful is blocked until some permission is granted (even if that permission is orthogonal to pupose - e.g., request access to SMS while connecting to a server).

Hell, I thought the Android system was cool, and miles better than the iOS method. Then I realized that half the time I'm tapping Install without looking over the permissions either.

Re:Wow (1)

Zumbs (1241138) | more than 3 years ago | (#35975628)

But they actually have to say that they use those features. This allows a user to make a much more informed choice of installation than I get on my Windows 7 computer. If an app needs access to something, I do not think that it should, I just pass it up. So single player game + internet access = no-no.

Re:Wow (0)

Anonymous Coward | more than 3 years ago | (#35975708)

Apps announce a desire for very coarse-grained permission levels, but they don't let you announce on a fine-grained level what they do or why they do it. Take this one for example:

"Phone Calls: read phone state and identity"

What does that even mean? Pretend that you're an average shmoe for a moment. Would you have any idea what an app could possibly want with this permission? And if the app author were to disclose that they need your UID for verification purposes and that the "read phone state" part of it is just something that they *have* to declare even though they aren't using it, would you understand or appreciate the nuance?

Re:Wow (1)

h4rr4r (612664) | more than 3 years ago | (#35975800)

The average schmo has access to google so lets check. Lo and Behold:
http://www.womenwithdroids.com/2011/03/deciphering-permissions-read-phone-state-and-identity/ [womenwithdroids.com]

An article written to explain just this to the average Dick and Jane.

Re:Wow (1)

Missing.Matter (1845576) | more than 3 years ago | (#35975870)

That website sounds like a support group for women with a disease called droids.

You have no choice if you want to use it (2)

traindirector (1001483) | more than 3 years ago | (#35975788)

Lets be honest, there's no accountability on the part of mobile app developers. Before you download an Android app it asks for permission to use certain features, but the developers aren't required to say how they'll use those features, or what they'll do with it.

And what's worse is that despite having a fairly granular permissions system, the end user is totally denied any ability to selectively remove permissions. Want to remove Internet access from an application that doesn't need it? Tough luck--Google knows what's best for you.

And then they try to say they don't add this because 90% of users wouldn't use it. So? Bury it deep down in a menu somewhere that only people that really care will find it. The fact is it would be simple, but Google just doesn't want the user to have this power over her device.

See more from me on this below [slashdot.org] .

Re:You have no choice if you want to use it (1)

h4rr4r (612664) | more than 3 years ago | (#35975854)

All that would change is free apps would check if you gave it the permissions it wanted and if not tell you to enable them. I suspect paid apps would as well, many of those still sell data if they can.

Google is still an advertiser first and foremost. Microsoft nor Apple will pass up this "free" money either.

Re:You have no choice if you want to use it (1)

traindirector (1001483) | more than 3 years ago | (#35975936)

All that would change is free apps would check if you gave it the permissions it wanted and if not tell you to enable them. I suspect paid apps would as well, many of those still sell data if they can.

If an app told me it needed a permission when I tried to use that permission, that would be a great improvement. Then I would have some more information on which to make the decision of whether to grant it.

If an app on start-up complained about every permission it didn't have with no explanation as to why it needed it, that would be great as well, as I would instantly know it's an app I don't want.

Re:You have no choice if you want to use it (2)

Zan Lynx (87672) | more than 3 years ago | (#35976770)

Why would the app even know?

"I'd like a network socket please."
"Sorry, the user is not connected to the network."

"I'd like the Contact List please."
"Sure! Here it is, all 0 contacts."

"I'd like to send a text message."
"Ok! Message sent." (to /dev/null!)

These things could be done by custom ROMs and I'd be surprised if they're not already being done by somebody.

Re:You have no choice if you want to use it (1)

h4rr4r (612664) | more than 3 years ago | (#35976926)

Because then you refuse to run when you can't connect to the network, No contacts is also a dead give away. What you really need is to fake access to a very slow network connection, one that corrupts data too. Contact lists and stuff like that would need to also be fake not empty.

This would take lots of development on top of the standard, not sure any rom does this.

Re:You have no choice if you want to use it (1)

BradleyUffner (103496) | more than 3 years ago | (#35976348)

Lets be honest, there's no accountability on the part of mobile app developers. Before you download an Android app it asks for permission to use certain features, but the developers aren't required to say how they'll use those features, or what they'll do with it.

