Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook's Android App Can Now Retrieve Data About What Apps You Use

samzenpus posted about a year and a half ago | from the show-me-the-app dept.

Facebook 176

An anonymous reader writes "Facebook on Friday released its Android launcher called Home. The company also updated its Facebook app, adding in new permissions to allow it to collect data about the apps you are running. Facebook has set up Home to interface with the main Facebook app on Android to do all the work. In fact, the main Facebook app features all the required permissions letting the Home app meekly state: 'THIS APPLICATION REQUIRES NO SPECIAL PERMISSIONS TO RUN.' As such, it’s the Facebook app that’s doing all the information collecting. It’s unclear, however, if it will do so even if Facebook Home is not installed. Facebook may simply be declaring all the permissions the Home launcher requires, meaning the app only starts collecting data if Home asks it to."

Sorry! There are no comments related to the filter you selected.

LOL, suckers... (-1, Troll)

Anonymous Coward | about a year and a half ago | (#43447149)

I laugh at all the fools who install this "App/Spyware"

Actually, it's rather sad. Android is so fucked. It's the new WinXP.

Re:LOL, suckers... (4, Interesting)

UltraZelda64 (2309504) | about a year and a half ago | (#43447467)

I don't laugh at all those future phones sold with this garbage, and with it installed and set up in such a way that you are forbidden from uninstalling it...

I already have problems caused by "stock" programs on my phone that cannot be uninstalled without root access, and I cannot trust going through the process of attempting to gaining root, something that could possibly leave me without a phone. Once this garbage makes its way "stock" onto commercial Android phones in the same way, there will be an even greater need to try to gain root access. I am not looking forward to the day when I have to start doing extra research just to find out if a particular cell phone comes with this Facebook garbage, only to find that they all fucking do and the only possibly way out of it is to risk rooting it.

It's already a bitch doing research for a new phone, given all the variations in (incompatible) Android versions. It's a royal pain in the ass trying to find a phone that doesn't suck in general, and doesn't force the use of a cell service provider that tries its best to fuck you up the ass. The last we need is to add fucking Facebook to the mix. Fuck them.

Re:LOL, suckers... (0)

Anonymous Coward | about a year and a half ago | (#43447787)

I don't laugh at all those future phones sold with this garbage, and with it installed and set up in such a way that you are forbidden from uninstalling it...

Just do what I do... use a phone built in the early 2000's. When mine breaks, I can find a replacement for less than $30 without all the new crap installed on it.

Besides the junk software on the new phones, I hate how they feel in my hand. It is like holding a credit card up to my ear to use the damn things. The phone I carry is nearly an inch thick when closed, has some weight to it and feels solid when I'm using it.

Re:LOL, suckers... (1)

Anonymous Coward | about a year and a half ago | (#43447625)

Android is total spyware anyway - the electronic equivalent of standing on a street corner bent over with your shorts down to your ankles. Enjoy.

Now this layer on top - Facebook; The venereal disease of the internet.

-1 Troll me if the truth hurts, Fandroids.

Big Android Problem (5, Insightful)

Richy_T (111409) | about a year and a half ago | (#43447169)

It was a mistake to allow apps to declare which access rights they want and then present users with a take-it-or-leave-it choice. While this part in itself is not a bad thing, it should be possible for users to fine-tune the settings once an app is installed and the apps then cope with that. I know there are apps out there that let you do this or similar but it should have been built in from the start. This is the activeX of the 2010s

Re:Big Android Problem (0)

Richy_T (111409) | about a year and a half ago | (#43447181)

Though I do have to say that it's still a damn site better than Windows (and even Linux) default security.

Re:Big Android Problem (1)

Anonymous Coward | about a year and a half ago | (#43447265)

Not to disagree, but I'm feeling nitpicky

The "and even Linux" can depend on your distribution. I know that back in the day, when you could still do a stage 1 install of Gentoo fairly easily, you could secure the hell out of that as the default (maybe stage 3, but I haven't installed it since they stopped giving the stage 1 and 2 to everyone as a real install option--I know that even with stage 3, you can opt to not have sudo, and therefore have more security inherently just there). There's also some distributions that just have a more secure model from the start as well. That is not Ubuntu, etc.

Re:Big Android Problem (1)

Bazouel (105242) | about a year and a half ago | (#43448237)

That's why there is jail in FreeBSD ...

Re:Big Android Problem (0)

Anonymous Coward | about a year and a half ago | (#43447201)

there was a patch submitted to CyanogenMod which does this. Unfortunately it was rejected. but you can build it yourself... [cyanogenmod.org]

Re:Big Android Problem (1)

Adult film producer (866485) | about a year and a half ago | (#43447275)

broken link... have the correct one?

