Just purchased SGS3 and SGN10.1, havent downloaded any apps as of yet because I am not comfortable with the permissions issue.
I also have not rooted as I am waiting for my sandisk extreme pro sd cards, but i have some clarity i need in moving forward.
How can i best protect my phone and the info in it - mostly for the protection of my clients contact info and just the general fact that nobody needs to know my info without my knowing why.
I have been online for the last 5 days trying to understand what i need to worry about and what i dont.
I have a copy of whispercore 0.5.2 and would like to know if i can use it on my sgs3
Do i need to root my device to give optinal protection PROS/CONS
How is the avast protection
And most importantly - are these protections necessary or have i been sidewiped by chicken little?
How can i determine the best app for me - preferrably with no permissions
I really need a good mail app, document editing app, pdf app, and possibly a CAD app
I have been overwhelmed with info over the last 5 days and need some help with clarification and facts.
Thank you in advance for your help,
Confus-ed:silly:
An app with no permissions has the ability to access nothing so in essence will be of little use. Contacts are synced with Google unless you opt out that decreases security. Personally if your clients details are that sensitive use a dumb phone for work and keep your S3 for less sensitive tasks.
Sent from my GT-I9300 using Tapatalk 2
Are you trolling me?
Just running through the threads trying to increase your reply and post count?
I would appreciate that if you dont have any real information to share, dont waste my time with your non-answer.
confus-ed said:
Are you trolling me?
Just running through the threads trying to increase your reply and post count?
I would appreciate that if you dont have any real information to share, dont waste my time with your non-answer.
Click to expand...
Click to collapse
What?
He answered your question, an app that asks for no permissions can't do much, apps need to have permissions to do various tasks.
If you're that paranoid about safety don't root and just use reputable apps from Google play store.
Edit: in fact the more I read you reply to him the more I see that you have a terrible attitude.
Good luck finding help when you act like that.
Sent from my GT-I9300 using xda premium
No attitude, i thought that i had explained in my original post that i have just spent 5 days scouring the web (which included xda).
I didnt ask about permissions nor did i ask about contacts being synced with google, I understand what the permissions do, but i also have read where you have control over the permissions when you root the phone.
Not paranoid, I just know the data mining that goes on and i am sure that my clients wouldnt want some random solicitation due to an app that has no need to access my contact list. such as a document editior.
My reply may have been a little short but ghost did not address any of my questions or concerns.
confus-ed said:
No attitude, i thought that i had explained in my original post that i have just spent 5 days scouring the web (which included xda).
I didnt ask about permissions nor did i ask about contacts being synced with google, I understand what the permissions do, but i also have read where you have control over the permissions when you root the phone.
Not paranoid, I just know the data mining that goes on and i am sure that my clients wouldnt want some random solicitation due to an app that has no need to access my contact list. such as a document editior.
My reply may have been a little short but ghost did not address any of my questions or concerns.
Click to expand...
Click to collapse
Yes you do have control permission when you root, but rooting is a double edged sword because root apps actually have more "power" when it comes to your system and if there is malicious code in them it will also have superuser permissions if you give the main app superuser permissions.
The safest option is not to root, if you root you are opening your system up to exploitation.
I have rooted every android phone I have ever had and never had any problems but that choice is yours.
Sent from my GT-I9300 using xda premium
nodstuff said:
Yes you do have control permission when you root, but rooting is a double edged sword because root apps actually have more "power" when it comes to your system and if there is malicious code in them it will also have superuser permissions if you give the main app superuser permissions.
The safest option is not to root, if you root you are opening your system up to exploitation.
I have rooted every android phone I have ever had and never had any problems but that choice is yours.
Click to expand...
Click to collapse
From the perspective of data mining, you're basically just as vulnerable with a non-root app, then only difference being that the non-root app will specifically ask for permissions to use your contacts.
At the end of the day, if you want decent integration between your personal data and your apps, you're going to need to accept some risk and allow someone elses code to run through your data. If you have sensitive client data, you'll most likely be safe if you stick to mainstream, popular apps, and keep a close eye on comments to make sure no one else has had issues with security. If you're really paranoid though, I would recommend you don't keep sensitive information on any device with internet access.
I would recommend LBE privacy guard it will prompt when an app is trying to access something and you decide to allow it or not, you can manage wich permissions you allow for each app, even cut it from any Internet access.
The app does require root to work
Sent from my GT-I9300 using xda app-developers app
Thank you
Related
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Here you go:
http://www.appbrain.com/app/droidwall-android-firewall/com.googlecode.droidwall.free
MrGibbage said:
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Click to expand...
