Better Mobile App

Is your app spying on you?

Most of the app now require acces to the phone calls..even a news app requires it, sms app such as go sms also requires it. So I want to know after knowing that an app will be able to acces your phone call you still download it? And does anyone in what way the developers use such info?
Sent from my E10i using XDA App

Excellent topic, I'm really troubled by this. The business world makes a whole lot of money based on the average persons inertia - their lack of information or willingness when it comes to the products and services they use and the money they use to pay for them. Particular mobile phone network providers come to mind, who are happy to charge the most expensive prices because people don't know or don't care.
This lazy attitude is seeping into the Android app world. It will be a small per centage of us who will realize this threat and do something about it - exactly like cookies and public wifi privacy etc.
For those of us already interested, are there websites or apps which can guide us on this?

I had thought about it before but it seemed to be all apps out there at least need to access your internet, calls, phonebook and etc.. Not sure really if some of these nasty apps has the evil purpose to steal our vital informations in the phone... say if we're checking our bank account or something similar..
What I practice:
1) Installed AVG pro and do scan regularly, and set to scan every newly installed apps.
2) Use both cache cleaner and history eraser to clean up all traces once a day.
3) Hope they don't see me as a target.

Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!

Deehee3 said:
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Click to expand...
Click to collapse
What about data? When you install an app in most cases you allow data access to it.

Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App

Deehee3 said:
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Click to expand...
Click to collapse
What if not? What if app you´ve installed is spying on you and sending info to hackers. How would you know?

On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...

On other systems, apps usually have an user/administrator scheme, where the 'user' has access to some things and 'administrator' has access to everything.
There is no such thing on Android (except if you have a rooted phone and some app asks for superuser access, but you get a requester asking for permissions as well).
Each app has to specifically ask for permissions or the system will deny it. A spyware has to ask for those permissions or it won't work.
Some permission requests to look out for:
- "Call phone"
can be used by the application to silently dial some "premium" numbers
- "Send SMS"
can be used to send SMS to special "premium" numbers
- "Record phone calls"
can be harmful if associated with "internet access" permission
- "Access fine location"/"access coarse location" and "internet access"
can be used for tracking purposes
Many apps ask for:
- "Phone identity" / "internet access"
they use it for "statistics purposes" (flurry.com mostly) but it is bad. The developer should always inform the user about those.
BTW, that an app is open source makes no difference. Someone can always (willingly or not) tamper with the final build. And not everyone reviews open source apps.

zapek666 said:
A spyware has to ask for those permissions or it won't work.
Click to expand...
Click to collapse
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?

ppirate said:
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
Click to expand...
Click to collapse
Don´t tell me that you evaluate the source code of each application you load from the market. And even so, how would you know the difference between what is shown to you and the final build, available on the market?

vlissine said:
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
Click to expand...
Click to collapse
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Android apps are all sandboxed into their own homes.
A good example of a suspicious application is HTML5 Reference.
"This HTML5 reference lists all tags supported in the HTML5 specification.", fine. Let's look at the permissions:
Network communication: full Internet access
Phone calls: read phone state and identity
While the first 2 could be produced as a side effect of the developer implementing some "statistics library" (flurry.com or so), the next 2:
Your location: fine (GPS) location
Your personal information: read sensitive log data
Are a giveaway that this app does a bit more than just listing HTML reference tags

zapek666 said:
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Click to expand...
Click to collapse
Ok, how about a picture viewer, which usually picks pictures from each and every
directory, no matter if you want it (and not only from memory card).

Hey vlissine and zapek666. You both have a point.
One individual cannot review every code he or she uses. And also one does not only uses his or her own builds of the projects. But every now and then, I have to go into a project, mostly to add functionality. During that time, I usually have to go over a lot of code to understand the program. It is no guarantee, but you can imagine that some strange code will stand out.
I'm surely not the only person. So while one individual is not capable of such an endeavor. A lot are.
Your other point is as valid as can be. But here again, builds are comparable.
Surely, one does not have to find himself or herself obliged to use certain kind of projects. But to me, when I have the change, I use and support the open source project. One important reason is because of the concern raised by the original poster!

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Apparently we were not that paranoid, thinking of spying apps

Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..

farsight73 said:
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
Click to expand...
Click to collapse
One more option - stop giving stupid advises when you have nothing to say.

maybe apps need to call functions or need it to run?
write them your self if your that bothered?
...
Sent from my E10i using the XDA mobile application powered by Tapatalk

Researcher Says That 8% of Android Apps Are Leaking Private Information

http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.

Ur a good man
Sent from my PG86100 using XDA Premium App

Get an iPhone then.

Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.

Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.

if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning

This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.

A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol

xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol

Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.

I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.