Re:Big Android Problem (2)

bill_mcgonigle (4333) | about a year and a half ago | (#43447475)

This article [lwn.net] has the background and links.

Re:Big Android Problem (0)

Anonymous Coward | about a year and a half ago | (#43447761)

Sorry about the bad link. Was submitting from a phone and hit submit instead of preview.

Anyhoo-- here you go:

CyanogenMod development wiki [cyanogenmod.org] -- each supported device [cyanogenmod.org] has its own build instructions.

A patch to add privacy mode permissions infrastructure [cyanogenmod.org] (gingerbread -- would need to be updated for jb..)

Re:Big Android Problem (1)

c (8461) | about a year and a half ago | (#43447205)

I know there are apps out there that let you do this or similar but it should have been built in from the start.

I have this funny feeling that's going to be one of Google's responses to Facebook Home. Maybe some combination of "required" permissions that the app always requires (i.e. ad-supported stuff needs to download ads) with "negotiable" permissions that the user can toggle on and off. And, obviously, some scheme in the Play Store to flag apps which get too greedy, or which require classes of permissions which few should really need.

Re:Big Android Problem (5, Informative)

Anonymous Coward | about a year and a half ago | (#43447301)

As an app developer I would also like "negotiable" permissions.

I think a long list of permissions can be off-putting to users, and many permissions are needed only when the user actually tries to e.g. send an SMS from the app or take a picture. It would be better at that point to ask the user if they trust the app, much like the Android VpnService has to when it starts.

The other error is that some permissions are far too broad. For example, lots of apps require "Read phone state and identity" which gives the ability to learn not only the phone number, but also whether you are in a call and the number of the other party. Similarly there's a permission to read the phone book. A number of these apps simply want a unique ID for licencing purposes (the IMEI can be used where available, and the phone book gives the google account) but end up with a whole lot more and look a bit suspect.

The ID thing is discussed at http://android-developers.blogspot.co.uk/2011/03/identifying-app-installations.html, but the conclusion is poor, suggesting use of ANDROID_ID, but then still needing to jump through hoops for legacy devices. With about 40% of devices at API level 10 (http://developer.android.com/about/dashboards/index.html) this still gives developers a headache.

Pause while in call (5, Informative)

tepples (727027) | about a year and a half ago | (#43447461)

For example, lots of apps require "Read phone state and identity" which gives the ability to learn not only the phone number, but also whether you are in a call and the number of the other party.

There's a very good reason for media players and games to require this. Knowing whether the user is in a call allows the program to pause itself until the call completes.

Re:Pause while in call (0)

obarthelemy (160321) | about a year and a half ago | (#43447519)

explain again how music players need to know your phone number and that of everyone you ever call ?

Re:Pause while in call (3, Insightful)

chihowa (366380) | about a year and a half ago | (#43447579)

Because the permissions are too coarse grained. Weren't you paying attention? That's what this whole thread has been about!

Permission rationales (2)

tepples (727027) | about a year and a half ago | (#43447685)

They don't. Though Android unfortunately has no way to deny the "your phone number and that of everyone you ever call" permission without also denying "knowing when you're in a call so that it can pause", that's what permission rationales in the application's description are for.

Phone state: Used for pausing when you're on a call.
Internet: Used to synchronize recently played videos between devices. We don't share this unless you tell us to.

"But I don't trust that people won't lie in these rationales." That's what Dalvik disassembly and free software licensing are for, so that people who get paid to review applications can verify that the application's source code actually does what the rationale says and doesn't peek at actual phone calls.

Re:Pause while in call (1)

Karlt1 (231423) | about a year and a half ago | (#43448653)

There's a very good reason for media players and games to require this. Knowing whether the user is in a call allows the program to pause itself until the call completes.

iOS handles it without requiring such intrusive permissions.....

http://www.sagorin.org/ios-playing-audio-in-background-audio/ [sagorin.org]

Balance it (1)

tepples (727027) | about a year and a half ago | (#43448743)

I'll admit that Android has a "phone state" permission that's far too coarse-grained. But I see that as a minor flaw compared to the big flaw in iOS: Apple deliberately left out some parts of HTML5 as well as native APIs needed for applications to perform wireless network troubleshooting. Several categories of applications are completely excluded [pineight.com] .

Re:Balance it (1)

Karlt1 (231423) | about a year and a half ago | (#43448975)

I'll admit that Android has a "phone state" permission that's far too coarse-grained. But I see that as a minor flaw compared to the big flaw in iOS: Apple deliberately left out some parts of HTML5 as well as native APIs needed for applications to perform wireless network troubleshooting. Several categories of applications are completely excluded.

Only on Slashdot would someone think that "not allowing wireless network troubleshooting" is equivalent to allowing a random app to know who I'm calling.

