Update on 3rd-party MUAs (e.g., K-9 Mail) using OAuth2 on Android after May30th, 2022... which we have been searching for since early March of this year when Google notified us of the demise of the venerable login/password credentials.
PSA: K-9 Mail is (AFAIK) the ONLY 3rd-party MUA on Android working after May 30th, 2022 by using OAuth2 over the web (and not andOTP/FreeOTP or app passwords, etc., all of which require 2FA/2SV/MFA/MSV which results in a loss of privacy!)
1. I am a typical Android user who was badly affected on May 30th 2022, when Google unilaterally stopped supporting login/password authentication for 3rd party Android mail user agents (MUAs).
2. Since then, I've been desperately looking for a 3rd-party MUA which can log into a Google account WITHOUT 2FA/2SV/MFA/MSV and without creating a mothership tracking account on the phone.
3. Google (seemingly) allows MANY ways to authenticate a MUA onto the Google email servers; but all but one method (AFAIK) requires a "second something" (which is often referred to as 2FA/2SV/MFA/MSV) - which trades privacy for security.
4. The one method of authentication that doesn't require 2FA/2SV/MFA/MSV is OAUth2 (which itself is inherently insecure, but the problems with OAUth2 are not the point of this thread).
5. I have a Google email account, like many others... simply because it's the best free email account that I can find.
6. However, I am one of those Android users who cares a lot about privacy (where privacy is a thousand things, much like health and hygiene is a thousand little things - where people who care about privacy never just give up - just like people who care about hygiene never just give up - but they understand that many others do just give up, and that's OK.
7. One of those privacy little things is I don't have a Google Mothership Tracking Account on my unrooted Android phones, and I never will.
8. Hence, I could never use the Android Google GMail app to log into my Google email account because it CREATES that mothership tracking account.
9. Another of those privacy little things is I don't use 2FA (aka 2SV/MSV/MFA, etc.) which trades privacy for security since a "second something" is always needed in your hands (e.g., freeOTP, andOTP, etc.).
10. Some MUAs (such as Thunderbird on the PC) use OAuth2 over the web, but until this week (AFAIK), there were ZERO 3rd-party MUAs on Android which authorized Google email using OAuth2 over the web (mainly because Google apparently requires an annual security audit costing thousands of dollars for anyone who does).
11. Therefore, AFAIK, every third-party MUA stopped working with login/password on May 30th, 2022, where some of them (e.g., Fair Mail) were forced to switch to some other authentication mechanism, one of which was to authorize via OAuth2 using a Google Mothership Tracking Account (which the app would CREATE for you, whether you wanted it to do so or not). Just like the GMail app does.
12. Apparently, as of this week, the developers of K-9 Mail (teamed up with the resources of Thunderbird), are the first free 3rd-party MUAs on Android that allow OAUth2 authentication over the web with Google email accounts.
13. Last week OAuth2 was added to K-9 Mail for the first time (version 6.200), but it CREATED a Google Mothership Tracking Account in order to authenticate with the Google email servers.
14. This week, I was advised that the K-9 Mail version 6.201 was updated to perform that all important OAuth2 over the web. I tested it just now. It works. Note the K-9 team probably have resources that most Android developers lack now that they've teamed up with the Mozilla Thunderbird folks.
15. This is a PSA, and, a question of whether you know of any other 3rd-party Android MUA which can authorize OAUth2 with Google email servers over the web (WITHOUT creating a Google Mothership Tracking Account on Android).
Disclaimer: I am just a user; I am NOT affiliated in any way with anything.
