×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Vulnerabilities On HTC Android Devices

timothy posted more than 2 years ago | from the bit-of-an-oopsie dept.

Android 97

revjtanton writes "In recent updates to some of its devices, HTC introduced a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, or corporate evilness — it doesn't matter." That's because "any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads)" on one of these phones can now grab all sorts of interesting bits from the logged data.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

97 comments

Fristy Fucken Poss Tasee (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#37584302)

Well, I'm not the kind to kiss and tell,
But I've been seen with Farrah.
I'm never seen with anything less than a nine, so fine.

I've been on fire with Sally Field,
Gone fast with a girl named Bo,
But somehow they just don't end up as mine.

It's a death defyin' life I lead,
I take my chances.
I die for a livin' in the movies and TV.
But the hardest thing I ever do
Is watch my leadin' ladies
Kiss some other guy while I'm bandagin' my knee.

I might fall from a tall building,
I might roll a brand new car.
'Cause I'm the unknown stuntman that made Redford such a star.

I never spend much time in school
But I taught ladies plenty.
It's true I hire my body out for pay, Hey Hey.

I've gotten burned over Cheryl Tiegs,
Blown up for Raquel Welch.
But when I end up in the hay it's only hay, Hey Hey.

I might jump an open drawbridge,
Or Tarzan from a vine.
'Cause I'm the unknown stuntman that makes Eastwood look so fine.

Re:Fristy Fucken Poss Tasee (-1)

Anonymous Coward | more than 2 years ago | (#37584574)

Well fuck me raw with a rusty broom stick....

I'm keeping my Windows Mobile 6.5 Device... (1)

Anonymous Coward | more than 2 years ago | (#37584306)

No one wants to track us!!

Re:I'm keeping my Windows Mobile 6.5 Device... (0)

Anonymous Coward | more than 2 years ago | (#37584352)

I'm gonna set your wallpaper to goatse [goatse.fr] forever.

Re:I'm keeping my Windows Mobile 6.5 Device... (0)

Anonymous Coward | more than 2 years ago | (#37584558)

Even Windows mobile doesn't have such gaping holes.

Re:I'm keeping my Windows Mobile 6.5 Device... (0)

Anonymous Coward | more than 2 years ago | (#37584968)

No one wants to track us!!

Ha! So I'm not the only one. My main worry isn't these security issues but that the modern phone OSs are too cloud based. Not only does that make things less reliable but there is the added cost while roaming internationally (perhaps less of an issue for people in the States since it's quite a large region without this problem as I understand it). Furthermore there is the annoyance of advertisements that are so much more plentiful in the newer ecosystems. It saddens me greatly that I can't get new hardware for 6.5. Sure the HD2 and Pro2 are great phones. But some of the new hardware coming out would be amazing with the old WM workhorse.

Re:I'm keeping my Windows Mobile 6.5 Device... (1)

Anonymous Coward | more than 2 years ago | (#37585100)

but that the modern phone OSs are too cloud based

I stopped reading right there. Now go home and ask your daddy how operating systems work.

Re:I'm keeping my Windows Mobile 6.5 Device... (0)

Anonymous Coward | more than 2 years ago | (#37585766)

Lets talk about modern mobile OSes...

Android, is Java based running in a virtual machine. It is a kludged mess! And every thing you do is tracked by Google!

Apple OS, It is locked up tighter than a virgin princess in a chastity belt. And everything you do is tracked by Apple!!

Microsoft Windows phone 7... It is such a mess, I wouldn't know where to start... And every thing you do is tracked by Microsoft!!!

Yep, those are the modern OSes... And people put down the old multithreaded, cut & paste enabled, win32 api windows mobile OS... And, no one is tracking you. Even if they were, it is a simple matter to disable the program or turn off the service. Or you can cook your own rom with none of those nasties included. Not to mention, running win32 applications run REALLY FAST!!!

I'm guessing you really don't know much about the modern OSes or the old OSes for that matter.

Re:I'm keeping my Windows Mobile 6.5 Device... (0)

Anonymous Coward | more than 2 years ago | (#37585890)

Ah, dueling ACs. Can you hear the banjo?

Re:I'm keeping my Windows Mobile 6.5 Device... (0)

Anonymous Coward | more than 2 years ago | (#37588426)

Perhaps you've heard of Bing. You're just tracked by a smaller search engine but a larger overall corporation. Don't be dumb.

Bah, move along (-1, Troll)

dev674 (2475272) | more than 2 years ago | (#37584312)

This thing needs explicit user premission [evenweb.com] each time it sends data (with big warning label) and used for debug purposes.

Re:Bah, move along (1)

Kenja (541830) | more than 2 years ago | (#37584330)

Not the point. The point is that a third party app can grad the data and send it off to an unknown location without asking permission first. However, that assumes you have an untrusted app installed with the internet permission flag set to true.

Re:Bah, move along (1)

St.Creed (853824) | more than 2 years ago | (#37584466)

Untrusted apps? You mean I can't trust my cute little Bonzi Buddie? Shame on you, you nasty paranoid person! :)

Fix (4, Interesting)

Adam Zweimiller (710977) | more than 2 years ago | (#37584392)

If you are rooted, you can use Titanium Backup to uninstall HTC Loggers or you can manually delete HTCLoggers.apk from /system/app/.

Re:Fix (0)

Anonymous Coward | more than 2 years ago | (#37584534)

It would be better to get a fix that changes the permissions. I'm not sure how to do that myself but I suspect XDA developers forum would know.

Re:Fix (3, Informative)

Rich0 (548339) | more than 2 years ago | (#37584568)

There is no problem with "the permissions."