And what's worse is that despite having a fairly granular permissions system, the end user is totally denied any ability to selectively remove permissions. Want to remove Internet access from an application that doesn't need it? Tough luck--Google knows what's best for you.

And then they try to say they don't add this because 90% of users wouldn't use it. So? Bury it deep down in a menu somewhere that only people that really care will find it. The fact is it would be simple, but Google just doesn't want the user to have this power over her device.

See more from me on this below [slashdot.org] .

A decent improvement would be if the "full internet access" permission made the developer declare the addresses it wanted to access, and then only allowed access to those sites. It's not perfect, but it's better than what we have now.

I would love to be able to deny a permission to an application, but that would really break the free app model. Fixing that properly by letting the app see if the permission was denied at runtime would also fix that, but that would be a nightmare for backwards compatibility.

Re:Wow (1)

slapout (93640) | more than 3 years ago | (#35975976)

Several developers do. But what's to keep them from lying?

Re:Wow (1)

traindirector (1001483) | more than 3 years ago | (#35976000)

But what's to keep them from lying?

The ability to remove permissions you aren't comfortable with.

Except, oh wait, they decided users shouldn't have that ability.

It's not just data on the phone, Watson (2)

trifish (826353) | more than 3 years ago | (#35975422)

People might worry about their data stored in their mobile phones, but what worries me more is that they forget about the built-in microphones and cameras.

Android permissions (4, Insightful)

traindirector (1001483) | more than 3 years ago | (#35975716)

Android already has a great permissions system by which an application is granted permission to access functions of the phone and the Internet connection on a fairly granular level.

However, even though they have already implemented this system that could allow the user to control what an application can do on her device, Google has chosen to restrict the end user from obtaining greater privacy and security by restricting an application's permissions. Through the user interface, one must either grant all permissions to an application or choose not to install the application--a single permissions cannot be removed.

There is a small argument to be made that this makes things easier for developers, but how hard is it to gracefully handle not having certain permissions? For many features like GPS and Internet connectivity, Android could simply respond as if they are turned off if permission is denied. Some members of the Android development team have tried to spin the lack of user permission settings as a benefit to the user with the argument that "if users can disable permissions arbitrarily, then developers will have no incentive to minimize the amount of permissions they declare their applications need, and the average user will be less secure". This is the only somewhat rational explanation I have gleaned from there responses, and while there might be a small bit of merit to that and certain developers might really believe that, I think on the whole it is misguided.

I believe Google's real goal is to make sure the user has no control over permissions, only a binary install / not install, because they're an advertising company with an interest in your data being sold. They continually ignore this permissions issue even though they have acknowledged it is among the top Android security complaints [google.com] .

Re:Android permissions (1)

tripleevenfall (1990004) | more than 3 years ago | (#35975822)

For what it's worth, Blackberry has a much more granular permissions system.

But it doesn't seem to base its revenue model on the same things.

Re:Android permissions (1)

h4rr4r (612664) | more than 3 years ago | (#35975916)

That and it has a terrible OS, horrible user interface and in general sucks.

Heck the OS is so bad they bought QNX, just so they could have an OS that did not suck.

As to their revenue model, I believe they base that on selling your private information to dictators and despots instead of advertisers.

Re:Android permissions (1)

traindirector (1001483) | more than 3 years ago | (#35975972)

As to their revenue model, I believe they base that on selling your private information to dictators and despots instead of advertisers.

In that case it's not selling. It's simply the price of doing business in India, China, Pakistan, the U.S., etc.

Re:Android permissions (1)

lonelytrail (1741524) | more than 3 years ago | (#35976108)

+1
It certainly seems I should be able to allow a few of the things they want to access, but not all, and do it at the OS level.
The developers will just have to level up their gracefulness to handle being disallowed.

To install or not to install is not the right (or only) question.

There must be a better way. One question is whether anyone who makes money off of this cares what is right or wrong and that includes Google. it's all about how much money they can make off us.

Is there an app to manage permissions? (1)

Anonymous Coward | more than 3 years ago | (#35976874)

Has anyone written an app for android that let's the user set permissions?

Right now I'm using the app Droidwall (free and excellent) to firewall all apps except for the handful that I want to be able to phone's data/wi-fi connection - such as FireFox. This is obviously not the same as permissions management, but it's better than nothing. Any other suggestions?

Big deal (5, Insightful)

tripleevenfall (1990004) | more than 3 years ago | (#35975430)

I see this as having a huge impact for the market for apps and what kinds of apps can be developed.