Spoiler: Where to get the version 6.201 K-9 APK
*K-9 Home Page*
<https://k9mail.app/>
<https://k9mail.app/download>
*Google Play Store* (via the FOSS Aurora Store GPS client)
<https://play.google.com/store/apps/details?id=com.fsck.k9>
Name: com.fsck.k9.apk
Size: 8103422 bytes (7913 KiB)
SHA256: 46F071F989C6A138C2B8835D7FCDFA902AE1697B6B3C1C16581EE34B42E51CC3
*SourceForge*
<https://sourceforge.net/projects/k-9-mail.mirror/>
<https://sourceforge.net/projects/k-9-mail.mirror/files/latest/download>
<https://downloads.sourceforge.net/project/k-9-mail.mirror/6.200/k9-6.200.apk>
<https://master.dl.sourceforge.net/project/k-9-mail.mirror/6.200/k9-6.200.apk>
Name: k9-6.200.apk
Size: 8098357 bytes (7908 KiB)
SHA256: 3D8275705E00C159CD1AE473164B403EDF2A2D24E97D9F34D50FDA0677F8B398
*GitHub*
<https://github.com/thundernest/k-9>
<https://github.com/thundernest/k-9/releases>
<https://github.com/thundernest/k-9/releases/download/6.201/k9-6.201.apk>
Name: k9-6.201.apk
Size: 8103232 bytes (7913 KiB)
SHA256: 53F6678B9CF065B2413A53F70BFBF56E2C9C42454DA1A4F37AEC6AD60AB9D53A
*F-Droid*
<https://f-droid.org/packages/com.fsck.k9/>
<https://f-droid.org/en/packages/com.fsck.k9/>
<https://f-droid.org/repo/com.fsck.k9_32001.apk>
Name: com.fsck.k9_32001.apk
Size: 8102284 bytes (7912 KiB)
SHA256: 53637CC7DCF5B4F16EB167F91797DE06D07E00B30FDDBCAC0AA6CBC79122A42D
In summary, as far as I know, K-9 Mail is the ONLY 3rd-party Android MUA that can connect to Google mail servers after May 30th, 2022 without 2FA/2SV.
And what's your experience with the native Samsung E-Mail app?
Until recently, I assumed that account authorization was done by the Samsung server, not Google. However, last year I got a shock when it turned out that Samsung was being queried by Google about my age, because there was a mismatch between the settings in my Google account and my Samsung account.
Without explaining exactly what the issue was, Samsung sent me reminders that it would remove my access to its account if I didn't correct it. After my repeated interventions, Samsung finally realized its mistake, but did not apologize.
ze7zez said:
And what's your experience with the native Samsung E-Mail app?
Click to expand...
Click to collapse
Thanks for that question, but, unfortunately, I don't have a Samsung Mothership Tracking Account for the same reasons I don't have a Google Mothership Tracking Account on any of my phones (unfortunately, I also own iOS devices which not only REQUIRE Apple mothership tracking accounts just to download software but if you set up 2FA, it's PERMANENT (as in forever!)).
In addition, one of the first things I did when I got my phone was wipe out (or disable) every app I didn't want (e.g., I replaced Chrome with Ungoogled Chromium, and I replaced YouTube with NewPipe, and I replaced the Google Play Store with the Aurora Store & Aurora Droid, and I replaced Google Search with DuckDuckGo Search, and I replaced the default Samsung launcher with Nova free, etc.).
I just ran a search for "Samsung" in my app drawer app and there's nothing that isn't either deleted or disabled. (Of course, when I search for "samsung" in my MuntashirAkon App Manager, it finds a lot of apps with names such as "com.samsung.android.whatever", but I don't have the Samsung Mail app you are speaking about. However, if it accesses the Google Mail servers, I suspect it would be subject to the same rules that Google foisted upon all 3rd-party MUAs.
Spoiler: These are Google & Thundernest/K-9 references on this topic
*Less secure apps & your Google Account*
<https://support.google.com/accounts/answer/6010255?hl=en>
Here is the official Google announcement (afaik).
<https://support.google.com/accounts/answer/6010255>
Google says you can use app passwords here.
<https://support.google.com/accounts/answer/6010255>
And here is Google help on "signing in with app passwords".
<https://support.google.com/accounts/answer/185833>
*K-9 Mail (future Thunderbird for Android) adds OAuth 2.0 support*
<https://www.ghacks.net/2022/07/08/k-9-mail-future-thunderbird-for-android-adds-oauth-2-0-support/>
*Add OAuth 2.0 configuration for Office 365 / Outlook #6094*
<https://github.com/thundernest/k-9/pull/6094>
NOTE: AFAIK
Thundernest belongs to Thunderbird.
K9 moved their repo there I assume.
Thunderbird is not Mozilla any more.
Eran Hammer:
*OAuth 2.0 leader resigns, says OAuth2 standard is 'bad'*
<https://www.cnet.com/tech/services-and-software/oauth-2-0-leader-resigns-says-standard-is-bad/>
"The standard grew too far away from its roots as a simple Web
authentication technology, author Eran Hammer-Lahav says,
and now is insecure and overly broad."