Click to collapse
1. There's already a couple adblock apps like Adfree which block a lot of stuff.
2. If you read the permissions for the apps you CHOOSE to download, then you'll know exactly what access to data they'll have. If you don't like that PaperToss wants access to your device ID, then just don't install PaperToss.
And of course, such an app would undoubtedly cause more issues than the perception of "security" it would provide, since you'd probably not be able to use half the apps anymore. Or they'd stop being ad-supported, and would begin to charge instead.
From the article:
Google requires Android apps to notify users, before they download the app, of the data sources the app intends to access. Possible sources include the phone's camera, memory, contact list, and more than 100 others. If users don't like what a particular app wants to access, they can choose not to install the app, Google says.
Click to expand...
Click to collapse
Just read the app permissions. That tells you almost everything you need to know.
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
All free apps will collect some information .... so they know what ads to aim your way ..... so they can make money ... Every one does this .... on your computer its the same as your cookies .... and only the really paranoid will set their browser cookies settings to "ultimate :block all cookies "...
Here's the difference, android openness will allow others to research and publish their findings, un like others that are closed and will not allow research, and if anyway is found to get the research. done the publication will be deleted from the web ......
The openness is why you see soooooo many articles on this issue over n over, none of them mentioning that the paid versions of these apps don't collect any thing .....
How much personal information are you planning on storing in the paper toss game?
Consider this in your answer, android system runs apps in sand box mode meaning, one app cannot access another without YOUR permission, or if an app is infected with malware, that malware will only operate in that app, unlike your windows machine where it would have a free for all .....
ferhanmm said:
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
That's my point. That would be a legitimate need for access to the phone state. However, granting that permission also gives the app permission to make phone phone calls. I still think the apps need to be more specific about the permissions they need.
The bottom line is, these phones are great, they can run all kinds of awesome software, but the people writing the software need to make a living too. If someone really wants to prevent their phone from sending out personal information, then they should not install any software, and maybe shouldn't even be using the phone at all. But I still see a need for a firewall app (possibly DroidWall, as mentioned above) to help us prevent this type of thing from happening.
A permissions firewall would be much more interesting and useful in my opinion.
Being able to block a certain thing like "read contact data" for all apps and only permit access with a white list would be very useful to me.
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?
the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....
Liking lookout
Sent from my GT-I9100 using XDA App
ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )
Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.
Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial
not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback
Moved to proper section
I recently responded to a thread in Themes and Apps about the HBO Go app. I mentioned installing the app and readily accepting the su request, considering the legitimacy of the source. A more knowledgeable person than I am cautioned against allowing access without knowing the reason behind that request. This is very sound advice and something I really should've considered. Since the source was legit, I just accepted the request. My question is: is the user able to determine why a su request is needed and/or what the request will be doing to the phone? I have since blocked the app from su and it's working fine.
A superuser request is basically asking for higher privileges than is normally available to the average user. Apps don't usually specify what they need root for...you'd have to go into their source code to find out. Superuser only logs the requests, not what each app did.
If you have Android Terminal Emulator installed, let's pretend to be an app as an example. Go into terminal emulator, and then type "su". You'll see that the prompt becomes a # to signify superuser access. Now, you can do anything, such as mounting /system to make it writeable and then install files as system files.
I am reminded of one time when I wanted to see if NFC worked in our phones. I downloaded an app from the market with only 13 downloads. It asked for superuser access, and I approved it without thinking about it. If my NFC was working, who knows if it scanned my cards and sent them to the author, etc. I'm not even sure why it needed access if NFC is supposed to be a service that is available on an unrooted phone (eventually).
Your app might be running fine since it has probably already finished doing everything it needed superuser for. We have to be careful with superuser because we then basically give the app control over the system.
If an app asks for su permissions comes from a reputable developer, you should be able to contact that developer and that developer should be willing to give full discloser on everything that app is doing. And that developer should have a good reputation with with other good people.
Second once given su permissions an app could do almost anything and could hide its tracks so well that the majority of us average users could never track down every thing it did - if it was coded well enough by a talented hacker (only other talented people wood be able to work out exactly what is going on).
So be very stingy with su, because every time you give those permissions your giving out the keys to the castle - so to speak.
--- edit below added to post ---
I still don't know why that version of HBO go was asking for su permissions, there has since been an update that is no longer asking for su permissions. This is just a guess but it was probably an an attempt to check for whether or not the phone is rooted because the media type companies fear those of us who root our phones, their afraid we can record their streams and cut down on their ability to make more money off of us.
