Related
Im still pretty new to the smartphone world. But after looking at various apps I noticed the app declares a list of permissions it will need to certain files on the phone. Im just concerned that any one of these apps are gathering sensitive information like our contacts or notes on our phones. How do we know exactly what is being accessed and sent out. I just realized an app like mixzing sends the developers information about the songs we listen to, our playlists, etc.. Now Im not too concerned about this in particular, but how do we know what other information they or any other developer are grabbing from our phones? On a PC you atleast have a firewall, router, security sofware, etc..
Its interesting that someone finally asked this question. I asked this very thing since i.had my G1.
I am in infomation security and as a security researcher, ive used a rooted device and the shark app which is like wireshark for packet captures from your phone. You could always stick your vibrant on your wireless network and watch the packets there as well.
Take a peek at this screengrab from an alt keyboard install from the sticky page. I would not trust any app at all
On a side note, if you saw the forensics app for these phones...wow
Sent from my SGH-T959 using XDA App
there have been apps said to collect sensitive data that it doesnt need to function... In russia there was also a tip calculator that sent sms messages to various numbers without your knowledge... at the moment there is no virus, or worm, or trojan for android atleast not on this side of the world...
Just be careful what you download, always read the apps permissions..
Or download a app that scans applications, I personally use Lookout. Not because im paranoid about viruses but there are other features implemented such as losnig your phone and includes tracking.
It's on the market, "Lookout."
Lookout is a great tool to have. I use it on all my phones, out scan every app as you install, if its bad, it'll tell you
Sent from my SGH-T959 using Tapatalk
paradox4286 said:
Lookout is a great tool to have. I use it on all my phones, out scan every app as you install, if its bad, it'll tell you
Sent from my SGH-T959 using Tapatalk
Click to expand...
Click to collapse
SO how man y, if any, bad apps have you encountered? I havnt bought into the whole AV for mobile phones yet. I understand the potential risk, but the real world risk seems minimal to nearly nonexistant at this moment. Now I will probably be one of the first ones to go palm to face when the first virus makes its way around and I get it, but for now i'll stick with the ignorance is bliss unless this lookout app is actually kicking back potential risks.
Chief Geek said:
SO how man y, if any, bad apps have you encountered? I havnt bought into the whole AV for mobile phones yet. I understand the potential risk, but the real world risk seems minimal to nearly nonexistant at this moment. Now I will probably be one of the first ones to go palm to face when the first virus makes its way around and I get it, but for now i'll stick with the ignorance is bliss unless this lookout app is actually kicking back potential risks.
Click to expand...
Click to collapse
It's 0.. I use it mainly incase I lose my phone. That's the thing about Lookout, it isn't intrusive at all. It runs weekly scans (disabled if you want), and scans when you install a new application.
It has a lot of other functionality other than scanning for malicious applications.
Is anti virus a waste or is it worth having it run on your phone?
waste......
MrGibbage said:
waste......
Click to expand...
Click to collapse
Why is that?
its a waste, when was the lest time u heard of someone getting a phone virus? lol, plus what are you downloading and running on your phone that might even pose a threat
I vote waste too, for current AV solutions. Like another poster said -- There really aren't any threats at the moment. It's real likely there will be at some point, but I see no reason to believe the current AV providers have any clue what these future hypothetical virii will look like. I'll trust an AV once it is written by a security researcher who has studied live Android virii. Until then they're just wasting resources.
I don't run AV software on my home computers or my phones. I am careful with the email that I open, and when I DL software, I try to be aware of where it is coming from. I am never the guy that that downloads something the day it comes out. If it is nefarious, I'll hear about it. Maybe I'm lucky, but I just don't see the need.
SMS Trojan for Android - http://www.theinquirer.net/inquirer/news/1727325/android-virus-spotted
They do exist just not on a Windows level lol. I'm sure they will jump in numbers as the popularity of the platform continues to explode. Currently, Lookout is one of the top rated AV apps, and its free.
BTW when you install the "SMS Trojan" it asks for permission to send text messages that may cost money.
TOTAL Waste.
Just read the permissions requests when installing apps.
Or go read up on how Android's app sandboxing works. Either way, nothing can harm your phone unless you explicitly allow it to. And if you allow a photo app to read all of your data, and send text messages and connect to the internet, you deserve what you get.
reuthermonkey said:
TOTAL Waste.
