Purism (real linux based) phones cannot come soon enough
I am only getting cast off phones now until Purism releases their phone.
Nothing else can be trusted.
https://puri.sm/shop/librem-5/
What is billed as the "first large-scale empirical study of media permissions and leaks from Android apps" has found that an alarming number can help themselves to your screen. Over 89 per cent of apps in the Google Play store make use of an API that requests screen capture or recording – and the user is oblivious as it evades …
What you say is irrelevant. Android is far from Linux especially in terms of end-user freedoms. And it's like that by design. While on any Linux distro I can execute whatever program/command I want, my shiny Android phone does not allow me to disable weather notifications, just because an idiotic developer decided to promote his lousy idea. Every morning I have to look at my phone to be notified that it's sunny with xx degrees Celsius, irrespective of what plans I might have for the day. Like I would care on what is Android based!
The kernel used in Android is irrelevant to whatever data slurping may take place at higher layers thanks to either poor permissions or by Google's design. They could use a bug free perfectly secure kernel but if Google creates an API that lets third parties slurp data, the kernel isn't going to stop them.
A Linux based vaporware phone from some company no one has ever heard of isn't much to hang your hat on, especially if you happen to like using your phone for more than what the vendor installs - a.k.a. apps.
The problem with things like Sailfish is that one has to ask if they have the developer resources to ensure security. APIs needed to run things are so monstrously complicated these days that it must be extremely hard to avoid gotchas.
Part of me wishes BlackBerry had had a lot more success with BB 10. It was coming along nicely till events supervened, and one had some degree of confidence that they understood security. Now, using Android, it's a guessing game as to what they might have missed.
that any phone solution can give you complete privacy and security?
Yes, anodroid and others can include bugs and gotchas either by accident or design.
But the device advertises its presence, location and a bunch of other characteristics just by being switched on.
The collision of convenience against security in this class of device is also likely to lead to direct threats of bad apps, or indirectly by inferring your usage from other apps or device sensors. This seems to be possible regardless of platform. Its both unrealistic to human review all apps for hidden nasty's, if indeed you trusted them not to be paid off to ignore certain violations.
I am fairly sure that if I want security and privacy the only good device is one that is switched off.
"At least iOS tells you when it's recording the screen / using the microphone, etc, etc"
---------------------------
To consider:
1. At one point those whose job it was to remotely hack sub-laptop devices reported 100% success against iOs devices.
2. It sure looks like what iOs is doing and what a third party library, extension, etc is doing may be two very different things.
"I am fairly sure that if I want security and privacy the only good device is one that is switched off."
And in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "Beware of the Leopard". Which if I remember correctly, is how Windows NT got it's high security certificate.
This post has been deleted by its author
Not chocolate factory, I'm an engineer and I work on facts and question anything that avoids that. Even more stinky is when something like deliberately avoids testing this GS that would fail to fail (in this case anything made in the last 4 years)
I guess you are the fake news Facebook numpty that believes everything on the internet and never questions motives...
What is pay-day for these "researchers"? Who is the paymaster?
Yeah!
Where's the 'Name and Shame' section of this finding?
If (for example) Facebook is capturing screenshots of my phone's on-line banking app, then they should be named and shamed, and subjected to the legal hell of class action lawsuits and regulatory punishments. It would certainly make the news, and cost the billions.
Otherwise this report is all just meaningless noise.
If (for example) Facebook is capturing screenshots of my phone's on-line banking app, then they should be named and shamed, and subjected to the legal hell of class action lawsuits and regulatory punishments
=================================================
Have you given a moment's thought about what the term 'third party' may mean?
UPDATE: Thanks to those who helped before. Recap of goal: Take dirt cheap android phone and install Signal-app while stripping the phone of toxic-slurp. Repeat for each family member... Ran with Alcatel U3 as its less than 50 euro and all obvious Google/Facebook slurp can be disabled / uninstalled.
After doing that nothing on the phone works anymore. So browsed substitute open-source apps off Fossdroid (easier to browse F-Droid using desktop browser). Then side-loaded substitutes for everything from Calendar to Photos. Downloaded 'Total Commander' separately as its a staple from HTC XDA days. Sadly, no versions of VLC would run at all. So still looking for a good replacement, but F-Droid offers a good range of starting apps overall.
The key step is installing a Firewall on a non-rooted phone. Netguard / DNS66 / Blokada all use the same trick of installing a VPN to intercept traffic. Going back to the article it would be interesting to know if this is enough defence to stop rogue apps phoning home screenshot / screengrabs? Anyway ran with Netguard for now as the interface is simple / powerful, and you can block system-level apps apparently, which is key here obviously...
In terms of guaranteeing privacy, all of this is a long way short of Rooting the phone or installing LineageOS or other free alternative OS. But that's a lot of trouble for the time available right now. Still interested in trying that sometime though, after switching to Mint on desktop there's really no going back....
Last thing... One phone must run WhatsApp for work. We started to notice a Hidden .facebook_cache folder popping up containing suspected mini-map tracking images. Disabling the built-in Chrome browser seems to have neutered this behavior. For now we're only using Firefox Klar (F-droid).
Did they state what version of Android? Seems since Android 5 the main method of obtaining the screen buffer is blocked unless you are rooted (and screen recording should be the least of your worries). They didn't talk about background recording or foreground recording (big difference). This is little more than mucky clickbait.
Post Android 5 you need to connect to a pc every time and run some PC app that sends some debug ADB commands to get things working. These idiots just lost all credibility....
