After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Here you go:
http://www.appbrain.com/app/droidwall-android-firewall/com.googlecode.droidwall.free
MrGibbage said:
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Click to expand...
Click to collapse
1. There's already a couple adblock apps like Adfree which block a lot of stuff.
2. If you read the permissions for the apps you CHOOSE to download, then you'll know exactly what access to data they'll have. If you don't like that PaperToss wants access to your device ID, then just don't install PaperToss.
And of course, such an app would undoubtedly cause more issues than the perception of "security" it would provide, since you'd probably not be able to use half the apps anymore. Or they'd stop being ad-supported, and would begin to charge instead.
From the article:
Google requires Android apps to notify users, before they download the app, of the data sources the app intends to access. Possible sources include the phone's camera, memory, contact list, and more than 100 others. If users don't like what a particular app wants to access, they can choose not to install the app, Google says.
Click to expand...
Click to collapse
Just read the app permissions. That tells you almost everything you need to know.
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
All free apps will collect some information .... so they know what ads to aim your way ..... so they can make money ... Every one does this .... on your computer its the same as your cookies .... and only the really paranoid will set their browser cookies settings to "ultimate :block all cookies "...
Here's the difference, android openness will allow others to research and publish their findings, un like others that are closed and will not allow research, and if anyway is found to get the research. done the publication will be deleted from the web ......
The openness is why you see soooooo many articles on this issue over n over, none of them mentioning that the paid versions of these apps don't collect any thing .....
How much personal information are you planning on storing in the paper toss game?
Consider this in your answer, android system runs apps in sand box mode meaning, one app cannot access another without YOUR permission, or if an app is infected with malware, that malware will only operate in that app, unlike your windows machine where it would have a free for all .....
ferhanmm said:
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
That's my point. That would be a legitimate need for access to the phone state. However, granting that permission also gives the app permission to make phone phone calls. I still think the apps need to be more specific about the permissions they need.
The bottom line is, these phones are great, they can run all kinds of awesome software, but the people writing the software need to make a living too. If someone really wants to prevent their phone from sending out personal information, then they should not install any software, and maybe shouldn't even be using the phone at all. But I still see a need for a firewall app (possibly DroidWall, as mentioned above) to help us prevent this type of thing from happening.
A permissions firewall would be much more interesting and useful in my opinion.
Being able to block a certain thing like "read contact data" for all apps and only permit access with a white list would be very useful to me.
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Some custom after market ROMs allow to drop any permission by user but it may render app useless.
Most of the time apps are not malware, but sometimes they may be. You can contact developer of the app requesting for reasons of these permissions and he may reply better.
you can always use auto start manager app within the rom toolbox to control the permissions of the apps..
Confucious said:
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Click to expand...
Click to collapse
You really have to think about what the app could be using the permission for, for example something like tasker pretty much needs every permission going because it allows you to set anything up as a profile etc.
The rule of thumb is to look at the app reviews, look at the permissions and just think about what the app could be using it for.
Sure a soundboard style app shouldnt need to make phone calls but many apps do need permissions that at first glance you might not think are needed.
And if your really in doubt email the developer and ask them to explain why they need this permission.
Surprise :laugh:
http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/
"Work profile" (e.g. Shelter, Island) and Exchange Device Administrator permissions
Hi,
I've installed Shelter (also Island is an alternative app) which allowed me to install Microsoft Outlook and connect to my work email in a "shelter" (separate envionment for work). I read that this is based on "work profile" which is in the standard Android API. When I connected to the Exchange server from work, I had to allow Outlook to be "device administrator" and so the remote admin can remotely wipe my phone if he wants.
My question is: If I installed Outlook in a "work profile", can the remote admin still wipe my phone or the "work profile" isolates the app completely so it cannot affect my phone in any way?
Thanks!
epurehello said:
Hi,
I've installed Shelter (also Island is an alternative app) which allowed me to install Microsoft Outlook and connect to my work email in a "shelter" (separate envionment for work). I read that this is based on "work profile" which is in the standard Android API. When I connected to the Exchange server from work, I had to allow Outlook to be "device administrator" and so the remote admin can remotely wipe my phone if he wants.
My question is: If I installed Outlook in a "work profile", can the remote admin still wipe my phone or the "work profile" isolates the app completely so it cannot affect my phone in any way?
Thanks!
Click to expand...
Click to collapse
I believe it should only effect the work profile, but I have also heard of policy settings effecting the entire phone also.
In all honesty for the best and most accurate answer you should ask your employers IT department. They can tell you exactly what the remote wipe will effect since they are the ones who set up the policy.
scottusa2008 said:
I believe it should only effect the work profile, but I have also heard of policy settings effecting the entire phone also.
In all honesty for the best and most accurate answer you should ask your employers IT department. They can tell you exactly what the remote wipe will effect since they are the ones who set up the policy.