Sent from my SAMSUNG-SGH-I777 using XDA App
Dayv, thanks for your advice. If a developer wants to check for root access, won't there be some type of traceable commuication between the app and the developer? I did install the updates and no su requests on HBO, MAX, or SHO.
dayv said:
If an app asks for su permissions comes from a reputable developer, you should be able to contact that developer and that developer should be willing to give full discloser on everything that app is doing. And that developer should have a good reputation with with other good people.
Second once given su permissions an app could do almost anything and could hide its tracks so well that the majority of us average users could never track down every thing it did - if it was coded well enough by a talented hacker (only other talented people wood be able to work out exactly what is going on).
So be very stingy with su, because every time you give those permissions your giving out the keys to the castle - so to speak.
--- edit below added to post ---
I still don't know why that version of HBO go was asking for su permissions, there has since been an update that is no longer asking for su permissions. This is just a guess but it was probably an an attempt to check for whether or not the phone is rooted because the media type companies fear those of us who root our phones, their afraid we can record their streams and cut down on their ability to make more money off of us.
Sent from my SAMSUNG-SGH-I777 using XDA App
Click to expand...
Click to collapse
mcann said:
Dayv, thanks for your advice. If a developer wants to check for root access, won't there be some type of traceable commuication between the app and the developer? I did install the updates and no su requests on HBO, MAX, or SHO.
Click to expand...
Click to collapse
Su permission does not necessarily mean the app would send data back to the developer, but if a dev was good enough they could write it into the app to steal data, send it to them, then have the app coded to go back and erase any and all evidence that data was sent, even reset data counters.
making so that you have to catch the app right in the act - which could be very hard cause these things could be done so fast you would not be capable.
then the only way to catch wood require access to logs from some router the information was sent through which you are probably not going to have access to.
A malicious app would do damage until a talented enough white hat with the sophistication (both in intelligence and hardware) capable of catching the bad actor gets ahold of the app.
If you or I get a hold of a bad app and give it su permission days or Weeks before a good white hat analyzes the app we could literally get robbed blind before the news hits as to what the app is up to.
Sent from my SAMSUNG-SGH-I777 using XDA App
I would like to think that a developer working at someplace like HBO isn't writing malicious code into their apps. I would also like to think that they are screened by someone either at the company or Google before being posted in the Market. Either way, I guess the safest way to go would be to know the source and even then deny su access and see if the app runs. If it does, great. If not, then decide if you really want or need that particular app. Obviously apps like TiBu need root access, but HBO? Hmmm...
dayv said:
Su permission does not necessarily mean the app would send data back to the developer, but if a dev was good enough they could write it into the app to steal data, send it to them, then have the app coded to go back and erase any and all evidence that data was sent, even reset data counters.
making so that you have to catch the app right in the act - which could be very hard cause these things could be done so fast you would not be capable.
then the only way to catch wood require access to logs from some router the information was sent through which you are probably not going to have access to.
A malicious app would do damage until a talented enough white hat with the sophistication (both in intelligence and hardware) capable of catching the bad actor gets ahold of the app.
If you or I get a hold of a bad app and give it su permission days or Weeks before a good white hat analyzes the app we could literally get robbed blind before the news hits as to what the app is up to.
Click to expand...
Click to collapse
mcann said:
I would like to think that a developer working at someplace like HBO isn't writing malicious code into their apps. I would also like to think that they are screened by someone either at the company or Google before being posted in the Market. Either way, I guess the safest way to go would be to know the source and even then deny su access and see if the app runs. If it does, great. If not, then decide if you really want or need that particular app. Obviously apps like TiBu need root access, but HBO? Hmmm...
Click to expand...
Click to collapse
What I think HBO may have been doing, and this is just a guess, is trying to see who is rooted and not. Then they could control or cut off what is sent to rooted phones.
I doubt they were trying to steal any other info, but they may have been for controlling advertising you receive.
even though this is not as bad as what someone evil would be up to, it is still bad and they should not have done it with out disclosing their intentions.
I think the fact that they are still refusing to explain what that su request in that version was is quite telling that it was not likely something that would go over as a positive if it gets out.
And they probably will never tell us unless enough people make enough of a complaint about it.
But that won't happen because there were not enough people affected for it to become big news.
Sent from my SAMSUNG-SGH-I777 using XDA App
While we are kind of picking on HBO here, I think the lesson to noobs and olds (is there even a title for those more experienced??) is to be cautious about allowing su access to app requests. I am going to stick with my idea of denying su requests if it doesn't make sense to allow it. I can always allow access, if necessary. But I'll see if it works without it first. Hopefully others will follow this advice. Similar to running Windows 7 as a standard user, never admin.
dayv said:
What I think HBO may have been doing, and this is just a guess, is trying to see who is rooted and not. Then they could control or cut off what is sent to rooted phones.