Cite:
https://stackoverflow.com/questions/25616026/screen-recorder-in-android-programmactically-not-screen-shots/33326957#33326957
https://play.google.com/store/apps/details?id=uk.org.invisibility.recordable
The report does state when and where the apps and APKs are collected/selected, including newest versions of apps on Google Play at April 2017, and newest versions of APKs at January 2017. See section 5.1 of the study PDF. The test devices run Android 6 API level 23 on Nexus 6P/5X devices and a couple of Android 4.4.4 API level 19 on Nexus 5. The test, data collection and analysis methodologies are described in some detail. See section 5.3 and others. They provide some acknowledgements of possible weak areas in their methods.
There might be useful points to raise about what the study does or does not show, but after a demonstrable failure to pick up the basics of what was done in a significant investigation run over several months with formal reporting of data, methods, analysis and conclusions, then it might be worth reading the study itself before someone calls BS on the BS call.
"The test devices run Android 6 API level 23 on Nexus 6P/5X devices and a couple of Android 4.4.4 API level 19 "
So nothing from the last 4 years then.... I wonder why.. (I know why). This doesn't constitute most, even the word some is stretching it.. That's not even the last version of Android for those devices - 5x and 6p are on Android 8.1, even the older Nexus 6 and Nexus 7 (2013) are on Android 7.1.
Android 4.4 is now 5 years old....
Picking hardware and deliberately not updating it and testing 5 year old OS version stinks of bullshit... As mentioned, the credibility of the authors of this must seriously be questioned.
On the upside, this is a great clickbait filter, if you spot any other website posting this same story, you instantly have a great quality filter metric.
Some of us have known about "covert" internal screenshots being taken of our Android phones for a while now.
I noticed that there was a dropbox folder that collects "WTF" error messages as well as actual internal screenshots taken of every single task as it goes to background.
I took a screenshot of one of these internal screenshots that showed my last text message that included the contacts name and phone number and would have contained a picture of the person if I had assigned them one.
I changed ownership of these folders so that they could no longer be written to.
Here are some recent logcat results showing attempts to write to these folders and failing after I changed ownership:
Can't write: system_server_wtf
06-01 20:29:15.373 1185 1229 E DropBoxManagerService: java.io.IOException: Can't list files: /data/system/dropbox
06-01 20:29:21.320 1185 2082 E TaskPersister: saveImage: unable to save /data/system_ce/0/recent_images/248_task_thumbnail.png
The folders in question are in the /data/system/dropbox directory and in /data/system/recent_tasks and /data/system/recent_images on my Android phone.
(Requires root to chown these directories so they cannot be written to)
This post has been deleted by its author
All of those non-boffin words are longer, and some of them are even hard to spell. Boffin is short, easy to spell, and fits into a headline. You yourself used "gonna" instead of "going to", you should appreciate the use of short easy to spell words. Perhaps in the future it'll be "bofin" and "gona", just coz.
If everything is wrapped in an application which is allowed to execute code, you'll always have the problem of rampaging malware, since you need lots of applications and if one of them is malware, you're toast.
The more sensible way is to only exchange data and have a (nearly) fixed set of applications which can work with a multitude of data sources. Kinda like online services used to be before Javascript. You logged in via a modem connection or telnet and had access to a database. You didn't need to have any kind of special software.
Installing new code should be something you only do rarely from sources you personally trust. It shouldn't be something you casually do when a QR-code tells you to do it or something your browser run automatically as a feature.
Now if the web wouldn't have adopted Javascript it would have been a decent alternative. Unfortunately during the browser wars browser vendors were mostly concerned with features for webdesigners, not for web users. Otherwise they'd automatically handle tables including things like hiding columns and sorting.
"Installing new code should be something you only do rarely from sources you personally trust. It shouldn't be something you casually do when a QR-code tells you to do it or something your browser run automatically as a feature."
That problem will ALWAYS be there. Simply because of box thinking, or there's no way to fully encapsulate everything you want something to do in a limited interface. It's the reason for downloads in the first place, going all the way back to the PC (in the broadest sense to include pre-IBM stuff) days. Who cares about security when it comes to "just get the bloody job done"?
The University of Oxford have published an actual large scale study on almost 1,000,000 android applications and their data sharing practices
Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., & Shadbolt, N. (2018, April 14). Third Party Tracking in the Mobile Ecosystem. https://doi.org/10.1145/3201064.3201089
It's worth pointing out that the "screenshot" APIs that this paper talks about only give the app access to its own content. It isn't possible to screenshot another application, or system UI without additional permissions.
So basically this represents a really inefficent way of uploading data that the application already has access to.
Apps may read the "view" that they themselves present. In other words, an app may spy on itself. That's how an application sandbox works folks. How very uninteresting. Carefully wording it to make it sound like an app may generally screen grab is (intentionally?) misleading. But I guess FUD (Fear, Uncertainty and Doubt) drives clicks.
They seem to be worried about apps that include libraries, and those libraries can read the screen that the app itself is presenting.
If I’ve understood this correctly, I think it’s a non-issue. App developers using 3rd-party code in their apps need to trust that code. If they don’t trust it, it could do anything. (In principle you could have another level of sandboxing between libraries and the main app code, but that’s not something that any OS I’ve ever seen does.)
iOS would be vulnerable to essentially the same issues.
Question. Isn't this what the recent apps switcher does?
Even when I press 'quit' in FF with FF set to clear all private data, if I then open 'recent apps' then my previously visited webpage is shown in all it's glory, even when this page isn't available when I reopen FF.
This also happens on iOS which I've noticed shows the content of text messages in the recent apps view.
If the apps are closed using the 'clear all' function of Android, or the laborious 'swipe close' function of iOS, then this data appears to be gone