Fifth of Android Apps Expose Private Data

WrongSizeGlass writes "CNET is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mail and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

Exposing private data

[flaming error]

I tend to expose private data after a fifth of scotch.

Re:

[Pojut]

I exposed your mom's private data last night...but it was too corrupted to be worth anything.

Zing!

Re:Exposing private data

[flaming error]

I hope you're joking. She's been dead for 12 years.

Re:Exposing private data

[Pojut]

That simultaneously makes my joke even funnier and makes me an even bigger dickhead.

No offense intended :/

Re:Exposing private data

[flaming error]

No offense taken. You're not a dickhead, just a guy cracking jokes. Like me. (My mom's not dead, and she approved my comeback. She's here in the basement doing laundry now).

Re:

[TheLink]

That's what all those psychos claim- "Mom's doing the laundry in the basement, she's too busy to see you right now, yeah busy with the laundry...".

Ah but those android apps may soon expose your dark basement secrets...

Re:

[AnAdventurer]

My moms a writer, she lives in a little farm house by herself writing poetry on a half broken iMac no one will ever read with a blind dog at her side that barks at the cows in the field across the street. No one visits her.

Operative words

[Pojut]

5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything

Emphasis mine. I'm not saying it's right that this could occur, but I operate under the assumption that anything I do online or with my phone is not private.

I think it's rather foolish to assume otherwise.

Re:

[Mordok-DestroyerOfWo]

How is this any different from what apps on an iPhone can do? Last time I checked many of them had access to address book, text messages, etc. Sounds like FUD to me.

Re:Operative words

[Kristoph]

IPhone apps do not have access to email or text messages or the data in any other app except through a very well defined API that requires user confirmation in virtually all instances of data sharing.

In many cases there is no way to access the content of another app (email for example).

It it also not possible for an app to make a call without user confirmation and it is not possible to send a text message at all.

Now this is, in fact, sort of a pain because I'd really like to build an app that sends or receives text messages but it does make for improved data security.

Re:Operative words

[mweather]

IPhone apps do not have access to email or text messages or the data in any other app except through a very well defined API that requires user confirmation in virtually all instances of data sharing.

As does Android. Th

Re:Operative words

[amRadioHed]

Does it? I've used several apps that have had access to my text messages, and I've never been presented with a confirmation request from them.

Re:Operative words

[Unequivocal]

For the real question is what percent of market apps abuse this capability? It's one thing to have the capability (and the installer is pretty clear about what an app can and can't do when you first install it), but it's another to have a bunch of spyware apps out there abusing users' data. My guess is this story is Apple FUD and that the market is working just fine with lots of well-behaved apps doing useful things with calling data, email and text capabilities.

Re:Operative words

[pegisys]

You have to OK all the things that an app can touch before you install it, if you go installing apps without looking at what it can possibly touch then that is your problem. That is unless there is an exploit that allows developers to access features that it does not specify in the application manifest.

Re:

[Pojut]

So now you're pissed that it doesn't work like Vista-era security by asking if you want allow or not? Make up your mind, people! Sheesh!

Re:Operative words

[tweek]

You were presented with the confirmation when you installed the application. You should always read the requested permissions list before installing an application. If you're downloading a game, why does it need access to activate the phone? Legitimate developers will frequently leave comments and notes in the description about WHY they need additional permissions.

Re:Operative words

[droopycom]

The differences between Android and iPhone are: (AFAIK)

- There are much less of these APIs on the iPhone than Android (eg: I dont think there is any API to access your email from an iPhone App, or make phone call or SMS without user confirmation)

- Android's user confirmation is at install, while iPhone's user confirmation is when the app try to use a particular API for the first time (eg: when it tries to use location) And the app can keep running even if the user denies it the right to use a specific service.

All in all, the iPhone security scheme is much more conservative, with the side effect that you cant do as many things in an iPhone app as you could in an Android App. For example, you could probably write an android app to could automatically navigate phone menus (eg: "For billing press 1" kind of things) while this is probably not possible for iPhone.

Apple is betting that their conservative approach will be more appealing for users if they dont have articles like this one coming out. Google is betting that their open approach will be more appealing to developers, but if more article like this come out, Android will become like windows security wise. It does not matter if it is true, or if it is a matter of user giving permissions, its all a matter of perception.