Just read the permissions requests when installing apps.
Or go read up on how Android's app sandboxing works. Either way, nothing can harm your phone unless you explicitly allow it to. And if you allow a photo app to read all of your data, and send text messages and connect to the internet, you deserve what you get.
Click to expand...
Click to collapse
Aint that the truth. Idiots need to pay attention to the Android Permissions screen and ask themselves "Why does this flashlight app need to read my contacts, google account and access my dialer, data connection and send SMS??"
Like others have mentioned, threat levels right now are so low that it doesn't warrant the use of money or system resources.
Some apps in the market that are labeled as such are just spam btw.
And also, we are far from a mass infection ala PCs. Just be very careful with what you download. Pay close attention to the permissions and use your very good judgement. If a music player asks permission to read/send/receive text messages and make phone calls, it's probably some type of malware.
jblade1000 said:
SMS Trojan for Android - http://www.theinquirer.net/inquirer/news/1727325/android-virus-spotted
They do exist just not on a Windows level lol. I'm sure they will jump in numbers as the popularity of the platform continues to explode. Currently, Lookout is one of the top rated AV apps, and its free.
Click to expand...
Click to collapse
WASTE ,..,.., hands down......
A virus that has to be manually installed by the user or creator on the host device ????? , and this is after all the warnings to the user before you press ok .,.,.,.,., never mind all the warnings telling you NOT TO DOWNLOAD outside of the market,unless you know what you are doing , download AT YOUR OWN RISK..... Not to mention the anti virus companies CREATING the need for you to install their app ... ever read some of the comments in the market about these "AV" apps ? > 'this app works great, protects my phone'<<<<<? protects it ? from what ???? WTF..
So yes I think it's a waste.....
People make viruses for a living so pretty soon someone will come out with a major one cause it being a phone means nothing its based off of linux and I know linux doesn't have any killer viruses but they do have some just not on a windows level. So ask it takes is one overseas a hole to create one just so he can get famous and then we will need an
Worth installing virus app.
O yea most people only read the permission when installing apps when they are new to android most people don't look at them.especially for apps they regularly use like handcent. Who know what they do with our info?
Sent from my Samsung Vibrant
hmmm lets see, would an app be able to slide in a permission without a warning? as in read contacts after installed but it never showed on the permission screen.
creglenn said:
People make viruses for a living so pretty soon someone will come out with a major one cause it being a phone means nothing its based off of linux and I know linux doesn't have any killer viruses but they do have some just not on a windows level. So ask it takes is one overseas a hole to create one just so he can get famous and then we will need an
Worth installing virus app.
O yea most people only read the permission when installing apps when they are new to android most people don't look at them.especially for apps they regularly use like handcent. Who know what they do with our info?
Sent from my Samsung Vibrant
Click to expand...
Click to collapse
None of that supports a need for an Anti-Virus. Android sandboxes each and every application on the system. It's not like any other Linux distro in how it handles security. It's MORE secure than linux. You can hack individual apps (and thus use their permissions - ie the browser), but that's quickly patched.
The biggest security threat to Android is the same as the biggest security threat for EVERY OS: Lazy users.
reuthermonkey said:
None of that supports a need for an Anti-Virus. Android sandboxes each and every application on the system. It's not like any other Linux distro in how it handles security. It's MORE secure than linux. You can hack individual apps (and thus use their permissions - ie the browser), but that's quickly patched.
The biggest security threat to Android is the same as the biggest security threat for EVERY OS: Lazy users.
Click to expand...
Click to collapse
Thats so true but im speaking on the basic users who dont need a dumbphone instead of a smartphone cause when/if a virus does come out those are the people who ill be flooding the forums. While we sit back and laugh.
everyone is talking **** about anti-virus for taking up resources, but i've found Lookout to be very unobtrusive. Also, besides virus scan, it will locate your phone, send a siren to your device, backup your info, all at schedules you determine.
jamesey10 said:
everyone is talking **** about anti-virus for taking up resources, but i've found Lookout to be very unobtrusive. Also, besides virus scan, it will locate your phone, send a siren to your device, backup your info, all at schedules you determine.
Click to expand...
Click to collapse
Sure, those are a few reasons to keep Lookout installed. But I don't need it scanning all my files for threats that don't exist yet and it probably wouldn't recognize anyway. Fortunately, the AV component is optional.
