Related
Most of the app now require acces to the phone calls..even a news app requires it, sms app such as go sms also requires it. So I want to know after knowing that an app will be able to acces your phone call you still download it? And does anyone in what way the developers use such info?
Sent from my E10i using XDA App
Excellent topic, I'm really troubled by this. The business world makes a whole lot of money based on the average persons inertia - their lack of information or willingness when it comes to the products and services they use and the money they use to pay for them. Particular mobile phone network providers come to mind, who are happy to charge the most expensive prices because people don't know or don't care.
This lazy attitude is seeping into the Android app world. It will be a small per centage of us who will realize this threat and do something about it - exactly like cookies and public wifi privacy etc.
For those of us already interested, are there websites or apps which can guide us on this?
I had thought about it before but it seemed to be all apps out there at least need to access your internet, calls, phonebook and etc.. Not sure really if some of these nasty apps has the evil purpose to steal our vital informations in the phone... say if we're checking our bank account or something similar..
What I practice:
1) Installed AVG pro and do scan regularly, and set to scan every newly installed apps.
2) Use both cache cleaner and history eraser to clean up all traces once a day.
3) Hope they don't see me as a target.
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Deehee3 said:
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Click to expand...
Click to collapse
What about data? When you install an app in most cases you allow data access to it.
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Deehee3 said:
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Click to expand...
Click to collapse
What if not? What if app you´ve installed is spying on you and sending info to hackers. How would you know?
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
On other systems, apps usually have an user/administrator scheme, where the 'user' has access to some things and 'administrator' has access to everything.
There is no such thing on Android (except if you have a rooted phone and some app asks for superuser access, but you get a requester asking for permissions as well).
Each app has to specifically ask for permissions or the system will deny it. A spyware has to ask for those permissions or it won't work.
Some permission requests to look out for:
- "Call phone"
can be used by the application to silently dial some "premium" numbers
- "Send SMS"
can be used to send SMS to special "premium" numbers
- "Record phone calls"
can be harmful if associated with "internet access" permission
- "Access fine location"/"access coarse location" and "internet access"
can be used for tracking purposes
Many apps ask for:
- "Phone identity" / "internet access"
they use it for "statistics purposes" (flurry.com mostly) but it is bad. The developer should always inform the user about those.
BTW, that an app is open source makes no difference. Someone can always (willingly or not) tamper with the final build. And not everyone reviews open source apps.
zapek666 said:
A spyware has to ask for those permissions or it won't work.
Click to expand...
Click to collapse
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
ppirate said:
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
Click to expand...
Click to collapse
Don´t tell me that you evaluate the source code of each application you load from the market. And even so, how would you know the difference between what is shown to you and the final build, available on the market?
vlissine said:
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
Click to expand...
Click to collapse
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Android apps are all sandboxed into their own homes.
A good example of a suspicious application is HTML5 Reference.
"This HTML5 reference lists all tags supported in the HTML5 specification.", fine. Let's look at the permissions:
Network communication: full Internet access
Phone calls: read phone state and identity
While the first 2 could be produced as a side effect of the developer implementing some "statistics library" (flurry.com or so), the next 2:
Your location: fine (GPS) location
Your personal information: read sensitive log data
Are a giveaway that this app does a bit more than just listing HTML reference tags
zapek666 said:
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Click to expand...
Click to collapse
Ok, how about a picture viewer, which usually picks pictures from each and every
directory, no matter if you want it (and not only from memory card).
Hey vlissine and zapek666. You both have a point.
One individual cannot review every code he or she uses. And also one does not only uses his or her own builds of the projects. But every now and then, I have to go into a project, mostly to add functionality. During that time, I usually have to go over a lot of code to understand the program. It is no guarantee, but you can imagine that some strange code will stand out.
I'm surely not the only person. So while one individual is not capable of such an endeavor. A lot are.
Your other point is as valid as can be. But here again, builds are comparable.
Surely, one does not have to find himself or herself obliged to use certain kind of projects. But to me, when I have the change, I use and support the open source project. One important reason is because of the concern raised by the original poster!
http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Apparently we were not that paranoid, thinking of spying apps
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
farsight73 said:
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
Click to expand...