*Eran Hammer's last conference on why OAUth2 is "Death by a million cuts"*
<https://hustoknow.blogspot.com/2012/12/oauth2-road-to-hell.html>
*Thunderbird & GMail*
<https://support.mozilla.org/en-US/kb/thunderbird-and-gmail>
Since some people may be confused, Google equates 2SV with 2FA:
<https://support.google.com/accounts/answer/185839>
"With 2-Step Verification (also known as two-factor authentication),
you add an extra layer of security to your account in case your
password is stolen. After you set up 2-Step Verification,
you'll sign in to your account in two steps using:
1. Something you know, like your password
2. Something you have, like your phone"
Note that Apple's 2FA/2SV is PERMANENT!
*Apple 2FA Case Dismissed by California Federal Court*
<https://securitycurrent.com/no-good-deed-apple-2fa-case-dismissed-by-california-federal-court/>
Here's a list I came up with searching for a list of what our choices might be.
1. OAuth2 (usually using an on-device Google Account), or
2. Autoforward Google mail to a non-Google account, or,
3. 2FA/2SV/MSV/MFA via a variety of authenticators, such as...
a. app passwords
b. Some kind of "2FA/2SV/MSV/MFA authenticator" app, such as...
FreeOTP Authenticator, Google Authenticator, Authy, FreeOTP+, etc.
c. USB tokens
d. Time-based one-time passwords (TOTP)
e. SMS 2FA
f. Use the phone's built-in security key
g. Use a physical "security key"
h. Get a one-time security code from another device
i. Enter one of your 8-digit backup codes
j. Sign in using QR codes
k. Set up a "trusted computer" for sign in
l. Sign in with "google prompts"
Any others?
*Email client K-9 Mail will become Thunderbird for Android*
<https://arstechnica.com/gadgets/2022/06/email-client-k-9-mail-will-become-thunderbird-for-android/>
*Frequently Asked Questions: Thunderbird Mobile and K-9 Mail*
<https://blog.thunderbird.net/2022/06/faq-thunderbird-mobile-and-k-9-mail/>
*Revealed: Our Plans For Thunderbird On Android*
<https://blog.thunderbird.net/2022/06/revealed-thunderbird-on-android-plans-k9/>
*K-9 Mail (future Thunderbird for Android) adds OAuth 2.0 support*
<https://www.ghacks.net/2022/07/08/k-9-mail-future-thunderbird-for-android-adds-oauth-2-0-support/>
*The OAuth 2.0 Authorization Framework*
<https://datatracker.ietf.org/doc/html/rfc6749>
App Manager blocks XDA App by default, even though logging into XDA calls up the web browser to log in through it. So it's not the best on the planet. Yes, I disconnected everything for it, then it stopped clinging to the XDA App.
ze7zez said:
App Manager blocks XDA App by default, even though logging into XDA calls up the web browser to log in through it.
Click to expand...
Click to collapse
We should take that issue up privately (or in another thread) as it's off topic here, but what I want to say for the topic is that, today, I just found out from the developer of the Fair Mail app that the K-9 development team worked with him to add the same web-OAuth2 libraries as they were using to enable Fair Mail to ALSO authenticate GMail via web-OAUth2.
This means for both Fair Mail and for K-9 Mail...
a. No mothership tracking account is necessary as of this week!
b. No app passwords (which requires 2FA/2SV) are needed!
c. That means we don't have to trade privacy for security!
This is great news for those of us whose 3rd-party MUA died on May 30th 2022 because Google prioritized security over privacy.
Spoiler: Where to get MUAs that use web OAUth2 with Google email accounts
Given trading privacy for security is a bad bargain for most of us., it's great to know this week there are now at least two 3rd-party MUAs to recover from Google May 30th 2022 unilateral loss of privacy (due to deprecation of login/passwords)...
1. Fair Mail
2. K-9 Mail
Today I was notified by the developer of Fair Mail that the developer of K-9 Mail worked with him so that _both_ of them now authorize OAuth2 over the web on Android (much like TB does on the PC).
Apparently Google loosened the annual audit requirement, but I'm not wholly sure what changed in the interim between last week & this week's changes.
To be sure, there are a huge number of issues still outstanding (e.g.,
Google is limiting their token counts to such a low number as to be anti competitive, which is affecting Fair Mail far more than K-9 Mail due to the huge number of Google email users on Fair Mail compared to K-9 Mail), but the PSA here is that Google "apparently" loosened the annual security audit requirements for MUA developers so that Android can again authorize Google email accounts WITHOUT creating a mothership tracking account on the device.
This means that you don't need a mothership tracking account for OAuth2.
And it means that you don't need "app passwords" (which requires 2SV/2FA).
