After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Here you go:
http://www.appbrain.com/app/droidwall-android-firewall/com.googlecode.droidwall.free
MrGibbage said:
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Click to expand...
Click to collapse
1. There's already a couple adblock apps like Adfree which block a lot of stuff.
2. If you read the permissions for the apps you CHOOSE to download, then you'll know exactly what access to data they'll have. If you don't like that PaperToss wants access to your device ID, then just don't install PaperToss.
And of course, such an app would undoubtedly cause more issues than the perception of "security" it would provide, since you'd probably not be able to use half the apps anymore. Or they'd stop being ad-supported, and would begin to charge instead.
From the article:
Google requires Android apps to notify users, before they download the app, of the data sources the app intends to access. Possible sources include the phone's camera, memory, contact list, and more than 100 others. If users don't like what a particular app wants to access, they can choose not to install the app, Google says.
Click to expand...
Click to collapse
Just read the app permissions. That tells you almost everything you need to know.
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
All free apps will collect some information .... so they know what ads to aim your way ..... so they can make money ... Every one does this .... on your computer its the same as your cookies .... and only the really paranoid will set their browser cookies settings to "ultimate :block all cookies "...
Here's the difference, android openness will allow others to research and publish their findings, un like others that are closed and will not allow research, and if anyway is found to get the research. done the publication will be deleted from the web ......
The openness is why you see soooooo many articles on this issue over n over, none of them mentioning that the paid versions of these apps don't collect any thing .....
How much personal information are you planning on storing in the paper toss game?
Consider this in your answer, android system runs apps in sand box mode meaning, one app cannot access another without YOUR permission, or if an app is infected with malware, that malware will only operate in that app, unlike your windows machine where it would have a free for all .....
ferhanmm said:
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
That's my point. That would be a legitimate need for access to the phone state. However, granting that permission also gives the app permission to make phone phone calls. I still think the apps need to be more specific about the permissions they need.
The bottom line is, these phones are great, they can run all kinds of awesome software, but the people writing the software need to make a living too. If someone really wants to prevent their phone from sending out personal information, then they should not install any software, and maybe shouldn't even be using the phone at all. But I still see a need for a firewall app (possibly DroidWall, as mentioned above) to help us prevent this type of thing from happening.
A permissions firewall would be much more interesting and useful in my opinion.
Being able to block a certain thing like "read contact data" for all apps and only permit access with a white list would be very useful to me.
Hello,
I found a lot of Tutorials "How editing anroidmanifest.xml", but no one works with the messenger App WhatsAPP. Is it impossible?
I wanna change the user permissions because I think such many permissions aren't necessary.
Can anyone help me?
Thanks!
No one? Impossible?
you are just breaking the business logic of your application editing the manifest file.
the permissions grant a certain level of access to a particular set of API to the app that is requesting them, if you deny this access your app will probably generate an undefined behaviour depending on how it's written.
If you don't like the set of permissions just do not install that app, there is no point to modify just the manifest.
A thread about the browser "Dolphin"'s security issues brought me to the question if there is an easy way to determine weather apps are sending critical or sensitive data somewhere?
Or what possibilities there are at all to determine it.
I plan to replace my laptop with my tablet and this means I would want to do critical things as online banking with the tablet.
And unfortunately there is no app by the bank to do it.
I'd like to know that too
retsam88 said:
I'd like to know that too
Click to expand...
Click to collapse
me too
A thread about the browser "Dolphin"'s security issues brought me to the question if there is an easy way to determine weather apps are sending critical or sensitive data somewhere?<br />
<br />
Or what possibilities there are at all to determine it.<br />
I plan to replace my laptop with my tablet and this means I would want to do critical things as online banking with the tablet.<br />
And unfortunately there is no app by the bank to do it.
Click to expand...
Click to collapse
Detection by own:
1. De-compile the app with apktool and analyse its source code. You should de-compile even if the app is open source.
2. Use WireShark to analyse whole traffic.
Causions:
1. Use Permission Fix app to remove suspicious permission of app.
2. Use only popular apps. Popular apps are monitored by community and security companies. So, you'd never need to do detection by your own. Just, make sure you've subscribed to security mailing lists.
3. Use a nice Anti-virus. It can notify you about privacy risk, too.
4. Install only trusted apps. Many companies provide Trust seal for apps. For example, TrustGo Anti-virus and Amazon App Store.
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Some custom after market ROMs allow to drop any permission by user but it may render app useless.
Most of the time apps are not malware, but sometimes they may be. You can contact developer of the app requesting for reasons of these permissions and he may reply better.
you can always use auto start manager app within the rom toolbox to control the permissions of the apps..
Confucious said:
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Click to expand...
Click to collapse
You really have to think about what the app could be using the permission for, for example something like tasker pretty much needs every permission going because it allows you to set anything up as a profile etc.
The rule of thumb is to look at the app reviews, look at the permissions and just think about what the app could be using it for.
Sure a soundboard style app shouldnt need to make phone calls but many apps do need permissions that at first glance you might not think are needed.
And if your really in doubt email the developer and ask them to explain why they need this permission.
Surprise :laugh:
http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/
Hi. We're currently putting the finishing touches on our calling app (dialer, spam detection, contacts, call log etc) and we've run into a bit of an issue. Google won't allow our app to be uploaded to Play Store because there's something wrong with the way we ask for runtime permissions.
Google's message:
You declared Default Phone handler (and any other core functionality usage while default handler), Caller ID, spam detection, and /or spam blocking, Write and Show Call History in Dialer as the core functionality of your app. However, after review, we found that your app does not match the declared use case(s). Learn more about permitted uses and exceptions.
Click to expand...
Click to collapse
We currently show the user a popup with an explanation before asking for permissions. If the user denies, we show another explanation popup (rationale) and ask again. If the user then denies again, we let them use the app without the features that use these permissions.
Permissions used:
Code:
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.READ_CALL_LOG
android.permission.WAKE_LOCK
One version did actually get approved but after that it went back to being denied. Nothing permission-related was changed tho. We're running out of ideas and Google hasn't provided any support so far either. Hoping we can get some help from here.
I think concerning the granting of permissions of an app is explained here exhaustively.
jwoegerbauer said:
I think concerning the granting of permissions of an app is explained here exhaustively.
Click to expand...
Click to collapse
True. We have done everything accordingly as well as tried several different approaches to displaying rationales, explanations etc but nothing seems to work. I think the issue might not be the way we ask for permissions but something else. Google says that showing call history, contacts etc is not the core functionality of our app. So I'm thinking it might have something to do with our intent filters in our manifest or something.
Edit:: So I did some more research on this and it seems like Google also checks the Play Store description for keywords related to being a calling app. We did not have any keywords that said this. Refreshed the descriptions and hoping for the best.
andres-h1 said:
True. We have done everything accordingly as well as tried several different approaches to displaying rationales, explanations etc but nothing seems to work. I think the issue might not be the way we ask for permissions but something else. Google says that showing call history, contacts etc is not the core functionality of our app. So I'm thinking it might have something to do with our intent filters in our manifest or something.
Edit:: So I did some more research on this and it seems like Google also checks the Play Store description for keywords related to being a calling app. We did not have any keywords that said this. Refreshed the descriptions and hoping for the best.
Click to expand...
Click to collapse
Any update on this Andres?