Click to collapse
One more option - stop giving stupid advises when you have nothing to say.
maybe apps need to call functions or need it to run?
write them your self if your that bothered?
...
Sent from my E10i using the XDA mobile application powered by Tapatalk
Hi
It seem that users do not use my app so often ,
even lower than 3 percent I have daily active user ? (even I have got good rates on google play ) , I have excepted really higher than this .
why ?
Do Guys see any problem in my app ?
Do I have design problem ?
Do you find this app not useful ?
You can see my app here : https://play.google.com/store/apps/details?id=com.matchseller.proassistant
I am installing your app and will use it...
From User perspective:
Big app size 14 mb. I think its too big for an application.
Sample font is not attractive. Use system or Jelly Bean fonts.
My advice : Stop using Comic Sans MS font.
iAnoop said:
I am installing your app and will use it...
From User perspective:
Big app size 14 mb. I think its too big for a application.
Click to expand...
Click to collapse
It has a video , I wait for more suggestion
Djabolic said:
My advice : Stop using Comic Sans MS font.
Click to expand...
Click to collapse
Really Thanks , I will use Helvetica font in new version , wait for more info of you ...
Another thing I've spotted is; Due to natue of the application it requires lots of permissions. It might be scaring from user perspective.
AtaAlla said:
Really Thanks , I will use Helvetica font in new version , wait for more info of you ...
Click to expand...
Click to collapse
If this is a serious response, there are lots of great fonts for free on the internet. Helvetica is overused and overrated.
Djabolic said:
Another thing I've spotted is; Due to natue of the application it requires lots of permissions. It might be scaring from a users perspective.
Click to expand...
Click to collapse
All of them are needed , Do you think explaining each app prem for users in app good ?
AtaAlla said:
All of them are needed , Do you think explaining each app prem for users in app good ?
Click to expand...
Click to collapse
Yes adding some info about why it requires that many permissions might help.
Djabolic said:
Another thing I've spotted is; Due to natue of the application it requires lots of permissions. It might be scaring from a users perspective.
If this is a serious response, there are lots of great fonts for free on the internet. Helvetica is overused and overrated.
Click to expand...
Click to collapse
Yes , It is serious ! , which font do you think is really best for this app ?
Also Do you think black design is good ?
AtaAlla said:
Yes , It is serious ! , which font do you think is really best for this app ?
Also Do you think black design is good ?
Click to expand...
Click to collapse
Dark colors are better for eye and it significantly reduces the battery use due to it's lightning level.
I can give you some links to find great fonts;
http://dizorb.com/2010/07/06/30-fresh-freefonts-for-designers/
http://bluefaqs.com/2010/07/20-free-fonts-ideal-for-logos-and-headings/
http://dizorb.com/2010/07/06/30-fresh-freefonts-for-designers/
http://www.hongkiat.com/blog/40-free-high-quality-hand-drawn-fonts/
Ok, I'll bite.
Just from a first glance, there are several issues:
a) Grammar/language issues throughout the app description
b) Multiple security permissions are needed, giving the app access to all data on the phone
c) The app description states that it "checks for updates everyday", which really sounds like it is sending data at regular intervals as updates should be managed through the Play Store rather than the app itself
d) The developer website listed does not load
e) Many features are duplicative of built in phone functionality
All in all, it really sounds like a huge security risk, and does not appear to add much value. This app basically has every possible issue that people are told to be skeptical of when referring to malware apps.
Assuming you are a legitimate developer, and truly want to make a good app, you should retool it to have more focus on functions that are a value add, rewrite the description to use proper grammar, separate the functions that require high level access to the permissions into separate apps that do not need to access the internet to get rid of the security concerns.
It really looks like a malware app, and there's no way I would even consider installing it, and the 100-ish downloads you have don't really give any sense of security.
Sent from my Galaxy Nexus
Djabolic said:
Dark colors are better for eye and it significantly reduces the battery use due to it's lightning level.