Re:

[jsnipy]

Android too has a "very well defined API". It just provides more liberty for more innovation without the notion that every user needs to be told what they can and cannot have their phones do.

Re:Operative words

[nilbog]

Security through inoperability.

Re:Operative words

[IamTheRealMike]

IPhone apps do not have access to email or text messages or the data in any other app except through a very well defined API

That's not correct. iPhone apps have access to a far larger amount of data than you might expect. For instance they can all read the "keyboard cache" which records all keystrokes save for passwords. This iPhone Privacy study [seriot.ch] may prove interesting.

Re:

[jsnipy]

You have a clear list of what the app needs access to prior to installing. Rights are not granted with subterfuge.

It allows for more choices rather then just defaults for things like SMS, web browsing, and email i.e. do what you want with your phone.

Re:

[ScienceofSpock]

The difference is that SMobile doesn't appear to have an antivirus/malware app for the iPhone.

Re:Operative words

[Monchanger]

Sounds like FUD to me.

Always a possibility to question these days. I have a silghtly different theory...

Note paragraph 3 of the whitepaper's summary:

SMobile's new behavior-based detection methodology leverages heuristic-style technology to determine if an application could be malicious, then gives the user the ability to use this information to determine if ... application is requesting permission to do things that just doesn't make sense for the application.

Given this it's obvious the whitepaper is an advertisement, not an objective security report.

Where the FUD question comes in is whether their application can actually do a better job at determining whether an application is "non-malicious" than the user could themselves. I believe the claim is exaggerated because trying to make a computer understand what an application does and how that relates to Android's security API is far from a trivial task.

Summary is wrong and trolling

[recoiledsnake]

From the summary:

5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

Err, the mobile user was explicitly informed of this BEFORE the software is install. Don't believe me? Check this screenshot http://www.taosoftware.co.jp/en/android/wakeupcallmaker/img/wakeupcallmaker_install.png [taosoftware.co.jp]

I guess someone has an axe to grind against Android (hint, hint) just because there were stories earlier about the iPhone revealing the exact location of the users to applications and ads.

Nothing against Android...

[msauve]

...in particular. They're just selling anti-malware software for smartphones. [smobilesystems.com] They'll be glad to sell you protection for your RIM, WinMo, or Symbian phone, too. They're also glad to point out the danger you're in with those phones, too - lacking their product.

Re:

[JumpDrive]

I was wondering how many were going to get to this level of information.
Poor Elinor Mills, doesn't have anything to write about, so she takes copy from the marketing department of a company, summarizes it and calls it reporting.
She was just doing us a favor, making sure that we knew about an advertisement.

I am sickened to think that people believe this is reporting or worthwhile blogging.
There is no information until you have verified their claims or can allow somebody to verify the claims. SMobile

Re:

[hey!]

True, but it's hard to judge the impact of a disclosure from the nature of the information. That's a major bug in our conception of privacy, particularly in the US. It's not *what* the information is, but how it is used that matters.

I'm reasonably expert when it comes to information privacy issues, but even I don't feel like I fully understand the consequences of granting each permission. I sometimes contact an app developer when an app requests permissions that don't seem right. Usually it has something

Re:

[Monkeedude1212]

What they are saying is that 2400 apps can make phone calls without the user, and 960 can send out text messages - so its likely a couple in there are malware designed to deprive you of your money.

And then they go on to say "Dozens of apps were found to have the same type of access to sensitive information as known spyware does". My My, DOZENS you say? But not hundreds, to suggest more than 100 of the 48 thousand apps available.

Now, how did they get this information I wonder? Is it because some of the Apps

Re:Operative words

[jeffmeden]

If its open source, is it really a threat?

Have you read the source to all the open source apps you use? If your answer is no, then the answer to your question is yes.

Re:

[element-o.p.]

The beauty of open source is not that you personally can check all of your installed apps to make sure none of them are doing anything evil (although that is a good thing). It's that there are thousands of eyes looking over that source code -- many (most, probably) of them far more skilled than mine. Malware will be outed, even if I'm not the one who finds it.