The situation is developing where users don't want to give apps access to anything on the phone other than the data pipe, except for maybe a mapping application or something with an obvious need. This is really going to limit where apps can go.Because of the sins of Apple (and others), people don't trust the platform as much as they used to.

Instead of being a device we voluntarily turned over information to in order to expand its role in our life, we are starting to see it as something that needs to be reigned in, controlled, watched like a hawk.

Formerly people happily used Windows and IE to bring the internet into their lives. Now these are items you don't trust, you run several other programs on top to police them, etc.

It's really a shame that this greed for personal information to sell has set back the role that palmtop tech may otherwise have headed toward in our lives.

Re:Big deal (1)

tripleevenfall (1990004) | more than 3 years ago | (#35975480)

Personally, I was on the brink with smartphones anyway. I have owned blackberry, android, and iphone devices. Most recently, an iphone.

The privacy issues combined with the huge data plan expense, bandwidth caps - and the fact that most of the time I'm near PCs anyway - these things just made it feel like there are better things I can do with that $30-40 a month.

The fact that I was able to go back to a dumbphone while selling my iphone online for what I paid for it, 6 months later, was helpful too.

Re:Big deal (0)

Anonymous Coward | more than 3 years ago | (#35975542)

Sold it for what you paid for it? Are you including the monthly plan fees? Just because you got the thing for $200 doesn't mean that's all you paid, you paid more every month.

I buy my phones outright and use prepaid plans. I have a smartphone but only pay for data when I want or need it. I pay $10 per year to keep my phone active.

Re:Big deal (1)

tripleevenfall (1990004) | more than 3 years ago | (#35975568)

By "sold for what I paid for it" I mean I conducted a transaction whereupon someone paid me an amount of currency that was roughly the same as the amount of currency I paid the carrier to give me the phone in the first place.

ETF included or not? (1)

tepples (727027) | more than 3 years ago | (#35975820)

the amount of currency I paid the carrier to give me the phone in the first place.

That would be $200 to start the contract and $350 to terminate it early. Are you including the ETF in the effective price of the phone or not?

Re:Big deal (1)

tepples (727027) | more than 3 years ago | (#35975900)

I buy my phones outright and use prepaid plans. I have a smartphone but only pay for data when I want or need it. I pay $10 per year to keep my phone active.

Which U.S. carrier[1] offers such a prepaid plan? And do you buy your phones outright from the carrier or elsewhere? If from the carrier, are its phones locked down like AT&T Android phones, where a customer has to register with AT&T as a developer in order to get the ADB drivers that will let the customer sideload?

[1] I'm assuming U.S. because it's the biggest developed market that uses a currency whose symbol is $.

Re:Big deal (1)

h4rr4r (612664) | more than 3 years ago | (#35975950)

T-mobile I think has a data only when you want it plan. I know they sell uncrippled phones outright as well.

AT&T-Mobile (1)

tepples (727027) | more than 3 years ago | (#35975996)

T-mobile

I don't want to rely on a plan that AT&T will more likely than not cease to offer once it completes its acquisition of T-Mobile USA.

Re:AT&T-Mobile (1)

h4rr4r (612664) | more than 3 years ago | (#35976040)

I totally agree, I just wanted to answer your question.

I would rather stick with verizon at this point than risk that T-mobile will become AT&T. I would really consider moving to a regional carrier rather than AT&T if it came down to it.

Re:Smartphone (1)

TaoPhoenix (980487) | more than 3 years ago | (#35975606)

Burn the Contract Break Fee and then do a prepaid plan.

The point of a Smart Phone is the features and the "boring" apps like the calculator, and the nicer rendering in Safari. I despised my dumbphone with a passion - I don't call anyone much.

"Apps" themselves are brilliant - people often only have 7 must-use features and don't need $80 programs to cruise through their day.

Also Apple made the entire industry wake up and pay attention to UI for once.

Which U.S. prepaid smartphone carrier? (1)

tepples (727027) | more than 3 years ago | (#35975840)

Burn the Contract Break Fee and then do a prepaid plan.

Which U.S. prepaid smartphone carrier do you recommend? I looked at Verizon's prepaid plans, and some of them were more expensive than contract plans. Is the Samsung Intercept on Virgin Mobile USA any good?

