Better Mobile App

Is your app spying on you?

Most of the app now require acces to the phone calls..even a news app requires it, sms app such as go sms also requires it. So I want to know after knowing that an app will be able to acces your phone call you still download it? And does anyone in what way the developers use such info?
Sent from my E10i using XDA App

Excellent topic, I'm really troubled by this. The business world makes a whole lot of money based on the average persons inertia - their lack of information or willingness when it comes to the products and services they use and the money they use to pay for them. Particular mobile phone network providers come to mind, who are happy to charge the most expensive prices because people don't know or don't care.
This lazy attitude is seeping into the Android app world. It will be a small per centage of us who will realize this threat and do something about it - exactly like cookies and public wifi privacy etc.
For those of us already interested, are there websites or apps which can guide us on this?

I had thought about it before but it seemed to be all apps out there at least need to access your internet, calls, phonebook and etc.. Not sure really if some of these nasty apps has the evil purpose to steal our vital informations in the phone... say if we're checking our bank account or something similar..
What I practice:
1) Installed AVG pro and do scan regularly, and set to scan every newly installed apps.
2) Use both cache cleaner and history eraser to clean up all traces once a day.
3) Hope they don't see me as a target.

Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!

Deehee3 said:
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Click to expand...
Click to collapse
What about data? When you install an app in most cases you allow data access to it.

Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App

Deehee3 said:
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Click to expand...
Click to collapse
What if not? What if app you´ve installed is spying on you and sending info to hackers. How would you know?

On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...

On other systems, apps usually have an user/administrator scheme, where the 'user' has access to some things and 'administrator' has access to everything.
There is no such thing on Android (except if you have a rooted phone and some app asks for superuser access, but you get a requester asking for permissions as well).
Each app has to specifically ask for permissions or the system will deny it. A spyware has to ask for those permissions or it won't work.
Some permission requests to look out for:
- "Call phone"
can be used by the application to silently dial some "premium" numbers
- "Send SMS"
can be used to send SMS to special "premium" numbers
- "Record phone calls"
can be harmful if associated with "internet access" permission
- "Access fine location"/"access coarse location" and "internet access"
can be used for tracking purposes
Many apps ask for:
- "Phone identity" / "internet access"
they use it for "statistics purposes" (flurry.com mostly) but it is bad. The developer should always inform the user about those.
BTW, that an app is open source makes no difference. Someone can always (willingly or not) tamper with the final build. And not everyone reviews open source apps.

zapek666 said:
A spyware has to ask for those permissions or it won't work.
Click to expand...
Click to collapse
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?

ppirate said:
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
Click to expand...
Click to collapse
Don´t tell me that you evaluate the source code of each application you load from the market. And even so, how would you know the difference between what is shown to you and the final build, available on the market?

vlissine said:
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
Click to expand...
Click to collapse
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Android apps are all sandboxed into their own homes.
A good example of a suspicious application is HTML5 Reference.
"This HTML5 reference lists all tags supported in the HTML5 specification.", fine. Let's look at the permissions:
Network communication: full Internet access
Phone calls: read phone state and identity
While the first 2 could be produced as a side effect of the developer implementing some "statistics library" (flurry.com or so), the next 2:
Your location: fine (GPS) location
Your personal information: read sensitive log data
Are a giveaway that this app does a bit more than just listing HTML reference tags

zapek666 said:
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Click to expand...
Click to collapse
Ok, how about a picture viewer, which usually picks pictures from each and every
directory, no matter if you want it (and not only from memory card).

Hey vlissine and zapek666. You both have a point.
One individual cannot review every code he or she uses. And also one does not only uses his or her own builds of the projects. But every now and then, I have to go into a project, mostly to add functionality. During that time, I usually have to go over a lot of code to understand the program. It is no guarantee, but you can imagine that some strange code will stand out.
I'm surely not the only person. So while one individual is not capable of such an endeavor. A lot are.
Your other point is as valid as can be. But here again, builds are comparable.
Surely, one does not have to find himself or herself obliged to use certain kind of projects. But to me, when I have the change, I use and support the open source project. One important reason is because of the concern raised by the original poster!

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Apparently we were not that paranoid, thinking of spying apps

Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..

farsight73 said:
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
Click to expand...
Click to collapse
One more option - stop giving stupid advises when you have nothing to say.

maybe apps need to call functions or need it to run?
write them your self if your that bothered?
...
Sent from my E10i using the XDA mobile application powered by Tapatalk

[Q] How can we stop Android from phoning home?