There is an app that runs as root (which means it effectively has all permissions), and it publishes all kinds of data on a TCP port. Anything that can connect to it can just ask for whatever data it wants.

The fix it to get rid of that app, or at least make it not expose that data on that port (which requires editing the app source, and which seems pointless since the only purpose of the app seems to be to bypass the normal permissions model).

Apps that run as root can do whatever they want to - don't like it, don't run the app. That's why generally speaking you shouldn't run random apps as root.

Re:Fix (3, Interesting)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37584664)

Arguably there is a problem with "the permissions"; but not in a narrowly technical sense(well, strictly speaking, it might be nice if Android broke network permissions down a little further, so that you could allow an application to access internet resources; but forbid it from connecting to anything on localhost, or allow something to connect to one or more ports on localhost; but not the outside...)

A major vendor is shipping a 'diagnostic' application so fucked that it might as well be a rootkit on a large-but-not-precisely-known number of devices expected to be connected to the internet and in possession of relatively juicy information for most of their operational lives, and nobody in the chain decided that this was maybe a bad idea until 3rd parties discovered it and wrote it up...

This suggests that HTC's "Sense" team might not have any.

Re:Fix (1)

Rich0 (548339) | more than 2 years ago | (#37586716)

Well, clearly this is a major security issue and should be fixed ASAP - not that I'm holding my breath.

It would be like a linux distro spawning a root bash listening on some random TCP port. There isn't anything wrong with the linux security model per se - it just doesn't prevent the people configuring the distro from shootting themselves (or more importantly their users) in the foot...

Block localhost?? (1)

SuperKendall (25149) | more than 2 years ago | (#37586828)

I can't see where a separate permission to allow localhost access would help at all. For one thing, how many people would know what that meant - at all? They would just mentally lump it with the internet permission if anything anyway.

For another, I can imagine there are some valid uses of connecting to a local port, possibly even some kind of IPC thing for a single application that has multiple components.

Re:Block localhost?? (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37587194)

It wouldn't be a terribly helpful permission, for the user-knowledge/caring reasons you rightly point out.

Architecturally, though, I think that there would be a case to be made that "localhost only" and "internet only, excluding localhost" are logical subdivisions(not mutually exclusive, an application could request both); because many applications need only communication with remote hosts, and aren't necessarily to be trusted crawling over localhost behind the firewall, and others might have a legitimate need for some sort of IPC; but needn't be trusted with the ability to exfiltrate whatever they are doing.

None of this, of course, would solve the immediate problem, which is that HTC decided to ship a diagnostic application with root access and a homebrew access mechanism a zillion times worse than rlogin(seriously, HTC, ssh is free, and supports keypair authentication...)

More generally, though, I'd say that I'm in favor of more rather than less granularity in permissions structures: If you have a very, very, fine-grained permission system, and need to make it simpler for the end user, 'bundling' groups of highly-granular rights into user-friendly lumps is comparatively easy(and you can still take full advantage of the granularity in situations where you want to get fancy with the control exercised over portions of the system that the end user shouldn't need to mess with). If you have a very coarse permission system, and it turns out that you need something tighter, tacking that on after the fact is not necessarily going to be pretty...

Re:Fix (4, Informative)

stephanruby (542433) | more than 2 years ago | (#37584646)

One silver lining at least is that

HTC is one of the very few hardware manufacturers that does provide official instructions for rooting [htcdev.com] your own device.

Re:Fix (1)

Doc Ruby (173196) | more than 2 years ago | (#37585200)

I have Terminal Emulator. I cd to /system/app , and ls tells me there's no HTCLoggers.apk . Is it hidden somehow? I think the phone is up to date with all offered updates. Is there any way to test whether this little bugger is actually installed on my phone?

Re:Fix (2)

ScrewMaster (602015) | more than 2 years ago | (#37587770)

If you are rooted, you can use Titanium Backup to uninstall HTC Loggers or you can manually delete HTCLoggers.apk from /system/app/.

If you are rooted you can just install Cyanogenmod and forget about it.

Re:Fix (0)

Anonymous Coward | more than 2 years ago | (#37608764)

If you have a supported phone, that is true. For those of us with the 3D, we can't install CyanogenMod.

Cyanogen Mod (4, Interesting)

Anonymous Coward | more than 2 years ago | (#37584484)

Even more reason to root and flash with CyanogenMod [cyanogenmod.com] or other custom firmware of your choice.

Re:Cyanogen Mod (1)

Richard_at_work (517087) | more than 2 years ago | (#37584578)

Problem is, you lose HTC Sense, which is one of the best UIs for Android.

Re:Cyanogen Mod (0)

Anonymous Coward | more than 2 years ago | (#37584698)

[b]or other custom firmware of your choice[/b] here's one with sense http://forum.xda-developers.com/showthread.php?t=840040 I even have it on my Desire HD. There are [b]MANY[/b] custom roms, with all types of UIs.

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37585198)

What else do you lose if you root an HTC (Evo Shift 4G) and replace with CyanogenMod or some other comprehensive Android OS?

Re:Cyanogen Mod (3, Informative)

Miamicanes (730264) | more than 2 years ago | (#37586078)

You don't lose SenseUI from *rooting*, you lose SenseUI from replacing its stock ROM with most community Android builds. The main complaint today about most factory ROMs is that there's no graceful way to pick and choose what you want to keep. To a very, very large extent, you can either poke around and rearrange the furniture a bit (leaving most of the original stuff in place), or you can blow it all away and end up with something that often isn't quite as polished or pretty as what you had before.

