Google to crack down on apps that snoop Google has warned Android developers to give users better warnings about their apps' data collection behaviours, or it will flag their failings. Last Friday, the company announced revisions to Safe Browsing rules and "expanded enforcement of Google's Unwanted Software Policy". If developers don't comply within 60 days, Google …
“Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent”...
You could just ban the apps! It would be more effective than hoping users realize! But hey Google run the zoo and take a cut, so that ain't happening!
In relation to GDPR :
I want to know what the devs/companies are doing with the data that they hold and exactly which data they have collected and which third parties also gain access . Only then can you decide if you are prepared to continue or not.
In any event if you don't accept the access the apps often don't work correctly and if they do they they should not be requesting access.
Google should also be far clearer about what they themselves slurp and how they use it and to who they give access...
I thought that newer versions of Android allowed you to choose which permissions to grant to an app when you installed it, no?
Certainly, on iOS, an app doesn’t get any permissions unless you grant them to it.
The snag on both being that if an app has been given network access, then any embedded advertising code can do its stuff, but I suppose that’s the price we pay for “free”.
"I thought that newer versions of Android allowed you to choose which permissions to grant to an app when you installed it, no?"
No, for a while you've had the ability to allow or not allow when an app first tries to use a permission but not on install (e.g. If you are about to share a photo from a camera app then Android will ask you if you give permission for the app to access your contacts). You can turn permissions off for any or all apps at any one time.
Android 6+ changed the permissions model from an all you can eat buffet to an ask on first use. Basically the same as iOS. That is definitely a good start. Could it be improved? Well a guess you could add a preemptive decline feature (seems to be what you're looking for). I can't see why they can't allow mock virtualized data points. App wants location? Why not let me choose an answer from Google maps to tell that app whenever it asks. App wants contacts? Let me pass it a fake address book. App wants access to file system. Let me pass it a virtualized version safe in their sandbox.
Tbh, the biggest failings with android permissions is the fact that so many phones are still sold with Android 5 and will never see an update.
I disagree with mock data points. Some apps actually have a serious use and so have completely unreliable data may make it useless. I know it is possible to subvert the data so you can never guarantee it is 100% accurate but if it is easy to send fake data then it can make it meaningless.
The blocking of access is fine - you don't trust the app you don't allow permission. The app won't run without that permission (and it is an optional permission and not a core component) then don't use the app it can't be trusted.
The more the developer sees it not being used because it requires your exact location, the less chance they will keep that requirement and the less of it will happen in the future.
I have no use case for using what Samsung insists I allow Gallery to use, location and contacts, and it will not work at all unless I give those 2 permission(which is why I now use other apps). As long as I know where I took the photo, and the only person I share with is me...
I also have no idea why google home needs location turned on when all I am trying to do is cast my tablet to the TV , and both devices are on the same WIFI
We possibly have a disagreement about what correct behaviour is. If the app developer of a map application says it wants GPS, that is so the find me function works. If I configure **my** device to return nonsensical data, then I will expect the find me function to do weird things. If I give it real data, it will work as per the app developer's intention. If I reject the permission, it will probably crash. Not necessarily because they believe their application is pointless without it, but because most languages have really clunky handling of monads and it never occurred to the developer to check what happens if an exception is thrown or check the error code that got returned. In other cases, the app developer just can't be arsed to structure their code in a way that would minimise the required permissions. In other cases, the permission model itself is not fine grained enough (particularly around file and media access). The developer may want a very small subset of the permissions mentioned on the token, but you need to grant or reject the lot.
Except for Google. Because that's good snooping which you will want.
But they'll try to stop the bad snooping, unless it makes money then it's good snooping.
Just ask Amber Rudd she'll tell you why you don't need to worry. She can make the electric magic only do nice things that Amber wants. And everything Amber wants is nice.
If you disagree you must be bad and you'll be taken away
One alternative is to use a Xiaomi phone with Gapps.
Now, only Xiaomi and google will collect your information, and that means plenty of battery saved.
Of course, your information is not safe, as these two companies still spy on you, but at least you can prevent the rest from spying quite a bit.
So, how much of this is down to sloppy coding standards and how much to opportunists?
I wanted a spirit level app so had a look at the various offerings and most of them wanted 'Access all Areas' permissions. Now I can understand some developers trying it on but that seemed more like the SDK throws in some basic headers which request full access and you are expected to trim it to what you actually need.
Maybe an app dev can enlighten me here?
... because anyone who cares about privacy is clearly not a good little consumer, ready to whore themselves at the altar of their corporate overlords... right?
The point is, the sheep outNUMBER us AND they outPAY us. Most aren't even interested in privacy given the prevalence of Facebook and so on. It's practically a case of You Can't Fix Stupid, only the stupid are dragging everyone else down with them.
About the only way to fix this would be to require a license to use a computer, meaning a license to use something that's in the privacy of one's home. So it's a dilemma: either Big Brother watches over us or Joe Stupid drags us all down into the handbasket.
Google is the company that has served thousands of malicious apps on their play store, still does, refuses to notify users even when a malicious app has been removed from the store, so that people will still be infected. And they are now threatening some of the malicious apps to play nicerer or what? going to remove them, but won't fucking tell anyone they've been infected.
Google play store is like a Dr Office that is more likely to make you sick than anything else.
This is the crap world we built; demanding "free apps" and apps for everything. Yet the world is not free, nor is it void of people who are void of morals or smarts on both sides of the equation. To the uninformed user, I say sorry that you did not know better. To the informed user that participates and bitches about it, I say tough. To the informed user that participates and hides their head in the sand, I say Hello Brother, and I wish we had enough self control to just walk away.
I'm constantly blocking their shit in my firewall, and also removing privs/events as I see fit.
It's ridiculous. Just yesterday, I *bought* an app, from a well known reputable company, with no adverts, yet it still tried to phone home with my exact location.
A number of apps will even leave a little monitoring program running permanently, whether you use the app or not. How arrogant is that?
I tried in vain for over 8 months to report an "antivirus" app that was tricking users into installing their app through the use of fake virus warnings that were served up through hijacked Facebook links every single day for over 2 years straight and got absolutely NOWHERE!
The app in question is using the Facebook Graph API to access a users Facebook account and the advertising SDK would use the "showSource" command to view a webpages HTML source and inject javascript that made the users phone vibrate with a full screen warning designed to appear as an internal warning from Google that your device was "infected" and linked to the app on the Google play Store.
The relatively unknown app developer only has two apps, an "antivirus" app and a battery saving app yet it's company is now valued at well over $200 Million US.
I took over 200 screenshots of users complaining about the fake virus warnings on the Play store reviews and forwarded them all to multiple Google reps and supervisors and nothing was ever done about it.
I don't think they take action - it's quite a new site. Though, I feel the more people support it, the more important it will get.
I'd like to see them form some kind of action group in the future - in the meantime, I just hope to spread the word. I've got quite a few for them, but I've gathered them into a new category, and just have a bit more sorting out before I submit.. Hopefully they will be accepted!
cheers
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