I can give you some links to find great fonts;
http://dizorb.com/2010/07/06/30-fresh-freefonts-for-designers/
http://bluefaqs.com/2010/07/20-free-fonts-ideal-for-logos-and-headings/
http://dizorb.com/2010/07/06/30-fresh-freefonts-for-designers/
http://www.hongkiat.com/blog/40-free-high-quality-hand-drawn-fonts/
Click to expand...
Click to collapse
Special thanks for these links
I hope see more good suggestion of you ...
Fumetsu said:
Ok, I'll bite.
Just from a first glance, there are several issues:
a) Grammar/language issues throughout the app description
b) Multiple security permissions are needed, giving the app access to all data on the phone
c) The app description states that it "checks for updates everyday", which really sounds like it is sending data at regular intervals as updates should be managed through the Play Store rather than the app itself
d) The developer website listed does not load
e) Many features are duplicative of built in phone functionality
All in all, it really sounds like a huge security risk, and does not appear to add much value. This app basically has every possible issue that people are told to be skeptical of when referring to malware apps.
Assuming you are a legitimate developer, and truly want to make a good app, you should retool it to have more focus on functions that are a value add, rewrite the description to use proper grammar, separate the functions that require high level access to the permissions into separate apps that do not need to access the internet to get rid of the security concerns.
It really looks like a malware app, and there's no way I would even consider installing it, and the 100-ish downloads you have don't really give any sense of security.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Great Reply , I will keep all of them in mind , Also do you think explaining every prem request is usefull for people ?
Also I want your opinion about these :
Design
Performance
Video Added
App Translate (if I include)
Also , I have added some useful features in new version , please see attached image :
New verision has App Lock with Message Blocker with Battery Usage info with Cache cleaner .
Do you think they are useful ?
video added .
I think there are way too many concerns with permissions for me to consider even installing the app. The most popular SMS and Call Log backup and restore apps are from a trusted, well known developer, with a website and contact info, and the network permissions are only for displaying AdMob ads, and limited permissions for the all to perform its function.
In contrast, your website does not load and is registered in Iran, and your app has access to just about every possible permission involving my data that it can possibly have, in addition to having full network access. I'm not trying to offend, but I have no sense of security about allowing your app to have unrestricted access to all of my data. There are way too many red flags about what your app can do that I would not install it in its given state, especially with the numerous free alternatives from established developers that are available.
You really should consider splitting these into separate apps. If you want to build a Music Player, build a stand alone music player. Build a separate global search app. Build a separate Call Blocker, etc. I think you should narrow the focus of what you are trying to have your app do, and eliminate the network access permission so that a user can use your app without being concerned about where their data may be going. From a design standpoint, switching to the Holo design guidelines for Android 4.0 would be a good start. This may have been adequate on Froyo or Gingerbread, but from a design standpoint it appears very outdated.
Sent from my Galaxy Nexus
File size is very large. Most of the budget phones comes with the low internal memory.
It is too large.
Sent from my GT-S5830 using Tapatalk 2
Fumetsu said:
I think there are way too many concerns with permissions for me to consider even installing the app. The most popular SMS and Call Log backup and restore apps are from a trusted, well known developer, with a website and contact info, and the network permissions are only for displaying AdMob ads, and limited permissions for the all to perform its function.
In contrast, your website does not load and is registered in Iran, and your app has access to just about every possible permission involving my data that it can possibly have, in addition to having full network access. I'm not trying to offend, but I have no sense of security about allowing your app to have unrestricted access to all of my data. There are way too many red flags about what your app can do that I would not install it in its given state, especially with the numerous free alternatives from established developers that are available.
You really should consider splitting these into separate apps. If you want to build a Music Player, build a stand alone music player. Build a separate global search app. Build a separate Call Blocker, etc. I think you should narrow the focus of what you are trying to have your app do, and eliminate the network access permission so that a user can use your app without being concerned about where their data may be going. From a design standpoint, switching to the Holo design guidelines for Android 4.0 would be a good start. This may have been adequate on Froyo or Gingerbread, but from a design standpoint it appears very outdated.
Sent from my Galaxy Nexus
Click to expand...