FYI:Android browsers are also not fully HTML 5 compliant. WebGL in particular is not supported by Chrome or the old Android Browser (except for one specific phone).

http://mobilehtml5.org/ [mobilehtml5.org]

Re:Pause while in call (1)

alostpacket (1972110) | about a year and a half ago | (#43448937)

Games should not need it. Any time the host activity is paused the games should pause any background processing. Media players, especially music players do play in the background, even with the screen off though. So for them, it is a must.

The permission is too coarse though. They need to separate state and identity. Unfortunately they've dug a backwards compatibility hole pretty deeply though at this point.

list of permissions can be off-putting to users (0)

Anonymous Coward | about a year and a half ago | (#43447509)

If the permission you are requesting is putting off users, maybe you shouldn't request it in the first place.

I'm sorry, I'm just kidding...

Re:Big Android Problem (1)

AuMatar (183847) | about a year and a half ago | (#43447525)

And as a user I want to be able to deny certain permissions to certain apps. For example, I may be ok with an app having my location and reading my contacts- but not the ability to connect to the internet and send them somewhere. I should be able to allow some activities and block others.

Although not using ANDROID_ID- thats only a problem in pre-2.2, which is less than 2% of the userbase these days. IMEI isn't reliable because a device may not have telephony (tablets) or may be CDMA (no IMEI). It also is an identity containing number (you can directly track IMEI->phone number->person) whereas ANDROID_ID is unique but anonymous. There's no excuse for not using it.

Re:Big Android Problem (4, Insightful)

Fuzzums (250400) | about a year and a half ago | (#43447397)

And, obviously, some scheme in the Play Store to flag apps which get too greedy, or which require classes of permissions which few should really need.

Obviously definitely not that. It's a developer-first market. Developers are expensive and they do all the work for Google. For free. So Google is the last one that is going to limit them.

Re:Big Android Problem (4, Interesting)

AK Marc (707885) | about a year and a half ago | (#43447219)

I agree. I've always called for that. I've been told there are apps that do that, but it should be an OS level feature. I should be able to lie to my apps, much like I can by running a VM in a temporary partition with a single app inside it. Present a blank contact list and call history to any apps that ask. Block access to other apps (email and such). Let me choose.

Re:Big Android Problem (-1)

Anonymous Coward | about a year and a half ago | (#43447369)

I agree. I've always called for that.

Of course you have. But because you are a "nobody" moron, no one is paying any attention to you.

Re:Big Android Problem (2)

Greyfox (87712) | about a year and a half ago | (#43447253)

I seem to recall reading that a newer cyanogenmod allows you to disable specific access rights on an app. Don't think it should have network access? Disable that access right. They did note that this could potentially "cause instability" with the application running. I'm pretty tempted to give it another go to get rid of the crapware my provider installed on the phone and pick up this feature.

Re:Big Android Problem (0)

Anonymous Coward | about a year and a half ago | (#43447297)

The entire business model of android is based on this "mistake", how would shitty apps like the updated angrybirds fetch those intrusive ads if the user can decide what apps are allowed to phone home. Cyanogenmod *had* a permission managment in an older version (7.2 i think), that vanished without any hint why, i would bet my left ball that google "ordered" them to remove it, or else...

Re:Big Android Problem (5, Informative)

admdrew (782761) | about a year and a half ago | (#43447313)

Cyanogen definitely allowed this at one point (when looking at an installed app's settings, you could touch any of the permissions which would strike them out); it was hit or miss, with some apps crashing constantly when you disabled any of their permissions. I'm running 10.1 right now, and unfortunately this feature doesn't seem to exist anymore.

Re:Big Android Problem (3, Insightful)

Anonymous Coward | about a year and a half ago | (#43448005)

A cool feature would be the ability to provide selected apps with spoofed data.

Re:Big Android Problem (4, Interesting)

waffle zero (322430) | about a year and a half ago | (#43448615)

A cool feature would be the ability to provide selected apps with spoofed data.

That feature was proposed for Cyanogen and a patch was written. It was never included out of fears that developers would block Cyanogen from installing apps on the (then named) Android Market.

Re:Big Android Problem (5, Informative)

Shavano (2541114) | about a year and a half ago | (#43447263)

you can use "Permissions Free" for example to modify an app's permissions. But some apps won't run if you take away any of their permissions. What's really needed is sandboxing.

Re:Big Android Problem (0)

Anonymous Coward | about a year and a half ago | (#43447339)

Sandboxing is too slow for mobile.

Re:Big Android Problem (0)

Anonymous Coward | about a year and a half ago | (#43447695)

The iPhone says hello!

Re:Big Android Problem (0)

Anonymous Coward | about a year and a half ago | (#43447867)

Exactly.