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?
the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....
Liking lookout
Sent from my GT-I9100 using XDA App
ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )
Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.
Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial
not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback
Moved to proper section
Before beginning, I'm outlining two application permissions for future reference.
These were pulled from this article. It also outlines other permissions.
Raju PP said:
fine (GPS) location
While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications.
Click to expand...
Click to collapse
Raju PP said:
coarse (network-based) location
This setting is almost identical to the above GPS location permission, except that it is less precise when tracking your location.
Click to expand...
Click to collapse
Recently, I've taken an interest in privacy concerns with application permissions. I'm sure several of you are guilty of being unaware of unnecessary app permissions. I have apps on my device that I've had since migrating to Android, long before I concerned myself with privacy. In my recent hunt of cleaning up my application list, I've discovered that many applications have permissions that aren't necessary for it to function. The most common, unnecessary permission I've come across is coarse (network-based) location. As its name describes, this permission allows an app to determine your approximate location (e.g., the large location area shown by Google Maps when GPS is not on).
An example. I use a Wifi Login application to automatically enter login information for campus internet access (it was cumbersome to enter it manually each time). It works wonderfully, but it has this permission (coarse location). I asked myself, "what function of the app needs to access location??" I only need the app to access the internet, nothing else. I also noticed that each day, there was a location service wakelock despite having all location refreshing services turned off (in other apps, latitude, etc.). Upon removing its ability to obtain approximate location, the location service wakelock disappeared and functionality was not affected.
So, there are two concerns: privacy and unnecessary battery usage. While the link between the two is not often made, I'm making it here. Not only was the app (presumably) sharing my location, but in doing so, my battery took a hit. Before someone panics, I don't believe most apps use this maliciously. My guess is that app developers use it for demographic purposes to determine where in the U.S. their application is being used. Obviously not necessary, but an interesting tidbit for the creator of an app. So my question is, are you ok with apps accessing your approximate location? I've seen several games that have location permissions and in no way can that be justified.
Going beyond location permissions, there are obviously other privacy concerns. A number of app developers I've seen list why an application needs certain permissions. In the example provided above, the developer doesn't mention permission uses. In post 2, I will provide methods for identifying and removing app permissions (by using other apps lol - ironic, I know). Below is a good read about applications' additional "costs."
Free apps not truly 'free'
I use two applications to identify permissions: Appbrain Ad Detector and Avast Mobile Security. Appbrain Ad Detector has the ability to notify you when an app you install has "concerns." Avast Mobile Security has a lot of very useful features, one of them being "privacy advisor." Using one or both of these will allow you to determine what permissions are necessary and which ones are not. For what it's worth, I've only had a few apps that I felt had unnecessary permissions. You obviously don't want to revoke Tango access to the camera lol.
EDIT: I was going to suggest getting an application called "App Shield," (has the ability to remove app permissions) but it appears that it is no longer available on the market. It was a paid app that was just under 2 bucks, if I remember correctly. Due to this development, you'll have to find either App Shield or another method to accomplish this.
You can always just email the app creator and ask why they have the permission included. It (usually) takes more than one questionable permission to be truly dangerous.
From what I've read the majority of apps that use coarse location is for determining the ads you see in the app. Better chance of them being relevant to you.
Just like that article you linked, I think it was brought up on an xda portal article (either that or lifehacker love that site) that because of ad supported apps using coarse location, the battery use was higher, and paid apps that remove the ads will lower your battery drain. Not a huge difference, but it can add up.
gr8hairy1 said:
. . .
From what I've read the majority of apps that use coarse location is for determining the ads you see in the app. Better chance of them being relevant to you.
. . .
Click to expand...
Click to collapse
Makes sense. Coincidentally, the example I used is a paid app. The app itself had the permission, as well as the "pro" activation apk. Though it's no longer an issue, I may consider contacting the app developer out of curiosity.
Definitely do that. I have a large amount of apps on my phone, and it's not too uncommon to get an update for an app that removes a permission. Many times it's done because people contact the developer and the developer realizes it's not needed. Most times I see that happen is in paid apps, only sometimes with the free apps.
As for your original topic "are you ok with apps accessing your location", I have no issue with it. Obviously if it is getting used maliciously, no, I wouldn't be ok with it.
