More Than 25% of Android Apps Know Too Much About You

CowboyRobot writes "A pair of reports by Juniper and Bit9 confirm the suspicion that many apps are spying on users. '26 percent of Android apps in Google Play can access personal data, such as contacts and email, and 42 percent, GPS location data... 31 percent of the apps access phone calls or phone numbers, and 9 percent employ permissions that could cost the user money, such as incurring premium SMS text message charges... nearly 7 percent of free apps can access address books, 2.6 percent, can send text messages without the user knowing, 6.4 percent can make calls, and 5.5 percent have access to the device's camera.' The main issue seems to be with poor development practices. Only in a minority of cases is there malicious intent. The Juniper report and the Bit9 report are both available online."

Privacy apps - LBE

[rvw]

I've installed LBE Privacy control and it blocks unnecessary permissions for many apps. Why does a keyboard need internet access? The only thing I'm concerned about... What does LBE know, and what does it share?

Re:Fine grained options

[Anonymous Coward]

So what you want is an iPhone right?

Re:If only!

[h4rr4r]

Actually a lot of decent apps have a why in the description of the app.

If it does not seem like it should need it and they fail to explain it don't install it.

Still better than on the PC, where any application can read any of your files.

Lets Mention Apple

[tuppe666]

Lets have a little balance

http://www.huffingtonpost.com/2012/02/15/iphone-privacy-app-path-facebook-twitter-apple_n_1279497.html?ref=mostpopular [huffingtonpost.com]

Facebook, Twitter, Foursquare, Instagram all send email addresses and phone numbers to their local servers.

The whole thing blew up and ended up with US congressmen sending letters to Tim Cook. This was feburary this year

"This incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."

Butterfield and Waxman then quote parts of Apple’s iOS developer website which states that Apple provides a comprehensive collection of tools and frameworks for storing, accessing and sharing data. It is then questioned whether Apple requires apps to request user permission before transmitting data about a user."

Re:If only!

[berj]

On iOS I can choose *after* installation to allow or disallow certain activities.

So.. for example.. I can allow an application access to my calendar but not to my contacts or photos.

If a GPS application wants access to my contacts and location I can let it.. but if it asks for access to my photos and bluetooth sharing I can disallow it.

It's quite nice, actually.

Android is a "take it or leave it" system. Which I suppose is great for the app developers.. but not so much for users.

Re:If only!

[h4rr4r]

There are aftermarket ROMs that do that. CM is one.

There are tools that actually do one better, they let you give apps fake data. Let that stupid game have a GPS, one that shows you out in the Atlantic.

DroidWall

[brouiller]

I root all of my Android devices and install the DroidWall app. It allows me to block network access to any app regardless of whether you give them permissions when installing. It's allowed me to download and use many apps that I would otherwise not have used because they wanted network access. It even lets you decide if you want to block the app on WiFi, cell data, or both.

Re:If only!

[berj]

On iOS I can choose *after* installation to allow or disallow certain activities.

So.. for example.. I can allow an application access to my calendar but not to my contacts or photos.

How do you know that, by the time you disable the permission, the app hasn't already uploaded your info to their servers?

because (sensibly) by default apps have no such permission. I get asked if I want to allow the action the very first time.

Android is a "take it or leave it" system. Which I suppose is great for the app developers.. but not so much for users.

Except, with Android, I can root my phone and do whatever the heck I want with it.

And what about those of us that don't want to bother with such things? I don't build my own computers. I don't jailbreak my iDevices.. I don't tinker with my car.. I don't mod my fridge. If I have to immediately start hacking my device in order to get the security I want then it's not really much good to me.

Re:If only!

[Minderbinder106]

CM was one. CM7 had this feature but it was taken out for CM9/CM10. It's too bad, it was a great feature.

Re:If only!

[Voyager529]

LBE Privacy Guard. Still free, and still allows denial of permissions to apps on a rooted phone.