Re:Big Android Problem (1)

Anonymous Coward | about a year and a half ago | (#43447915)

> What's really needed is sandboxing.

Yeah.. they should have used a runtime environment that had sandboxing from the start... like... Java.

Re:Big Android Problem (4, Interesting)

Rich0 (548339) | about a year and a half ago | (#43448891)

There are various patches that implement this. There were some root-requiring apps that did this as well but I don't believe they work post-v4.

The key isn't to return errors to applications - you just need to return a successful call with no useful data. If it asks for contacts, just say that the user hasn't defined any (a situation every app has to handle anyway). If it asks for the IMEI tell the app that there is no SIM installed. If it asks for the location, tell the app that there is no GPS coverage. If it asks to phone home, tell it that the network appears to be down at the moment.

Apps handle all of these things gracefully already. The key is to intercept the API call and direct it along one of these paths, and not to just return an error due to a lack of permissions, which the app no doubt was not designed for since it was supposed to be guaranteed those permissions.

Re:Big Android Problem (5, Informative)

paulkoan (769542) | about a year and a half ago | (#43448935)

The Pdroid http://www.xda-developers.com/android/pdroid-the-better-privacy-protection/ [xda-developers.com] patches are a "better" approach. They allow apps to keep the permissions they are designed to use, but feeds them fake data when they use them.

This protects privacy without crashing apps. However, it requires either a custom firmware with it already baked in, or running the patches against official firmware+root. This places it out of the comfort zone of many.

Re:Big Android Problem (0)

Anonymous Coward | about a year and a half ago | (#43447481)

I think cyanogenmod allows something much like that, as a feature of the OS.

Re:Big Android Problem (1)

Darinbob (1142669) | about a year and a half ago | (#43447641)

This would be a reasonable modification that could be made to Android, after-market.

Re:Big Android Problem (1)

chipschap (1444407) | about a year and a half ago | (#43448273)

I run the Droidwall firewall, with everything blacklisted by default. If an app won't run without net access, and I don't think it should get net access, it doesn't. This stops at least some exfiltration of data. Of course that wouldn't help with Facebook. But a lot of games claim to need net access for their 'leaderboard' or some such. It always makes me suspicious, especially if they totally refuse to run without being able to go out through the firewall.

Too late once app is installed (1)

SuperKendall (25149) | about a year and a half ago | (#43448379)

While this part in itself is not a bad thing, it should be possible for users to fine-tune the settings once an app is installed

Be realistic! Who is going to do this? Approximately no-one.

What really is better is that as apps request protected resources, then you are asked if you want to allow such access - that way you the user have the context for the access, to understand exactly why you would want to allow that ability.

There are a lot of iPhone apps for example, where I am happy to give location when I see what it is used for - and almost no apps that I care to give permission to see contacts, but I can run any new app knowing it will ask if it tries to get them. It also means that you can buy something and run it much later without having to remember just exactly what it was you agreed to let it access!

It is insane to me to ask non-technical users to understand up-front permissions at all.

Why are you surprised by this? (0, Troll)

Anonymous Coward | about a year and a half ago | (#43447185)

You buy a device to store your personal data on from a company that collects personal data for a living, and then run an app on it from another company that profits from collecting you data and then are confused when they collect your personal data?

Re:Why are you surprised by this? (1)

viperidaenz (2515578) | about a year and a half ago | (#43447197)

You buy a device to store your personal data on from a company that collects personal data for a living

I don't think this is limited to the Nexus range of Android devices.

Re:Why are you surprised by this? (0)

Anonymous Coward | about a year and a half ago | (#43447517)

> I don't think this is limited to the Nexus range of Android devices.

Even the non-Nexus devices are running an OS from Google, often made even worse yet by the company selling the phone.

(I'm not the person you were replying to btw)

In the end, we get what we deserve. We (collectively, the whole market) acted in a manner inconsistent with retaining our privacy, and now we don't have any, because we don't deserve to have it.

Why are you still surprised by this? (5, Insightful)

moderators_are_w*nke (571920) | about a year and a half ago | (#43447193)

You buy a device to store your personal data on from a company that collects personal data for a living, and then run an app on it from another company that profits from collecting you data and then are confused when they collect your personal data?

Reposting as me

Re:Why are you still surprised by this? (0)

Anonymous Coward | about a year and a half ago | (#43447317)

Yes, using FB from your phone just seems like a bad idea. I have an FB account that I only look at when I get home from work on my home computer. They only exist to suck up your info and give very little back; why make it easier for them?

Re:Why are you still surprised by this? (2)

admdrew (782761) | about a year and a half ago | (#43447321)

Who said anyone was confused? Data collection and app permissions don't need to be "all or nothing."