The main problem is that the Android team largely left it up to manufacturers to implement core stuff like the Dialer app, and never formally defined how a "Dialer" should interact with a "Phonebook" or "Calendar". So what happens is that someone makes a custom ROM, tries tweaking the Dialer, discovers he can't, blows it away and replaces it, then discovers that it can't seamlessly integrate with anything else on the phone because it doesn't know how to interact with the phonebook or calendar. SO... he reverse engineers the phonebook and calendar on HIS phone, gets it to work with his Dialer of choice, then others try to use it and it blows up on their phones because the phonebook and calendar on THEIR phones communicates in a different way than the phonebook and calendar on HIS phone.

THIS is what people really mean when they talk about Android's "fragmented" frameworks -- there's no official standard for how a modular and extensible dialer app should work or interact with the rest of the system, so every new Dialer ends up being specific to a very small specific group of phones, and version upgrades that upgrade the Dialer app end up breaking everything that was based on the old version's reverse-engineered behavior. SenseUI does things one way, Touchwiz does things another, Motoblur does them a third, and AOSP is off in its own world with several other ways for different families of Dialers+phonebooks to interact with each other and the rest of the world.

I believe one of Google's goals for ICS has been to formally define aspects of the "phonebook/contacts/schedule" system and standardize the intents, so that at least going forward manufacturers who properly implement them will have phones that can be incrementally tweaked without having to blow everything away and throw the baby out with the bathwater the way you (mostly) do now.

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37586508)

Is there at least a grid or DB somewhere of phones vs firmwares that indicates which OEM features are covered, and perhaps by which optional replacement? I thought phone fans were obsessive about collecting those kinds of details about the objects of their fetish.

Re:Cyanogen Mod (1)

Miamicanes (730264) | more than 2 years ago | (#37587550)

The problem is that it's hard enough to keep track of all the different Android builds available for *your own* phone, and possibly its close cousins, without even thinking about trying to do it for other brands too. Just look at the forums for Cyanogen. The guys trying to port to to Samsung phones can barely carry on a coherent conversation with the guys who've ported it to HTC phones, because their stock firmware is so architecturally different. You'd think they'd be similar because they're all ARM-based, overwhelmingly use Qualcomm radio chipsets, and all theoretically run Android... but software-wise the differences start at the kernel and device drivers, and just explode from there.

Just to give an idea of the problem's scope, look at the Samsung Galaxy S family. In theory, they were similar cousins. In reality, you couldn't even use an unaltered ROM meant for a Captivate (AT&T) with a Vibrant (T-Mobile) or i9000 (international), let alone an Epic 4G (Sprint) or Fascinate (Verizon). With great effort, you could make a Captivate-origin ROM that worked on a Vibrant, and grab bits and pieces from the Fascinate and stuff it into an Epic4G ROM, but it absolutely wasn't plug-and-play. And these were phones that were supposedly fraternal twins or first cousins. Compare any of them to anything by HTC or Motorola, and you might as well compare an Orangutan to a Kangaroo. I suspect things might be easier in Europe, but in America, even nominally-GSM phones for AT&T and T-Mobile have major differences.

Re:Cyanogen Mod (1)

ScrewMaster (602015) | more than 2 years ago | (#37587794)

You'd think they'd be similar because they're all ARM-based, overwhelmingly use Qualcomm radio chipsets, and all theoretically run Android... but software-wise the differences start at the kernel and device drivers, and just explode from there.

Now you understand why Samsung just hired Steve Kondik, founder of the Cyanogenmod project. They need someone like him very badly. Besides I, for one, won't consider a device if I can't get rid of the stock firmware and put Cyanogenmod (or another decent third-party ROM) on it. If nothing else, I simply do not trust the vendors and the carriers to play straight with me on the operating system.

You also have to give a lot of credit to the Cyanogen crew, when you look at the sheer number of supported devices, all across the spectrum from HTC to Samsung.

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37588324)

So which rooted firmware would you install on an HTC Evo Shift 4G, that would still run every app in the Android Market (and probably any other app, including ones I make myself with the SDK)? I really don't love the HTC Sense "desktop", but I don't want to live in some fork where every app I install has me second-guessing the firmware choice. And I certainly don't want to live with HTC's attacks like this one - which is a sign of things to come from HTC.

Re:Cyanogen Mod (1)

ScrewMaster (602015) | more than 2 years ago | (#37590190)

Well, you'd have to check cyanogenmod.com [cyanogenmod.com] to see if your phone is on the list of supported devices. I've been running various CM versions continuously for almost three years now, and have yet to find an app that won't run. Quite the opposite: generally they perform better than under the equivalent stock release.

Yeah, I agree about HTC: that's too bad. I don't know if they've just gone "evil", or if this is an example of the known-evil carrier influence, but I stopped running stock firmware on any of my phones years ago and haven't looked back. That kind of behavior was a large part of my decision to go third-party (that and better battery life, more performance and more features than stock. Also, I didn't like being told that I can't do certain things, like tethering.)

Some carriers disable the "Allow Non-Market Apps" capability. That's enough right there to make me root and go with a CM or some other ROM.

Re:Cyanogen Mod (1)

Miamicanes (730264) | more than 2 years ago | (#37595460)

For the sake of accuracy, the only carrier known to have ever done that in the US is AT&T, and they appear to have quit doing it for new phones going forward from the Infuse, and supposedly are unlocking older phones as they roll out periodic updates over the next few months. Now, whether AT&T will KEEP leaving them unlocked if it loses its fight to buy T-Mobile, and quits trying to publicly pretend that it's non-Evil, is anybody's guess.

