Better Mobile App

Money toolkit app?

Hello has anyone used the money toolkit app to access your account?. On my iphone I have an official natwest app, which am sure is safe however a bit worried about this one cause it clearly states not affiliated with any bank.

Hi marvi0
I am Dan - founder of Money Toolkit, so obviously my opinion is not impartial
You are absolutely right to question apps like ours, and I wish more people were more diligent in this resect.
The biggest barrier to using any third party financial app is trust. For a small start up like ours, theres a bit of a catch 22 thing. The best way for people to trust our app is to see others using it, which means having enough early trail blazers use it.
I hope you do read some of the pages on our site regarding security - we have gone to very great lengths to keep you in charge of your credentials.
But this is still only our word. Probably the best thing to help increase your confidence is to look on our get satisfaction pages - (we cant delete messages, so it is an open conversation). Also check the comments on the Android market, again we can't even respond as the developer (which can be frustrating).
I hope others do respond on here, though we only have 500+ active users, so I would be a bit surprised.
There will always be some nervousness committing to our app, ultimately you have to go with your instincts - most people who see our app don't go on to enter their details, which is a shame in my opinion (obviously), because those who do find our app really useful.
Any questions, just ask.
Cheers.
Dan.

I have installed it and it looks pretty good
I have my fingers crossed regarding the security

Thanks for your reply so does this app actually allow me to view my natwest account information?

marvi0 said:
Thanks for your reply so does this app actually allow me to view my natwest account information?
Click to expand...
Click to collapse
it does yeah
you get an overview and then when you click on the account it drills down into the transactions
you cant see direct debits etc
also i wish you could change the theme, the wooden effect is a bit yukky, lol
but it does the job fine
also you have to manually log out or the app will run in the background, and if someone picks up your phone they can see the bank funds etc

winwiz - thanks for that.
You are not alone a few people don't like the wooden theme, so we are thinking of changing that.
The idea was that it continues the web site theme of being a work bench - continuing to follow the tool kit idea! We also didn't want to look like another boring bank, but probably it doesn't work that well on the phones.
Regarding logging out - we keep you logged in on purpose, (it will time out after 5 minutes) it is really annoying when you accidentally go back too far or want to swap to another app and have to log back in. Perhaps we should make that another setting?
some people even choose to keep their password remembered, and rely on the phones own security.
Remember this is a READ ONLY app, there is absolutely no way anyone could transfer funds, or make any changes to your bank.
We've got some nice things planned, like categorising your sending and graphs etc.
So any feedback or ideas really welcome - especially on the get satisfaction pages
Cheers.

MTK-Dan said:
winwiz - thanks for that.
You are not alone a few people don't like the wooden theme, so we are thinking of changing that.
The idea was that it continues the web site theme of being a work bench - continuing to follow the tool kit idea! We also didn't want to look like another boring bank, but probably it doesn't work that well on the phones.
Regarding logging out - we keep you logged in on purpose, (it will time out after 5 minutes) it is really annoying when you accidentally go back too far or want to swap to another app and have to log back in. Perhaps we should make that another setting?
some people even choose to keep their password remembered, and rely on the phones own security.
Remember this is a READ ONLY app, there is absolutely no way anyone could transfer funds, or make any changes to your bank.
We've got some nice things planned, like categorising your sending and graphs etc.
So any feedback or ideas really welcome - especially on the get satisfaction pages
Cheers.
Click to expand...
Click to collapse
Hi Dan,
Thanks for the great feedback. I'd like the option to customise the background, or if this is not possible, a solid black background. The timeout option should be configurable so the user can set the timeout period!
I look forward to the updates

MTK-Dan said:
I am Dan - founder of Money Toolkit, so obviously my opinion is not impartial
...
Any questions, just ask.
Click to expand...
Click to collapse
Hi Dan,
Was just deliberating about using Money Toolkit and I had a couple questions. I've no knowledge in this area so please bare with me.
On the blog post here: hxxp://moneytoolkit.com/2010/09/secure-mobile-banking/
You said that:
"Yodlee then sells your bank data to the web site that you signed up".
Which I agree doesn't sound ideal - but they have to make money to be a sustainable business. How does money toolkit intend to make money? Which part of users financial details will be utilised to do this?
Secondly - regarding the security - the same blog post says:
"Not only would someone have to get access to your phone they would have to go to the same lengths as they would if they wanted to ‘hack’ into a bank, but they would have to do it three times!"
I presume that each location storing data can't login to the bank account in part. Instead a single server instance would have to login - requiring all 3 parts of the information to do so as banks usually randomise the questions asked. That presumption may be wrong however - but if it's correct does that mean a hacker could just hack that single server instance and intercept the traffic being sent to the bank?