Best to get the 3rd-party MUAs from GitHub due to F-droid lagging behind.
*K-9 Mail* by K-9 Dog Walkers
Free, ad free, rated 3.1 stars, 96.3K reviews, 5M+ Downloads
<https://play.google.com/store/apps/details?id=com.fsck.k9>
Name: com.fsck.k9.apk
Size: 8103422 bytes (7913 KiB)
SHA256: 46F071F989C6A138C2B8835D7FCDFA902AE1697B6B3C1C16581EE34B42E51CC3
*GitHub*
<https://github.com/thundernest/k-9>
<https://github.com/thundernest/k-9/releases>
<https://github.com/thundernest/k-9/releases/download/6.201/k9-6.201.apk>
Name: k9-6.201.apk
Size: 8103232 bytes (7913 KiB)
SHA256: 53F6678B9CF065B2413A53F70BFBF56E2C9C42454DA1A4F37AEC6AD60AB9D53A
*Fair Mail* by Faircode.eu
<https://email.faircode.eu/>
<https://github.com/M66B/FairEmail>
<https://github.com/M66B/FairEmail/releases>
<https://github.com/M66B/FairEmail/releases/download/1.1940/FairEmail-v1.1940a-github-release.apk>
Name: FairEmail-v1.1940a-github-release.apk
Size: 26750634 bytes (25 MiB)
SHA256: DF1B41DD912B90F8F3B57E014C1EDA436FF0D0C89232E007E6DCDBB8B6800E6D
See also:
<https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq173>
<https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq147>
<https://github.com/M66B/FairEmail/blob/master/FAQ.md#user-content-faq111>
Related
I made various purchases with different “main gmail accounts", but always used the same Google checkout.
Now depending on what email I set as first after a new Tom install I can either download a part of what was purchased with that gmail as default or reset and use the other default for the other apps, impossible though to access all purchased, attempts restoring backed up apps result in copyright protection prompts.
Any idea how to solve that?
Sent from my Nexus One using XDA App
I'm wondering the same thing, when I was running android on my tp2 I was using a different account.now I use my gmail and I can't figure out how to transfer my old purchased apps
I got the answer.. but not very appealing...
husker91 said:
I'm wondering the same thing, when I was running android on my tp2 I was using a different account.now I use my gmail and I can't figure out how to transfer my old purchased apps
Click to expand...
Click to collapse
After reading true the Google FAQ I found the answer, anything else than satisfying though...:
- According to Google each purchase is associated with your main account - main account as per definition is the one that you've added first after installing a rom, regardless if your checkout account is associated with another gmail account. They state clearly that if one changes email, he has to buy the stuff again.
Usually not the approach that google takes, and without ending in a collective bash, I still gotta admit that this is quite a primitive way of handling customer relation - at least in my opinion.
[Edit:] I made an experiment with apprain.com, hoping they would be the solution for future purchases, but unfortunately the market app is the dominating part in the triangle between user - apprain - market syncing[/Edit:]
Hi everyone,
I thought of making a thread for all Email issues with ICS on any phone. As there are lots of people out there posting a single comment on certain threads, I thought it would be nice to have a collective post where someone can look at fixing some or share knowledge. Mods if you think this area isn't appropriate please move this thread.
Email Issues with ICS
Issue 1: Google App Server Emails (Personal Domain Emails powered by Gmail) using Stock Email App on Galaxy S2 which is very similar to Android Stock Email App. Its apparent that this doesn’t work in Stock ICS on Galaxy Nexus S.
Symptom: After finishing the process of adding accounts, the Inbox keeps loading but not loads.
Reason: Google or Android has changed a key protocol within the implementation of Active sync (exchange) in ICS where redirecting of m.google.com or m.hotmail.com doesn’t work anymore.
Fix: Apparently fixed in 4.0.4 but no claims yet.
Issue 2: Stock Email App on Galaxy S2 drains battery.
Symptom: Battery only lasts 7-8 hours.
Reason: Google Sync isn’t supported by Android on any other app except Gmail app on Android Platform. Your server also requires a maximum calendar lookback and maximum email
lookback,
Fix: Clear the data from the app and cache, delete all accounts and re add them again. or change the exchange policies.
Issue 3: Corporate Emails won’t sync with Stock Email app (Galaxy S2 or Nexus)
Symptom: Connection Error, Couldn’t download all emails. wont send outgoing mail etc
Reason: Policy not supported, PIN authentication doesn’t exist in ICS, One of the features that's lacking from ICS, is S/MIME.