Re:

[rjstanford]

The beauty of open source is not that you personally can check all of your installed apps to make sure none of them are doing anything evil (although that is a good thing). It's that there are thousands of eyes looking over that source code

Actually, I believe that you'll find that there are thousands of eyes belonging to people who are saying exactly what you are saying... which is why even obvious exploits have lived in massively used packages for months at a time.

After all, if you can't be bothered, why assume that anyone else can?

Re:

[somersault]

It also doesn't say anything about whether the apps it mentions are actually malware rather than apps who's whole purpose revolves around being able to access your phone book and send texts etc.

Well, the summary doesn't at least. You didn't think I was going to RTFA, did you?

Re:

[sarysa]

They got the figures by mining information from each app via the Android Market, or through one of the many aggregator sites like this one. [androlib.com] Permissions are publicly listed, so that's how they came to their figures.

But yeah, it's incredibly misleading. The user is warned on install and at the bottom of the application's description in the Market.

Re:

[DJRumpy]

How specific is the warning? Does it state that the app may be able to dial without the users permission, or send text messages without their permission, or is it a more generic "may access private data" type prompt?

It's amazing to me that Android users are so willing to trust total strangers in defense of their chosen platform. Such information, if published about Microsoft or Apple would have everyone lighting their torches, open source or not. I guarantee you that the vast bulk of app users do not scan e

Re:Operative words

[SighKoPath]

As an example, here is the warning text from the most recent update to the Google Maps application:

This application has access to the following:

• Your personal information: read contact data, write contact data
• Services that cost you money: directly call phone numbers
• Your location: coarse (network-based) location, fine (GPS) location
• Network communication: full Internet access
• Your accounts: Google Maps, manage the accounts list, use the authentication credentials of an account
• Storage: modify/delete SD card contents
• Phone calls: read phone state and identity
• Hardware controls: record audio
• System tools: prevent phone from sleeping, retrieve running applications

These are all displayed to the user in big orange warning text, with an OK/Cancel button below 'em. Every application in the market does this sort of thing, so the user knows exactly what every app is able to do. The article looks like FUD to me.

Re:

[DJRumpy]

Some of these seem alarming to me:

Directly call phone numbers?
Why does the maps app need access to the phone state and identity?
Why would it it need to modify SD Card contents (caching?)
Why would it need to record audio?

If these are typical of prompts seen by an everyday computer user, they wouldn't understand the implications, and they would click 'ok'. We see this every day in computing.

• Services that cost you money: directly call phone numbers
• Storage: modify/delete SD card contents
• Phone calls: read phone

Re:Operative words

[malakai]

The reason is, the Google Map app is NOT http://maps.google.com./ [maps.google.com] It's far more complicated. It's essentially a full car navigation system. It will respond to voice commands, dial numbers for you, keep the phone from sleeping ( so you can keep looking down at it while driving without having to unlock your phone ), cache's a large amount of data especially if sat view is on and traffic is on, and wiki layers, and last search layers...etc...etc.

Look, this is very much a One Button Mouse vs n-Button Mouse debate. On the Apple products, you don't trust the user or developer.... ever (unless the developer is Apple). On the Android platform, each party is liable. While the developer is held in a sandbox based on specific rights, it's not impossible for a seemingly legitimate app to wake-up in the middle of the night and dial 1-900 numbers. This trade-off in security is deemed a worthy risk because of the payoff in productivity and usefulness in increased application integration.

Google maps is a great example of the uber app on the Android. And all the functionality of Google maps could be replaced with by some other application. Anyone can compete with it. In the Apple world, the Google Map App would pretty much need to be part of the base phone operating system, or at least produced by Apple and not run in the sandbox.

In the case that a developer of an app uses it maliciously, it falls back to Google and Google marketplace to police this app.

Re:

[DJRumpy]

Then it might be more useful, and secure, to note in the warning that they cannot initiate a call without user action. I got the gist from the article that the sandboxing isn't that specific, meaning once you grant access, it's all or nothing.

Specifically, once you grant an App the ability to dial a number, can it do so without user intervention? Will it prompt after future updates?

It seems like an important security feature. The same with audio recording, accessing personal information, etc. All it would t

Re:

[Actually, I do RTFA]

And when every app just lists every possible thing they could do (as the Google Maps app seems to), you might as well not have fine grained access control. Welcome to Windows (pre-Vista).

