A few days ago, tired with unsatisfactory battery life, I decided to take a good look at what the phone was doing while "asleep".
One of the things I did was to install Network Log to have a complete picture of networking activity.
What I discovered, with considerable surprise, is that the stock cm torch app was sending and receving packages continuosuly to/from two google ip's.
The amount of traffic isn't what worries me, meaning that from the logs it's not a high activity app, but just the fact that it does have such activity makes me wonder about the purpose.
So i "untrusted" torch and noticed that it has a full set of permissions ranging from call listening to networking aamof.
My question thus is "why does this app require such permissions"?
I blocked networking for torch and it seems to work without any problems so...what's the deal?
Can't give you the answer you want, but Torch is a system app, and system apps usually have crazy permissions. That doesn't mean the torch app is sending or receiving anything you should worry about, but i understand that it's weird. The only things you can do is to either deny its permissions or delete it and download a 3rd party flashlight app from the Play Store (without persmissions).
Thank you for your reply.
I know system apps have crazy permissions, but they usually make sense..this one doesn't really
Removing permissions with lbe didn't work as it is still logging..app ops doesn't show a networking permission..
Maybe blacklisting this particular google ip through iptables?
I know it isn't a major security issue, but unmonitored network activity really bumms me out...
Blacklisting the IP might have some consequences for other system apps? I don't really know. Wouldn't it be easier to just remove it and install a third party flashlight app? Or maybe you could email or send the CM team a PM on Twitter, asking about the permissions and the data traffic?
Sent from my C6833 using Tapatalk
Related
Hi Guys,
I have a question/idea. Maybe its already done and you give me a hint on how to install it.
There are a bunch of apps that I really like but I dont like their security requirements like accessing Contacts, System settings, account data.
I agree that some may need it for their functionality, but some apps abuse it or have unnecessary rights.
I wonder if someone could write an app that intercepts those requests and returns dummy or empty data. For example, the app wants access to my contacts, it gets a dummy contact or an empty list returned but not my real list etc. Making the app think its is getting live data. The new app should allow to choose which app will get real and which get blank data or dummy data for sensitive things like accounts, contacts, system stuff.
That way the app would still work but my data is safe.
I guess it would almost have to work like a Rootkit hooking into system functions and figuring out the calling app.
Does this exist? Would this be something for CM7?
I read a lot of ppls reviews out there saying I am not installing this app until you remove such and such security right. This should be the best solution.
Let me know.
spacev said:
Hi Guys,
I have a question/idea. Maybe its already done and you give me a hint on how to install it.
There are a bunch of apps that I really like but I dont like their security requirements like accessing Contacts, System settings, account data.
I agree that some may need it for their functionality but some apps abuse the it or have unnecessary rights.
I wonder if someone could write an app that intercepts those requests and returns dummy or empty data. For example the app wants access to my contacts, or it gets a dummy contact or am empty list etc. Making the app think its is getting live data. The app should allow to set which app will get real and which get blank data for sensitive thing like accounts, contacts, system stuff.
That way the app would still work but my data is safe.
I guess it would almost have to work like a Rootkit hooking into system functions and figuring out the calling app.
Does this exist? Would this be something for CM7?
I read a lot of ppls reviews out there saying I am not installing this app until you remove such and such security right. This should be the best solution.
Let me know.
Click to expand...
Click to collapse
This should be in Q&A.. And there is an app for this.. LBE or LBE Lite.. Also, yes it is a function of CM7. While I'm answering though, I will say that I block almost all permissions that are unnecessary and I've never had a problem with any of the 125 apps I use.
LBE vs CM7
Well, as outlined above, CM7 and LBE are the two best options. I figured I might as well outline the pros and cons of each.
CM7 Application Permission Removal:
Pros - Built-in, no popups, technically faster.
Cons - Not all-in-one interface per say, more annoying to set a large number of apps permissions.
LBE:
Pros - Available on more phones, popups allow you to decide on a situation by situation basis whether to grant permissions, all in one interface, nice looking UI.
Cons - Not built in, popups CAN be annoying, different color scheme from stock android.
P.S. I'm not sure if this happens for everyone, but it probably does just because of security system conflicts in CM7 and LBE, but LBE doesn't seem to be able to start and run on CM7, so you can't have the best of both worlds
thanks guys for the quick responses!
I am trying LBE and so far like what I am seeing
THANKS!
