[KLanD]

DTNick, on 16 March 2012 - 06:48 PM, said:

BIGELLOWagui, on 16 March 2012 - 06:31 PM, said:

NishantJunankar, on 16 March 2012 - 05:27 PM, said:

"While iOS users can generally depend on Apple's app-curating process to keep their data safe"
This statement is false as there have been major security breaches with iOS apps recently. Android offers concerned users far more information, and Google does scan the Play Store for malware.

Exactly. It's this kind of "burying the head in the sand" that has resulted in tons of iPhone and iPad users to be deeply infected with malware and spyware without ever realizing it.

The same problem has existed on Macs, where users convince themselves that malware isn't possible on a Mac.

I thought I'd quickly address this... We know about apps like Path and others that have been caught with their proverbial hand in the stretched-metaphor personal data cookie jar, but we were speaking in broad terms here. We also touched on the potential for iOS spyware/malware in this story from last summer:

http://www.pcworld.c...lity_check.html

--Nick
resident security guy

Hi Nick,

I have to disagree with you. In broad terms, telling the user that this app will be recording some of your data and giving them the opportunity to decline is much better than just hopping the developers aren't doing anything shady. You touched on iOS malware in another article, yes, but this article paints the impression (yet again) that Apple's system is the best and it's impervious to these kinds of threats.

"While iOS users can generally depend on Apple's app-curating process to keep their data safe, Android users pretty much have to fend for themselves"

The first part of that statement is true, they do depend on Apple, because apps don't give the user any permission info or even the chance to decline, cause Apple's supposed to do that for me. The second half is false, it implies that Google does nothing to prevent malware.

[KLanD]

DTNick, on 16 March 2012 - 07:24 PM, said:

JuanRiossk7s, on 16 March 2012 - 07:15 PM, said:

Stop smoking rubber. This is more of an iOS issue than Android. With Android you have to give permission to the app to this stuff with iOS Apple knows better is the word on the street. If the app maker makes a deal with Apple or if Apple see is a popular app that can make them some money say good bye to your personal data.

There's another issue at play here, too: alert fatigue. When you're inundated with pop-up alerts, those alerts can lose their importance--think the cancel/allow alerts in Windows Vista that drove many users batty. It's a fine line to walk.

So in that case we should just get rid of them and let the app do whatever it wants?

[KLanD]

ArmandoRodriguez, on 16 March 2012 - 07:35 PM, said:

Author of the story here:

This article has nothing to do with iOS. It's about how the permissions system that Android employs has its flaws and probably isn't the best solution. Do I want a locked out environment for Android like there is in iOS? No, because that goes against what Android was built upon.

So let's focus on the issue at hand here: Android permissions need to be done away with and developers need to be more transparent about what data they use.

You seem to be making comparisons right here;

"While iOS users can generally depend on Apple's app-curating process to keep their data safe, Android users pretty much have to fend for themselves, left to rely on a cryptic system that doesn't seem to be working."

Look, the rest of the article is pretty decent with some good info, I just don't understand the need to slip in a flase pro-Apple comment.

[os2baba]

ArmandoRodriguez, on 16 March 2012 - 07:35 PM, said:

Author of the story here:

This article has nothing to do with iOS. It's about how the permissions system that Android employs has its flaws and probably isn't the best solution. Do I want a locked out environment for Android like there is in iOS? No, because that goes against what Android was built upon.

So let's focus on the issue at hand here: Android permissions need to be done away with and developers need to be more transparent about what data they use.

Nonsense. Android permissions should most definitely not be done away with. They are fine. What Google needs to do is have every permission be explained in more detail AND provide a mechanism for a blurb that developers have to fill out regarding why that specific permission is being used. Most apps are perfectly fine, but need the permissions that don't seem necessary to be explained. The malicious apps will lie, but the legitimate ones will help you understand. To fix malicious apps you could use the Apple strategy of curating apps which of course doesn't work and you lose all the positives of an open market. You talk about alert fatigue, but this is nothing like Vista where you were prompted for every action you did. This is done just once when downloading. I have been using Android for 4 years and I have never had a problem.

[MylesCm8zj]

look editors I understand that you are trying to point out the fact that developers should explain what they need each permission for but they way you wrote the article it comes off to a lot of android enthusiast as, "android's permission system sucks and apple's is ood, google should fix that". Now maybe that wasnt your main point but to most people that is how it comes across. any mobile industry enthusiast knows that, permissions in android that tell users before they download the app what it has access to is a good idea and with a little tweaking could be extremely better but your choice of words makes it sound like iOS' closed garden is the better philosophy (which its not because their are snakes in that garden that even big brother apple can't stop before it eats some of the vegetable).

[ArmandoRodriguez]

KLanD, on 17 March 2012 - 05:15 AM, said:

ArmandoRodriguez, on 16 March 2012 - 07:35 PM, said:

Author of the story here:

This article has nothing to do with iOS. It's about how the permissions system that Android employs has its flaws and probably isn't the best solution. Do I want a locked out environment for Android like there is in iOS? No, because that goes against what Android was built upon.

So let's focus on the issue at hand here: Android permissions need to be done away with and developers need to be more transparent about what data they use.

You seem to be making comparisons right here;

"While iOS users can generally depend on Apple's app-curating process to keep their data safe, Android users pretty much have to fend for themselves, left to rely on a cryptic system that doesn't seem to be working."

Look, the rest of the article is pretty decent with some good info, I just don't understand the need to slip in a flase pro-Apple comment.