Near PC != near Internet (1)

tepples (727027) | more than 3 years ago | (#35975980)

and the fact that most of the time I'm near PCs anyway

When I'm on the bus to or from work, I'm near a PC (my laptop), but this PC doesn't have Internet access. Some people subscribe to mobile broadband for exactly this use case.

Re:Big deal (1)

Kuukai (865890) | more than 3 years ago | (#35975634)

I don't think so. Everyone I know regularly uses all sorts of Android apps that require permissions they don't need. Last I checked you can't even find a free Japanese input program or even an emulator on the marketplace that doesn't require internet access. And at least one of these isn't much more than a privacy-invasive wrapper of gpl code. There was that article a while back about how the vast majority of apps send back user information, and with this as the norm there's often nothing a user can do except port their own apps. What we really need is more effort on the developer side to release clean free apps, but unfortunately there's little personal benefit to doing that.

Re:Big deal (1)

tripleevenfall (1990004) | more than 3 years ago | (#35975684)

Exactly - there's no benefit to a company in developing a nice, free, safe application. Either they need ad revenue, or people have to start paying for software again.

Re:Big deal (0)

Kuukai (865890) | more than 3 years ago | (#35975814)

Except the thing that annoys me is that in many cases this software exists and is free, it's just not ported or in the store. There's no reason to pay for it, but this choice doesn't reach end users. I'm sure the FOSS community will adapt sooner or later to the app store model, but I wonder if by that point anyone will be dumping their favorite app for the more private and ad-free equivalent.

Re:Big deal (1)

h4rr4r (612664) | more than 3 years ago | (#35976018)

So port it yourself or pay someone to do it.

The FOSS community adapt to the app store model?
Are you fucking insane? They invented it. An app store is just a shiny frontend to a rather poorly done repository.

There are three stores on my Archos 43 (1)

tepples (727027) | more than 3 years ago | (#35976064)

in many cases this software exists and is free, it's just not ported

How easy would it be to port a substantial application from Windows to Android? As I understand it, a lot of the toolkits on which an application relies might themselves not be ported.

or in the store

There are three stores on my Archos 43 Internet Tablet: AppsLib, which came with it; Android Market, which I installed with ArcTools; and Amazon Appstore, which I installed by downloading its .apk. The stores have different criteria for inclusion and different overheads on each developer's part. Which store are you referring to?

Re:There are three stores on my Archos 43 (1)

h4rr4r (612664) | more than 3 years ago | (#35976228)

He surely means from linux to android. From windows to android would be such a huge changes as to practically be a total rewrite of all but the most basic applications. Even from linux to android it will at the very least have to be ported to java or invoked with java and use the NDK.

Re:There are three stores on my Archos 43 (1)

Kuukai (865890) | more than 3 years ago | (#35976504)

Additionally there are Android apps (for instance OpenWNN, which handles the Japanese input I mentioned), that already exist, that are free, and are included with some distributions but not available on the Market as anything but "enhanced" bloatware. Yes when I have some time I'll be happy to distribute it myself (I already said "do it yourself" is an option), my point is that this hasn't been done, instead there are multiple repackagings.

Re:Big deal (1)

Cajun Hell (725246) | more than 3 years ago | (#35976124)

Exactly - there's no benefit to a company in developing a nice, free, safe application. Either they need ad revenue, or people have to start paying for software again.

Or people have to stop thinking of "companies" as where you get commodity software. How much do you pay for a kernel these days? (Or a media player or web browser or text editor or file manger?) These things are worth a lot but it wouldn't even occur to me to buy them; you don't get these things from "companies," you get them from the repository without thinking how/if they were originally funded.

It's understood that if your software is generic enough that pretty much everyone in the world has a use for it, then whatever development costs it had are amortized down to nearly $0 per user. So it's either going to be subsidized by someone like Red Hat's customers who needed it before it was readily available, or it's written/maintained by amateurs who have the freedom to concentration on its functionality without having to worry about how that functionality may conflict with making a profit.

Everyone knew this already. It's just that when the iPhone came out, some people tried to live in denial. Some were lucky because their users had forgotten, so a few people made money selling through Apple's store. At the time, tiny PCs were viewed as novel where maybe all the inevitable economic rules wouldn't really be inevitable. But now everyone is getting reminders of how real life works, so if the application you want isn't Free Software, and if you didn't pay real money for it, then it is almost certainly spyware/malware.

Spyware/malware is what you should expect to find in a $0.99 app store. If it's not Free and it's not expensive, then it sucks.