You said that:
"Yodlee then sells your bank data to the web site that you signed up".
"but they have to make money to be a sustainable business. How does money toolkit intend to make money? Which part of users financial details will be utilised to do this?""
Click to expand...
Click to collapse
We point out the normal relationship with Yodlee because Yodlee is an independant third party, they are the entity that you end up having the biggest contractual relationship with, in fact you sign over power of attourney to them when you use a web site that uses their aggregation (read the small print).
Regarding Money Toolkit making money, so far we don't! Of course, as you point out, we need to, so we have two options - we will ask for 50p per month (for example), or we will offer good deals with companies we trust (generally not main stream banking companies), where we will make a commission, if we do that we will make the commission obvious and share it with the person taking the offer.
"Secondly - regarding the security...
...does that mean a hacker could just hack that single server instance and intercept the traffic being sent to the bank?"
Click to expand...
Click to collapse
Well your main assumptions is correct, but the reasoning not quite right. Firstly it is not just because of the random nature of the security questions that the three way split is valuable, but literally each part is utterly useless without the other parts, they are three parts of an encrypted file, which MUST come together before it is possible to decrypt.
The decrypted file (now only in volatile memory) then returns values to your phone and it is your phone which sends (over SSL) the right request to the bank, so they would have to breach our own SSL traffic (and custom encryption). Our IP's and the bank's are hard coded so a traditional man in the midle attack is ruled out. They would in effect, have to dupe you into downloading a dodgy Money Toolkit apk for this to be possible.
As you may know, the huge majority of security problems come from static data being discoverable (cd's and memory sticks left on trains for example). In our case the three seperate locations, including your phone make this kind of static data recovery, all but impossible.
However... you are right tht if someone managed to compromise the individual server that, at that moment (we have many), did that specific decryption: then if they were very smart, they might have the ability to detect your secure bank details. Though it would be almost imposible for that to happen and us not know about it. To alter our code and not have our systems detect the intrusion would be phenomenal.

MTK-Dan said:
so we have two options - we will ask for 50p per month (for example), or we will offer good deals with companies we trust (generally not main stream banking companies), where we will make a commission, if we do that we will make the commission obvious and share it with the person taking the offer.
Click to expand...
Click to collapse
Great, both options sound reasonable
MTK-Dan said:
they are three parts of an encrypted file, which MUST come together before it is possible to decrypt.
Click to expand...
Click to collapse
Neat, didn't realise.
MTK-Dan said:
The decrypted file (now only in volatile memory) then returns values to your phone and it is your phone which sends (over SSL) the right request to the bank, so they would have to breach our own SSL traffic (and custom encryption).
They would in effect, have to dupe you into downloading a dodgy Money Toolkit apk for this to be possible.
Click to expand...
Click to collapse
That at least does sound secure (without understanding it more) I suppose there may also be security issues beyond a dodgy .apk file if the Android device has been rooted - because I think that allows apps to work outside of their sandbox. Again, I don't know enough about that.
Thanks for the detailed answers, it gives me more confidence in the service.

aph5 said:
Great, both options sound reasonable
Neat, didn't realise.
That at least does sound secure (without understanding it more) I suppose there may also be security issues beyond a dodgy .apk file if the Android device has been rooted - because I think that allows apps to work outside of their sandbox. Again, I don't know enough about that.
Thanks for the detailed answers, it gives me more confidence in the service.
Click to expand...
Click to collapse
Is it possible to transfer money to whomever you want with this app?

[Q] Privacy on Android using standard VPN Settings?

Since we know the main reason Google did Android was the same as all their other free products - collect more info from users, can the built in VPN settings be trusted? It just seems to me that the only reason Google would be "kind" enough to build in a system to defeat the reason they built Android in the first place would be if they wanted a way to offer "security" with a back door for themselves??? i.e. Maybe all traffic goes through Google before being sent to VPN??
Or maybe a simple question is can Google still see your traffic or get the info they want if you use the built in VPN settings (with a VPN service of course)?
Would using an OpenVPN app be more secure than the standard settings?
Thanks and I'll apologize in advance if this is a stupid question!