Re:Operative words

[malakai]

Google map app has built in voice search that I don't think is at the OS level. For example, if you click the mic button while in map mode and say "navigate to gas station" it goes into nav mode to the nearest gas station.

Don't think of it like the web based google mas, think of it instead as a hand-free car's navigation system. It will also dial numbers for you, including knowing to dial where your driving to ( "Dial Destination or some such magical phrase).

Re:

[hedwards]

Right, and sometimes the permissions are for things you don't need, but are used by the end user from time to time. Such as the ability to look up a phone number and then call it from the app itself. Having an app do that would likely get it listed as being able to make phone calls.

If any change is needed, it would be nice to either be able to deny just the functionality you don't want to allow or be given a pop up before it does so. I'm not sure that the latter doesn't happen as it hasn't been an issue

Re:

[Pojut]

So it's just like Vista-era security? You know, the same annoying "Allow or Deny" people used to make fun of?

So you're saying your iPhone is like Vista?

Re:Operative words

[MikeBabcock]

This PDF was the most useless crap slashvertisement I've seen in a while. They're trying to sell us their anti-spyware package for Android, by citing stats that are meaningless.

I have Handcent SMS installed. Of course it wants permission to send and receive SMS messages.
I have a remote bricking package installed so I can disable my phone remotely if lost or stolen, so it has those permissions legitimately too.

The key is verifying that the permissions a package requests seem reasonable upon installation.

For example, if your new kids fingerpaint program requires full internet access, contact list access and sms access, you might have spyware on your hands.

Re:Operative words

[Macthorpe]

It asks you before you install the app so it doesn't bug you every five minutes after you install it when it tries to do things you're already aware it's going to do.

Notifications

[TyFoN]

And you are notified when installing in red letters exactly what the application has access to.
News flash: 100% of your pc applications have access to your file system!

Re:

[Itninja]

Indeed. One cannot install the app without seeing that screen. Does the iPhone make the same disclosures?

Re:

[hedwards]

And newer phones with the auto-update support won't auto-update if there's been a change in the permissions that the program is trying to get. Assuming nobody finds a way around that, there's not really a whole lot more that could be done without going through an onerous task of extensively testing every app in the market. And ditching the option to install from elsewhere.

Re:Notifications

[somersault]

100% of your pc applications have access to your file system!

Dozens of apps were found to have the same type of access to sensitive information as known spyware does

Dozens of children were found to have access to the same types of kitchen utensils that murderers use!

Re:Notifications

[Pharmboy]

Not me, I want applications that can't read or write to files, OS API, video subsystem, ports or RAM. Programs that are properly designed to this are always safe. Every program that *doesn't* will always have some risk, no matter how well you code it. ;)

Re:

[jbezorg]

What bugs me the most is that every programmer fails at these basic principals in safe programming. Even more importantly, these basic principals port to every known programming language.

Demonstration below ( enclosed in quotes ):

""

Re:Notifications

[Kufat]

A joke is trying to whoosh over your head.

Cancel or allow?

RE: Fifth of Android Apps Expose Private Data

[D'Sphitz]

My Evo tells me before I install an app what it will be able to do, I assume it works the same for all Android phones. It's hard to get worked up over an app that can access personal data, when you were told in big red letters that this app can access personal data, and you clicked ok anyway.

Re:

[webdog314]

Granted, the average Android user is a step above the average Facebook user, BUT, that's pretty much exactly what Facebook apps do and the majority of users click right on through. While we might wish that the general public understood the most basic tenets of information security, they don't, and the Android marketplace is, after all, for (predominantly) the general public (or at least the business side of it, which is only slightly better when it comes to IS).

Most misleading article ever

[Fnkmaster]

A fifth of applications rely on *permissions* that you, the user, must explicitly grant when you install them, that *allow* them to access private information.

That does not mean they do access that information, or put it to any sort of untoward use. Android practically screams at you when you install applications that need a bunch of permissions. Generally, sure, you ignore that if it just says "Read/write SD card" for example. But if something suspiciously asks for lots and lots of permissions, you might say to yourself "gee, this looks a little funny".

If 10,000 other people have installed it and everybody rates it 5-stars and there are no issues mentioned with it on the web, you can probably guess that it's not doing anything nasty with your information.