Ask anyone who steps out out of a 2007 time capsule, and he might not know this, his eyes full of stars and his mind clouded by idealistic delusions. But ask the guy who stepped out of the 2006 time capsule, and he does remember it. Ask the newbie Linux user who migrated from one of the proprietary desktops, and he'll be amazed that you even asked something so blindingly obvious, right before he starts preaching to you.

Fortunately, we're on our way back to the 2006 software market, and we'll have 2011 hardware to run it on, when we get there. ;-)

Re:Big deal (0)

Anonymous Coward | more than 3 years ago | (#35975858)

And the problem with allowing internet access is that you give up all information on the sdcard, since all apps have the ability to read that by default. Any pictures you take with the camera (including the gps coordinates if they are in the metadata) are readable by all apps since they can read the sdcard, even if they don't have camera or gps permissions.

This is all caused by the fact that android uses fat32 for the sdcard instead of a real linux filesystem.

Re:Big deal (1)

slapout (93640) | more than 3 years ago | (#35976032)

I don't think you can blame Android for the fact that most sdcards come preformatted for fat32.

Re:Big deal (1)

Anonymous Coward | more than 3 years ago | (#35976528)

No, but I can blame Android for not even giving me the choice of formatting an sdcard to a real filesystem, or even letting me format it myself and insert it into my phone. It rejects anyting that isn't fat32, and that is Android's fault.

Which real Linux file system for Windows? (1)

tepples (727027) | more than 3 years ago | (#35976080)

This is all caused by the fact that android uses fat32 for the sdcard instead of a real linux filesystem.

Which in turn is caused by the fact that Windows out of the box is incapable of mounting "a real linux filesystem" on the USB flash drive that an Android device emulates.

Re:Big deal (1)

h4rr4r (612664) | more than 3 years ago | (#35975984)

I suggest you then sell the GPL code and a non-privacy invasive wrapper. Then you can make a $1 each and provide a needed service.

Re:Big deal (1)

cheeks5965 (1682996) | more than 3 years ago | (#35976400)

There was that article a while back about how the vast majority of apps send back user information

link?

Re:Big deal (1)

mangu (126918) | more than 3 years ago | (#35975796)

It's really a shame that this greed for personal information to sell has set back the role that palmtop tech may otherwise have headed toward in our lives.

It's not only palmtop tech that has been affected. Back in 1994 I read an article in a magazine about comet Shoemaker-Levy 9 [wikipedia.org] . I found the author's email and wrote him with some questions, he promptly answered me. These days I doubt my email would have got past his anti-spam.

Shazam! This makes me one Angry Bird! (2)

Maxo-Texas (864189) | more than 3 years ago | (#35975454)

I'm just a Cube Runner and I don't have a degree in Physics but I don't want some stranger to Take Me to My Car by reading my location file.

Yelp! I'm going to have Words with Friends and dance the Fandango if they have been sharing my information. I may use Device Locater but I don't want others to. Siri ously. They can build their own Empire and Tunein to their own location data but not mine!

Perspective (0)

Anonymous Coward | more than 3 years ago | (#35975460)

I'm too young to remember, but surely data breaches with computers, when they were new, were met with the same reaction? Smartphones came to the forefront less than five years ago. I'm personally pretty surprised this issue didn't arise sooner.

How about this? (2)

killmenow (184444) | more than 3 years ago | (#35975470)

"If you're developing apps that use customers' mobile data..."

How about not writing mobile apps that store user's data?

Very few apps need to store user data. Companies aren't using the data because the apps need it. Their ad stream needs it. Which reminds me: if you're not paying for a product/service (google, facebook, slashdot, reddit, etc.) you're not the customer...you're the product.

Re:How about this? (1)

h4rr4r (612664) | more than 3 years ago | (#35976094)

Which reminds me: if you're not paying for a product/service (google, facebook, slashdot, reddit, etc.) you're not the customer...you're the product.

So who exactly is the customer of Debian? Wine? XFCE? LibreOffice?

That wide brush might be useful for painting a house, but what you are trying to do now requires a little more detail work.

Subsidized by privacy invasions (1)

TaoPhoenix (980487) | more than 3 years ago | (#35975478)

Old & Busted: Shareware
New Hotness: Low Orbit Privacy Cannons

Why are we simultaneously whining about threats to national security and purposely tricking users into leaking sensitive info?