Re:Why are you still surprised by this? (0)

Anonymous Coward | about a year and a half ago | (#43447477)

Data collection and app permissions don't need to be "all or nothing."

Apparently it is with Android.

Re:Why are you still surprised by this? (1)

Anonymous Coward | about a year and a half ago | (#43447643)

You do know Google's business model relies on destroying your privacy and scraping as much knowledge as they can about you, right?

Re:Why are you still surprised by this? (1)

Sir Holo (531007) | about a year and a half ago | (#43447913)

Yep. This is why I recently deleted the FB App from my mobile.

Recently went through my "Public Profile" or whatever they call it, and they had a map of all of the states, countries, and cities I had recently been to. And I DO NOT use their "check in" feature when arriving at locations. In fact, I hadn't used the App in months.

Too creepy.

Re:Why are you still surprised by this? (1)

sacrilicious (316896) | about a year and a half ago | (#43448433)

Hmmm... why are you still surprised that people are disappointed at breaches of what should be common decency? I assume from your post you've seen such reactions before.. so your surprise at people's good nature and consequent expectations shouldn't be commentworthy anymore... just sayin'...

Eat a dick, Facebook. (-1)

Anonymous Coward | about a year and a half ago | (#43447195)

Yeah, eat a dick.

I doubt most people will flinch but... (5, Interesting)

Anonymous Coward | about a year and a half ago | (#43447223)

I was actually curious to try Home, but when I saw the new permissions requested by the Facebook base app, I just said 'enough is enough' and deleted it.

I think I'm definitely in the minority, but stuff like this increases that bifurcation of their userbase. I keep a toe in just because I know people that use Facebook as a primary communications tool, but I already log in only in a separate browser from everything else I do just to quarantine it.

Re:I doubt most people will flinch but... (1)

allo (1728082) | about a year and a half ago | (#43447245)

sad, mozilla stopped developing prism ... facebook is such a good usecase for it.

Re:I doubt most people will flinch but... (1)

dingen (958134) | about a year and a half ago | (#43447665)

It is indeed very sad. Prism was a great tool to package web applications in a cross-platform and distributable way. I don't get why we used to have something like that and now we don't.

Re:I doubt most people will flinch but... (0)

Anonymous Coward | about a year and a half ago | (#43448441)

No you're not in the minority. Fuck Facebook. Fuck Google.

Re:I doubt most people will flinch but... (1)

jrumney (197329) | about a year and a half ago | (#43448821)

I wasn't curious to try Home, but I saw the new permissions requested in order for Home to work, and recalled the last time I ditched the Facebook app, which was when they silently installed Camera and Messaging apps alongside it without my consent. They came to their senses on that, and bought themselves a second chance, but I'm afraid there won't be a third chance, because their app is no longer offering the value of contact integration that it was in those days, and by uninstalling it, I've realised how much of my battery drain was caused by that app.

Bye bye Facebook (5, Informative)

rueger (210566) | about a year and a half ago | (#43447243)

I looked over the new permissions being demanded by Facebook for the latest Android app update, and stopped dead at the point when they told me that the app could now "call phone numbers without your intervention." Say WHAT??

I expect Google to have pretty intimate integration into an Android phone. I signed on knowing that. From everything I read Facebook is now looking to pretty much take control of the phone OS, not by developing their own, but by hijacking large swaths of control from Android or the user.

Ultimately though one thing is making me stay away from this update, Facebook Home, and probably Facebook entirely on my phone: the Facebook app has been hands down the worst thing I've installed, and gets more useless with a very upgrade.

Re:Bye bye Facebook (1, Offtopic)

houghi (78078) | about a year and a half ago | (#43447365)

I signed on knowing that.

I did not sign anything. Luckily I live in Belgium where clicking 'I agree' is not a form of contract and phones are still sold unlocked by law without any operator linked to it.

Acceptance ritual under Belgian law (2)

tepples (727027) | about a year and a half ago | (#43447495)

Luckily I live in Belgium

For people who want what you have, how's their immigration policy?

where clicking 'I agree' is not a form of contract

If accepting a contract offer under Belgian law cannot be done by activating a control in a graphical user interface, then how can anybody sign up for a service or buy a product over the Internet?

Re:Acceptance ritual under Belgian law (3, Informative)

mrmeval (662166) | about a year and a half ago | (#43448745)

It should be done by mail/phone with a credit card with credentials mailed to you. It worked very well to keep trolls and spam off of Fidonet and Rime forums and since netmail messages cost a $0.25 so I'd love to get all the spam they could send. ;) BTW netmail was a feature of both those networks and I could send electronic mail all over the world. Both networks were like the internet but far more decentralized.