Re:Cyanogen Mod (1)

ScrewMaster (602015) | more than 2 years ago | (#37595718)

For the sake of accuracy, the only carrier known to have ever done that in the US is AT&T

Okay, I'll take your word for that. I've never had a smartphone on anything other than T-Mobile at this point. On the other hand, even T-Mobile disallowed tethering apps early on (my first Android device was the venerable G1.) They eventually did a complete about-face on that score, and I haven't had any grief about non-Market apps or tethering or, well, anything else really. Which is why I was very upset when I first heard about the buyout.

The upper management of AT&T (or rather, SBC) should be in irons right now.

Re:Cyanogen Mod (1)

Miamicanes (730264) | more than 2 years ago | (#37597426)

Well, strictly speaking, they didn't "block" them, they just didn't allow them to be shown in Android Market. They made it non-easy for unsophisticated users, but didn't actually make it *hard* for regular users the way AT&T did.

Now, if they started poisoning DNS to make their domain appear to be invalid, or started to actually intercept and mangle http requests to their web site, that would be much more incrementally-evil and condemnation-worthy. On a scale of 1 to 10:

Filtering from Android Market: 2
DNS poisoning: 7
Http filtering: 8
Disabling installation of non-market apps: 9
Disabling ADB: 10 (I think this is actually forbidden by Google's licensing)
AT&T in General: 17
AT&T's management: off the scale. Alderaan is fucked, and only the FTC can save the rest of us.

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37595572)

Will Sprint know that I've rooted my phone? How about if I enable WiFi hotspot on an unlimited data 4G phone... other than by auditing my total consumption and inferring? If they do guess, will I have violated some contract, or even just given them an excuse to cancel my contract?

If not, it seems there's practically nothing to lose except the HTC SenseUI, which seems worth losing. And in its absence, perhaps inspiration to write a different GUI shell myself, or with others.

Re:Cyanogen Mod (1)

ScrewMaster (602015) | more than 2 years ago | (#37595704)

Will Sprint know that I've rooted my phone? How about if I enable WiFi hotspot on an unlimited data 4G phone... other than by auditing my total consumption and inferring? If they do guess, will I have violated some contract, or even just given them an excuse to cancel my contract?

If not, it seems there's practically nothing to lose except the HTC SenseUI, which seems worth losing. And in its absence, perhaps inspiration to write a different GUI shell myself, or with others.

Well, right now I have six different so-called "home apps" loaded on my G2. Some are variants of the stock launcher, others are completely and totally different. Sometimes I switch between them depending upon what I'm doing.

Re:Cyanogen Mod (2)

Miamicanes (730264) | more than 2 years ago | (#37595442)

> Now you understand why Samsung just hired Steve Kondik, founder of the Cyanogenmod project.
> They need someone like him very badly.

You're absolutely right. Actually, Steve will help Samsung a lot, because for basically the cost of one happy full-time employee, they've effectively outsourced the long-term maintenance of their phones' firmware to dozens to hundreds of enthusiastic, highly-skilled unpaid volunteers (many of whom would be VERY expensive to hire for real as full-time employees). Samsung has NEVER been good about supporting phones with updates after they've shipped. Cyanogen went a long way towards fixing that, but had a problem -- there were hardware issues that just couldn't be easily solved without access to the proprietary bits of source that Samsung couldn't hand out to members of the public. Now that Steve's an employee under NDA, they can give him the keys to the castle and let him freely build flawless Cyanogen-optimized kernels for Samsung's phones, and leave everything else up to the community.

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37595576)

I am very pleased that my post gave you two an excuse to discuss this subject so informedly and insightfully. Thanks for sharing it with me - and with us :).

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37588330)

So which rooted firmware would you install on an HTC Evo Shift 4G, that would still run every app in the Android Market (and probably any other app, including ones I make myself with the SDK)? I really don't love the HTC Sense "desktop", but I don't want to live in some fork where every app I install has me second-guessing the firmware choice. And I certainly don't want to live with HTC's attacks like this one - which is a sign of things to come from HTC.

Re:Cyanogen Mod (2)

ScrewMaster (602015) | more than 2 years ago | (#37587802)

Is there at least a grid or DB somewhere of phones vs firmwares that indicates which OEM features are covered, and perhaps by which optional replacement? I thought phone fans were obsessive about collecting those kinds of details about the objects of their fetish.

This [communityrelease.com] may be helpful to you.

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37588352)

Ah - would you limit your replacement firmware choice to what that form shows is available for a given phone/orig-OS?

Re:Cyanogen Mod (1)

ScrewMaster (602015) | more than 2 years ago | (#37606686)

Ah - would you limit your replacement firmware choice to what that form shows is available for a given phone/orig-OS?

That's just one list and not all-inclusive. There are lots of third-party ROMs. Once you have your phone rooted, you can download a program called ROM Manager from the market: it will install a custom recovery partition and allow you to back up and restore your existing OS and applications, and will flash a number of the most popular mods, including Cyanogen and MIUI. It will only show ROMs that are compatible with your particular device.

Re:Cyanogen Mod (0)

Anonymous Coward | more than 2 years ago | (#37590322)

wow android's even crapper than i thought!

a phone-targetted OS without standards for dialling, whee!

Re:Cyanogen Mod (1)

metalgamer84 (1916754) | more than 2 years ago | (#37589504)

Same question I have(as a Evo Shift owner)...

