Better Mobile App

Is your app spying on you?

Most of the app now require acces to the phone calls..even a news app requires it, sms app such as go sms also requires it. So I want to know after knowing that an app will be able to acces your phone call you still download it? And does anyone in what way the developers use such info?
Sent from my E10i using XDA App

Excellent topic, I'm really troubled by this. The business world makes a whole lot of money based on the average persons inertia - their lack of information or willingness when it comes to the products and services they use and the money they use to pay for them. Particular mobile phone network providers come to mind, who are happy to charge the most expensive prices because people don't know or don't care.
This lazy attitude is seeping into the Android app world. It will be a small per centage of us who will realize this threat and do something about it - exactly like cookies and public wifi privacy etc.
For those of us already interested, are there websites or apps which can guide us on this?

I had thought about it before but it seemed to be all apps out there at least need to access your internet, calls, phonebook and etc.. Not sure really if some of these nasty apps has the evil purpose to steal our vital informations in the phone... say if we're checking our bank account or something similar..
What I practice:
1) Installed AVG pro and do scan regularly, and set to scan every newly installed apps.
2) Use both cache cleaner and history eraser to clean up all traces once a day.
3) Hope they don't see me as a target.

Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!

Deehee3 said:
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Click to expand...
Click to collapse
What about data? When you install an app in most cases you allow data access to it.

Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App

Deehee3 said:
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Click to expand...
Click to collapse
What if not? What if app you´ve installed is spying on you and sending info to hackers. How would you know?

On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...

On other systems, apps usually have an user/administrator scheme, where the 'user' has access to some things and 'administrator' has access to everything.
There is no such thing on Android (except if you have a rooted phone and some app asks for superuser access, but you get a requester asking for permissions as well).
Each app has to specifically ask for permissions or the system will deny it. A spyware has to ask for those permissions or it won't work.
Some permission requests to look out for:
- "Call phone"
can be used by the application to silently dial some "premium" numbers
- "Send SMS"
can be used to send SMS to special "premium" numbers
- "Record phone calls"
can be harmful if associated with "internet access" permission
- "Access fine location"/"access coarse location" and "internet access"
can be used for tracking purposes
Many apps ask for:
- "Phone identity" / "internet access"
they use it for "statistics purposes" (flurry.com mostly) but it is bad. The developer should always inform the user about those.
BTW, that an app is open source makes no difference. Someone can always (willingly or not) tamper with the final build. And not everyone reviews open source apps.

zapek666 said:
A spyware has to ask for those permissions or it won't work.
Click to expand...
Click to collapse
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?

ppirate said:
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
Click to expand...
Click to collapse
Don´t tell me that you evaluate the source code of each application you load from the market. And even so, how would you know the difference between what is shown to you and the final build, available on the market?

vlissine said:
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
Click to expand...
Click to collapse
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Android apps are all sandboxed into their own homes.
A good example of a suspicious application is HTML5 Reference.
"This HTML5 reference lists all tags supported in the HTML5 specification.", fine. Let's look at the permissions:
Network communication: full Internet access
Phone calls: read phone state and identity
While the first 2 could be produced as a side effect of the developer implementing some "statistics library" (flurry.com or so), the next 2:
Your location: fine (GPS) location
Your personal information: read sensitive log data
Are a giveaway that this app does a bit more than just listing HTML reference tags

zapek666 said:
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Click to expand...
Click to collapse
Ok, how about a picture viewer, which usually picks pictures from each and every
directory, no matter if you want it (and not only from memory card).

Hey vlissine and zapek666. You both have a point.
One individual cannot review every code he or she uses. And also one does not only uses his or her own builds of the projects. But every now and then, I have to go into a project, mostly to add functionality. During that time, I usually have to go over a lot of code to understand the program. It is no guarantee, but you can imagine that some strange code will stand out.
I'm surely not the only person. So while one individual is not capable of such an endeavor. A lot are.
Your other point is as valid as can be. But here again, builds are comparable.
Surely, one does not have to find himself or herself obliged to use certain kind of projects. But to me, when I have the change, I use and support the open source project. One important reason is because of the concern raised by the original poster!