Re:Subsidized by privacy invasions (1)

geekoid (135745) | more than 3 years ago | (#35975560)

I don't know who the 'we' is you talk about. I do know that the Feds are taking this seriously and have a committee to study it. The first meeting is next week.

Re:Subsidized by privacy invasions (1)

Attila Dimedici (1036002) | more than 3 years ago | (#35975638)

OOh, they have a committee to study it, now that's what I call taking it seriously. Will it be like Obama's blue ribbon panel to study the deficit? You know, the one whose suggestions he ignored? BTW, this is in no way unique to Obama, when some problem that politicians don't want to tackle becomes of concern to voters, they generally appoint a committee to "study it". Then when the committee releases their findings, the politicians will try to ignore them.

Re:Subsidized by privacy invasions (1)

TaoPhoenix (980487) | more than 3 years ago | (#35975694)

... In May 2011. Really.

It's WWII's Loose Lips Sink Ships problem, except this time we think the enemy is Terrorists.

These data sharing patterns were emerging some seven years ago, just after the trauma of the Dot Com Bust wore off.

For priorities, compare their response to privacy leaks by sneaky corps to their response to wikileaks when their own backyard was leaked. Will that meeting address the Sony disaster?

I know /. is tracking me (1)

ackthpt (218170) | more than 3 years ago | (#35975544)

Why shouldn't everyone else?

Wrong Wrong Wrong (0)

Anonymous Coward | more than 3 years ago | (#35975550)

This article is just wrong. People will give up almost everything about them on FB to be able to plant a crop or raise a barn or do a hit on a rival gangster. Have you ever looked at some of the information the random apps capture(or have access to?). It’s the same practice but to turn on a flashlight or get a game that goes blip blip blip. Give them a toy for Free and they will open their lives to you in an instant.

Who is in control? (1)

kent_eh (543303) | more than 3 years ago | (#35975576)

Is it possible that people are discovering that life isn't all roses and sunshine inside the walled garden?

Perhaps people actually like to be able to have some amount of control over the things that bought and paid for?

I wasn't sure this day would ever come. I think I'll go and celebrate with a nice walk to a neighborhood restaurant.
Seriously, I'm pleased if this is really what is happening.

No they aren't (more concerned about privacy) (1, Insightful)

SuperKendall (25149) | more than 3 years ago | (#35975584)

When every week seems to bring another news story about a data breach resulting in the theft of customer data, customers are growing increasingly jealous of their privacy

Project much? As long as you aren't losing CC data, people are as unconcerned as they ever were. The rapid growth of Facebook is exhibit A, and enough to close that argument down.

Not that app makers should not strive to protect a users privacy anyway, but it's a very small (yet vocal) minority of people that are attempting to paint this as a Big Issue.

Firewall needed? (1)

edxwelch (600979) | more than 3 years ago | (#35975596)

Maybe if Apple and Google incorperated a firewall it would fix thing. Most apps don't need to connect to the internet, so the firewall would disable apps from connecting to internet on a case by case basis.

Re:Firewall needed? (0)

Anonymous Coward | more than 3 years ago | (#35975670)

Google does. Applications need to specifically be granted permissions to access data services.

Apple, on the other hand... well... let's just say that their phones explicitly send your location back to Apple as a method of building a map of wi-fi hotspots. And this feature isn't being removed in the next iOS update.

In fact, based on patents that surfaced thanks to the whole iPhone tracking debacle, it appears that Apple intends to track their users even more closely.

But at least that information will be sent off to the mothership and won't reside on the phone, so the sheeple are happy...

Re:Firewall needed? (1)

traindirector (1001483) | more than 3 years ago | (#35975856)

Google does. Applications need to specifically be granted permissions to access data services.

Except you can't remove internet permission from something that requests it, even though that would be so simple it hurts . You know what I call that? Google fail.

Sure, it's better than Apple, but what kind of a bar is that? It is still far from good, and would be so simple to fix

Re:Firewall needed? (1)

h4rr4r (612664) | more than 3 years ago | (#35976182)

You can, it just is not idiot easy. There are firewalls for android, and iptables is available as well.

Re:Firewall needed? (1)

traindirector (1001483) | more than 3 years ago | (#35976338)

It requires a root-able, rooted device running a compatible kernel. Why should you have to turn to a bunch of guys you don't know on a forum somewhere to provide such a basic and important feature?

What does it say about the state of mobile security when it is rational to trust people on an android fan forum to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?