Remove the tinfoil hat for a second and listen:
Even if the traffic from the VPN were to be sent to Google, they would only receive the encrypted traffic!

Erm, yeah, that is, if no other part of the VPN framework is sending the encryption key to Google servers -in an encrypted form so as to not be so easily detectable by sniffing the traffic...
Heck, the FBI and the NSA do it with e-mail (google-search "carnivore program" and "Echelon communications interception", you'll find plenty of info on these -surprisingly not well known- topics) and truckloads of other communication forms, why would Google mind ?
You're absolutely right to be wary -especially if you live in the USA, where the "Patriot Acts" 1 and 2 give practically free-hands to the government to wiretap everything they want, in the interest of "national security" (or so they say. Most times though, it's used for more 'impure' intentions), and sometimes forward the collected info to big corporations who can make big money out of it. That's how Boeing practically stole a multibillion $ contract right under the nose of Airbus : the NSA tipped them off after they intercepted emails and faxes emitted by Airbus about the bid, and told Boeing to slightly -just enough- increase their own bid, and voilà... (but they never acknowledge anything by saying "we intercepted comms that said they'll bid so much or so much", nope, it's way more sneaky than this : it goes like "about this contract, we think that it would be a good idea to slightly increase your bid, by say a million or two", never mentioning any wiretapping -and of course the people who benefit from the info are way too glad to think about spoiling the ambiance by asking embarassing questions. "you don't look a gift horse in the mouth", after all...
If you really wanna have a (mostly) relaxed mindset about this, I see only one reliable solution : code your very own VPN app, and keep it to yourself, forever and ever, so it can't be reverse-engineered by no one (and even this is no 100% guarantee, you're never safe from anything in this sorry world)..
That being said, I'm not entirely convinced Google created Android just for gathering info from its sheepish users.. There probably is some of that, sure -althoug, to be a Android user requires way more technical knowledge and curiosity about the device you're using (that is, if you wanna use it at 100% of its capabilities) than the "average frustrated Windows chump".. And this kind of user is way more liable to uncover the "conspiracy", sooner and easier than just a WinMo or iOS user.. It's kind of like sawing the branch you're sitting on..
And if this happened -Google being discovered spying upon the communications of Android users- they'd probably be in biiiig trouble, probably more than what makes it worth trying it. Just look at Apple when it got known that every iPhone has a hidden memory area that stores the GPS coordinates of your every move and periodically uploads them to Apple servers. Jobs managed to dodge the bullet by publicly explaining that it was meant to enhance the algorithms that will be used by future GPS chips, but who the hell believes that ? For one thing, Apple never manufactured GPS chips, and probably never will, mostly because building a chip-foundry factory costs a huge wad of dough (just ask Intel how much they're spending to upgrade their infrastructures each time they reduce the die-sizes by a few nanometers, the amounts are hard to believe when you're making about 15$ an hour like me..), and also because there are already too many competitors out there -most of which are better than Apple at designing quality hardware.. It's probably no mystery if Apple prefers using 3rd-party hardware than making their own : it's cheaper, easier, and at least if you get some f-ed up hardware, you can just blame it on the corporation who sold it to you instead of having to make an embarassing and very public mea-culpa (at this point, the words "HTC", "eMMC" and "Samsung-made chips" are popping into my mind.. Is anyone else feeling those symptoms ? ^^). And it would be way harder -if not downright impossible- for Google to find a believable and reasonable explanation for such a mischief (I think it's even called a felony at this level.. But I'm no yankee, can't be 100% sure about this detail -and right now I'm too lazy to Google it up and find out.. xD).
But then again, who can be 100% sure ? It's always wise to be wary, and always be prepared for every contingency, as far as is humanly possible
I personally think that if Google created Android it's probably more because they wanted to thwart Microsoft from ever gaining complete monopoly of the mobile OS market, like they did with Windows and the PC OS market -which they mercilessly dominate by every means possible, even those that are borderline illegal sometimes, if the outcome makes it very worth the risk..
Google and Microsoft just can't stand each other (just like Microsoft and SCO-Unix couldn't stand each other back in the heroic days.. Actually, Microsoft has had many a foe along the way, IBM is counting among those too -but MS finally managed to kill off their offspring OS/2. It wouldn't die by itself so they had to kill it.. But they only managed to do so because they were more determined on taking it out of the OS scene than IBM was determined on defending it.. ), and they just will do anything that is in their respective grasp to piss off one another -with varying success..
And I gotta admit that they did a pretty good job out of it, all things considered : the Unix open-source community benefits from one more interesting project (even if the sources for every new Android release are often very long to come out. But then, the GNU public licence only states that you have to release the source code with your app if you're reusing some GNU-licensed code, it never mentions any deadlines, or that it has to be released together with the compiled binary), and Microsoft is held back from completely winning a juicy prize, which makes their new CEO Steve Ballmer mad with rage -which is hilariously funny to me (I can't get enough of seeing this fatass enraged. Too bad Bill Gates retired, it'd probably have been equally as funny -if not more- to see him enraged, with Ballmer towering over him by his side and trying to make himself as small as a mouse so he could escape by a crack in the nearest wall, the "angry dwarf and the 'not-too-bright-but-very-bulky' giant". In the movies that's always a winning combo)..