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Apparently we were not that paranoid, thinking of spying apps

Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..

farsight73 said:
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
Click to expand...
Click to collapse
One more option - stop giving stupid advises when you have nothing to say.

maybe apps need to call functions or need it to run?
write them your self if your that bothered?
...
Sent from my E10i using the XDA mobile application powered by Tapatalk

[Q] Using Titanium to B/U Apps on my Andro Phone to Install on my Nook Color Tablet

I bought a Nook Color Tablet for my daughter for her birthday. I would have put my Google Account info on it, but I didn't want to allow for even the chance that anyone could pick it up and access my gmail correspondence. This is a bummer. I have all of the family's several IOS devices on a single iTunes account, so any app I buy for one iOS device, I've effectively bought for all (1 iPad, 1 iPhone and 4 iPod Touches in the family). I would have wanted to do the same thing on our Android devices, but I use Google Apps for my law firm's domain, so that means that my gmail contains confidential attorney-client correspondence. Lawyers walk the plank for letting others read atty-client communications, so I couldn't put my regular Google account on the Nook. Instead, I created a new one just for the NT.
Since the NT has a different account than my other Android devices, then I assume that means none of the apps I've already bought for my Android phone (Samsung Droid Charge) and Android tablet (Lenovo Thinkpad Tablet 1838) can be installed on the Nook tablet -- at least not easily.
I've seen some threads here about using Titanium Backup to backup apps from other Android devices and then extract the APK and install on the Nook Color Tablet as an end-around way of installing apps that aren't available (to the Nook) on the Android Market.
Question: can I backup apps that I bought on [email protected], then extract the APK, then install that APK to the NT that is tied to [email protected]?

It is possible to do so but, you won't be able to update the apps on the nook tablet
the problem is that it is technically piracy and therefore illegal

I've never considered to be piracy...nor given it much thought. Probably wouldn't stop me either way. When I was using my rooted NC under the same account as my phone, it had equal access to the apps I've already paid for, and my NT will too once I get around to rooting it. For now, I'm doing exactly what OP is asking about, and it works great...just without the updates. So for now, I figure I'll just make it a point to regularly re-install the apps that I back up, or buy. I don't agree with pirating apps, but I figure if I've paid for it and I have access to them on whatever device has my google account on it then they're free game since there are no restrictions there. I've just get to get my account on my NT.

I'm opposed to piracy too. And maybe what I am trying to do is piracy, but I don't see it that way. If I put my Google account on my Nook Tab, then I could install all my Android apps there without violating the license. But to protect my privacy (and, more importantly, my clients' privacy), I can't put my Google acct on the Nook, because there's no way (no way that I know of, anyway) that I can absolutely positively keep anyone who picks up the Nook from accessing my Gmail and my Google Apps email. I'm aware of some things that could be done (like using Seal or App Protector), but none of them is foolproof. I don't want to give a device to a teenager that's not locked down in terms of privacy. So to solve this, I just put a new account on the Nook. If someone wants to call it piracy under these circumstances, I guess they'd be correct, but it sure seems a use within the spirit of the agreement.
YMMV

I would do it myself in your situation but I was just letting you know what you would be doing

[Q] Never lose my stuff - backing up app data

Hello,
According to the Android Design Principles
Never lose my stuff
Save what people took time to create and let them access it from anywhere. Remember settings, personal touches, and creations across phones, tablets, and computers. It makes upgrading the easiest thing in the world.
Click to expand...
Click to collapse
which I think is great. The app I'm designing involves storing photos and data about them. Is there a good way to back this up? I could sync with a webservice I could write/host, but then I'm opening myself up to potentially large bandwidth/storage charges.
I considered using drop box or something, but that would require my non tech savvy users to sign up. Is there any easy way to integrate the google cloud service (as my users will of course have a google account)? What do people normally do when they want to meet this design principle?
Many thanks

Russ_T said:
Hello,
According to the Android Design Principles
which I think is great. The app I'm designing involves storing photos and data about them. Is there a good way to back this up? I could sync with a webservice I could write/host, but then I'm opening myself up to potentially large bandwidth/storage charges.
I considered using drop box or something, but that would require my non tech savvy users to sign up. Is there any easy way to integrate the google cloud service (as my users will of course have a google account)? What do people normally do when they want to meet this design principle?
Many thanks
Click to expand...
Click to collapse
I believe there is an api for backing up user data to Google drive and since users will have a Google account they automatically have Google drive (Your app will have to request permissions to access users Google account I believe). This would be the easiest way to implement things as the drive api is a native part of Android, and you don't have to worry about bandwidth and hosting storage. In the past people have hosted there own storage for users to used and then usually tie this to an account users have to create. Overall, like I said I'd look into using the Google drive api.
Sent from my SCH-I535 using xda premium