Re:Firewall needed? (1)

h4rr4r (612664) | more than 3 years ago | (#35976482)

You don't have to go trusing them. It is a linux kernel, compile your own.
You don't even need root to do that, just the ability to flash a kernel onto the device.

What does it say about the state of mobile security when it is rational to trust people on an android fan forum to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?

That it is exactly the same as the desktop?
 

Re:Firewall needed? (1)

traindirector (1001483) | more than 3 years ago | (#35976710)

You don't have to go trusing them. It is a linux kernel, compile your own.
You don't even need root to do that, just the ability to flash a kernel onto the device.

You shouldn't need to void your warranty for this protection.

That it is exactly the same as the desktop?

I will give you that. Although it is much easier for an application to extract your personal information on a phone.

I can tell you would argue that we shouldn't expect more from companies, and I agree.

But shouldn't we demand it anyway, especially when it is possible and would be so easy for them to do?

Re:Firewall needed? (0)

Anonymous Coward | more than 3 years ago | (#35976856)

What does it say about the state of computer security when it is rational to trust individuals to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?

FYFY. It's an old question, and the answer people came up with was, "It says that personal computer tech is finally democratized. Big names have no extra weight."

Re:Firewall needed? (1)

Cajun Hell (725246) | more than 3 years ago | (#35976170)

You don't just need a network firewall; with the modern mobile platforms you really need an API / IPC firewall. And it should come with optional honeypots too.

Re:Firewall needed? (0)

Anonymous Coward | more than 3 years ago | (#35976194)

PLEASE copy Blackberry in this regard.

BB will let you set security for just about every aspect of the phone to different levels: "Deny/Prompt/Allow".
An app wants to use the camera? Prompt
An app wants to access contact list? Deny
An app wants access to [website]? Prompt
(etc)

The list is app-specific, so you could grant trusted applications more privileges.

This is the only thing keeping me on BB.
Letting developers dictate app security is a broken model. (see Windows)

cloudyness (1)

solsang (1364595) | more than 3 years ago | (#35975618)

the biggest breach lately is by far the sony playstation, in the cloud the place with most personal data is now facebook, in the cloud the personal emails are in typically in the cloud documents and address books are going to the cloud fast while a phone may get stolen or lost, the big things are on the net an easy solution about mobile devices are to have the data be wiped when away from the user, and then just pull what is needed back when the user is close chrome laptop is one example of this, and new phones could be made the same way, could easily respond to an rfid chip in the clothes or purse

Sunshine solves all. (1)

kurt555gs (309278) | more than 3 years ago | (#35975642)

Makes a good point for GPL licensed software, now doesn't it?

Re:Sunshine solves all. (1)

The Moof (859402) | more than 3 years ago | (#35976460)

Nah. An open source app can collect just as much data as a closed source one. Average users won't do a code review (and, honestly, most tech savvy users won't either). Even with a code review, I'm sure that some programmers can get creative with the methods so they aren't so easily detected.

O SHUT THE FUCK UP !! (0)

Anonymous Coward | more than 3 years ago | (#35975688)

Who the fuck are you lecturing ?? Go to the fucking supermarket and 100x more is captured and stored on your doings. You are a fucking idiot is what you are !!

"Required" Apps and Permissions (0)

Anonymous Coward | more than 3 years ago | (#35975750)

I am one of those "very jealous" users of my privacy (as I am guessing many other Slashdot users are as well). One of my biggest concerns are apps like Facebook or the Twitter app on the Android phone which get full-blown access to your device - AND THERE'S NOTHING YOU CAN DO ABOUT IT. Short of rooting my phone and removing the apps (which, in and of itself presents another security issue), these apps are automatically installed, get full access, and cannot be removed.

I like the Android platform, but this is one thing in particular that I cannot stand.

Re:"Required" Apps and Permissions (1)

h4rr4r (612664) | more than 3 years ago | (#35976268)

Rooting does not present another issue if you do it correctly. Root the phone then flash the OS back on without the apps you do not want.

I would just recommend going right to CM7 if your phone is supported though.

Give the users control. (1)

egburr (141740) | more than 3 years ago | (#35975752)

How about the smartphone OS developers providing more granular control to the users to allow/restrict apps' access to specific functions?

Re:Give the users control. (1)

tepples (727027) | more than 3 years ago | (#35976114)

What would motivate an end user to learn how to operate such granular controls?