Alright this has been bugging me for a bit... How do I get apps to ask my permission before accessing my location (like on the iPhone). I have GPS on because I have the lookout security installed. And whenever I check facebook my GPS turns on and facebook tracks my location. Its not just facebook, its any app that supports location service. This will also benifit my battery. Any ideas? I have been searching Google and no luck there.
Sent from my DNA
Weather
I was wondering if there is a way to disable HTC locations and use google as the geocoder for the stock clock/weather widget?
Use an app like LBE privacy guard to handle permissions.
You can delete the HTC Locations app and use GPS or WiFi location for the sense clock widget I believe.
Also you will want to uninstall the HTC Car stuff like automotive traffic and things like street view app. I know in the past I've uninstalled a butt load of the location type apps and still had the clock working but you may have to play around a bit. Use titanium backup and freeze the apps until you find out the combo you have to have, that way if you freeze something you actually need you can defrost it until you find the perfect setup for your usage, then test it and then remove it completely.
Sent from my HTC6435LVW using Xparent Red Tapatalk 2
PhantomsWay said:
Alright this has been bugging me for a bit... How do I get apps to ask my permission before accessing my location (like on the iPhone). I have GPS on because I have the lookout security installed. And whenever I check facebook my GPS turns on and facebook tracks my location. Its not just facebook, its any app that supports location service. This will also benifit my battery. Any ideas? I have been searching Google and no luck there.
Sent from my DNA
Click to expand...
Click to collapse
Dude your thread is called Location Privacy.
There's an app called Location Privacy that does exactly what you're looking for. It's published by PlaceMask and it's available on the Android Market.
The free trial version is good for 15 days. If you're still not sure whether it's worth $2.99 (you cheap bastard) you can re-install it--or you can perform a meta-reset...
Code:
HOME > MENU > Manage Apps > Select Placemask > Clear Data
...which is also a great way to turn off multiple alarms all at once. Use the alarm app's RESTORE function to turn them all back on without having to check a box next to every single one.
Anyway, back to Location Privacy:
Scans applications on your device and reports those using your location
Easy unmasking when you need to use real location (e.g. simply tap the PlaceMask to start and stop)
Remote control through SMS allows remote start and stop (useful with phone finders)
Provides replacement locations for your real location to enhance privacy
There are several apps--many of them free--that perform similar functions:
Location MockUp - Fake & Share
Fake GPS location
CatchMeIfUCan
GPSCheat! - Free
I'm always very careful about what apps I install and their permissions, but I got this doubt for a long time. I already know what some Android permissions do and which of these are potentially dangerous.
Now let's assume an app asks for permissions to read my contacts, access the internet, read the identity of the phone, read the user position, etc.
When I use an app (mostly games) I always turn off wifi, bluetooth, gps and sometimes even the sim via airplane-mode. Now that app can easily collect all the data it wants but would never be able to send them. Am I correct?
My doubt is, when apps can send data? Is it only when the app is effectively running (also in background) or can do the same while, for example, updating the app via Google Play?
If it doesn't, I would probably download most of the apps I discarded because of their stupid permissions...
App permissions are always headache!
apps will always ask for various stupid permissions.even though they not require such permissions.
I think,,
how the apps collect and send data is upto the developer!!
Even though you put ur phone in AirPlane mode.the apps may or may not collect the contacts details frm your phone & may update to their server when data connection is detected..
Some applications will run in background as a seevice, even though they are not opened or running in foreground.
when u install an app you must be aware of the permissions granted.dont install apps that requires suspicious permissions.
if u are rooted there are some apps which can block permissions requisted by apps.
good luck....
motoshan said:
if u are rooted there are some apps which can block permissions requisted by apps.
Click to expand...
Click to collapse
I already heard of such apps but never found one. Could you please tell me some of them?
Thanks for the answer, anyway it really sounds like "I don't know and we'll never know"... it's sad
Is there anybody really sure about what the apps can do and give a nice rest to my neverending question?
Yes.. I already mentioned.
the permission requirements by the app can be explained only by the developer of that particular app.
I had developed an app myself 9 months before.which requires gps location along with hardware control permission etc...
as a developer of this app I can steadly says that my app will update ur device location soon after u switch on ur data conn.
you can find some apps and their reviews here... http://www.howtogeek.com/115888/
Oh, so my hopes are totally crushed.
Looks like they are more problematic than I imagined. I'll keep skipping 90% of the apps on the market.
Thanks a lot for that link!