Re:Cyanogen Mod (1)

Doc Ruby (173196) | more than 2 years ago | (#37595586)

Reading the other replies in this thread, it seems that nothing else is lost, and much is gained - if you don't mind being unconventional.

Re:Cyanogen Mod (1)

metalgamer84 (1916754) | more than 2 years ago | (#37598868)

Yeah, so it seems. Being unconventional is no problem, loss of functionality or reliability is, hopefully neither will be. From the looks of it, the GB 2.3.3 rom can always be reloaded on the phone so it seems I have no reason not to give CM7 a whirl.

Re:Cyanogen Mod (0)

Anonymous Coward | more than 2 years ago | (#37585546)

You say that like its a bad thing. There are many other UIs for Android that are less bloated and faster than Sense UI.

Re:Cyanogen Mod (1)

ScrewMaster (602015) | more than 2 years ago | (#37587782)

Problem is, you lose HTC Sense, which is one of the best UIs for Android.

In that case try one of the Virtuous Sense ROMs. They work very well, but in my case I have a T-Mobile G2, so I had to installed engineering bootloader in order re-partition my flash to allow enough space for the OS. I ended up decided that Sense wasn't for me anyway, and went back to my Cyanogenmod.

Re:Cyanogen Mod (1)

Richard_at_work (517087) | more than 2 years ago | (#37587930)

Nah, I've had my fill of Android for the time being - I'm going back to the iPhone later this week.

Thanks for the suggestion tho, I hope it helps someone else reading this thread!

Re:Cyanogen Mod (0)

Anonymous Coward | more than 2 years ago | (#37592446)

Enjoy your experience, where the applications on there don't even tell you what they're accessing anyway. They proven that they don't care about your privacy anyway until mass media picks up on it (see GPS Location Recording: publically accessible by all installed applications, transferred between devices so you can be uniquely identified by it, and most importantly, not notifying you of it -- they still don't). Not only that, most mass media outlets are afraid of pissing off the Big Red Giant to be on their bad side, so they won't publish anything negative (How much press / many people know about the 30% in-app payment tax?)

Undoubtedly, HTC will release a patch real soon to fix this (just like everyone else's vulnerabilities that creep up, including the device you're going to be migrating to) and nobody What? You thought they don't leak your information too? They don't even tell you when an application crashes -- it just goes back to the homescreen without explanation. Think about that.

Just remember, if you can root the phone with an application or a PDF (in the case of the platform you're wanting to migrating to), who's to say your device hasn't already been compromised and is already leaking information without your knowledge?

Re:Cyanogen Mod (1)

Richard_at_work (517087) | more than 2 years ago | (#37592542)

Awww did someone get all offended at the thought that someone dislikes their Android experience enough to go back to Apple? Poor poor you, don't worry, it will soon pass.

Re:Cyanogen Mod (0)

Anonymous Coward | more than 2 years ago | (#37584872)

Unfortunately, practically every Android device that isn't rooted has major security problems because the carriers don't push out updates in a timely manner; that is, if they bother pushing out any updates at all. The state of Android security is really fucking pathetic and the carriers are largely to blame.

CM7 (0)

Anonymous Coward | more than 2 years ago | (#37585040)

My HTC Desire got hacked/used as some sort of proxy/relay by someone coming from an APNIC IP address who gained access to my GMail account and sent/received emails while I was busy driving home from work one evening. Google email confirmed that my gmail account was accessed at the time/date via my phone's IP address, and I found evidence in my phone that it had been accessed by an APNIC IP address at that time too. Luckily I caught this breach immediately after I got home and was able to re-secure my gmail account with a new password. Since my phone was already rooted and S-OFF'ed, I immediately downloaded and installed CM7. I've experienced no further security breaches on my phone since.

Re:Cyanogen Mod (4, Interesting)

izomiac (815208) | more than 2 years ago | (#37585050)

Amusingly enough, the core CyanogenMod developers have made it abundantly clear [cyanogenmod.com] that they vastly prioritize the ability of vendors to spy on users over the user's right to control who has access to personally identifiable data.

(Sorry for using biased language, but I think that denying a user control over hardware they own, especially by an open source project, is just asinine.)

Re:Cyanogen Mod (1)

Anonymous Coward | more than 2 years ago | (#37585794)

Thanks for pointing me to this one, I *was* on the verge of buying a new phone, and the Android beasties looked tempting especially after a bit of rooting, but hey, I've been happy with 'dumb' phones up till now, I think I'll stick with them..

I have to ask the question that the developer of the patch sort-of asked, wtf is Android doing exposing the device IMEI number, SIM serial numbers and files, contents of Contacts lists and SMS message stores, etc to any sort of app for in the first instance? (well, he must have asked himself that, otherwise he'd never have come up with the patches..) From my limited understanding of the current situation, 'oh hai, I'm the cute game app you just installed, I wants permiisions to access your filez and internets so I can high score table (and nom nom nom all your personal data I can gets...)

Someone in the discussion pointed to brought up the red herring about legality of IMEI spoofing, not quite getting the difference between the *device* using this number to register with a network (the spoofing of which, here in the UK, is Illegal) and a patch to the OS which upon intercepting an *app* trying to get the device's IMEI returns some random BS..which, though IANAL, as far as I can tell, is *not* illegal.

The sort of stuff these developers spout against the patches ('..borderline unfriendly towards revenue mechanisms', '..unfriendly towards app publishers.' ..and damaging vendor data.') makes me suspicious of *their* motives.

Re:Cyanogen Mod (1)

msauve (701917) | more than 2 years ago | (#37586580)

"wtf is Android doing exposing the device IMEI number, SIM serial numbers and files, contents of Contacts lists and SMS message stores, etc to any sort of app for in the first instance?"