Many of you have probably already read the news:
Apple, Google Receive Phone Users' Locations
I must say, they're doing it to a degree beyond what most of us may have assumed was taking place.
How can we stop this? Do we know if cooked ROMs also do it?
Update 4/25/2011 5:00PM ET:
- Here's how I stop Android from phoning home.
- I dont' use this, but here's a sweet google removal script.
- A seperate thread for discussion: Why the data Android sends to Google is less anonymous than Apple's implementation
Update 4/26/2011 9:25PM ET:
- [Q] How do we protect our Android device from the CelleBrite UFED?
Update 6/8/2011 5:24PM ET:
- Use Autostarts to stop apps from opening behind your back!

Its not that they care where you are personally, you're more of an anonomous statistic to them. They use these huge mountains of collected data to decide which markets are the most potentially lucrative fir them to invest their zillions of dollars of advertising and marketing money into. You and I will likely never be directly affected by our locations being disclosed, save for more accurate search suggestions from our google search widgets.
Sent from my HTC HD2 using XDA App

I'll ask again to try and keep this thread on topic. Anyone who wants to discuss why the companies do it is free to start another thread and discuss that there.
How can we stop this? Do we know if cooked ROMs also do it?

Droidwall...

I was so mad when I heard what they were doing, I wanted to throw my phone out the window. How is it even legal for them to do this, regardless of where its anonymous or not its still bs and I want that crap off my phone. I am a newb to the whole android and software thing and I wish I could help.

There out to find your house and steal your prized poodle. Honestly if its for marketing then it what it is. Honestly if you want to get mad at something, get mad at T-Mobile for throttling 4G speeds. I see what your saying but I would like them putting the right ads for my area and know quickest way to the quickie-e-mart.
Also we are using their OS.
Every other OS is monitored also.
Sent from my UD Glacier

What's with the useless comments defending these companies?
Can anyone answer the question - DO cooked ROMs also track your location?
According to this article, Android tracks the last 50 mobile masts and last 200 WiFi networks.
This is a problem, anyone have the solution?

I found this comment on one of the articles, does this explain it?
All mobile phones keep a record of the locations and unique IDs of the most recent mobile masts that it has communicated with. It's called the neighbour cell list and normally it enables the phone to connect to the network more quickly than it otherwise would. GSM mobile phones have done this since about 1992.
To see the benefits storing the neighbour cell list compare the time it takes a mobile to find a network after it is switched on in a new location, e.g., after a long flight, with the time it takes to find a network when the phone is switched on in the location where it was switched off.
The difference in the iPhone case is that the iPhone is keeping this information for such a long period of time.
Click to expand...
Click to collapse

wrapper said:
I found this comment on one of the articles, does this explain it?
Click to expand...
Click to collapse
That is about the iPhone storing, not about a device sending GPS location data day and night.
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.

There's a related app named HiSurfing, but one reviewer says that does not work as well as DroidWall. Seems DroidWall does a better job of keeping things from slipping out when they've been blocked.

Darnell_Chat_TN said:
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.
Click to expand...
Click to collapse
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.

I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.

wrapper said:
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.
Click to expand...
Click to collapse
Yea, it uses a different listing number on my device, but "Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync" may be the one to disable to stop the device from phoning home. I sync my data locally (via MyPhoneExplorer), so I can't think of any personal need for those, I've disabled that from all network and WiFi connectivity.
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.

Darnell_Chat_TN said:
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
Click to expand...
Click to collapse
That's because DroidWall is just an interface for iptables, the built-in firewall. So your battery life will not change at all, that's correct.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.
Click to expand...
Click to collapse
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.

frosty_ice said:
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.
Click to expand...
Click to collapse
Or turn on my router's logging and check there, yea either of those would work.
Not sure if/when I'll get around to it .

droidhell said:
I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.
Click to expand...
Click to collapse
that seems like the best app if it works, any way to verify?

slapshot136 said:
that seems like the best app if it works, any way to verify?
Click to expand...
Click to collapse
I'm new to Droid, I really don't know how to test and see, it does stop other app really well, as far as a OS I don't know.

From what i here it's all stored in a location history file.
One simple solution might be to routinely delete this file.
Doesn't exactly solve the problem.

