Permission-Greedy Apps Delayed Android 6 Upgrade So They Could Harvest More User Data (zdnet.com) 62
Android app developers intentionally delayed updating their applications to work on top of Android 6.0, so they could continue to have access to an older permission-requesting mechanism that granted them easy access to large quantities of user data, research published by the University of Maryland last month has revealed. From a report: The central focus of this research was the release of Android (Marshmallow) 6.0 in October 2015. The main innovation added in Android 6.0 was the ability for users to approve app permissions on a per-permission basis, selecting which permissions they wanted to allow an app to have. [...] In research published in June, two University of Maryland academics say they conducted tests between April 2016 and March 2018 to see how many apps initially coded to work on older Android SDKs were updated to work on the newer Android 6.0 SDK. The research duo says they installed 13,599 of the most popular Android apps on test devices. Each month, the research team would update the apps and scan the apps' code to see if they were updated for the newer Android 6.0 release. "We find that an app's likelihood of delaying upgrade to the latest platform version increases with an increase in the ratio of dangerous permissions sought by the apps, indicating that apps prefer to retain control over access to the users' private information," said Raveesh K. Mayya and Siva Viswanathan, the two academics behind the research.
It is a balancing act. (Score:5, Insightful)
The problem is the Gated Community we are stuck with Tools that Apple says it is OK for us to use. There is often mobile apps I wish I had for iOS, such as emulators, programming languages, and some useful networking tools. Which you just can't because Apple has deemed them too dangerous.
Now Android is a wide open field where you can get whatever you want. However this also includes a lot of Crap, and malware. And Malware coded well enough that you think you have a useful piece of software.
Reading comprehension fails. (Score:2)
There is often mobile apps I wish I had for iOS, such as emulators, programming languages, and some useful networking tools. Which you just can't because Apple has deemed them too dangerous.
90% of the tools and applications are the same on both platforms. Anymore it's the color of the icons.
The problem is this remaining 10%. The poster you're replying to litterally gave a list of what Apple forbids in these 10% , but you still post about the colours differing on the main 90% of chat/photofilter/fart apps that are of no use for the average /. geek.
Re: It is a balancing act. (Score:2)
"Malware coded well enough that you think you have a useful piece of software."
Nearly all Android apps - useful and useless alike - are malware, if one rightly denominates spyware as a form of malware.
Research points otherwise (Score:2)
under the impression Apple isn't doing the same but keep the data to themselves.
Current research tend to point otherwise: smartphone running iOS aren't pinging the motherbase as often as Google.
(Google seems to be monitoring litteraly every step you make. As in being able to sell to marketeers your trajectory among the aisle of a shop).
Of course, if the reference point you're comparing a company's privacy policies is the fucking Google, that's a pretty low bar to beat anyway.
(Me ? I'm running a fullblown GNU/Linux distro on my phone)
As an Android user I feel totally exposed... (Score:4, Interesting)
Sometimes I feel strange when I think about just how many people have access to my location data, messages, phone logs, and probably even screen captures.
That's one thing Apple did really well from the beginning.. they didn't turn your phone into a voyeuristic spying device.
I just wish I could pay for apps with cash instead of data, but many apps, especially games will require tons of permissions to 'play for free' and won't have a version available for purchase which doesn't spy on your most intimate phone conversations.
Too bad... I hardly ever install apps on my phone these days, just form the shear creep factor...
Re: (Score:2)
On Android there are a number of modifications you can make to prevent apps from simply taking permissions. The classic is "Xposed" which lets you control individual app access to individual permissions or would simply "lie" to the app with made up data. With some apps that would be the only way you could keep them working and there is NOTHING ILLEGAL about spoiling the data an app. After all, it is your phone. And Android is a "mostly" Open Source Operating System.
I was always a Linux guy... (Score:1)
I've always been a Linux guy, since before Linux had its current version numbering scheme, back when you had to hexedit the bootstrap block with corrected major/minor device numbers if you wanted to boot from a SCSI drive.
This led me to naturally prefer the more "open" and "free" Android OS over the (to my perception) walled-garden, more "monopoly"-friendly Apple ecosystem. I used Android for years, and kept patiently waiting for some level of decent security to descend upon that product. It never arrived
Re: As an Android user I feel totally exposed... (Score:2)
I feel like the critical missing piece is the ability to filter out ad support and in-app purchases when searching for apps on the Play Store. That would dump developers into buckets of how they monetize.
As it is, it's super difficult for traditional licensed apps to get visibility over the malware.
Re: As an Android user I feel totally exposed... (Score:2)
Oh, and permission searching would be helpful too, but maybe too complicated for the average user.
Comment removed (Score:3)
Re: (Score:3)
From a cursory look at the paper, it reads like a textbook example of confirmation bias. https://weis2019.econinfosec.o... [econinfosec.org]
Re: (Score:2)
Or it could simply be the ad libraries the app uses wasn't updated to Android 6, because the ad companies delayed the update.
Most developers will write code properly. However, the libraries you use often dictate the extra permissions, especially since you want to eat and thus need to add that ad library to help you make some money. But you're beholden to the ad company and their permission set now.
I don't know why it has to be an issue at all. (Score:4, Interesting)
To get around this, Android could offer the fine-grained permissions even to apps on the older API, and simply provide no data, or bad data, to applications that ask for data you have denied them access to.
For example, lots of apps ask for access to contacts, because it's a great way to harvest information. Just provide an option to allow them access to automatically generated, fake contacts. Not only is your privacy preserved, but we get to fill the app developers' data mining with bad data! It's like a double-win.
Re: I don't know why it has to be an issue at all. (Score:2)
What law would this be breaking? The apps are asking you for information; you're providing it, it's just not correct.
Re: (Score:1)
Better yet, have a single setting in the OS that allows the user to deny access to ANY data whatsoever, even to the OS!
Re: I don't know why it has to be an issue at all. (Score:1)
Google Isn't About Protecting Customers (Score:2)
we need a GNU/Linux smartphone (Score:2)
Re: (Score:2)
apple does not sell user information to marketers and the information it keeps for its own purposes is a anonymized and aggregated with other user information. you can opt out of that by turning it off in the privacy settings in the phone.