But the fact that Android extremely explicitly warns you about these permissions means that the only issue in my mind is there should be a more intense distinction in the UI between permissions like "Read/write to SD card" that lots of apps need, and "Access my contacts" or "Send text messages" which only a smaller number of apps need.

Otherwise, this is basically a hatchet job.

Re:

[DikSeaCup]

If 10,000 other people have installed it and everybody rates it 5-stars and there are no issues mentioned with it on the web, you can probably guess that it's not doing anything nasty with your information.

The way my mind works - when I read this, I couldn't help but think: "What, if any, kind of permissions warning do you get if the app is capable of going on to the market as you and rating itself 5 stars in your name?"

Disclaimer for the humor impaired: Mind you this is more of a joke than a suggestion of something that's at all likely.

Re:

[jeffmeden]

If 10,000 other people have installed it and everybody rates it 5-stars and there are no issues mentioned with it on the web, you can probably guess that it's not doing anything nasty with your information.

The way my mind works - when I read this, I couldn't help but think: "What, if any, kind of permissions warning do you get if the app is capable of going on to the market as you and rating itself 5 stars in your name?"

Disclaimer for the humor impaired: Mind you this is more of a joke than a suggestion of something that's at all likely.

His argument was laughable. You make the exact point that's needed; there is nothing to stop 10,000 genuinely happy, completely ignorant users from "loving" an app that makes fart noises while it secretly gathers contact lists or does other nefarious things completely behind the scenes. The users won't know there's a problem until it's too late; their private data will be in the wild. Then, all the 1-scores or "report app" dings that the app gets won't get their data back.

Assuming that a gaggle of non-ex

Re:

[Dishevel]

Don't start telling people to use their own common sense! You FOOL! You are going to ruin it. Ok people. Listen up. I will run for office and will fight the evil Android Corp and make them lock everything down for you. I will pass laws to force them to protect you from yourselves. I will create a new government bureaucracy to approve every app. It will also create a new OS that can be protected from the user doing things that might be bad for them. I shall staff it with pros from Apple. You will love me for

Re:

[rednip]

Most computer viruses rely on someone to install it, it doesn't mean that they aren't something to worry about. Also, while I'd have more confidence applications which are already popular, wide distribution is no sure indicator of 'clean code' (free from virus and stable).

Re:

[MikeBabcock]

If they wanted to be informative, they would've actually dumped the system logs on the phone and checked what the apps really are doing with the permissions they're given. This isn't at all hidden from the user if they know where to look, unlike say a good worm infecting a Windows PC.

Re:

[Fourier]

I don't agree that this is a hatchet job. I am concerned by the volume of highly-rated applications on the Android Market which require permissions that should be unnecessary. As you point out, the Android platform enumerates the requested permissions in a very visible way, which is great. The problem is cultural: users do not question these permission requests as much as they should.

I would really like to be able to selectively deny certain permissions to applications.

Re:

[Rich0]

Yup - I'd go a step further. What this article is saying is that only 20% of the apps on android really leverage the fact that they're running on android and make use of the resulting convergences.

Lots of apps in the market are contact managers, and shockingly enough they need access to your contacts. Lots of those apps are email programs, and those need access to your email and your contacts! Lots of apps show information relevant to your location, and they need to know your location. News at 11!

Re:

[weicco]

I think both you and TFA are right. But what scares me as a former phone app dev is this (from the fine article)

make calls and send text messages without the mobile user doing anything

Some good amount of Windows malware is explicitly installed by the user. If you make this same mistake in phone and install malware X you might end up with hefty phone bill. The phone OS, no matter if it's Android, Symbian, iOS, Windows or whatever, should at least ask user if it's okay for app X to make the call or send text

I've got your malware right here

[Jeremy Erwin]

Which apps require the BRICK permission, and do any of those conceal their intent from the user?

Re:

[MikeBabcock]

Remote bricking is very useful if you want to disable a phone if its lost or stolen.

You could also have a deadman's switch app that bricks the phone if its not activated with a password every so often (useful if the phone's thief knows enough to shield it from SMS messages).

Re:

[djdanlib]

Good one!