But as it is, 'guaranteed' the Phone Carriers know where you are and where you've been. And 'guaranteed' the government knows where you are and where you've been. I will always be more worried about the government knowing everything they want about me, without my permission, than some app creator. And as it is, I'm ok with the government knowing.
I feel the same way about the government as I do Google. Until they turn evil and start enslaving mankind (search "is google skynet", hilarious and royally creepy) I'm going to keep using them and stay in the country I live in.
Conspiracy theorists feel free to chime in. Although let's be honest, the over-the-top conspiracy theorists (that make for the best/most hilarious conversations) won't likely be carrying around a device that has cameras, microphones, gps chip, and internet access that can be used to activate one or all of those remotely
I don't really care if they know my location, but now that you mentioned a possible battery drain, I am bothered by that. Someone should make a list of popular apps that may have unnecessary permissions that can be safely disabled through some sort of means.
https://play.google.com/store/apps/details?id=com.stericson.permissions
Yer welcome.
Sent from my SGH-I777 using Tapatalk 2
I don't care either. I have my GPS constantly disabled so the only location any of my apps could get is a general network location....
Honestly, I think privacy concerns are often blown out of proportion... mostly by the media. Don't get me wrong, there is nothing bad with being concerned, but I highly doubt we are going to have another Craig's list killer situation from developers releasing apps on Google Play. Knock on wood.
As mentioned before, contact the app's dev and ask for more info. If they never reply then I would be worried. As well you can always use a different one. If needed you can use "Tasker" which can allow you to build almost any function any other app has to offer all under your control. Just be warned Tasker is highly addictive for us nerds....
Anyway, and in summary, I have less trust is most banks selling my purchase history then the random app developer.... but that's just me.
GO Launcher seems to be the "go to" launcher of choice for many people, including well read, influential online publications, like lifehacker. I can't bring myself to trust GO Launcher EX though. Outside of the eye candy and polished interface, its aggressive pushing of its own storefronts, apps, libraries, and widgets, many of which request unusual permissions like log file access and root, leaves me feeling that it's very liberal with what it does with any information it collects or tries to collect.
To confirm my suspicions, I whitelisted the launcher in Droidwall and monitored the connections and packets it sent out using Android Network Log .
What I found wasn't all too surprising and honestly not that different from most of the fun "free" apps on the marketplace that phone home and monetize user data. It's just that GO Launcher is phoning home to servers in Bejing, as well as a Chinese operated personalized content delivery network (ChinaCache) with servers in the US (essentially the Chinese counterpart to our Akamai). Many of the packets were directed to 69.28.54.217, which is a ChinaCache Los Angeles CDN server. I'm sure those hundreds of packets was all very intredasting data that gets sent to Beijing, too. Which is why one of 3G.cn/GO Launcher's employees has a linkedin page, one where she obviously forgot to confer with her company's marketing/PR department prior to candidly listing some of her responsibilities which include, verbatim, "data mining". lol. I'm very sure it's to 'serve personalized ads, quality products, and actionable data to high value customers', but still, the writing is on the wall. With how active Chinese companies are in tailoring the online footprint/reputation of their products and software on various websites, I'm sure that linkedin page will be taken down or revised.
Western corporations that broker information vs state influenced Chinese corporations that broker information. While I view both as not the most trustworthy entities in regards to my privacy, I do feel that there are at least some restrictions that could be theoretically enforced to limit the scope of the data shared by corporations in the West.
While I can easily block outbound packets and revoke permissions from GO Launcher EX, I just don't feel like I want to bother using it anymore.
ADWLauncher EX, my main launcher on several of my Android devices, does not generating any outbound traffic and there are no indications that it is collecting or selling my data. A much friendlier option to privacy, in my opinion.
Should I be this paranoid? Should you? I was surprised that I didn't see too much information about GO Launcher's data collection on the web, so I thought I'd share. Thoughts?
Just stick with adw launcher. I use sock launcher to save battery but it is what you prefer to use so sick with it.
~-~-~-~-~-~-~-~-~-~-~-~-~
Phone: Samsung galaxy s2 t989
Rom: Jedi knight 6 4.0.4
Kernel: Jedi kernel 2
-~-~-~-~-~-~-~-~-~-~-~-~-
and you thought celebrities weren't smart. =P
Not paranoid at all. Good info, thanks for sharing.