Well, in the first place, an app has to demand access, and receive permission from the user before it can access such things. Every time you install an app, a list of permissions to be granted is present to the user for their permission. Now, it may be the case that most users just blindly hit "accept," but that's not an OS issue.

An app may use the IMEI or s/n for licensing (to lock itself to a specific phone or user). If it's a dialer app, it would be about useless without permission to see contact info, one might want an app which could be controlled by sending it an SMS. Why should Android limit the way a device is used, as long as the user is still in ultimate control?

YES it is an OS issue (5, Insightful)

SuperKendall (25149) | more than 2 years ago | (#37586832)

Every time you install an app, a list of permissions to be granted is present to the user for their permission. Now, it may be the case that most users just blindly hit "accept," but that's not an OS issue.

Yes it is. By having a security model that makes it more likely users will accept, that OS has introduced a security flaw.

A better approach is to grant permission at first time of access to a resource, so that you can make a judgement in context of what the app is asking for. Possibly some permissions should be asked for up front anyway, but not all... And by breaking them apart users would think more about granting them.

Re:Cyanogen Mod (2)

Rich0 (548339) | more than 2 years ago | (#37586800)

I suspect that "their" motive is to keep their options open, and they're not going to get job offers from phone vendors by making it harder to monetize the platform. Steve is now employed by a phone vendor so I doubt he'll ever shake things up that much.

There are now 3rd-party apps that will block these APIs, which makes me less annoyed with Android.

Android is FOSS, so you could always make a "PrivacyMod" distro that just tracks CyanogenMod but adds a few patches like these sorts of things. That would be relatively low-maintenance, and if it ever took off it would put considerable pressure on CM to adopt a more user-centric policy.

I really could care less what is good for app vendors/etc - the phone is mine, and if they can make money off MY phone that is nice, but it isn't at all important to me. I don't hold to the "just don't install the app" model - there is no technical reason why I can't have my cake, eat it too, and send a message to app vendors that they need to restrain themselves or they'll be cut off.

Re:Cyanogen Mod (0)

Anonymous Coward | more than 2 years ago | (#37593062)

If you bothered reading, most of the developers had issues with SPOOFING data. I believe that the yes/no blocking (which can be don with an app on the market if I recall, obviously with a rooted device) is already in CM.

There's a difference between protecting user privacy, and just plain fucking over developers. If you own an Android device, how many paid applications do you own, and how many are ad-supported? If you the majority of your applications are ad-supported, then you have no right to complain.

Steve Klondik
"I accept that there are privacy concerns on mobile devices. I am not sure what the solution is, but spoofing data is not it."

Re:Cyanogen Mod (0)

Anonymous Coward | more than 2 years ago | (#37595928)

i thought they were caring about such things as privacy by supporting open source, now i know. They just want what ever they suit for *them*

The mind is willing (1)

DarkOx (621550) | more than 2 years ago | (#37584514)

Seems to be a mind is willing, but the flesh is weak situation with the droid devices. Certainly the permissions model makes lots of sense for the type of device, but the implementations are wanting.

Why even bother specifying INTERNET perms? (1)

goose-incarnated (1145029) | more than 2 years ago | (#37584748)

Seriously, why bother - users don't actually care whether an app needs internet access or not, they just use the app anyway. For example, I've developed an app doesn't require internet access, yet it is still less popular than a similar app (which has less functionality) that happily uploads your private data to it's servers.

Honestly, if the users themselves don't mind sending something like their menstruation data to a third-party, why bother with an app that guarantees privacy? The privacy apps will just make less money due to having less marketing info from the users, and being unable to mine that data.

The market for users who care about their privacy is way too small to count. All users will happily allow something like "Angry Birds" to have internet access, even though it is obvious that it doesn't need it.

Re:Why even bother specifying INTERNET perms? (0)

Anonymous Coward | more than 2 years ago | (#37584910)

"The market for users who care about their privacy is way too small to count. "

Just so. I've been considering buying an Android device, and in preparation was playing with Android in a VirtualBox VM. I found it very difficult to find ANY apps I was willing to run, because things that obviously should not require internet access (or some other permission) did require it.

Then, I became absolutely bewildered that (apparently!) many millions of people will let some unknown app X have access to capabilities it absolutely should not need to do what it purports to do. To me that means instant distrust. I don't know what everybody else is thinking ... wish I did.

Whatever your app is, kudos for taking the high road.

Re:Why even bother specifying INTERNET perms? (1)

SJS (1851) | more than 2 years ago | (#37585092)

"The market for users who care about their privacy is way too small to count. "

Just so. I've been considering buying an Android device, and in preparation was playing with Android in a VirtualBox VM. I found it very difficult to find ANY apps I was willing to run, because things that obviously should not require internet access (or some other permission) did require it.

Work has provided me with an Android phone, so I've been looking through the Applications, and most of 'em I won't install because the application (or rather, the developer of the application) demands access far beyond what is needed. It's not so much that an application requires a permission, but how many permissions many of them require.

I want a way to easily change the permissions granted to an application, without the application's knowledge. If I decide that an application has no business making or receiving a text message, I should be able to disable that capability, all without the application being aware that it's attempt to send a text message failed.

Then, I became absolutely bewildered that (apparently!) many millions of people will let some unknown app X have access to capabilities it absolutely should not need to do what it purports to do. To me that means instant distrust. I don't know what everybody else is thinking ... wish I did.

I'm sure that they're thinking that they don't have a choice.