Snakeforhire said:
Erm, yeah, that is, if no other part of the VPN framework is sending the encryption key to Google servers -in an encrypted form so as to not be so easily detectable by sniffing the traffic...
Click to expand...
Click to collapse
Well, if you want to follow that road, what's telling you that the VPN clients around aren't sending that very same key to law enforcement agencies?
The answer is simple, it would be a huge, gigantic ****up, as you said!

read the rest of my post, I address this issue a few lines down.

@Alcap12 I don't generally consider myself to be part of the tin foil hat club. But I am older and have learned (the hard way) the difference between regrets and mistakes - mistakes you can fix. I think there is going to be a whole **** load of young folks who are going to regret not taking their privacy a little more seriously in a few years.
Thanks for the reply SnakeforHire.
I understand the man-in-the-middle type of attack and if you're using an ssl vpn the only thing the middleman sees is encrypted traffic. But Google isn't in the middle they own the starting point. So is it possible: A user sends some data, Android phones home with the metadata, and then Android encrypts the data and sends it to the vpn server? Tons of the apps on the market are tracking you - heck the Dolphin browser just got busted doing it right here on XDA so why not Android itself??
I'm thinking a packet sniffer would tell us the answer. I'm also thinking if I've thought of this one of the professionals here on XDA has too and has checked it out already. At least I'm hoping so. I just posted this thread in the hopes of finding out for sure.

you're assuming the filtered-out data would be sent over to the eavesdropper in an unencrypted form, otherwise the packet sniffer would just see meaningless garbage..
And I kinda doubt that anyone willing to go to such lengths to spy on others would be so foolish as to forget to add encryption to his upload framework.

Well, it seems to be a very good and informative question. I use VPN service and i don' think that google can trace out your traffic though the traffic from the local ISP transmit through a sound means which is absolutely encrypted and protected so there won't be any chance for anyone to look into you data and traffic...
i use the service of hidemyass and i can say that its is the best iphone vpn. I have been searching around the web for several aspects related to vpn and my research concluded that through vpn no data can be traced..All what google or anyone else will receive is the encrypted data like [email protected]#$^^&*. So impossible for anyone to see it