I think the fact that they are still refusing to explain what that su request in that version was is quite telling that it was not likely something that would go over as a positive if it gets out.
But that won't happen because there were not enough people affected for it to become big news.
Sent from my SAMSUNG-SGH-I777 using XDA App
Click to expand...
Click to collapse
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Some custom after market ROMs allow to drop any permission by user but it may render app useless.
Most of the time apps are not malware, but sometimes they may be. You can contact developer of the app requesting for reasons of these permissions and he may reply better.
you can always use auto start manager app within the rom toolbox to control the permissions of the apps..
Confucious said:
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Click to expand...
Click to collapse
You really have to think about what the app could be using the permission for, for example something like tasker pretty much needs every permission going because it allows you to set anything up as a profile etc.
The rule of thumb is to look at the app reviews, look at the permissions and just think about what the app could be using it for.
Sure a soundboard style app shouldnt need to make phone calls but many apps do need permissions that at first glance you might not think are needed.
And if your really in doubt email the developer and ask them to explain why they need this permission.
Surprise :laugh:
http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/
Hey Guys!
I've been a lurker for a while on this site. The tutorials here helped guide me through rooting my i9505
Now that I've got root access though, I've become increasingly paranoid about what apps I grant root access to. To my understanding, granting root permissions gives the program unrestricted access to do whatever it likes to your device. It will have free rein over the phone and if it was programmed to, could install backdoors or send your contacts/messages to a remote server or other malicious things and I'd be none the wiser.
With that in mind, there is an app that I want to use called apps2sd. The developer is actually a senior member of these forums. While I would like to just blindly trust that the app is clean and won't do anything bad. How does anyone know the app is everything it say's it is? I believe it's closed source, so how can a fellow developer give root to it and know it's not malware?
I don't mean to sound rude or unappreciative of the hard work that went into the app. I'm just wondering if someone out there can share their knowledge of development on this and if my reservations have merit or if other developers have analysed the app to determine that it is safe to use.
Is app checking a thing or are people just relying on safety in numbers?
staticfog said:
Hey Guys!
I've been a lurker for a while on this site. The tutorials here helped guide me through rooting my i9505
Now that I've got root access though, I've become increasingly paranoid about what apps I grant root access to. To my understanding, granting root permissions gives the program unrestricted access to do whatever it likes to your device. It will have free rein over the phone and if it was programmed to, could install backdoors or send your contacts/messages to a remote server or other malicious things and I'd be none the wiser.
With that in mind, there is an app that I want to use called apps2sd. The developer is actually a senior member of these forums. While I would like to just blindly trust that the app is clean and won't do anything bad. How does anyone know the app is everything it say's it is? I believe it's closed source, so how can a fellow developer give root to it and know it's not malware?
I don't mean to sound rude or unappreciative of the hard work that went into the app. I'm just wondering if someone out there can share their knowledge of development on this and if my reservations have merit or if other developers have analysed the app to determine that it is safe to use.
Is app checking a thing or are people just relying on safety in numbers?
Click to expand...
Click to collapse
why the hell u don't use AppOps and deny unwanted/unnecessary permissions?
BatDroid said:
why the hell u don't use AppOps and deny unwanted/unnecessary permissions?
Click to expand...
Click to collapse
Because that brings it's own security issues. Xposed is one of the biggest security holes made. That's why you will not see any rom dev use it.
staticfog said:
Hey Guys!
I've been a lurker for a while on this site. The tutorials here helped guide me through rooting my i9505
Now that I've got root access though, I've become increasingly paranoid about what apps I grant root access to. To my understanding, granting root permissions gives the program unrestricted access to do whatever it likes to your device. It will have free rein over the phone and if it was programmed to, could install backdoors or send your contacts/messages to a remote server or other malicious things and I'd be none the wiser.
With that in mind, there is an app that I want to use called apps2sd. The developer is actually a senior member of these forums. While I would like to just blindly trust that the app is clean and won't do anything bad. How does anyone know the app is everything it say's it is? I believe it's closed source, so how can a fellow developer give root to it and know it's not malware?
I don't mean to sound rude or unappreciative of the hard work that went into the app. I'm just wondering if someone out there can share their knowledge of development on this and if my reservations have merit or if other developers have analysed the app to determine that it is safe to use.
Is app checking a thing or are people just relying on safety in numbers?
Click to expand...
Click to collapse
Hi,
A few rules that I try to respect:
1. Do not install closed source apps especially if you plan to use root features
2. Use FLOSS softwares to protect your privacy and your security (AFWall+, NetGuard, XPrivacy [the bright side of Xposed]....)
3. If you have no other choice than to use closed source apps, give priority to known independant devs and paid services.