What happens when some not-so-savvy user gets an app, and the developer's info about the app says "Ignore the warning, that's a bug we're fixing in the next version"... hmmmm

Needs to be clarified

[AdmiralXyz]

Whenever you install an application on Android, you're given a list of permissions the application wants to have in order to run, including accessing your data and making phone calls. You have to explicitly agree to this list before the app is installed. Is CNET saying that a fifth of Android apps can get your data, despite those permissions not appearing in the list? Because if they're not, this is a pointless "Well, duh" story: the user was told what the application is doing. If they just breeze through and click "OK" when that's clearly inappropriate (i.e., a tip calculator really shouldn't be requesting access to your call log), that's their damn problem.

Re:

[Rogerborg]

Bear in mind that they're meedja types, so they and all their meedja friends have iPhones, and they've never actually seen an Android handset.

Re:

[ADRA]

This may be a redundant data on tech savy Slashdotters, and I must say that the pre-installation notification on security is pretty good in android, it does make the less technical people reading CNET think twice about installing a 'trojan' app for example (hypothetical) 'cute girls in bikini's 15' which has access to location, phone state, wifi, phone calls, etc..

HAVE THE ABILITY TO EXPOSE!=EXPOSE

[schon]

1. So because something has the ability to do something, that means that it DOES do it?

Logic. Submitter fails it.

2. When installing apps that have the ability to expose private data, the OS explicitly tells you beforehand and asks if you're sure.

While unscientific, everybody I know with an Android phone takes these warnings seriously. Yes, you still have the dancing bunnies problem, but in my experience most people don't expect a phone to work like a desktop, and the security awareness is higher as a resu

Re:

[jeffmeden]

Too much faith in Cnet, he is guilty of.

It was the Cnet article that made the leap from the report, which stated "x number of apps have the ability to access information in a way that could be harmful to keeping it private", all the way to "20 percent of android apps expose your private information". Actually, both of these things are true since they never really said to what the information was exposed to (in this case, it's simply the internals of a third party app).

Seems like you fail at over-reaching.

Look to the source

[TheBogBrushZone]

This report is hardly independent. If you ignore the CNET reporter looking for controversial pulp to post on a blog you'll find that this report comes from smobilesystems, a little-known mobile security company who conveniently have a new piece of Android security software to sell that will stop all these non-existent rogue spyware apps. You can argue all you want that users install these apps with full knowledge and consent. They know that it's BS; they just want to use FUD to convince the unwary and paranoid that their software (which if it actually does anything, probably just checks the installed apps against a package name blacklist) will keep them safe from an imaginary raging torrent of malware on the Android platform.

user granted it

[farble1670]

if the apps have access to sensitive information, it's because the app requested the information and the user granted it. every android app must declare the set of permissions it requires, and that list is presented to the user *before* they install the app.

also, as other posters have pointed out, the fact that an app has access to sensitive data does not mean it exposed the data.

Apple FUD

[mpapet]

The story is a PR plant by one of Apple's minions. They are taking a big negative with the iPhone, (no access to some phone functions) and turning it into a win for Apple.

To be fair, Apple's minion doesn't hire the story out and then attempt to sell it to the media. A few weeks ago Jobs claimed the Droid was a porn magnet or something like that... This is just more of the same ideological offensive.

The way this works is Apple's PR people go around making the case for their product, in those discussions are carefully constructed factoids like "their apps *can* do Bad Things (TM) with your private data!" Then some enterprising writer fills in the rest of the FUD perfectly willing to blow-up the half-truth in exchange for a closer seat in the Jobs Reality Distortion Field.

Re:

[JonJ]

Slashdot needs a -1 Crackpot mod.

I wanted to install an app...

[Rhaban]

I wanted to install an app that managed sms, and it asked for permission to access my messages!

It goes without saying that I immediately canceled the installation.

A misleading slashadvertisement

[Random2]

If you actually RTFAs' source, you'll see that this smobile systems company is using these statistics to try and sell a dependency checker.

Also, I saw no mention that these 'leaks' are derived from sources other than what the user allowed.

In short, Not news.

Sixth major app found to expose data as well

[noidentity]

I was using my Android today, and I discovered that it was exposing a huge amount of private data. Basically, it was transmitting a digital copy of all sounds that it picked up from its microphone, to some remote party. I couldn't believe this. More amazingly, it was triggered very simply: just dial a phone number and hit Talk. Sometimes it even occurred when I hit Talk just after the phone beeped. Nothing more was necessary. I can't believe they let this slip through.