Click to collapse
Yes , your information is really useful , and two thinks that should be in mind :
This app designed for users to help them find things very fast , aslo have most needs tools for user and allow them use less memory load on phone .
but what is your opinion about removing internet premession completely . ( But I will lose app ads, update checker, lyrics load, load statics , bug reports , ....)
Also Do not see normal users like yourself, most of them are not as like as you ...
ktsamy said:
File size is very large. Most of the budget phones comes with the low internal memory.
It is too large.
Sent from my GT-S5830 using Tapatalk 2
Click to expand...
Click to collapse
Do you see any other problem ?
AtaAlla said:
Do you see any other problem ?
Click to expand...
Click to collapse
I am sorry but that is a very important issue. If an application is over 10mb, I very rarely install it. I like to keep my phone free from as much bloat as I can - even though it has 8GB of internal storage and 4GB of SD storage - the issue still stands. If you have to have a video, encode it to make it a much lower size before including it into the application.
I also think the name is too generic. If you could choose a catchier name or something more descriptive, you might get more people to notice it.
Sent from my GT-I9300 using Tapatalk 2
Hi everyone!!
I am freshmen android - thats is just converted from iOS to android to see what the hubbub was all about with my new samsung galaxy s4 - anyway there are a few things that abit concerning to me - I have the australia version of this phone and sadly the "Dock apps" at the bottom are locked and cannot be changed nor rearranged and so to remedy this I have decided to download a launcher (apex launcher) and one thing I noticed before i clicked install wass it requested access to pretty much everything on my phone including my personal details which leads me to my question:
- Does the launcher have access to ALL my personal details? If I install my banking app on this and start doing online banking, will they have access to this information such as my account numbers and everything? Same with facebook - will they have access to that information i.e my username and pw and so on?
Thankyou in advance everyone!
Probably not,
Theoretically yes,
Stick to the market and do not download apps from untrusted sources,
Same goes for any system,
Ever have a program ask for admin privledges to make changes to this computer on Windows? Same thing, except on Android that data the apps get access to is divided so that apps don't gein universal privlages to just access everything, they have to specify exactly what info they need.
Edit:
Android is very paranoid, which is why I hate it. I can't even hack my own phone let alone someone elses. It would take some serious social engineering and redirection of web traffic to get them to download a malicious app. Alot of work unless you put them up like all those free apks that u usually have to pay for are probably some form of malware in em.
Hello,
First of all I would like to say that I'm completely new to android (except for the occasional dabblin on a friends phone) so please go easy on me. I am tech savy, but just never had anything to do with this platform, due to my not so nice opinion of google...
I am on blackberry passport and am/was a loyal bb customer with all that follows. But please I do not wish to start android vs bb vs ios etc thread. It is a matter of taste in the end.
So long story short, never had anything to do with IOS or android as I prefered BB for security, productivity and slimeline OS. However due to recent BB swithc to android and priv (which id god awful imho) and apparent abandonment of OS10 i am faced with increasing frustraton over current passport usage as it is more and more laggy problematic every day. So seeming that bb has abandoned os10 I have finnaly decided that perhaps it is a time for a different platform.
I am considering getting the oneplus 3.
So my questions are:
- What kernel and ROM to flash? I explicitly do not want anything to do with google or google services, i do not have gmail and have no intentions to open one. I do not use any service connected to google, no cloud sync, no FB, no instagram etc.... I want my phone google free, bloatware, spyware, ads free, cloud sync free etc. so basically I want as much control over what is installed as possible, with preferably NO personal info shared to any service.
- What is the most open source build? (coming from a viewpoint that google is evil, apple too.. I am putting my trust in the open source community) - replicant project peaked my interest, but the supported phones are too old and too few. I would be extremely pleased tho, if sth like this existed for newer phones.
- Encryption is a must, both of memory and communication (pgp)
- advanced app permission control is a must
- if there exist sth like BB hub or other similar true multitasking option even better
to put it simply, what custom rom and kernel to flash to get the most secure, opensource, google and similar companies free phone with maximum control over os and no to minimum personal info shared.
I would very much appreciate if you could point me in the right direction. As i said no experiance with android, but am quick learner and tech savy. so no need to dumb it down for me.
Thank you !!
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?