shimp208 said:
I believe there is an api for backing up user data to Google drive and since users will have a Google account they automatically have Google drive (Your app will have to request permissions to access users Google account I believe). This would be the easiest way to implement things as the drive api is a native part of Android, and you don't have to worry about bandwidth and hosting storage. In the past people have hosted there own storage for users to used and then usually tie this to an account users have to create. Overall, like I said I'd look into using the Google drive api.
Sent from my SCH-I535 using xda premium
Click to expand...
Click to collapse
Thanks very much. A bit of an oversight on my part so I'll have a look through the API and see what it offers.
I do intend to charge a subscription for my app/service ultimately, but I think I need to make storage space the users problem to save myself sleepless nights.
I'll investigate and post back here what I find. If anyone can give me a link to an article on this I'd appreciate it.
Thanks

Russ_T said:
Thanks very much. A bit of an oversight on my part so I'll have a look through the API and see what it offers.
I do intend to charge a subscription for my app/service ultimately, but I think I need to make storage space the users problem to save myself sleepless nights.
I'll investigate and post back here what I find. If anyone can give me a link to an article on this I'd appreciate it.
Thanks
Click to expand...
Click to collapse
Here is the official Google documentation on using the Google Drive Api:
https://developers.google.com/drive/
Check out this article on network storage and android:
http://developer.android.com/guide/topics/data/data-storage.html#netw
As well as this article on using the backup api and cloud sync:
http://developer.android.com/training/cloudsync/index.html
Also since you talked about eventually charging a subscription fee here is the official android developer documentation on that as well:
http://developer.android.com/guide/google/play/billing/billing_subscriptions.html

Wonderful, thank you very much indeed! I will give those a good read over when I get chance and let you know how I get on. It seems this could definitely be the answer, saving me money concerns and allowing my app to be multi user and backed up.
What I need to do is get my head around how I will use the cloud storage to allow my app to be multi user. Potentially I can make my database file based, and sync between two devices that way. My only trouble is when both devices are editing the same file / working on the same thing. I want the app to work offline, as I don't want connection issues to affect its usage.
Hmmm, I'll give it some thought.
Thanks again!

[Q] New device, new binary?

Ok, I am looking at an online Android/iPhone app builder. They either offer the option to build one for free with unlimited downloads or you can pay yearly with different tiers for different download limits. The difference being that the free one has ads.
Anyways, when asked about just creating the app with their site, then hosting it on your own server and having everyone download it from there instead of paying the yearly fees, the site owner made this statement.
" my personal opinion in the long run you will pay more in this case because every time when apple releaes new iOS (like 6 now) or android has new phone (like samsung galaxy S 3 now) you will have to purchase new binary code from us that supports the latest updates/fixes."
Is this true? I don't see how each new device that comes out will require an update in your app.
Also, as stated, if you pay the yearly fee for the lowest amount of downloads, I assume they can only track downloads from Google Play or the Apple app store. I don't see any way they can track downloads from my own server hosting the .apk file. Anyone have any insight on this to correct me if I'm wrong?
For the record, I'm just looking to develop an app to play my Shoutcast Streaming audio station. I make no profit on the station, so have no capital to spend over $1K a year to have an Android and iPhone app. I mainly want to give it to my friends, and make it available to anyone who visits my Website. I really like the design that I did with this site, and am willing to pay something for it, just not worth $1K./year....

Anybody?

Have you tried installing the official Android Software Development Kit on your computer, and making the app yourself? You don't need to use an online service, and you choose exactly what gets compiled into the apk (ads, Google analytics, etc.).

post-mortem said:
Have you tried installing the official Android Software Development Kit on your computer, and making the app yourself? You don't need to use an online service, and you choose exactly what gets compiled into the apk (ads, Google analytics, etc.).
Click to expand...
Click to collapse
Thank you for the reply.
I actually do have the SDK installed, and am looking into what it takes to make my own app. But, don't I have to know xml and Java to create apps using the SDK?

You do need to know those two languages.
Sent from my Desire HD using xda premium

The Lepricon said:
But, don't I have to know xml and Java to create apps using the SDK?
Click to expand...
Click to collapse
That online service allows you to write apps without knowing xml or Java?

post-mortem said:
That online service allows you to write apps without knowing xml or Java?
Click to expand...
Click to collapse
Yes, it's kind of like Appinventor, all visual, just assemble the parts and stuff.
It's nice, just kinda pricey. I once posted the job on freelancer.com and got offers for about as much as this company is asking, and with freelancer I would have owned the app afterwards.
But, again, it's kinda hard to foot the bill when it's a non profit app.
Ok, I'm off to learn XML and Java.......