Re:

[jeffmeden]

This would have been funny if not for your epically bad subject line, which suggests that you thought the article was about *five* apps that expose data.

In other news...

[demonbug]

80% of Android apps not working as designed.

FUD

[gedw99]

Fear, Uncertainty & doubt is all this article is doing
http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt [wikipedia.org].

As many people have pointed out the security permissions model in android is very good.

you cant have fantastic apps without allowing them access to other data.
And so thats why the security permission authorization screens are there.

Its so dumb this article, because you cant have your cake and eat it too.

It pisses me off when journalists write a piece like this LL because it gets headlines.
Hey CNet, get a life and stop taking backhanders from Apple or Microsoft. Just a ridiculous article in the first place.

This just in....

[shadowrat]

99.9% of desktop apps can do whatever they want. They can read your emails. They can determine how much seti data you've processed. they can find out everything you type. They can capture video of your desktop and stream it to africa.

People want their phones to be computers. You are taking no more or less risk with a phone than you do with a computer. The app market is ripe for social engineering attacks right now, but i highly doubt there is more risk than on the desktop.

People are complaining that someone has access to contacts and emails, but people are also scrambling to give all that information to google through gmail, voice, and wave.

Very limited risk

[bgspence]

So any app that want's to access sensitive or private information or incur expensive charges must be designed to include features that might require permissions to convince users to OK those security rights. That limits potentially malicious apps to the category of useful apps as opposed to lighter flames or fart apps.

Users look at granting permissions with as much detail a they do clicking through license terms. They just don't bother to download the sources, check each line of each file for potential bugs or maliciousness, and build the apps from the downloaded and vetted source. Most simply assume the permissions granted will be used for the stated or implied feature requirements. Most normal software use is based on trust. The user trusts that the developer uses the powers granted in a trustworthy manner.

Android developers are always trustworthy. Thats why we rarely have malware, viruses or security exploits based on the developer misleading users. Steve Jobs lives in that alternative universe where some software developers might be tempted to misuse the permissions users click through. I live in that somewhat paranoid universe, too. I don't want to grant permissions to big name corporations who limit their ethics to "Don't be Evil." Evil is a line in the sand way beyond "Nasty" or merely "Bad". It probably includes lots of "Illegal" or "Unethical".

Re:well well

[cduffy]

Err --

Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags. What this study (presumably) did is just check which apps have which flags set.

Thing is, when you-the-user install an app, you're told exactly which flags it has set, and given the opportunity to confirm or deny. In short -- if you're installing a lighter-flame gadget which says it's allowed to read your address book and connect to the Internet, and you click "OK", you deserve exactly what you get.

(Also -- misbehaving developers can, and sometimes do, have their signing keys revoked).

sandboxing, not just signing

[yyxx]

Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags.

Older phone operating systems use that technique; it isn't very effective.

Android actually sandboxes the application, ensuring that the permissions it requests are the only permissions it actually gets. Signing on Android is not used for verifying permissions but for "establishing trust relations" between multiple applications--making sure that if you call Jack's Barcode Read

Re:

[Pojut]

So they are trying to patent software.

Yeah. Here's to hoping when the Supreme Court FINALLY releases a decision on Bilski v Kappos, that "pending" status is changed to "no way in hell" status.

Re:

[MikeBabcock]

Most of the apps I have on Android (and I have a LOT installed) have very few or no permissions they don't need.

The one permission that crops up randomly is coarse GPS positioning, for the ability to embed location targeted ads to support their free app.

Re:

[Rich0]

This is why the OS should let us manage these kinds of situations in a more graceful manner.

Instead of having the choice of "allow app location info" or "don't install app" there should be a third choice - "install the app, but feed it bogus location info" - ditto for internet access or accessing contact info/etc.

Ditto for running services - the OS should have an option to tell the app the service is running fine, and not run the service.

Too much of android amounts to telling the user that the app misbehave

Re:

[D'Sphitz]

Wrong.

Re:

[Petron]

It still looks bad.