Since the arrival of latest Android Phones, we have been seeing people searching for the most reliable and trustworthy Android VPN Providers. It has not been easy for anyone of us, searching for VPN provider that can support our latest Android Phones settings. In fact this has not been easy for us to compile this entire list of Android VPN Providers.
Setting up commercial VPN on Android 3.0 or older versions is a piece of cake nothing to worry about. You just have to tap here and there on your New Android Phone and you are connected.
Before providing you with the step by step process, I would again mention the ‘disclaimer’ that this blog-post is not for the experts or techies, but this is for those who are new to VPN or android and want to setup their VPN accounts for the first time on their Android Phones.
Let’s cut the crap and start with the tutorial, I will first tell you how to setup a simple PPTP VPN connection on your Android Phone.
Go to your Phone settings.
Tap on Wireless Controls and then VPN Settings.
Click ‘Add VPN’ and you are Half way through J
Tap on “Add PPTP VPN”. Do not worry about others, we will let you know about the other protocols as well.
Add your “VPN Name”. It can be your name, you can even name it “I Do not need VPN”
Now the so-called difficult part arrives, entering the Server Name. Server Name can only be entered, if you have a VPN account, or you have setup your own VPN. If you do not have both, please do not try this, you will not get anything
Server name is being provided by the VPN Provider, it will be like “usa.bestvpnservice.com”.
You can enable the encryption here. (If VPN still does not work, try again after disabling it)
Do not worry about DNS Search Domains until or unless you are planning to use Internal DNS Server, if yes enter them here.
Save the Settings and You are all set with your New VPN Connection on your Android Honeycomb.
Now, comes the connecting part. Go to your VPN Settings and there you will get your added VPN connection. Tap to connect it and enter your Username and Password, which you will get after paying your VPN Provider. You will see a small Key like icon on the Top, which means you are now safe, secure and anonymous in the digital world. You can disconnect your VPN by going to the same area with VPN settings and tapping on your connected VPN Connection.
I hope it will helpful for you to configure settings on your Android. Currently i am Using my Ipad its more easy as compare to Android.
To see Ipad VPN and its seetings:
bestvpnservice.com/blog/how-to-connect-to-a-vpn-on-ipad-2

[Q] Google Privacy Policy

I'll try to cut things short and get to the point.
Google has recently announced that it is going to change its privacy policy . The new privacy policy allows Google to enhance its products by collecting data. Data that is being collected. That data is transferred via Google products (Youtube, Gmail, Google Maps, etc.). For Google to be able to collect your data, you have to be logged in into one of its products and data collecting starts.
By signing off form its products, is transfer being disabled? If you use Google search engine, is data being collected via cookies and is it the same just as if you are signed in into some Google product? That way, by monitoring IP activity it can effectively collect data just as if you were signed in into Google prods.
It looks to me that no matter what, signed in or not, Google will get those data!
Can Google collect data from my Android phone even if I am not signed in into any Google product, but simply because I am using Android?

How is it possible that no one takes interest in this matter? This sounds serious to me and it does needs some attention, at least to be informed properly. Big corporation Google is taking away privacy, by building a behaving system for each Internet user.
How come this topic, not mine but in general, is being dropped down from everyone's sight?

mendoza1 said:
How is it possible that no one takes interest in this matter? This sounds serious to me and it does needs some attention, at least to be informed properly. Big corporation Google is taking away privacy, by building a behaving system for each Internet user.
How come this topic, not mine but in general, is being dropped down from everyone's sight?
Click to expand...
Click to collapse
Because its been discussed in a few threads.
And possibly because google are simply collecting all they know about you in one place.
Dave
Sent from my LG P920 using Tapatalk

As long as you are using a google product, they will most surtainly be collecting data from you.
It won't matter if you are logged in or not.
It's a sad reality, but if you want privacy, don't use google products. Or facebook for that matter.
Personally i would love a OS that has privacy in mind. But i fear such a thing is close to impossible these days.
Sent from my LT18i using XDA App

People made a huge stink over Carrier IQ but when its Google its not a big deal. collection of personal information sucks-period. What makes anyone think that almighty Google cant be hacked by some sort of group like Anonymous? Although I see no reason at the moment for them to do it, I dont want to say its not possible. Really Google needs to be limited on what they have access too just like anybody. I love the Android platform and many of Googles products, but I am willing to pay a little to keep my information safe. Remember if you are not paying for it, you are not the customer, you are the product being sold.

CM Statistics - CM Wants your data, and CM WILL GET YOUR DATA, LIKE IT OR NOT!

