After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Here you go:
http://www.appbrain.com/app/droidwall-android-firewall/com.googlecode.droidwall.free
MrGibbage said:
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Click to expand...
Click to collapse
1. There's already a couple adblock apps like Adfree which block a lot of stuff.
2. If you read the permissions for the apps you CHOOSE to download, then you'll know exactly what access to data they'll have. If you don't like that PaperToss wants access to your device ID, then just don't install PaperToss.
And of course, such an app would undoubtedly cause more issues than the perception of "security" it would provide, since you'd probably not be able to use half the apps anymore. Or they'd stop being ad-supported, and would begin to charge instead.
From the article:
Google requires Android apps to notify users, before they download the app, of the data sources the app intends to access. Possible sources include the phone's camera, memory, contact list, and more than 100 others. If users don't like what a particular app wants to access, they can choose not to install the app, Google says.
Click to expand...
Click to collapse
Just read the app permissions. That tells you almost everything you need to know.
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
All free apps will collect some information .... so they know what ads to aim your way ..... so they can make money ... Every one does this .... on your computer its the same as your cookies .... and only the really paranoid will set their browser cookies settings to "ultimate :block all cookies "...
Here's the difference, android openness will allow others to research and publish their findings, un like others that are closed and will not allow research, and if anyway is found to get the research. done the publication will be deleted from the web ......
The openness is why you see soooooo many articles on this issue over n over, none of them mentioning that the paid versions of these apps don't collect any thing .....
How much personal information are you planning on storing in the paper toss game?
Consider this in your answer, android system runs apps in sand box mode meaning, one app cannot access another without YOUR permission, or if an app is infected with malware, that malware will only operate in that app, unlike your windows machine where it would have a free for all .....
ferhanmm said:
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
That's my point. That would be a legitimate need for access to the phone state. However, granting that permission also gives the app permission to make phone phone calls. I still think the apps need to be more specific about the permissions they need.
The bottom line is, these phones are great, they can run all kinds of awesome software, but the people writing the software need to make a living too. If someone really wants to prevent their phone from sending out personal information, then they should not install any software, and maybe shouldn't even be using the phone at all. But I still see a need for a firewall app (possibly DroidWall, as mentioned above) to help us prevent this type of thing from happening.
A permissions firewall would be much more interesting and useful in my opinion.
Being able to block a certain thing like "read contact data" for all apps and only permit access with a white list would be very useful to me.
Hello,
I have a question not really related to rom development but I hope it is okay if I still ask it here.
My question is: "How deep can I go with an App inside the Android System".
Let me explain. For my thesis in university I need to develop a possibility on how to monitore the behavior of apps. Achieving this by altering the Android System itself is a bunch of work but not very complicated or new. So my Prof asked me if I could do this with just an App - my first thought was NO, but before telling him I thought that I could ask you guys/girls
Topic is on: Monitoring Apps with focus on
- Contacts access (does App xyz actually reads the telephone book and which data is read).
- Calendar (does App xyz reads the calendar)
- Internet Access (does App xyz sends data to a server - to which server - or does this app retrieves information from the internet).
... (... means -> the more ideas the better )
So what I'd like to know is: Does anyone of you has an idea how I could achieve such thing and/or can you tell me how deep I can go into the system with a simple app (doesn't matter if via API or direct IPC or ...)
Thank you very much
Would it matter if the app required root access? I'm sure with root access you could achieve your goal. Not sure if you could without root.
Sent from my ADR6400L using xda premium
Hi a rooted phone is the second possibility - rooting and installing an app is still better then the need to setup with a complete new rom.
Do you have any ideas how I could do this with a rooted phone - i thought about writing some kind of a rootkit but somehow this don't seems to delight my Prof
There seems to be a whole class of software that already does exactly that for not rooted and rooted variations. Check market for any backup software, backup contacts/logs/SMS/apps with data external SD or send to cloud. Pretty much every option seems to be covered under that heading.
Something for you to check out anyway
Sent from my GT-P7300 using Tapatalk
IF you have an idea how you can achieve the above mentioned using a custom rom then you already know which features you will be overridding, in that case create an app that does all that and show's some graphs and features on screen. Just like busybox installer stuff.
just had to say this cause of the threads title...thats what she said!
Sent from my SAMSUNG-SGH-I717 using XDA
Please mind the "with an App" supplement
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Some custom after market ROMs allow to drop any permission by user but it may render app useless.
Most of the time apps are not malware, but sometimes they may be. You can contact developer of the app requesting for reasons of these permissions and he may reply better.
you can always use auto start manager app within the rom toolbox to control the permissions of the apps..
Confucious said:
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Click to expand...
Click to collapse
You really have to think about what the app could be using the permission for, for example something like tasker pretty much needs every permission going because it allows you to set anything up as a profile etc.
The rule of thumb is to look at the app reviews, look at the permissions and just think about what the app could be using it for.
Sure a soundboard style app shouldnt need to make phone calls but many apps do need permissions that at first glance you might not think are needed.
And if your really in doubt email the developer and ask them to explain why they need this permission.
Surprise :laugh:
http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/
Hello there!
I use a Motorola Moto G6 that's running on Android 9 Pie (Build no. PPS29.118-11-1) and I was wondering if there was a way to block certain apps from being installed on my device by their package name. I want to be able to do this for the same reason I use very strict settings on Digital Wellbeing: self control.
I know that you can install and block apps and I know that you can use parental settings on your phone but that simply won't help in this situation. I'm also aware that an app with these capabilities might not be available. My question isn't if it's possible now or with the utilities currently provided through apps developed for my Android OS; I'm trying to figure out if it's possible to block apps by their Package Name in any way and if it's impossible to make (in theory) an app that can do it.
I'm not sure how it can be done. Can it be done by having an app that reads through an app that's attempting to be installed and generates bricked app directories where it should chuck out the app's resources so it can't be installed? Maybe. Can it be done by cancelling the installation request of an app that has a Package Name matching one inputted into a list on the hypothetical app in question? Not sure. If anyone knows the answer to those two proposals or has their own suggestions, please do your best to answer my post and keep in mind, this has to be done without the phone being rooted.
An additional but important factor: this is about self control. I can easily bring myself to not remove or otherwise disable restrictive measures on my phone, but I'd like to know if I can make it so that you cannot remove a Package Name that has been blocked in the phone no matter the method used in the first part (other than uninstalling the blocker app, of course).
Regards,
Yoki Aza
I have a custom CRM. I need to know client name, when he call to android devices. I find for easy way to get synchronization. I can customize server side, but cant build own android app for that. I need ready Android app. I believe that my need is widespread enough for such a program to exist. I look closely for Google Contacts Api. But this is an extreme option that is not flexible enough and involves a lot of programming work. I wanted get caller app with web-hook option, but it is unreal, becouse Internet will be unavailable during a call. It means, The desired contact must be downloaded to the phone before the call. Please, recommmend me Android app fore that. Any way for solving problem?
karpo518 said:
I have a custom CRM. I need to know client name, when he call to android devices. I find for easy way to get synchronization. I can customize server side, but cant build own android app for that. I need ready Android app. I believe that my need is widespread enough for such a program to exist. I look closely for Google Contacts Api. But this is an extreme option that is not flexible enough and involves a lot of programming work. I wanted get caller app with web-hook option, but it is unreal, becouse Internet will be unavailable during a call. It means, The desired contact must be downloaded to the phone before the call. Please, recommmend me Android app fore that. Any way for solving problem?
Click to expand...
Click to collapse
That's interesting stuff
([emoji3590]09-09-18[emoji3590])