As stated over and over here, you get warned in *BOLD RED LETTERS* "this app will want access to..." before you install. according to the article's posting, iPhone doesn't warn you.

there has been quite a few apps I declined to install because... why does a little game want access to my call history? [Cancel Install]

Re:

[johnw]

there has been quite a few apps I declined to install because... why does a little game want access to my call history? [Cancel Install]

Browsing the android market I've been struck by the sheer number of free apps which offer nothing but girly pictures. I'm not about to try installing any of them, but I can't help wondering what permissions they would ask for as they install.

If they don't contain malware, then what's the point in them existing? Displaying a set of more or less pornographic images isn't a triumph of the coder's art, and they don't seem to do anything which you can't do anyway with the in-built web browser. You find dozens

Re:

[betterunixthanunix]

"Suddenly the walled garden approach where apps go through an approval process doesn't seem so bad."

Yes, it does seem so bad. If it were just a question of certain apps being "approved," but users still having the option to install whatever they wanted, you might have a point (e.g. the repositories model for Linux distros). What Apple does is to say, "No, you cannot install that program, even if you want to, just because we said so! HAHAHAHA! No political cartoon apps for you!"

Re:

[Skuld-Chan]

The "Android Marketplace" does a couple things automatically that solve this - without a walled garden approach. 1) when you install an app via the marketplace it TELLS YOU what the app has access too 2) User rating will inform users whether the app is worthless and 3) there is a report malware feature in the marketplace to inform Google to investigate the app. In other words - often the market can determine what stays and what doesn't.

This is just more FUD against Android - all platforms have this exact sa

Re:

[Dishevel]

It dose seem bad. You are just too used to having someone else take care of you. Stand up for yourself.Take responsibility and enjoy freedom

Re:First Post!

[Chrisq]

Cock sucking faggots! - Sent from my Android -

It would have been funny if you has said "Sent from your Android"

Re:

[ZenDragon]

While I am not going to spread the FUD and agree with wholly with the statements of vulnerability, I would have to ask why ANY app would need "Full Call Permissions" in the first place? Furthermore, why would android allow that at all? Theres no reason why any of these apps need some of the access that they are requesting. For example; why does Dictionary.com request "Phone Calls" access? Im not one to cry foul without proof, but I do believe there does need to be some oversight in the Android market to pre

Re:

[h4rr4r]

Phone dialer replacement apps sure would need that. How the hell else would it make calls?

Does dictionary.com need phone call ability or just Phone Call: Status? Many apps need the latter so they can end themselves when a call comes in, resume after, stop doing whatever they were doing.

Re:

[WrongSizeGlass]

Dear AC,
I submitted this story because I found it interesting, not because I agreed with its conclusions nor those of the 'threat report'. I also attempted to submit the 'iOS/Safari gives away your location' story yesterday but I had the same source/URL as someone who had already submitted it so it was rejected. Keep in mind I only passed along the link and copy & pasted content from the CNet story. If you think someone is being biased you should point an anonymous finger at CNet or the folks at smobil

Re:20% 100%

[joh]

First of all, 20% have the ability to access private data on Android. Now, 20% is less than 100%, which is what you effectively get on other smartphone platforms. On the iPhone, effectively 100% of apps have access to your private data.

I think you'd surprised to find that to most private data NO apps have ANY access on the iPhone... They're mostly limited to their own data and to the net and there are only very few APIs to access anything else. Android may be cautios and transparent, but iOS is paranoid.

In the long run I very much doubt that the "flagging and informing" of Android helps here. It's good for shifting the responsibility over to the user ("You clicked OK after all, you dumb fuck!"), nothing more. The difference between Google and Apple is that Google thinks this is enough and Apple doesn't. I have not made up my mind yet about who's right. But I know one thing: Half of the population is beyond average intelligence.

"walled garden" is a joke

[yyxx]

As you noted, the google model is nothing more than blame-shifting, just like MS's UAC.

Totally wrong. Google sandboxes applications, meaning it enforces these permissions at the OS level. And the permissions are clear and simple enough that normal people usually understand them. On iPhone, in principle, any application can read almost any data and invoke for-pay services.

When compared to Apple's walled garden from a security perspective there isn't even a question as to which is better.

Apple's "walled ga

Re:

[h4rr4r]

Why because 100% of apps have that access?
The BB security model is a total nightmare, their OS is even worse with all its apps eating ram all the time.