Might we consider expanding the subject to protecting our privacy? If not, I apologize in advance, as I think it is all connected.
It is probably Darnell's call, as he started the thread.
In the meantime, please consider this article: http://bit.ly/gCynrh

So let me understand this. I buy access to a network for my phone, which I also paid for. My location information, which is the result of my purchases is being used to generate income. So I'm allowing my spent cash to generate data and be leveraged to generate income. My information wouldn't exist with out my investment in the technology, so I own it.
I'm paying to be stalked !!!
Reduce my bill, provide remuneration for my investment in this technology, prove that it's anonymous, remember since I paid for the means to generate the data- the data belongs to me.
BTW for $1.50 I'll wire the battery to switch off, try getting data then.
I'd rather have an app which monitors my relevant info and bills the users for access to it.

Researcher Says That 8% of Android Apps Are Leaking Private Information

http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.

Ur a good man
Sent from my PG86100 using XDA Premium App

Get an iPhone then.

Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.

Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.

if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning

This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.

A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol

xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol

Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.

I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.

Oh look iOS does this too.
/troll

DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%

Do you use Licensing in your apps?

Was just wondering what peoples thoughts were on using the Android Licensing copy protection in their apps? Do you use it and do you spend a lot of time on it or have any creative ways to help enforce it?
As we all know any kind of drm will always be cracked but I just wanted to know if people found it worthwhile to have..

I'm using In-app-billing, because I found that even licensed apps can be copied.
And yes, all apps can be cracked eventually, but most of the publishers of cracked apps remove them if you ask to. So that's what I'm gonna do!
Sent from my Nexus 4 running Android 4.2 JB

I don't like license checks that force you to be online, but I do like to have 'something' in place...
Recently I started working with some OEMs in India who wanted to pre-load my apps on their devices. Very exciting obviously, but I didn't know if I could trust them as I'd never heard of them.
So what I did was get the app to load a web page on one of my servers off the screen (9000%x...) so that it couldn't be seen. The page it linked to was empty, but if I wanted to I could modify the code to include a redirect that would send it to another page. Then in my 'onPageOverride' event I just said if URL = 'stopapp.htm' then do whatever it was I wanted to do.
What I actually have it do in that event is to fill the entire screen with that web page. The user then can't interact with the app underneath, but they get a message that I can create at the time saying 'This app has been illegally distributed' or whatever else I want to say. I can even forward them on to the download page if I want this way.
This works well too because if the user isn't online, the page just doesn't load and nothing happens. But if I want to stop offline use as well I can save a file in File.DirInternal and have the app check for that. 'SwitchOff.txt'. They get caught once, then they can't use the app.
Obviously this doesn't work quite like a license check, but what you *could* do with it is to have the app pop up with a message to people using an old version that's not updated. That's probably downloaded off of some file sharing site, so you could then just keep pestering them to 'update' and send them to the Play Store to do so. You can also check how many of the users on that version of your app are legitimate by looking at your Play Developer Console.
One thing to note is that the redirect URLs you use will need to be different in every version of your app that you release.
Hope this helps someone! I wish I'd done it sooner, one of my apps is all over the web grrrr...

pretty much the same as what I'm doing atm except I just ping a server in the background and display a popup if the result meets certain conditions.. I don't disable the app either as I can't be 100% certain it's pirated, instead I display a "scary" popup saying if they're using a pirated copy this is illegal etc.. your average user won't know how the popup was generated so it should be enough to make them think "someone" is onto them and go the proper route.. With the added bonus a genuine user can just press ok and carry on using the app
Sent from my Nexus 4 using Tapatalk 4

Currently, none of my apps use licensing.
For one of my paid apps, about 5% of the downloads are from non-Google Play sources, meaning, I'm not seeing any revenue from those 5%.
There is an Android API, that allows developers to see which platform their app was downloaded from. So, I've been thinking about adding that hidden feature to my apps and maybe do something fun with it. But, haven't got around to it yet. My thinking has been that if somebody downloaded a pirated copy of my app, then they probably weren't going to pay for it in the first place. And, hopefully, they will tell their friends about it and maybe one of them will actually purchase it through Google Play.

I already have all my licensing code in place and commented out. Since my app is pretty new I want to see how it does before adding licensing. Since the app is free and income is from IAP its not too bad. I'd only turn on licensing in the next release if I see a pressing need for it.

Currently, none of my apps use licensing.

PIQ + mobitee let us with a expensive piece of garbage.

