Big brother is everywhere

Submitted by niko on Mon, 2010-11-22 09:58

Forums

General Discussion / Free-for-All

I remember the time when computer users worried about spyware which was referred to as malware because it could potentially harm your computer or you (for example by stealing banking information). It seems that this has all changed and spyware is nowadays willingly installed by millions of users - as apps on their smartphones. If you were not aware of this you should read this little article published by the SmartMoney magazine: 10 Things App Developers Won't Say. I guess the main difference between an app and spyware is that the user willingly agrees to the terms of use (although sometimes these are not adequately explained) when installing an app, whereas spyware tries to collect info without your explicit consent. As someone who grew up in West Berlin, an island in Stasi controlled East Germany, I just cannot fathom why anybody would make the conscious decision to be spied on. Maybe I am just a hopeless idealist, or the day will come when app users rise against dot-coms who seem to see their clients as a big herd of cows that live to be milked.

Alexis Mon, 2010-11-22 14:42

Researchers have tracked android app behaviour and published the results.
http://appanalysis.org/index.html

A quote:

Using TaintDroid, we studied 30 popular Android applications that use location, camera, microphone data. We found that 15 send users' location information to remote advertisement or analytics servers. However, none of the fifteen applications mentions such data collection practice in the user license agreements, if present at all.

I have not had time to read into this properly, but it appears there is unfortunately no available app which will do this kind of low-level tracking of where your information goes exactly (the researchers had to hack the OS itself, I think).

Ideally one would want a firewall app which lets you decide which app can do what exactly.

Of course with closed-source systems such monitoring by end users or academics may be impossible.

Digg user "deslock", who says they are an app developer posts the following useful summary of privacy policies for the major OSes:

Android:
1. App approval process: Apps aren't denied being published on the android market unless they try to access something without using the explicit permissions system. Any permissions that an app requests appears in bold red before user installs.
2. Before you install the app: Android apps have a "manifest" that must declare what OS information the app uses, otherwise Android won't allow that data to be accessed. This includes GPS, phone number, contacts, device ID, even whether or not the app connects to the internet.
3. After you install an app: If you wish to deny apps use of GPS or other information, you can turn these off manually. It is global for all apps, not on an app by app basis though I suppose you can turn it on only when using one app and then turn it off.
4. After you install an app: If an app tries to access location, a large blinking icon appears at the top of the screen to show that GPS has been turned on. the icon remains until GPS is turned off or app is exited and no longer accessing GPS.
5. View permissions: All apps can be viewed on the device at any time to see exactly which permissions it has access to. You can remove the app from the same screen.
6. Monitoring: Android allows users to install apps that will monitor other apps data collection so you can see what precisely is being sent. Thus the reason that this article was written (someone installed a monitor).

iOS
1. App approval: Apple has terms of service that say that, generally, using GPS solely for tracking or advertising when the app itself has no GPS need, this is not permitted. It isn't a hard and fast rule. For a short period, Apple blocked some apps that had the geolocation aware Flurry if the app didn't use GPS. However, they recently stopped blocking this when they relaxed their guidelines. Why? Well...
2. Apple is allowed unrestricted access to your device and account information for their iAd use. For a few months, they denied all other ad services access to the same information but this was under close scrutiny by FCC and the "relaxed" guidelines are supposedly preemptive attempt to avoid FCC stepping in (it worked).
3. At time of install: There is no information to end user on what data is accessed. One can only hope that Apple found and rejected offending apps but several articles over the last few years show that plenty of apps collecting personal data are out there.
4. After install: If an app attempts to use GPS, permission is asked.
5. After install: A icon indicates GPS access in top of screen.
6. After install: Users have no visibility into permissions for apps on device or otherwise.
7. Monitoring: Apple does not allow apps that monitor other apps without jailbreaking.

BB OS:
1. Approval: Little is known about the approval process but there is nothing that says you can't access personal data.
2. At time of install: there is no list of permissions that the app will use.
3. After install: Blackberry OS allows access to a variety of permissions. Each one will cause a popup when accessed asking the user to allow/deny access. This will occur every time the app is launched.
4. After install: You can see if GPS is used in addition to the popup.