Re:Bye bye Facebook (0)

Anonymous Coward | about a year and a half ago | (#43447739)

I live in Belgium and I never clicked on the "I agree to pay a staggering >50% tax rate" button. Doesn't seem to matter, unfortunately.

Re:Bye bye Facebook (1)

AuMatar (183847) | about a year and a half ago | (#43447537)

In their defense- having a button in their app to call a friend would require that permission, and is likely what they're using it for. Which isn't really without user intervention. But the permission is all or nothing- can place a call or can't.

Re:Bye bye Facebook (-1)

Anonymous Coward | about a year and a half ago | (#43447557)

of course the problem is not android or Google, they are perfect, it's the others!

Go back to your google shrine and pray retard.

Re:Bye bye Facebook (1)

c (8461) | about a year and a half ago | (#43447771)

Ultimately though one thing is making me stay away from this update, Facebook Home, and probably Facebook entirely on my phone

Yup. I've removed it, or disabled it where pre-installed. The mobile version of the web site along with a third-party photo uploader pretty much covers everything I need Facebook to do.

All I want to know (0)

Anonymous Coward | about a year and a half ago | (#43447257)

is what kind of Wanker will install this shite on their phone or worse what kind of total wanker will buy one of these things?

Use Tinfoil Instead (5, Informative)

Anonymous Coward | about a year and a half ago | (#43447261)

USE TINFOIL FOR FACEBOOK!!!

Seriously guys. It works pretty well, and it isn't as annoying as the Facebook app.

https://play.google.com/store/apps/details?id=com.danvelazco.fbwrapper&hl=en

Facebook on android == teh suck (2)

stair69 (680444) | about a year and a half ago | (#43447277)

Facebook's android app drains battery, is full of bugs and has a wierd non-standard interface. I didn't think they could make it any worse, but here we go - well done Facebook, you really raised the bar on suck there.

When you assume... (5, Insightful)

93 Escort Wagon (326346) | about a year and a half ago | (#43447279)

If an app states it needs permission to do X and Y, it would be rather naive to not assume it will do X and Y.

I'm a little surprised Android hasn't copied iOS's behavior, where it asks the user whether or not to grant permissions to a specific thing (e.g Contacts or Location) at the time the app tries to do so - it just makes sense, and it's not like both OSes haven't copied from each other before. But I suspect Google doesn't really want to remind you of what information each of its apps is accessing, or when.

Re:When you assume... (1)

kwark (512736) | about a year and a half ago | (#43447633)

"I'm a little surprised Android hasn't copied iOS's behavior, where it asks the user whether or not to grant permissions to a specific thing (e.g Contacts or Location) at the time the app tries to do so - it just makes sense, and it's not like both OSes haven't copied from each other before."

There are apps for that, eg:
https://play.google.com/store/apps/details?id=com.lbe.security.lite [google.com]
http://forum.xda-developers.com/showthread.php?t=1091065 [xda-developers.com]

But can you trust these kind of apps? So far I do, worst case scenario is there is now 1 more app that can access my data.

Re:When you assume... (2)

93 Escort Wagon (326346) | about a year and a half ago | (#43447735)

I don't want to give the impression I'm trying to against argue your comment, because it's great those are available; but since they require a rooted phone, they may not be practical options for non-technical people.

Re:When you assume... (1)

kwark (512736) | about a year and a half ago | (#43447921)

a: non technical people don't tend to know or care about these issues
b: what did you expect, if a non-root app could circumvent permissions this app would be useless.

Godwin. (1, Funny)

tqk (413719) | about a year and a half ago | (#43447305)

"Yeah, we know you didn't really vote this Hitler fellow to be your Fuhrer, but it's okay; the Kaiser gave it to him in an attempt to shut him up. Move along; nothing to see here."

Google is in on it (3, Informative)

plastick (1607981) | about a year and a half ago | (#43447307)

Want proof that Google [cbsnews.com] , Verizon [nbcnews.com] , etc. are in on the privacy nightmares of Android [pcworld.com] ?

They keep releasing new versions that prevent people (who own their phones) from rooting them to

1) block ads ( from their Google Play store) [zdnet.com]

2) prevent you from using apps to control permissions (like LBE Privacy Guard that now reboots your phone in an endless loop [androidforums.com] )

With all the time and effort put into their OS, why have they not allowed users to control permissions on apps in any way, shape, or form? Why? Because they are marketing companies that also sell your data to other companies (including all the top mobile carriers). They make deals with these companies and propagate the problem - turning smart phones into a privacy nightmare. And it's not like the iPhone is any better.