Fix: Change the Exchange server settings or wait for Android and or Samsung to fix the app and Active sync implementation in ICS. Encrypt your sd card (internal and or external)
Bottom Line: Google doesn’t support all the exchange policies and protocols hence suit yourself. As there are more than 4 dozen policies, they only support the most commonly used. Samsung has rubbished the already buggy Stock Email App from AOSP by adding their own rubbish.
So, we are left with a few choices here:
Change back to Gingerbread where everything use to work.
Change your exchange server policies (Corporate accounts)
Wait until Android fixes redirecting protocol for m.google.com or m.hotmail.com services
Wait until Samsung fixes stock email app
Wait until Google fixes stock email app (wont help samsung guys)
Wait until Android implements correct protocols and policies in ICS and Samsung follows up.
Really pathetic to see this happening and where google passes buck to others for their apps, I thought the whole idea of Open Source was to share and learn. Unlike Linux where its usually fixed quickly and across the board.
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
starfcker69 said:
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
Click to expand...
Click to collapse
I have the IMEI # of the phone added to my account, also the model number (registered in Russian Federation). Could the IMEI be useful? I can PM if interested.
Imeis are quite useful to many people...Just don't pursue this on xda.
Sent from my Galaxy Nexus using xda premium
My account too was almost hacked.
I signed into youtube and a notice was shown that someone from ip in china tried to log into my google account and it denied them and i changed my password. No weird apps nothing.
The thing is probably the app you downloaded.
Just because it has 100 downloads doesn't mean its malware but you need to check permissions always.
Even big games like "Paper Toss" has been know to sell peoples info to companies.
When you read permissions. There should be a list of all the options the app requests.
Be Smart. If you download a calculator, It shouldn't have access to your personal identy, messages and the big key is internet access.
If you download a calender it may need access to contacts but it it also needs internet access, its probably is storing your contacts and sending them out to a site that then sells to a company and lastly, your grandparents receive phone calls asking if they want to buy a service and use your name as who referred them.
Also. rooting is a good option. With an app on here called pdroid or droidwall you can download those apps but it will alert yyou when the app wants to use a permission (like internet) and gives you the option to allow or deny.
good luck
I have one update. I think that after I changed my password and went to two step verification, the purchases of "free" apps and media stopped. It's been four days and nothing new added. So far so good. Thanks for the replies. BTW, Google of no help.
I'd still like to know how the Gmail account was compromised - I may never know.
similar thing just happened to me (Galaxy Note) appeared on my account from no where. When I contacted google if they can help or if they are interested in tracking him down, all they said was we cant help you. And change the pw. Obviously I know that I need to change the pw. I know Apple would have tracked it down somehow if it was an iphone. My pw has 22 characters number letter symbols yet it was hacked.
Since google is not helping me I installed Android Lost app on this NOTE and waiting to get a location update via email. I know it wont do anything much and I cant do anything against him or her since no paid apps were downloaded. Still I would like to do something to crooks like this. He only had 6 apps installed (facebook,viber candy rush) and terminal emulator (which worried me).
I really hope that Android close their unlimited backdoors in the OS.
I realize that this has been an 'issue' for a while now, but I would like to know if there are any new ways secure and use stock email client with Exchange ActiveSync and not have credentials stored in clear text on the device. The same goes for IMAP and POP accounts using the app.
Yes, this is really only an issue on rooted devices, Google's official answer is to enable Device Encryption and that there are other email clients out there that handle credentials better. I personally switched to Touchdown, but would rather use the stock client.
I am trying to come up with a MDM solution for my company and really don't want to have to block devices if I don't have to. But as it stands my only options are have the user buy a 3rd party email client, force encryption and/or block rooted / jailbroken devices or use Citrix and OWA. I've spent a couple days researching this and haven't come up with anything promising that puts a smile on my face.
Any other Exchange Admins out there? How have you dealt with this?
For those who were not aware of your network username, password and domain being stored in clear text. Using Sql Lite open the Email app, Open EmailProvider.db and select HostAuth. Within you will find your connection info staring back at you, clear as day.
Android Issue Log:
https://code.google.com/p/android/issues/detail?id=10809
Google's Response:
https://code.google.com/p/android/issues/detail?id=10809#c128
1st things 1st - My device: Verizon S4 Root/Safestrap/Eclipse/Titanium Pro
Is there a way to not allow this to be done without uninstalling the TweetCaster app? I checked in the app's settings and I don't see any way to stop or not allow updates. I do have Google Play's settings at "Do not auto-update apps" - would this be sufficient? Or may Twitter go behind everyone's back and do this independently through their app and bypass Google Play? I do not want Twitter to be able to identify what apps I have or otherwise have access to my S4 to "target ads" to me.