In the past, CM has allowed users to opt out of sending their data. It's recently decided to remove the "optout feature" (c'mon, is that really a "feature"), forcing users to eat it.
http://www.androidpolice.com/2013/0...pting-out-of-cm-stats-cyanogen-says-to-chill/
"Cyanogenmod Will No Longer Allow Opting Out of CM Stats-- Cyanogen Says to Chill"
in response, i kindly made this argument:
"A fundamental issue still exists. If the data is collected via a unique identifier, and it has a timestamp, then it isn't as anonymized as people think. Anyone with a basic understanding of data security knows that. I think the uproar has to do with the reputation of the team as the protectors and defenders of our platform...you give us choice. But when we see behavior that doesn't add up, were naturally going to believe you've used that position in the community to do evil. We understand you want the the data.
What doesn't make sense, and the natural road for us all to go down:
1) is this being used to monetize CM?
2) installation data: to include location, language, device, build version, and carrier, are all things that can be identified using a single, static event report. Why should we be comfortable with an always-collecting, transmitting-in-the-background service? What's the use-case for this? You've said yourself that Google Play apps themselves often collect this data..why is that method insufficient for CM? And why should we have to expect the same from you guys as we do from everyone else. Surely there's a way to collect the necessary data you need with a scalpel, negating the need for a device drag-net like this.
In all seriousness, i trust CM to do the right thing...i just can't tell right now if they've done the lazy thing, and created a service which is omnipresent, omnipotent, running in the background and silently spying on me, just so CM can tell which language my device is running, my general location, my build information, etc.
That's fine, it's simple data, and it's fairly straight forward.
The question is, if you needed that data (which CM says it does), then why are you collecting a much, much more complicated data set, and why won't a simple installation report do? Why won't running for a short period of time...say, 5-7 days do?
Why did they take the Carrier IQ route?
Maybe they want it just so they can have it. As Koushik stated on the google plus post (where he does a great job at assuaging some fears, and creating others):
"---Did you know over half of our users are in China? They just passed the US in terms of CM installation base.
Call it ego surfing, but the data is incredibly useful."
So they're collecting all this data, without a need? It's obvious why it's extremely useful to understand, say....which language most of your users use, etc. But you don't need a 24/7 service to find out what language people use your device in.
Anyways, here's the Google + Post:
https://plus.google.com/103583939320326217147/posts/GwnzKJijBKj
Here, he has, however, provided a screenshot of your data in action, assuaging the fears of most (we never truly get to see what our data looks like after its sent through the mizteereeus pipez of the interwebz, magically transformed, and then spit back out to an analyst), and he even tells you a bit about what data it collects. What he doesn't say, is why on earth submitting the data once, after installation, in a single report wont do, or why a build report once a week, or however often, wont do.
That's the end of my tinfoil hat tirade. Like i said, i love CM, i trust them, but i'm disappointed. The reasons i listed above are arguments made to explain why people are raising hell because of this. I don't believe they'll do anything nefarious, and personally, they can ego=surf with my data all they want. It IS pretty cool. Maybe the move was a tad bit short-sighted though, because they may have gotten a bit out of touch with their users, and their users opinion of them-- and that's what my posts were supposed to do...they were supposed to bring the way I (and other's) think about them more in line with reality.
Edit: It's important to note that, as explained to us by CM, CM Statistics calls home upon reboot. Whether it runs all the time, or just for a nanosecond upon reboot, or 24/7 is important as well, but I'm unable to verify any of this, because my github skills are w34ks4uce. If we had a independent dev who could take a look at CM Stats and then explain exactly (key word) what it was collecting, that'd be über helpful....but it wouldn't mean anything in the long run. Because I was viewing the macroscopic effects of the decision. A comprehensive announcement and explanation wold probably have been prescient, because the information contained in the Google+ post is just as key as the announcement itself-- the stigma of collecting data is far to strong to just say one day-- "sneaky, sneaky--no more opting out".

Nothing has changed here, only the fact that it's enabled by default vs opt-out. The dataset hasn't changed.
Don't use it if you don't like it. They are not spying on you. WITHOUT stats they would have zero visibility to what is actually used. Download data is trash compared to actual usage.
And what if they decide they want to improve Language X translations, but only 10 people use it? Worth it? Or what about Device Y that only a handful of people are still clinging onto? Resources can be used in better ways.
I knew I'd see a post crying about this eventually...

If this thread turns into a flame fest it will be locked
As for data collection...you are using Android right?
Also check the permissions to all those third party apps.
Thanks in advance for keeping this thread civil or ignoring it.
Friendly Neighborhood Moderator

I take my privacy seriously, as I'm sure most of us do. As mentioned previously market apps gain a certain amount of info from us.
Maybe CM should have a free version with no opt out or a pay version with one (key maybe). That should make everyone happy.
Sent from my SAMSUNG-SGH-I717 using xda premium

khaytsus said:
Nothing has changed here, only the fact that it's enabled by default vs opt-out. The dataset hasn't changed.
Don't use it if you don't like it. They are not spying on you. WITHOUT stats they would have zero visibility to what is actually used. Download data is trash compared to actual usage.
And what if they decide they want to improve Language X translations, but only 10 people use it? Worth it? Or what about Device Y that only a handful of people are still clinging onto? Resources can be used in better ways.
I knew I'd see a post crying about this eventually...
Click to expand...
Click to collapse
This.