It's *hard* maintaining a decent policy of "Don't Use Apps That Demand Stupid Things". People get tired of it all. So they say "screw it!" and forget about it, and basically wish really hard that they get lucky and don't get compromised, or have their data splashed about. (Then, to make themselves feel better about their lax policy, they harangue others for not "taking advantage" of their similiar device. They scoff at the hesitation of others in allowing unknown and untrusted third parties to have full and unfettered access to personal data. Peer pressure eventually wins.)

Most people don't have much self-discipline, after all.

Whatever your app is, kudos for taking the high road.

Seconded.

Re:Why even bother specifying INTERNET perms? (1)

Doc Ruby (173196) | more than 2 years ago | (#37585232)

There's not going to be a way to disable a permission without the app that tries to get it noticing that it's disabled, when that app tries to exercise that permission and the function fails. But so what? We should be able to deny the permission in the OS, but still install the app that wants the permission. Then that function will fail. And the app will either not do what we want, in which case we'll either keep it or not, either give the permission or not, either contact the app distributor/author or not.

This prerogative in the OS seems exactly what we want from an OS: let us manage apps, even at runtime, without just letting them do whatever they want. In fact it's how firewall apps patched into an OS work: an app might try to access the network, but the OS (as configured by the user) sets what the app has permission to access. It doesn't require any support from the app for that permissioning.

It's time for an "IPC firewall" management tool in Android. It should really be part of Android. But maybe a 3rd party developer can put one out there. It's definitely worth $5, if it works.

Re:Why even bother specifying INTERNET perms? (0)

goose-incarnated (1145029) | more than 2 years ago | (#37585292)

There's not going to be a way to disable a permission without the app that tries to get it noticing that it's disabled, when that app tries to exercise that permission and the function fails. But so what? We should be able to deny the permission in the OS, but still install the app that wants the permission. Then that function will fail. And the app will either not do what we want, in which case we'll either keep it or not, either give the permission or not, either contact the app distributor/author or not.

Well, if it doesn't work the first time, the user would probably just look for a new one, and the popularity of privacy-respecting apps to non-privacy-respecting apps will at least change. And many users, given a allow/cancel dialog like "this application is attempting to access the internet, should it?" everytime the app is started, would probably look for a new app. From my experience with phone users downloading my app, if it doesn't work they don't even bother telling you, they just move on.

So, this scheme would at least work a little

Re:Why even bother specifying INTERNET perms? (1)

BradleyUffner (103496) | more than 2 years ago | (#37586394)

I want a way to easily change the permissions granted to an application, without the application's knowledge. If I decide that an application has no business making or receiving a text message, I should be able to disable that capability, all without the application being aware that it's attempt to send a text message failed.

Cyanogenmod can do this if you enable some of the advanced features. Once the app is installed you can go in where you view the permissions it needs and toggle some of them off. Badly designed apps may crash, but most stuff I've done it to has happily continued running.

Re:Why even bother specifying INTERNET perms? (1, Interesting)

ScrewMaster (602015) | more than 2 years ago | (#37587810)

I want a way to easily change the permissions granted to an application, without the application's knowledge. If I decide that an application has no business making or receiving a text message, I should be able to disable that capability, all without the application being aware that it's attempt to send a text message failed.

Cyanogenmod can do this if you enable some of the advanced features. Once the app is installed you can go in where you view the permissions it needs and toggle some of them off. Badly designed apps may crash, but most stuff I've done it to has happily continued running.

True. And if you're still concerned, run Droidwall. I do ... if an app has no need for Internet it goes in the blacklist. If it then fails to run because of some stupid license check, or just the dev being a dick and insisting that his app get out whenever it wants, it gets uninstalled.

Re:Why even bother specifying INTERNET perms? (1)

Seor Jojoba (519752) | more than 2 years ago | (#37585006)

Your point is mostly true, but I think there are legitimate cases to call out internet permissions. I have installed a password manager that doesn't have internet permissions. If it did have it, then it could send the passwords to an internet server someplace. So I honestly checked that the program did not have internet permissions, and would not have installed it if it did have them.

Re:Why even bother specifying INTERNET perms? (1)

goose-incarnated (1145029) | more than 2 years ago | (#37585102)

Your point is mostly true, but I think there are legitimate cases to call out internet permissions. I have installed a password manager that doesn't have internet permissions. If it did have it, then it could send the passwords to an internet server someplace. So I honestly checked that the program did not have internet permissions, and would not have installed it if it did have them.

My point is fully true - I went to the android market now and did a search for "password manager" - of the first five (ordered by relevance) results, only ONE (Yes, you read that correctly) does not allow internet access. Let's call them A, B, C and D and see how they compare:

A - internet access required, 100k to 500k installs
B - no internet access required, 10k to 50k installs
C - internet access required, 100k to 500k installs
D - internet access required, 10k to 50k installs
E - internet access required, 100k to 500k installs

Now, I'm not going to go through all the apps found for searching password manager", but you can see from the above that your decision to check the access is not something done by the majority - even for their passwords. The apps that come with the ability to rape privacy are more popular than those that come without it.

Re:Why even bother specifying INTERNET perms? (1)

nebular (76369) | more than 2 years ago | (#37585722)

The trouble is that any app that shows ads, requires internet access to get the ads.

One of the major revenue streams in the android market are those ads as android users are much less likely to pay for an app.

What Google needs to do is separate the ad internet connection from any other internet connection.