Sent from my SAMSUNG-SGH-I997 using xda app-developers app
Very detailed and helpful post. I have always felt this about GO products, but thanks for doing your research and making it publicly known.
Sent from my Desire HD using xda premium
To be honest I don't trust Go products at all after they refused to say how their SMS app was able to remember someone used their app even after changing phones and phone numbers. We have to remember that there are things that are legal in China but not in the States which include monitoring of personal data.
Batcom2
zelendel said:
To be honest I don't trust Go products at all after they refused to say how their SMS app was able to remember someone used their app even after changing phones and phone numbers. We have to remember that there are things that are legal in China but not in the States which include monitoring of personal data.
Batcom2
Click to expand...
Click to collapse
That's definitely a very scary factoid. Can you link me to the thread or webpage where they did that? I have seen the developer be very active in shutting down any negative comments towards the software, with some explanations that no identifiable information is stored or accessed, which runs counter to what is actually happening.
One of the reasons I started more heavily scrutinizing app developers is that I've seen the American press increasingly lauding, praising, and recommending Chinese developed software products, without fully vetting just what these products do, or what kind of security concerns they possibly present. Of them, was a remote desktop access software called Splashtop, which inexplicably had numerous foreign field offices, several being in mainland China. Among those offices, one was literally next door to a "Party Member Service Office". Splashtop, for many years, used zero end to end encryption, without any valid reason. Remote desktop applications and launchers provide so much unfettered user whitelisted access to elevated privileges, file system, network communications, root access, and keystroke/input monitoring, that it seems unconscionable to voluntarily install such a huge backdoor.
With many millions of downloads to date, they have quite a lot of data immediately available, to entities whose endgame is unknown, in a country that lacks the kind of regulatory checks, balances, and accountability that, for the most part, have earned user's trust of Western corporations and developers.
A worst case scenario I can imagine is that with all of the unique device ID's stored in their database (GO Launcher also creates a copy of your device ID and places is it in the file system, in plain text, which remains after uninstall) and likely profiling of each user, a malevolent company could essentially push a custom software update on someone's phone that deploys a more aggressive/invasive payload. With today's level of technology and the state of rampant state sponsored corporate espionage, I see it definitely within the realm of possibility.
MifuneT said:
That's definitely a very scary factoid. Can you link me to the thread or webpage where they did that? I have seen the developer be very active in shutting down any negative comments towards the software, with some explanations that no identifiable information is stored or accessed, which runs counter to what is actually happening.
One of the reasons I started more heavily scrutinizing app developers is that I've seen the American press increasingly lauding, praising, and recommending Chinese developed software products, without fully vetting just what these products do, or what kind of security concerns they possibly present. Of them, was a remote desktop access software called Splashtop, which inexplicably had numerous foreign field offices, several being in mainland China. Among those offices, one was literally next door to a "Party Member Service Office". Splashtop, for many years, used zero end to end encryption, without any valid reason. Remote desktop applications and launchers provide so much unfettered user whitelisted access to elevated privileges, file system, network communications, root access, and keystroke/input monitoring, that it seems unconscionable to voluntarily install such a huge backdoor.
With many millions of downloads to date, they have quite a lot of data immediately available, to entities whose endgame is unknown, in a country that lacks the kind of regulatory checks, balances, and accountability that, for the most part, have earned user's trust of Western corporations and developers.
A worst case scenario I can imagine is that with all of the unique device ID's stored in their database (GO Launcher also creates a copy of your device ID and places is it in the file system, in plain text, which remains after uninstall) and likely profiling of each user, a malevolent company could essentially push a custom software update on someone's phone that deploys a more aggressive/invasive payload. With today's level of technology and the state of rampant state sponsored corporate espionage, I see it definitely within the realm of possibility.
Click to expand...
Click to collapse
Search for the Go sms thread. I and another Mod brought it up in the thread and they tried to BS us. Then toss in a keylogger that was found (and removed?) in the Go keyboard and it has given me enough not to trust them.
of course you can, but I prefer Apex
zelendel said:
Search for the Go sms thread. I and another Mod brought it up in the thread and they tried to BS us. Then toss in a keylogger that was found (and removed?) in the Go keyboard and it has given me enough not to trust them.
Click to expand...
Click to collapse
Didn't know that. Never used their products but shouldn't that be enough to merit a ban from XDA? Bugless Pete was booted for less (source code issues but nothing as malicious as a keylogger).