Click to expand...
Click to collapse
The IT department has nothing to do with this. This is a question about the work profile implemented in Android. Does it COMPLETELY isolate the app from the rest of the device (including device admin permissions), or not?
Looked a little more into this and wanted to re-edit my post.
Does shelter completely isolate the app (and device admin permissions) from the rest of the device?
No it does not. When looking at F-Droid shelter homepage it states that ut is not a full sandbox implementation. It also continues to list a few caveats to the app (below is a copy and paste).. Please note that I am not saying you may encounter these particular caveats, but because they exist (in conjunction with the shelter app not providing a full sandbox environment) it is not possible to say the shelter environment is completely isolated from the rest of the device.
*Security bugs of the Android system or Linux kernel
*Backdoors installed in your Android system (so please use an open-source ROM if you are concerned about this)
*Backdoors installed into the firmwares (no way to work around this)
*Any other bugs or limitations imposed by the Android system.
Click to expand...
Click to collapse
When it comes to the device wipe within the "shelter" environment I would be inclined to believe a selective wipe would possibly only effect the email client.. If they use a full wipe it is possible it may effect only just the work profile. In the end it what kind of wipe you could encounter really depends on what kind of device wipe the IT department has set the policy too.
Though take the words "possible" and "possibly only" to be implied very loosely here, it's not a simple cut and dry answer. This is because the shelter app is not a full sandbox environment so it is not possible to rule out that through some sort of backdoor or other android bug your device might be fully wiped.
Also "take with a grain of salt" and unrelated to the shelter app through personal experiences (and hearing discussions) I have seen (and heard of) devices also encountering a full wipe even with a work profile.
Why does the IT department of your employer have anything to do with this? Let me explain in a bit more detail, though you kinda gave the reason in the quoted text below:
epurehello said:
When I connected to the Exchange server from work, I had to allow Outlook to be "device administrator" and so the remote admin can remotely wipe my phone if he wants.
Click to expand...
Click to collapse
There are two kinds of device wipe policies... First is a selective wipe it would only remove the organizational data from the phone, so it would just effect the email client. Second is a full wipe that would remove all content from the phone.
Since your employers IT department is responsible for configuring and controlling the exchange server they know what the policy settings/effects are. Granted they can't tell exactly what would happen with respect to the shelter app, but they might have someone back there who has looked into it or might know something from experience or research.
So I don't say contact your employer's IT department with your question lightly or without reason, they can tell you exactly what the policy is and what it will do.
Just use exchained. It will stop the profiles from doing anything to your phone, yet allow you to connect to the servers just the same. Been using it for a year or more with no issues at all. It blocks all the silly profile crap they try to enforce. When the demanded a 6 digit password on the phones, that was what sent me over the top. Basicly it will ignore all the profile crap your company demands, but doesn't tell your company that it is ignoring them. Now they can't wipe your phone... since you never really gave them permission when you set up the account, but they will "think" you did....
https://play.google.com/store/apps/details?id=mobi.biko.exchained
Hello there!
I use a Motorola Moto G6 that's running on Android 9 Pie (Build no. PPS29.118-11-1) and I was wondering if there was a way to block certain apps from being installed on my device by their package name. I want to be able to do this for the same reason I use very strict settings on Digital Wellbeing: self control.
I know that you can install and block apps and I know that you can use parental settings on your phone but that simply won't help in this situation. I'm also aware that an app with these capabilities might not be available. My question isn't if it's possible now or with the utilities currently provided through apps developed for my Android OS; I'm trying to figure out if it's possible to block apps by their Package Name in any way and if it's impossible to make (in theory) an app that can do it.
I'm not sure how it can be done. Can it be done by having an app that reads through an app that's attempting to be installed and generates bricked app directories where it should chuck out the app's resources so it can't be installed? Maybe. Can it be done by cancelling the installation request of an app that has a Package Name matching one inputted into a list on the hypothetical app in question? Not sure. If anyone knows the answer to those two proposals or has their own suggestions, please do your best to answer my post and keep in mind, this has to be done without the phone being rooted.
An additional but important factor: this is about self control. I can easily bring myself to not remove or otherwise disable restrictive measures on my phone, but I'd like to know if I can make it so that you cannot remove a Package Name that has been blocked in the phone no matter the method used in the first part (other than uninstalling the blocker app, of course).
Regards,
Yoki Aza
On my new S23U, I noted after doing the smart transfer of all my stuff from my old phone that Android System Intelligence and Google were both given "Allow all the time" location permission. Of course, I removed it immediately.
The only thing I'm uncertain of is whether this was the case before I did the smart transfer - does it really require allow all the time location permission for Android System Intelligence?
Anyone able to confirm what the setting is out of the box?