Re:Why even bother specifying INTERNET perms? (2)

Seor Jojoba (519752) | more than 2 years ago | (#37586334)

You know that sounds like a solid idea, but I scratch my head at the specific implementation of it. If you say that internet connections for ads are a separate permission, then would Google maintain a white list of ad providers? And then for ad providers, there'd need to be some policing to check that info going to the ad servers doesn't contain personal info.

Maybe the way to handle it is to have a separate Android OS advertising API that manages the request sent to an ad provider, disallowing any possibility of sending app-specified info to the server. And then any ad provider that follows the protocol can be accessed via the advertising API with no risk of sending private info like what HTC is exposing.

Obvious solution is obvious (wrt ad servers) (0)

Anonymous Coward | more than 2 years ago | (#37589858)

You know that sounds like a solid idea, but I scratch my head at the specific implementation of it. If you say that internet connections for ads are a separate permission, then would Google maintain a white list of ad providers? And then for ad providers, there'd need to be some policing to check that info going to the ad servers doesn't contain personal info.

Google does not need to maintain a whitelist of ad servers. Google needs to *be* the ad server and make it so that if you want to stream ads to android phones, you hire Googles ad services to do it. That way they can run a tight ship on security of those ads and make sure nobody tries any shenanigans thru 3rd party ad servers that might be located anywhere on the planet and operated by unscrupulous jerks. Letting an android phone slurp ads from just anybody's server anywhere on teh internet is epic fail for security.

Re:Why even bother specifying INTERNET perms? (2)

robmv (855035) | more than 2 years ago | (#37585212)

If you want to more assurance that your passwords aren't leaked to the internet don't install any other application with internet permission from the same developer. Two apps can share files if they are signed with the same key. The password application can still send the passwords to any other installed application using Intents too

Re:Why even bother specifying INTERNET perms? (0)

Anonymous Coward | more than 2 years ago | (#37585430)

All users will happily allow something like "Angry Birds" to have internet access, even though it is obvious that it doesn't need it.

Wait, what? Of course Angry Birds needs internet access. How else could it offer me those helpful ads for things like "chat with hot women" and "chat with hot guys" (yes, it actually offers both - at least they haven't successfully Market Segmented me enough to find my demographic). Or, the "your phone is too slow; supercharge it" or "your battery needs help". All these spammy ads would not be possible if it couldn't get to the internet. So it is obvious that it needs it. Someone must click on those. The few people who don't like those ads go to the Amazon Appstore for Android and get the pay version of Angry Birds - no more ads.

Re:Why even bother specifying INTERNET perms? (1, Interesting)

goose-incarnated (1145029) | more than 2 years ago | (#37585574)

All users will happily allow something like "Angry Birds" to have internet access, even though it is obvious that it doesn't need it.

[snipped]

The few people who don't like those ads go to the Amazon Appstore for Android and get the pay version of Angry Birds - no more ads.

You just made my own point for me - the paid version of Angry Birds on the amazon app store needs internet access (I just checked!).

Why? It clearly isn't for ads, perhaps its for DLC???

Many reasons (2)

SuperKendall (25149) | more than 2 years ago | (#37586854)

Why? It clearly isn't for ads, perhaps its for DLC???

Even though I'm not sure exactly what Angry Birds on Android needs (aside from DLC which I know they do regularly), I can think of a lot of reasons why pretty much any game would want internet permissions:

* Highscores
* Achievements
* Reduce level size on device
* Tweeting to friends about game (yes, many games integrate with social networks).
* web pages with game help material that you wanted to be able to keep more dynamic.
* news feed for game users

Deleting This Attack (1)

Doc Ruby (173196) | more than 2 years ago | (#37585178)

How do I delete this new attack from HTC? If I can't just delete it, but instead I have to root the phone and install an Android OS not from HTC or my carrier, where is the complete list of what I'll lose when I do so? And instructions for doing it?

And where's the NY attorney general phone#, so I can report this hellish violation of any contract I had with HTC, and general privacy invasion?

Re:Deleting This Attack (0)

Anonymous Coward | more than 2 years ago | (#37585486)

How do I delete this new attack from HTC? If I can't just delete it, but instead I have to root the phone and install an Android OS not from HTC or my carrier, where is the complete list of what I'll lose when I do so? And instructions for doing it?

And where's the NY attorney general phone#, so I can report this hellish violation of any contract I had with HTC, and general privacy invasion?

Ask, and you shall be answered: http://goo.gl/z6au [goo.gl].

Re:Deleting This Attack (1)

Doc Ruby (173196) | more than 2 years ago | (#37585622)

I'm asking the people reading this specific discussion, many of whom actually know something. Which is what real people do when having a conversation: ask each other for insights.

Unlike you, Anonymous idiot Coward, who has nothing to offer. What a loser you are that you think you're funny offering some lame old joke link. Why not offer some goatsex instead? Twit.

Reason not to use mobiles for authentication. (1)

Mattpw (1777544) | more than 2 years ago | (#37586308)

The security community needs to stop pushing mobile based token authentication. There is no reason why mobile OS's should get some kind of protected status vs their notebook counterparts. In my neck of the woods bad guys just forward all a victims calls for a few hrs anyway regardless of OS but clearly the trojan writers can make the usb jump to the users phone (EU charging mandate now) and carry on the same old tricks.

Yet another Thunderbolt problem (0)

Anonymous Coward | more than 2 years ago | (#37586776)

Just recently, Verizon pulled the Gingerbread update for the Thunderbolt. It had been rolled out and now Verizon is pushing it back a couple of weeks to fix bugs. Hopefully this is among the bugs that get fixed. Minus the short battery life, the Thunderbolt should be a really good phone. Unfortunately, the software has been lacking in general. This is just one more blow...

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...