Edit: I'd add, Jesus Christ, how funny to see that on Android spyware is legalised:
"Angry Birds Space – along with many other apps – has permission to view the device’s serial number and monitor the phone numbers you call."
Hello,
everytime i want to change the ringtone for calls or alarm or view my gallery in the normal gallery, which also appears after taking a picture with the camera app I get a pop up notification telling me:
Internet connection
By using this service, you agree to Xiaomi's Term of Service and Privacy Policy. Some features require an Internet connection to work normally
Exit Ok
I find that pop up extremely annoying and I don't understand why I have to sign a contract or agree to terms and policy that is larger than the Declaration of Independence. I don't want to agree to that. Why do I have to agree just for changing my ringtone? I could do that with my phone 15 years ago without Internet.
Is it possible to uninstall all Xiaomi Services and apps, like the Gallery or the Mi Account app?
Thanks
No idea? Am I the only one who gets that pop up?
You can disable a lot of those apps using, ironically, the included "cleaner" app. That's the one bugging you to clean up RAM, unused files and boost charging every five minutes. But other things like the Xiaomi app store cannot be removed. I just ended up flashing AOSP. Didn't like MIUI very much.
As for the reason why; probably because it's all connected - to each other, to xiaomi and to all that MiStuff. Cloud, sync, backups, apps, u name it, and at the core there is some service requiring you to sign the declaration of independence.
So can I disable or avoid that agreement pop up?
What would happen, if i would remove all xiaomi apps via titanium backup?
Which aosp do you use?
You can disable most of the apps and services, yes. I think I disabled every one I could, but still ended up having to accept one or two agreements. Disabling them seemed to have no negative effects at all.
Right now I'm using the sAOSP ROM. It's pretty good, but there's been some dropped calls, data disconnects and general feeling of instability that forced me to go back to my trusty HTC as my everyday device.
...
Esp_McLee said:
You can disable most of the apps and services, yes. I think I disabled every one I could, but still ended up having to accept one or two agreements. Disabling them seemed to have no negative effects at all.
Right now I'm using the sAOSP ROM. It's pretty good, but there's been some dropped calls, data disconnects and general feeling of instability that forced me to go back to my trusty HTC as my everyday device.
Click to expand...
Click to collapse
So it is possible to disable that message? Is there a way to link another gallery app with the stock camera? I would like to have a different gallery app to appear on the left bottom while i am using the camera. because i would like to be able to watch the taken picture without getting that message that asks me to agree to that agreement...
My phone was serviced "reprogrammed" and when it came back I keep getting ads. I tried resetting the phone but it still keeps getting adware silently installed. Is there any way to fix this?
You are not alone. Bought this phone for my mom since she likes a bigger screen to do social media stuff. The malware popped in after the last ota. The official wirelessupdate app included on the phone silently installs random apks that pushes full screen ads and impersonates clicks even if the the phone is not being used. This is common with generic android phones coming from CHINA
I haven't figured out a way to root the phone as most rooting methods will fail(because of the sucky spreadtrum SOC which makes it difficult to root the phone).SADLY, rooting is the only way to disable/uninstall the wirelessupdate app.
However, here's a workaround I found that works.
1) restrict your network to limit background data usage (Found in settings).
2) **uninstall the malware app: finding the app may be difficult as It normally disguises itself as a system app with names like radio, settings, wifi or some application name that doesn't even make sense. It uses a lot of data and is always active. You'll know its the fake app if it poses as a system app but you have the option to uninstall it(System apps cannot be uninstalled without root/Su access).
Buttt....
The wireless update will probably install another malware app after uninstalling the current one.
3)disable notification of the app so it doesnt send fake notifications to you that opens ad based webpages as it also fakes notification, posing as a fake notif from FB, whatsapp
4) force stop it and stop the services from settings so it doesn't load or push apps while you use your phone
Restarting the phone will make the app run again
5) Remove the app's permission. By default its granted access to location, settings, storage and sometimes camera or mic. The wireless app doesnt detect this and wont turn those permission back on
6) lastly, you can contact firefly support AND PRAY TO THE GOOD LORD they know know what they're doing. Because I did and they were completely clueless on the troubleshooting or on the issue itself and even blamed the problem on the user. Ridiculously stupid.
I haven't really tried ADB yet because i don't have the time and the phone lacks resources online to restore it in case I brick it. Frankly, this phone is not worth investing time fixing especially with the quality of support it has from Firefly and the price it asked for.