Hello forum; I have used your post a lot for many years but I had never been encouraged to write anything; First of all, I would like to apologize if someone offends that the first post I publish is a petition; but a little story below
The company PIQ was previously dedicated to developing sports products that used an application and due to the covid 19 pandemic they have simply gone bankrupt and many of the people who bought their devices simply cannot use it anymore.
PIQ
PIQ. 13,521 likes. Intelligence leads to Victory Get your Winning Factors with PIQ ROBOT
www.facebook.com
The application uses an authentication system with an SMS code to the cell phone where it is installed and all its servers are closed; which leaves all its users swimming in nowhere; I have read in various forums that some athletes have lost up to 5 years of training history which is really unfortunate; (Although it is also regrettable not to make a backup of your files it is not the case of the post)
I'm not sure if the app cannot be downloaded from the play store so it will be put here:
Mobitee and PIQ for Android - APK Download
Download Mobitee and PIQ apk 3.1.7.5005 for Android. The Mobitee and PIQ mobile app provides unique insights to golfer of every level
apkpure.com
The application cannot be logged in or if the athlete loses their phone they will not be able to use the device again; with which it would be good to have any of the following options:
1. Is there any way in which you can bypass the login; it wouldn't matter if you couldn't track the statistics if you could at least use the hardware;
2. Is there any way in which the data packet sent by the NFC sensors can be used in another APP ???
finally; the application could be modified so that it does not work with an API on a private server, but rather save the local statistics:
I've been playing around a bit; I'm not really an expert; I have decompiled a couple of files and it seems to me that the one that might be of interest is called AccountManager.java located in
\ com \ mobitee \ base \ core \ managers
I appreciate it if someone can give me a hand since my knowledge is limited; Could you suggest to me where to start reading to get to some point:
Several users and even brands that worked with the company joined to request that they submit an open-source code or a GitHub project but I have not been able to find a clear answer to the issue yet.

Welcome to XDA
So you're saying it's a side loaded apk?

Here it is uploaded, Thanks for asking!

Yeah you didn't answer my question.
I don't download any unknown apks and very rarely side load and then only if vetted.
Hopefully someone here will help you...

blackhawk said:
Welcome to XDA
So you're saying it's a side loaded apk?
Click to expand...
Click to collapse
Sorry for not answering; yesterday was too late for me... if you are asking if they can be only installed via Apk file; unfortunately yes; it is out now from the play store...

LEP4To said:
Sorry for not answering; yesterday was too late for me... if you are asking if they can be only installed via Apk file; unfortunately yes; it is out now from the play store...
Click to expand...
Click to collapse
No worries.
That should be a warning in itself. Getting away from this app is the best solution. The data may just be lost.
I lost 2 websites because I used Google Picasso to create them. Wasted time.

th
blackhawk said:
No worries.
That should be a warning in itself. Getting away from this app is the best solution. The data may just be lost.
I lost 2 websites because I used Google Picasso to create them. Wasted time.
Click to expand...
Click to collapse
the problem is not leaving the application aside; The boring thing is that almost 250usd was paid for a sports system that in this case was golf and it was useless when changing phones ...

LEP4To said:
th
the problem is not leaving the application aside; The boring thing is that almost 250usd was paid for a sports system that in this case was golf and it was useless when changing phones ...
Click to expand...
Click to collapse
That sucks. Was that in the EULA?
You may have legal recourse. Try nice first.
There probably is a way to trick it by editing it's code but that's beyond my capabilities.
However this is a site full of hawkers...

blackhawk said:
That sucks. Was that in the EULA?
You may have legal recourse. Try nice first.
There probably is a way to trick it by editing it's code but that's beyond my capabilities.
However this is a site full of hawkers...
Click to expand...
Click to collapse
I know, Maybe somebody could help here...
On the other hand, I can not find EULA since the page is down now, but on the web page too many times a banner says "unlimited updates for life"; I think those guys were pretty confident to not go to bankruptcy
I can check for something on the web cache...

LEP4To said:
I know, Maybe somebody could help here...
On the other hand, I can not find EULA since the page is down now, but on the web page too many times a banner says "unlimited updates for life"; I think those guys were pretty confident to not go to bankruptcy
I can check for something on the web cache...
Click to expand...
Click to collapse
Sounds like a lost cause if the site is down.
Sometimes you need to copy your data any way you can even writing it down by hand.
Been there, lost data...

Any Help?