Oh look iOS does this too.
/troll

DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%

Android Security

I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?

the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App

the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.

I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.

cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..

It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.

hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.

cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?

I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?

Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?

the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.

johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....

Liking lookout
Sent from my GT-I9100 using XDA App

ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )

Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.

Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...

The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy

Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial

not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback

Moved to proper section

do i need to install antivirus? like avast?

I just started using android phones like few days ago...been using iphone and never bother with antivirus. So any long time android user can tell me if really necessary to install antivirus app like avast?

xhuiz said:
I just started using android phones like few days ago...been using iphone and never bother with antivirus. So any long time android user can tell me if really necessary to install antivirus app like avast?
Click to expand...
Click to collapse
Android Anti-Virus apps are generally viewed as being unnecessary and a waste of both battery, system resources, and money. My overall recommendation for security on Android that has been echoed many times it common sense, look carefully at the apps you are downloading, make sure they don't ask for unnecessary permissions for example their is no reason a Tic-Tac-Toe game should need to read your contact list, and that you don't download suspicious files from suspicious sites. With basic common sense you should be just fine .

I think Norton Security antivirus(com.symantec.mobilesecurity).

shimp208 said:
Android Anti-Virus apps are generally viewed as being unnecessary and a waste of both battery, system resources, and money. My overall recommendation for security on Android that has been echoed many times it common sense, look carefully at the apps you are downloading, make sure they don't ask for unnecessary permissions for example their is no reason a Tic-Tac-Toe game should need to read your contact list, and that you don't download suspicious files from suspicious sites. With basic common sense you should be just fine .
Click to expand...
Click to collapse
Yeah. .but the tic.tac.toe will say some excuse like " so that it'll be easy to find your friends and easy to play with them online "
The whole android permission system is just junk. And they want to have it that way, giving great incentives to app developers. Cyanogen had restriction of app permissions on cm7,but not on 9,10 or 10.1...why? Coz if they keep that up, apps will make sure, they are incompatible with Cyanogen Roms .Google wants lots of apps in their market and boost their popularity and so, they are indirectly selling privacy of android users and using it themselves as well. How hard would it be to integrate into android source code to make apps just request each permission(with a allow always button /allow once ), before they gain them after app installation?
Sent from my HTC Explorer A310e using xda app-developers app

[Q] How can I tell which things are running?/How to know if an app is trustworthy?

Hey,
When I turned on my phone the RAM it was taking was 300 MB, after a days use it is now 500MB (even after pressing 'clear RAM' button).
I've entered Settings->apps->running and it shows only two small things (the keyboard and some weather widget) which combined take only 20 MB.
So what is the rest of the memory is beign allocated for?
Thank you.

Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app

Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications

pc103 said:
Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
No, the closest I have is "Task Manager".
lenovoOwner said:
Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications
Click to expand...
Click to collapse
Thank you, indeed I see some more RAM guzzlers, but It seems like they make up most of the addition but not all of it ... plus funny thing, when I try to close everything (in 'running' and 'cache) and I reenter- here it is there again...
1) Can I see all of the elements that take up my ram (the system as well)?
2) Can I close them properly?
Thank you very much.
PS. Is there some comfortable way to jump between apps? Like in the Iphone where by pressing the 'Home' button will show you a bar with a row of icons of the currently active processes....

For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app

pc103 said:
For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
LOL {hit myself on the head}, didn't occur me to try...
pc103 said:
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
Click to expand...
Click to collapse
pc103 said:
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
I was hoping there is a way to avoid using apps...
Ok, I suppose it opens another question which I thought about creating a new thread for, but if the opportunity already arose...
How do you actually know if you can trust an app?
I'm kinda new to android and I'm much more used to the opennes of windows, also I'm pretty paranoid (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...

oy-ster said:
How do you actually know if you can trust an app?. . . (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...
Click to expand...
Click to collapse
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.

pc103 said:
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.
Click to expand...
Click to collapse
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
thx.
PS. my version is 4.1 but I'll see what I can do about Appops.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?

oy-ster said:
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
PS. my version is 4.1 but I'll see what I can do about Appops.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?
Click to expand...
Click to collapse
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.

I forgot to mention. 4.3 I'm running is on the 4.1.2 bootloader, completely avoiding lopsided knox security. I hope I didn't appear to recommend the OTA update. That's a personal choice.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app

pc103 said:
Quote:
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
Click to expand...
Click to collapse
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
pc103 said:
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.
Click to expand...
Click to collapse
Oh. Got it.
Anyway, Thank you!!!

oy-ster said:
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
...Anyway, Thank you!!!
Click to expand...
Click to collapse
You're welcome. To be fair, most times I've seen postings by people who background checked code it was in rom threads, or over root exploits or security apps. In most other cases due diligence is our best defense.