It was supposed to be a contrasting technique to play up the problem more. iOS is even worse when it comes to user data (the Pandora app used to give away pretty much everything about you back in the day), but alas that is a story for another time. I have just as many issues with iOS as I do with Android, if not more.

[jdrch]

I'm not sure what the hysteria in this article is all about. It's not as if this is the 1st time apps have been able to lift personal data from devices: that's been happening on the desktop for aeons.

Ergo, the same methods that protect against desktop malware work on mobile devices too.

Actually, the fact that Android apps display permissions before installation makes the system far more secure than the desktop paradigm, in which every installed app has (at least read-) access to the entire OS filesystem and at best the OS will warn you of attempted admin-level changes *only*.

Seriously, this article is written as if the author has never used a general computing device before in his life.

[JimJones]

It is a very odd duality we are find ourselves in. It has always been the case that your desktop gave free reign to any app installed. This includes not only your photos and videos but far more relevant things like your local mail store (if you happen to live in the stone age and use outlook). Also, everything has full network access, always.

Mobile security is light years ahead of anything available on the desktop. And yet people complain about things that have trivially done on their desktop forever are even possible on mobile.

[JimJones]

Indeed but you are only asked about permissions when you install not when you run an app. I have actually not installed apps on both chrome and android because I didn't think a weather app should need permissions to my contact list or web history.

[BlueCollarCritic]

Gone are the days of developers being able to say “just because” when asked why their app needs every permission available. Users deserve protection just as much as developers and both should be as forthcoming and accepting of consequence’s as possible. If a user doesn’t want the latest “Hit The Ball” game on their phone to have access to send text messages then the user should be able to deny the permission while installing the app. If rogue developers who would cause havoc knew that there app could still be installed without giving them permissions they ask for then many would give up trying to scam users.

The answer is:

1) Require Developers to list why their app needs a specific permission. If the developer is unable/unwilling to do that than their app doesn't get approved to be in the market.

2) Allow user to install an app while denying any of the permissions the app requires. If some functionality ion the app fails to work because the permission is denied then its on the user to either authorize the permission or uninstall the app.

3) Permission Details – Some permissions should allow for some level of logging or monitoring such as the ability to access the internet. If a “Post it note” like app says it must have internet access then I as a user should at least be able to see (and easily) where on the net the app is going. Same thing with access to the phone. If an app is trying to call a number then I as the user should be able to easily seen when it happens and what the number is.

4) The Ads Exception – There’s no debating that many/most apps need the ability to service ads to cover their costs since most people don’t want to pay for most of the apps they use on their phones. But users also need protection from rogue developers and expecting every user to possess the skills to peruse the apps source code and figure out if the app is safe is just unrealistic. For just the ability to service ads via the internet there should be a unique permission that if enabled will let the developer works with ads but control where those ads come from and what info is sent via the net so that the phone users are also not abused. Thos could be done with Googles help by restricting that permissions internet access to only those web addresses OK’d by Google.

[KLanD]

ArmandoRodriguez, on 17 March 2012 - 10:15 AM, said:

KLanD, on 17 March 2012 - 05:15 AM, said:

ArmandoRodriguez, on 16 March 2012 - 07:35 PM, said:

Author of the story here:

This article has nothing to do with iOS. It's about how the permissions system that Android employs has its flaws and probably isn't the best solution. Do I want a locked out environment for Android like there is in iOS? No, because that goes against what Android was built upon.

So let's focus on the issue at hand here: Android permissions need to be done away with and developers need to be more transparent about what data they use.

You seem to be making comparisons right here;

"While iOS users can generally depend on Apple's app-curating process to keep their data safe, Android users pretty much have to fend for themselves, left to rely on a cryptic system that doesn't seem to be working."

Look, the rest of the article is pretty decent with some good info, I just don't understand the need to slip in a flase pro-Apple comment.

It was supposed to be a contrasting technique to play up the problem more. iOS is even worse when it comes to user data (the Pandora app used to give away pretty much everything about you back in the day), but alas that is a story for another time. I have just as many issues with iOS as I do with Android, if not more.

Then why even make a comment like that?

[AZBorderDude]

Google's latest privacy policy left me worried about anything I post or use Google for. That is the prime reason I have bailed out of everything Google that I was using, eccept the Android phone. I shut down all gmail and removed everything from the contacts and calendar on then all. Stopped the android sync of both and stopped using Google Search.
Remember the Android OS is a Google product and they try to umbilically tie it to their total environmment philosophy. Thus, this "know it all, about everybody and what they're doing" philosophy can very easily bleed over into the Android phones in futute releases and existing system updates.
One clue is that I can't remove the Gmail app from my phone. But, I have cancelled my Gmail account.

That said, I will be parting with this Android as soon as I am eligible for an upgrade.

The requirement to store most apps and all photos on the miniscule built in memory of the phone is most disturbing. The other is the inability of one manufacturer to provide a computer interface program for all the phones it sells. I have one of the most popular OS and I can't interface with my Android phone because there is no program available.
To me that's enough to say one android is too many; bye.

[MrMojo]

The issue I have with the Android apps when it wants to get permission is ... WHY?

If I download a Battery Meter app, WHY the FUDGE does the app Require access to my personal contacts? My telephone number? My location?

Can someone explain WHY the app needs to access that information when all it's going to do is measure the battery life?!

Why aren't people up in arms with the developers who want permission to "access" information that is NOT "truly needed" to run the app?