People trush FF Plugins (1)

rsilvergun (571051) | more than 3 years ago | (#35975776)

and they trust the app store. You just need a trusted central authority reviewing everything. My Firefox Plugin [mozilla.org] has a binary component in it to make the MP3s, so every time I submit a new version it takes a week or two to show up on Mozilla's site, but the awesome thing is they review it for me so that my users don't worry I'm trying to pull a fast one.

Re:People trush FF Plugins (1)

thePowerOfGrayskull (905905) | more than 3 years ago | (#35976366)

I agree, but there's a difference of scale here; and add that there's no source code available to the reviewers for most apps. There is only so much that they can do when they have thousands of apps and updates to get through every day.

Not only privacy (1)

wcrowe (94389) | more than 3 years ago | (#35975836)

Not only is privacy an issue, there is the fact that the app may be nonexistent when you go to use it.

Well, let's see a device that can.... (1)

gestalt_n_pepper (991155) | more than 3 years ago | (#35975896)

1) Report your location
2) Perform any financial transaction
3) Scan UPC and other computer codes
4) Has a camera, sometimes front and back
5) Can pick up sound and conversation

and... (Drumroll please) report all this back to a central authority anonymously. The ghost of Stalin must be green with envy. And the best thing is, the people actually pay for this themselves!

What next, a site that compiles all personal information of all suspected subversives, er, "friends" and the people those "friends" are connected to?

No, wait...

Re:Well, let's see a device that can.... (1)

Desler (1608317) | more than 3 years ago | (#35976292)

4) Has a camera, sometimes front and back

Oh noes, not A CAMERA!!!! Except for your first one, which happens even with a dumbphone as cell towers will log your location, all of the other things are optional features that you don't have to use if you don't want to. You can choose to use those features or not. It's not as if someone is forcing you to do so.

Open Mobile Platform (0)

Anonymous Coward | more than 3 years ago | (#35975974)

Could someone please build an open mobile platform? I know, I know, you say the US federal gov. won't let us because they want to spy domestically. I'd just really love a mobile device that ran linux, and was mine. That is to say, not some jack-off phone with a protected boot loader and onboard encryption chip which the manufacturer claims is for my protection. We all know that drill, you want control. And not Android which I'm rapidly growing weary of. I'm tired of the screen ... "This app wants to sift through your bank account, tax returns and your wife's panty drawer. Would you like to allow this? Please select: ."

Re:Open Mobile Platform (1)

Desler (1608317) | more than 3 years ago | (#35976314)

Been there, done that. It was called OpenMoko and it went down in flames due to lack of consumer interest.

On what basis? (1)

thePowerOfGrayskull (905905) | more than 3 years ago | (#35976332)

On what basis does he think that consumers are starting to care more about privacy? A few comments on some apps?

In reality... the awareness simply isn't there. The all-or-nothing approach taken by Android doesn't help much: because you have to grant every requested permission or deny the app entirely, android installer is simply another form of windows UAC: it encourages people to click 'yes' without considering the consequences. You might have some vocal minority speaking out against excessive permissions requests, but most are just going to click through so they can get to play with their dancing bunnies, flying farm animals, or whatever else catches their fancy.

Unfortunately, the piecemeal approach taken by RIM isn't much better: consumers can get prompt for almost every specific permission the application requires -- but there's really little detailed explanation of how those permissions might get used.

Ideally we'd see RIM's fine-grained permissions combined with Android's detailed explanations -- and still get the same result of automatically allowing ;)

Until users get burned by privacy issues, they're not going to pay attention to them.

Privacy is a personal responsibility first (1)

Mad Leper (670146) | more than 3 years ago | (#35976376)

Consumers should first be made more aware of their own culpability in privacy violations. Many mobile users compulsively send out their personal information through multiple Social Media apps without any care as to who might be on the receiving end.

And any policies or controls that may be placed on mobile devices to protect these people from themselves will inevitability be disabled and circumvented if it in any way inconveniences them from getting their Twitters or Foursquare updates out to the public.

Like... Google itself? (1)

joh (27088) | more than 3 years ago | (#35976452)

Since I learned that AdMob sends my location data tagged with the Unique Device ID of my phone to Google, I'm very much wondering if even Google has actually realized that there may be problems with that approach. WP7 sends the very same data that the iPhone saves into its local database right home to Microsoft, also with the Unique Device ID.

It's not just the apps, really.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>