Until people take a stand (and stop being a bunch of apathetic consumers), it's not going to change. People allow themselves to be taken advantage of. It's sad. Most don't even care. They'll happily give Facebook and Google all their information because "they don't have anything to hide" - which we all know is the lamest excuse for apathy possible and is easily dismissed [donttrack.us] as moronic. And it just keeps getting worse - and now our governments collect this data too.

And what is the effect? People are not getting jobs [sciencedaily.com] or losing their jobs [huffingtonpost.com] due to their Facebook posts. Insurance companies are increasing rates [wsj.com] on people who type certain terms into their search engines. And that's just barely getting started!

Wake up, folks!

Re:Google is in on it (0)

Anonymous Coward | about a year and a half ago | (#43447655)

"2) prevent you from using apps to control permissions (like LBE Privacy Guard that now reboots your phone in an endless loop [androidforums.com])"

Use the XDA version, idiot.

Re:Google is in on it (0)

Anonymous Coward | about a year and a half ago | (#43447711)

Yes, the average consumer should put custom firmware on their device to have basic privacy. Are you assuming that consumers must be technically savvy and willing to support themselves to deserve privacy?

This attitude is what holds the FOSS crowd back.

Re:Google is in on it (0)

Anonymous Coward | about a year and a half ago | (#43447941)

Yes, privacy isn't something that you can expect/get for free.

Re:Google is in on it (1)

alext (29323) | about a year and a half ago | (#43448515)

I have LBE on Android 4.1.2 and it seems fine, if a bit hard to navigate. This is the more recent (modified Chinese) version though, not the Play Store one.

evil hijacking evil (0)

Anonymous Coward | about a year and a half ago | (#43447331)

This is why I like my people smart and my phones dumb. The general public have no clue and so they flock to the latest gadget or social webthing, regardless of any red flags. Then it gains enough momentum to be the new normal, as we have now, and we are all owned. As geeks, we should educate those sheeple we have contact with. It is already to late - crackberry's, i-spies, google-ware and FB ... run the planet.

This is why it's important to get root access... (2)

excursive (2823185) | about a year and a half ago | (#43447343)

If you have root you can turn off those permissions. If the app doesn't run without snooping permissions (as Groupon and Google Offers do not), well, it's their choice not to get my business.

alternative Facebook apps (1)

stenvar (2789879) | about a year and a half ago | (#43447353)

Keep in mind that you do not have to use Facebook's app; there are several third party Facebook apps for Android.

It's not just facebook (0)

Anonymous Coward | about a year and a half ago | (#43447359)

http://gizmodo.com/5715169/these-apps-are-rampantly-stealing-your-info-without-permission

Re:It's not just facebook (2)

Takatata (2864109) | about a year and a half ago | (#43447883)

And the list of worst offenders also reads like a roll-call of must haves: Pandora. Angry Birds. Netflix. Shazam. Et tu, Yelp?

Interesting. I don't have a single one of this 'must haves' installed.

Website? (1)

HRbnjR (12398) | about a year and a half ago | (#43447387)

I installed the FB app when I first received my Galaxy Nexus, and the battery life dropped from 3 days to 1, so I axed it, and added a desktop shortcut to their mobile site, which seems to work well enough for me.

Re:Website? (2)

int19 (778341) | about a year and a half ago | (#43448085)

I installed the FB app when I first received my Galaxy Nexus, and the battery life dropped from 3 days to 1, so I axed it, and added a desktop shortcut to their mobile site, which seems to work well enough for me.

^ This

I've been using the mobile website instead of the Android app for about a year. It's not quite as good as the app, but is more than adequate for my needs and has no battery impact. The only notifications I care about get emailed to me.

So what? (1)

John Hasler (414242) | about a year and a half ago | (#43447483)

If you have a Facebook account you have already decided to publish every detail of your life anyway.

Google is God (-1)

Anonymous Coward | about a year and a half ago | (#43447547)

They said "do no evil" of course it means they will NEVEr do evil. Here is all my data, browsing habbit, secrets, passwords

LOL of course google will NEVER use this, they said "do no evil" they aren't big brother, they are independant, and I hate Apple so Android is awesome even though the interface is convoluted, the software slow, the install process weird and nevermind the fact there are countless flavor of android running, tailored to countless amount of hardware and carriers. Nevermind that making an app for android doesn't mean it will run on YOUR android, I say android is awesome just cause its not Apple.

GOOGLE suck
ANDROID suck

And you are all a bunch of fucking idiots to give them all your life like that.

the worst part is the army of morons who defend them teeth and nails for no other reason than to keep their bragging right as supposed technology specialist; I am a technology specialist and I know everything! Why is that? I hate apple and use android. WOW you MUST be a wizard to use such a retarded OS and succeed.

At least Apple and Microsoft business model doesn't revolve around selling your life to the highest bidder and acting as a portal to secret service and oppressive regimes around the world.