Whoooooooo caaaares delete thread
RoOt-[]D [] []V[] []D-BeEr

Solution to all this: OpenPDroid

briand.mooreg said:
I take my privacy seriously, as I'm sure most of us do. As mentioned previously market apps gain a certain amount of info from us.
Maybe CM should have a free version with no opt out or a pay version with one (key maybe). That should make everyone happy.
Sent from my SAMSUNG-SGH-I717 using xda premium
Click to expand...
Click to collapse
I think this is a brilliant idea, regardless of the status of CM Stats. A paid version with a extra feature set would be awesome.
As far as the argument for data like language, region, build, etc. I think we can say conclusively that this could be handled by a installation report, that runs once after installation or upgrade.
The type of data they need doesn't neccesitate a background service, which is why its naturally suspicious.
Sent from my Transformer using XDA Premium HD app

btswein said:
This.
Click to expand...
Click to collapse
I though is was enabled by default. Is this something the devs choose? Upon installation, i see a "cm statistics is running" banner in notification. Even so, what's changing, is their removing opt out all together.
Sent from my Transformer using XDA Premium HD app

http://review.cyanogenmod.org/#/c/35047/

well there you have it:
Commit MessagePermalink
Restore the opt-out for stats.
* Apparently this is a bigger issue for a small number of extremely
vocal users. We should respect their wishes, no matter how off-base
their claims are in this context.
Change-Id: I9eef9a65260ec4e360d398f80d610a198c09c915
Thanks to: khaytsus
for posting the link

khaytsus said:
http://review.cyanogenmod.org/#/c/35047/
Click to expand...
Click to collapse
Is there a way we can educate/frame a conversation around how to do this in a way accepting of the vocal crowd? Perhaps an outreach campaign, minimal in effort that might encourage more users to opt in? This is an area where fundamental good can be done. The same people who've been vocal should have no problem explaining what would get them to opt in.
I think this whole thing might have been a brief thing, but if the statistics really help the project, we can all have our cake and eat it too.
Sent from my SAMSUNG-SGH-I717 using XDA Premium HD app

khaytsus said:
I knew I'd see a post crying about this eventually...
Click to expand...
Click to collapse
You knew you'd see a post crying about this because of all that data your collecting told you lol!
Just teasin!

I would have just frozen the background service. ...
We rooty types can do that sort of thing now days. ..
And just to prevent the assumption that I missed the point of the OP. ...I didn't, and can only imagine the amount of target data our carriers pull by simply using our device. (See lengthy contract and service agreement of your carrier)...
CM data is small potatoes by comparison. ..and while quite useful to them in the generation of custom firmwares, it's a useless data source for us.
I've freely given cyanogen my data for years. And in return Steve has given me high quality work for my trouble. .....privacy concerns accepted. ....g

The easiest way to prevent CM from getting any data from you is too not install, not really that hard to figure out.
Sent from my SAMSUNG-SGH-I717 using xda premium

Question I have been totally hacked for 9 months

We have been through five phones -Samsung Galaxy, then Motorola, two internet providers two cell phone providers, made so many calls I have lost count. He uses Chromebook and a Motorola Droid phone. He has even hacked my old home phone, tv, you name it, he has tried to own it . Oh, I forgot-my home security and ring doorbells also. I can change an app permission and I can see him go right in and change it back. I am sure he lives close in the neighborhood How do I get rid of this horrible person?
He grays out permissions, default apps, etc., Which keeps me from being able to delete an app, or change someone being able to access in the background. He has confiscated our emails (Gmail), prevents us from sending or receiving ones he doesn't like. He uses email for email on the web, advertising, chat, and many other things. He listens to phone calls steals all photos, maps addresses to companies or people in contacts, uses maps for ?? Xxx an anyone help me, or at least tell me how to reverse graying out on apps? This has become unbearable! Thank you!

How do you know it's a he?
It's always the girl next door.

Lol! I cannot prove it, but the big gamers nextdoor moved in when this started happening. Their best friend is an experienced IT guy who only appears when I have gone in and changed things. In those days, new changes happen, such as Ring doorbells hacker, etc. Not blaming, but coincidence?

blackhawk said:
How do you know it's a he?
It's always the girl next door.
Click to expand...
Click to collapse
Sorry. See reply in post.