Please note I Do Not have the Twitter app, I have TweetCaster (if it's different than the Twitter app? I don't know?) I heard facebook was doing this same BS & people deleted the app (I Do Not use FB) and am looking for a way to not allow Twitter to do this (if there is a way to). Thanks (I don't believe the last line below)
>>From Wired.com, Nov 26th<<
Twitter Plans to Peek at Your Apps to Serve You Targeted Ads
Twitter will soon identify the other apps on your phone in an effort to personalize your experience on its service—i.e. serve you targeted ads.
The company discusses the move on its website, and according to the news site Re/code, this sort of tracking will begin with a new version of its iPhone app, set to roll out on Wednesday. A new Android version that works in much the same way will roll out over the next week.
Now a public company, Twitter is exploring many different ways to boost its revenue, and one method is through better targeted ads. The company already has some personal information about those using its service—what they type into their Twitter profiles and the tweets they post—but now, it wants more. “To help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in,” the company says.
In this way, it’s following the lead of Facebook and Google and so many others that seek to target ads. The difference is that Twitter doesn’t have access to nearly as much personal data as Facebook, which inherently encourages users to provide information about themselves, or Google, which operates a wide range of services atop its own mobile OS. So Twitter is reaching out into other parts of the phone, something that is easy to do. The Apple/Google mobile OSes provide ready access to information like this & many apps take advantage of this—some going much further than others.
Twitter says it will point users to its new data policy, via an in-app notification, before it starts collecting any personal information. But the new update is opt-out, which means that in order for the company to stop gathering data on your account, you must explicitly turn this data collection off. But few users are likely to do so.
Source
http://www.wired.com/2014/11/twitter-targeted-ads/?mbid=social_twitter
Lane W. said:
1st things 1st - My device: Verizon S4 Root/Safestrap/Eclipse/Titanium Pro
Is there a way to not allow this to be done without uninstalling the TweetCaster app? I checked in the app's settings and I don't see any way to stop or not allow updates. I do have Google Play's settings at "Do not auto-update apps" - would this be sufficient? Or may Twitter go behind everyone's back and do this independently through their app and bypass Google Play? I do not want Twitter to be able to identify what apps I have or otherwise have access to my S4 to "target ads" to me.
Please note I Do Not have the Twitter app, I have TweetCaster (if it's different than the Twitter app? I don't know?) I heard facebook was doing this same BS & people deleted the app (I Do Not use FB) and am looking for a way to not allow Twitter to do this (if there is a way to). Thanks (I don't believe the last line below)
>>From Wired.com, Nov 26th<<
Twitter Plans to Peek at Your Apps to Serve You Targeted Ads
Twitter will soon identify the other apps on your phone in an effort to personalize your experience on its service—i.e. serve you targeted ads.
The company discusses the move on its website, and according to the news site Re/code, this sort of tracking will begin with a new version of its iPhone app, set to roll out on Wednesday. A new Android version that works in much the same way will roll out over the next week.
Now a public company, Twitter is exploring many different ways to boost its revenue, and one method is through better targeted ads. The company already has some personal information about those using its service—what they type into their Twitter profiles and the tweets they post—but now, it wants more. “To help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in,” the company says.
In this way, it’s following the lead of Facebook and Google and so many others that seek to target ads. The difference is that Twitter doesn’t have access to nearly as much personal data as Facebook, which inherently encourages users to provide information about themselves, or Google, which operates a wide range of services atop its own mobile OS. So Twitter is reaching out into other parts of the phone, something that is easy to do. The Apple/Google mobile OSes provide ready access to information like this & many apps take advantage of this—some going much further than others.
Twitter says it will point users to its new data policy, via an in-app notification, before it starts collecting any personal information. But the new update is opt-out, which means that in order for the company to stop gathering data on your account, you must explicitly turn this data collection off. But few users are likely to do so.
Source
http://www.wired.com/2014/11/twitter-targeted-ads/?mbid=social_twitter
Click to expand...
Click to collapse
I think Tweetcaster is a third party application just like Falcon doesn't have anything to do with the default twitter app. .Or you can just see if that option is listed their within the Tweetcaster application to opt out of it.