The OS must start caring about the user (0)

Anonymous Coward | about a year and a half ago | (#43447571)

I was playing with an andriod tablet the other day and noticed when you install even trivial apps the amount of privledges being asserted is ridiculous including access to contacts.

It is not appropriate to give users a take it or leave it choice. These ultimatums should never have existed. The *user* should be asked to declare what permission they want to give and the OS should be prepared to lie convincingly to the app in the event an app demands access to something such as location or contacts the user refuses to provide.

Unacceptable- but what Google intended (0)

Anonymous Coward | about a year and a half ago | (#43447723)

Google = NSA. No organisation hates the concept of privacy for the plebs more than Google/NSA. There can be no excuse for an application to have knowledge/access to anything else you do on the device without EXPLICIT individual permissions given to the app by the user.

Now dumb dumb betas will be told by Google shills that it is their fault for installing the app in the first place. This is the common tactic. Betas are educated to always blame themselves. Not every one falls for this psychological manipulation, but many do.

At this time, mobile devices MUST be treated as insanely untrustworthy. You must assume every aspect of data storage on your device is being constantly 'mined' by multiple parties. Information that MUST be kept private should not be stored on a mobile device.

The evil depraved scum of Facebook merely rub your face in the truth about mobile 'security', and for that reminder, you should be thankful.

FB's not worth the hassle (0)

SternisheFan (2529412) | about a year and a half ago | (#43447781)

I'm old school, and don't leave 3G/WiFi on unless I'm actually using the internet. When I'm outside with my phone the internet is off, except when using GoogleMaps to get somewhere.

.

When I use installed apps/games, and they demand the internet to function, that app/game gets deleted, it's just not worth it. If an downloaded app/game re-spawns after I've 'force-closed' it, it also gets tossed with no mercy, no game is that good. (I might keep a copy of the APK saved on my sdcard for the occasional, "use when needed then uninstall when done" times.)

Forget FB, I tried it for a year 4 years ago, then deleted my account. So now when I get spams that look like real FB emails ("You have 2 unread messages on FaceBook"), I know they're b.s., {delete}. Makes my life less complicated.

Of course it will collect data (0)

Anonymous Coward | about a year and a half ago | (#43447895)

Of course the Facebook app will collect data whether or not Home asks it to or not. Facebooks entire business model is based on collecting data about you and selling it. Is that still not obvious or known at this point?

app guard FTW (0)

Anonymous Coward | about a year and a half ago | (#43447953)

There is a great app called App guard and it lets you control what a app can see and do on your phone I know i use it

reply (-1)

Anonymous Coward | about a year and a half ago | (#43448629)

Shanghai Shunky Machinery Co.,ltd is a famous manufacturer of crushing and screening equipments in China. We provide our customers complete crushing plant, including cone crusher, jaw crusher, impact crusher, VSI sand making machine, mobile crusher and vibrating screen. What we provide is not just the high value-added products, but also the first class service team and problems solution suggestions. Our crushers are widely used in the fundamental construction projects. The complete crushing plants are exported to Russia, Mongolia, middle Asia, Africa and other regions around the world.
http://www.sandmaker.biz
http://www.shunkycrusher.com
http://www.jaw-breaker.org
http://www.jawcrusher.hk
http://www.c-crusher.net
http://www.sandmakingplant.net
http://www.vibrating-screen.biz
http://www.mcrushingstation.com
http://www.cnstonecrusher.com
http://www.cnimpactcrusher.com
http://www.Vibrating-screen.cn
http://www.stoneproductionline.com
http://www.hydraulicconecrusher.net

So what... (0)

Anonymous Coward | about a year and a half ago | (#43448641)

I am an Android developer, and so can I. It is fairly trivial in fact to gather these stats. Snooozzzzeee...

Meanwhile CNN screams "MALWARE!!!" (1)

gelfling (6534) | about a year and a half ago | (#43448711)

Today there's an Apple fanboi sponsored article that screams that 99% of all malware is from Android. If you parse that you'll discover that most of it is PRECISELY this sort of thing which users will download and start hammering away like a crackpipe even when you tell them what it does to their personal info. Which btw iPhone apps do too. But we don't want to talk about that......

People are stupid and we need to start beating them half to death with their phones.

Uninstalled (2)

Optimal Cynic (2886377) | about a year and a half ago | (#43448723)

Uninstalled.

Facebook app has access to EVERYTHING (1)

ukemike (956477) | about a year and a half ago | (#43448835)

I don't see how having access to your apps list matters much when the FB app already has access to:
Your personal info (read and write contact data) Your location (fine)
Network communication
Your accounts
Storage (modify/delete usb contents)
Hardware controls
Phone calls (state and identity)
System tools
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?