We need solid proof and they will be.
Batcom2
zelendel said:
We need solid proof and they will be.
Batcom2
Click to expand...
Click to collapse
With the aggressive number of "updates" they immediately push once you install one of their products or add ons, I don't imagine it shouldn't be too difficult to find something of interest to confirm or deny suspicions. I did find it odd in that GO SMS thread that there were some mentions of whitelisting GO SMS to prevent AV from interfering with it.
I'll see about installing GO on one of my spare devices and routers after work, along with something like wireshark, so I can analyze packet data. This isn't something that I'm too familiar with so it may be a little bit while I re-acclimate myself to the program. If anyone is more familiar with packet analysis and wants to run tests alongside, it can build a stronger case for or against the dev.
Bump. I use go sms, so I would really like to know if this app is doing any other malicious things.
Sent from my XT720 using xda premium
good thread, :good:
anyway i hate this launcher since the day i have an android device.
its tooooooooooo overloaded with useless things.
its my opinion,i prefer apex,adw or holo.less wheight in data,ram,battery usage and looks more cool as the parishilton go launcher a.....s........ssss.lol.
Well, I'm running cm9, and for whatever reason, it won't let me download picture messages with the stock messenger. I actually use google voice for my texts, but that doesn't get mms. Go sms is the only thing that actually let's me download the pictures that get sent to me, so I just use it for that specifically.
Sent from my XT720 using xda premium
i stop using Go Products since they force people to use their CLOUD storage to backup people sms on Go SMS.
i dont know about now, local backup is back or not.
it was really fishy back there.
and many other thing, like many permission things needed for something like launcher and sms app.
their looks are cartoonish iphoney and cute (like many asian app) which is not my taste at all.
also overloaded with a bunch of crap.
that's my opinion.
---
Sent from Android Device
marhensa said:
i stop using Go Products since they force people to use their CLOUD storage to backup people sms on Go SMS.
i dont know about now, local backup is back or not.
it was really fishy back there.
and many other thing, like many permission things needed for something like launcher and sms app.
their looks are cartoonish iphoney and cute (like many asian app) which is not my taste at all.
also overloaded with a bunch of crap.
that's my opinion.
---
Sent from Android Device
Click to expand...
Click to collapse
Too true. The last product I used years back was GO SMS, and I stopped after they started insisting on registering for their Go Chat service and backing up SMS. I couldn't even unregister from Go Chat once I logged in by mistake, and they never responded to my emails about deleting my account. Very shady behaviour.
Sent from my Desire HD using Tapatalk 4
sashank said:
Too true. The last product I used years back was GO SMS, and I stopped after they started insisting on registering for their Go Chat service and backing up SMS. I couldn't even unregister from Go Chat once I logged in by mistake, and they never responded to my emails about deleting my account. Very shady behaviour.
Sent from my Desire HD using Tapatalk 4
Click to expand...
Click to collapse
Go Launcher + EX were my first "custom" ones but after reading about their data-collection-stories I've decided to go and stick with Apex Launcher never regretted doing so. I always thought Go was and is too agressive in pushing their widgets, services I don't like that
frankgreimes said:
Go Launcher + EX were my first "custom" ones but after reading about their data-collection-stories I've decided to go and stick with Apex Launcher never regretted doing so. I always thought Go was and is too agressive in pushing their widgets, services I don't like that
Click to expand...
Click to collapse
Exactly. I used Go Launcher EX & Go SMS Pro a lot on CM7. They were good till they became creepy. And most of the services were opt-out not opt-in. That's sucks.
Sent from my Nexus 7 using Tapatalk 4
A key question now is can the "Next" launcher be trusted? Can anybody run the same packet tests on this one? I'm officially ready to remove Go (launcher Ex from my old Tbolt and HD/Pad from my TF300) but I wonder if I'm also going to remove Next from a device.
NapalmDawn said:
A key question now is can the "Next" launcher be trusted? Can anybody run the same packet tests on this one? I'm officially ready to remove Go (launcher Ex from my old Tbolt and HD/Pad from my TF300) but I wonder if I'm also going to remove Next from a device.
Click to expand...
Click to collapse
Not sure, but just to be safe I'd stay awake from anything by the Go Dev Team. Too shady for my taste.