Oh, almost forgot.... the original questions...
" my personal opinion in the long run you will pay more in this case because every time when apple releaes new iOS (like 6 now) or android has new phone (like samsung galaxy S 3 now) you will have to purchase new binary code from us that supports the latest updates/fixes."
Is this true? I don't see how each new device that comes out will require an update in your app.
Also, as stated, if you pay the yearly fee for the lowest amount of downloads, I assume they can only track downloads from Google Play or the Apple app store. I don't see any way they can track downloads from my own server hosting the .apk file. Anyone have any insight on this to correct me if I'm wrong?
any ideas anyone?

I think he means every time Google releases an update to Android (updated OS, not new device). So, for example, you build your app to run on Jelly Bean. But when Key Lime Pie comes out, your app may not work as expected on those devices running KLP. Then, you'd have to pay them to recompile your app with updated binaries, or risk losing market share.
If your app is really simple and would run fine on Android 2.2 and up, then that "purchase new binary" thing is not applicable.
But, hell, if you're willing to learn XML & Java... go for it!

Do you use Licensing in your apps?

Was just wondering what peoples thoughts were on using the Android Licensing copy protection in their apps? Do you use it and do you spend a lot of time on it or have any creative ways to help enforce it?
As we all know any kind of drm will always be cracked but I just wanted to know if people found it worthwhile to have..

I'm using In-app-billing, because I found that even licensed apps can be copied.
And yes, all apps can be cracked eventually, but most of the publishers of cracked apps remove them if you ask to. So that's what I'm gonna do!
Sent from my Nexus 4 running Android 4.2 JB

I don't like license checks that force you to be online, but I do like to have 'something' in place...
Recently I started working with some OEMs in India who wanted to pre-load my apps on their devices. Very exciting obviously, but I didn't know if I could trust them as I'd never heard of them.
So what I did was get the app to load a web page on one of my servers off the screen (9000%x...) so that it couldn't be seen. The page it linked to was empty, but if I wanted to I could modify the code to include a redirect that would send it to another page. Then in my 'onPageOverride' event I just said if URL = 'stopapp.htm' then do whatever it was I wanted to do.
What I actually have it do in that event is to fill the entire screen with that web page. The user then can't interact with the app underneath, but they get a message that I can create at the time saying 'This app has been illegally distributed' or whatever else I want to say. I can even forward them on to the download page if I want this way.
This works well too because if the user isn't online, the page just doesn't load and nothing happens. But if I want to stop offline use as well I can save a file in File.DirInternal and have the app check for that. 'SwitchOff.txt'. They get caught once, then they can't use the app.
Obviously this doesn't work quite like a license check, but what you *could* do with it is to have the app pop up with a message to people using an old version that's not updated. That's probably downloaded off of some file sharing site, so you could then just keep pestering them to 'update' and send them to the Play Store to do so. You can also check how many of the users on that version of your app are legitimate by looking at your Play Developer Console.
One thing to note is that the redirect URLs you use will need to be different in every version of your app that you release.
Hope this helps someone! I wish I'd done it sooner, one of my apps is all over the web grrrr...

pretty much the same as what I'm doing atm except I just ping a server in the background and display a popup if the result meets certain conditions.. I don't disable the app either as I can't be 100% certain it's pirated, instead I display a "scary" popup saying if they're using a pirated copy this is illegal etc.. your average user won't know how the popup was generated so it should be enough to make them think "someone" is onto them and go the proper route.. With the added bonus a genuine user can just press ok and carry on using the app
Sent from my Nexus 4 using Tapatalk 4

Currently, none of my apps use licensing.
For one of my paid apps, about 5% of the downloads are from non-Google Play sources, meaning, I'm not seeing any revenue from those 5%.
There is an Android API, that allows developers to see which platform their app was downloaded from. So, I've been thinking about adding that hidden feature to my apps and maybe do something fun with it. But, haven't got around to it yet. My thinking has been that if somebody downloaded a pirated copy of my app, then they probably weren't going to pay for it in the first place. And, hopefully, they will tell their friends about it and maybe one of them will actually purchase it through Google Play.

I already have all my licensing code in place and commented out. Since my app is pretty new I want to see how it does before adding licensing. Since the app is free and income is from IAP its not too bad. I'd only turn on licensing in the next release if I see a pressing need for it.

Currently, none of my apps use licensing.