Bro, I'm so sorry. My husband has been going through this VERY thing for the past year. They don't mess with mine. I just wanted to let you know even though I don't have any resolve for you, I hear you and know that it's not phony and we totally feel for you. Seriously, maybe you and my hubby can talk. I'm so sorry that you're going through it. Feel free to message me.

This sounds like a great fan fiction and will bookmark this to see how the story develops. Thank you for putting this in Moto G Power section right where it belongs!
Sounds like you might need to invest in a router with better security features.

Moosetears said:
This sounds like a great fan fiction and will bookmark this to see how the story develops. Thank you for putting this in Moto G Power section right where it belongs!
Sounds like you might need to invest in a router with better security features.
Click to expand...
Click to collapse
Definitely not fiction. It is a nightmare and could REALLY use some advice!

gunnshot81488 said:
Bro, I'm so sorry. My husband has been going through this VERY thing for the past year. They don't mess with mine. I just wanted to let you know even though I don't have any resolve for you, I hear you and know that it's not phony and we totally feel for you. Seriously, maybe you and my hubby can talk. I'm so sorry that you're going through it. Feel free to message me.
Click to expand...
Click to collapse
It has been a nightmare! They started with mine, and have now invaded my husband's phone also.

Scammed said:
It has been a nightmare! They started with mine, and have now invaded my husband's phone also.
Click to expand...
Click to collapse
Why are you posting on XDA? If you are this convinced that someone has unauthorized access to your devices, you need to be talking to law enforcement. The best advice we can offer you is to change all your passwords immediately, enable 2 factor authentication, and if possible seek a restraining order. XDA is a smart device hacking and development community, not a private investigation service.

V0latyle said:
Why are you posting on XDA? If you are this convinced that someone has unauthorized access to your devices, you need to be talking to law enforcement. The best advice we can offer you is to change all your passwords immediately, enable 2 factor authentication, and if possible seek a restraining order. XDA is a smart device hacking and development community, not a private investigation service.
Click to expand...
Click to collapse
I didn't think you were a p.i. firm. Obviously, I am not tech savvy. A little kindness please? I simply want to know how to ungray grayed out app permissions. I have searched on my own and cannot find the answer. I have reported it to local police, state police, Motorola, Samsung, Verizon, Xfinity, metronet, on and on and on. No help from anyone. I don't have $2,500.00 to just put down a retainer for a p.i. I knew someone on this forum would know the answer I am searching for and might kindly tell me. Thank you.

Scammed said:
I didn't think you were a p.i. firm. Obviously, I am not tech savvy. A little kindness please? I simply want to know how to ungray grayed out app permissions. I have searched on my own and cannot find the answer. I have reported it to local police, state police, Motorola, Samsung, Verizon, Xfinity, metronet, on and on and on. No help from anyone. I don't have $2,500.00 to just put down a retainer for a p.i. I knew someone on this forum would know the answer I am searching for and might kindly tell me. Thank you.
Click to expand...
Click to collapse
Well, it can be hard to distinguish the difference between reasonable concern over privacy violations vs unwarranted paranoia, and you aren't the only one who's come to XDA with this type of story. Most of your assumptions are likely mistaken and can be simply explained by the nature of Android itself.
Remote intrusion of mobile devices is actually pretty rare. The most common ways bad actors get ahold of sensitive user information are: phishing, user-approved permissions on questionable apps such as TikTok, and "connected" social media accounts, where users allow websites and apps access to their social media profiles, or use their social media as a login.
Regardless, to the technical point of the matter, grayed out app permissions are not the result of hacking or surreptitious malfeasance, but rather the nature of the "rules" inherent to Android - you can't remove system apps or disable system-controlled permissions without root.
If you still think you have reasons for concern, this is my only suggestion:
Change your phone number
Immediately change all relevant passwords - minimum 10 characters, a mix of upper case, lower case, numbers, and special characters, do not reuse them
Enable 2 factor authentication on all accounts, ensuring your 2nd factor is something that you and only you have access to
Once done, sign out all devices signed into those accounts
Perform a factory reset on your device; even better, reflash factory firmware. Keep bootloader locked.
Do not use questionable apps