Better Mobile App

Is your app spying on you?

Most of the app now require acces to the phone calls..even a news app requires it, sms app such as go sms also requires it. So I want to know after knowing that an app will be able to acces your phone call you still download it? And does anyone in what way the developers use such info?
Sent from my E10i using XDA App

Excellent topic, I'm really troubled by this. The business world makes a whole lot of money based on the average persons inertia - their lack of information or willingness when it comes to the products and services they use and the money they use to pay for them. Particular mobile phone network providers come to mind, who are happy to charge the most expensive prices because people don't know or don't care.
This lazy attitude is seeping into the Android app world. It will be a small per centage of us who will realize this threat and do something about it - exactly like cookies and public wifi privacy etc.
For those of us already interested, are there websites or apps which can guide us on this?

I had thought about it before but it seemed to be all apps out there at least need to access your internet, calls, phonebook and etc.. Not sure really if some of these nasty apps has the evil purpose to steal our vital informations in the phone... say if we're checking our bank account or something similar..
What I practice:
1) Installed AVG pro and do scan regularly, and set to scan every newly installed apps.
2) Use both cache cleaner and history eraser to clean up all traces once a day.
3) Hope they don't see me as a target.

Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!

Deehee3 said:
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Click to expand...
Click to collapse
What about data? When you install an app in most cases you allow data access to it.

Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App

Deehee3 said:
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Click to expand...
Click to collapse
What if not? What if app you´ve installed is spying on you and sending info to hackers. How would you know?

On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...

On other systems, apps usually have an user/administrator scheme, where the 'user' has access to some things and 'administrator' has access to everything.
There is no such thing on Android (except if you have a rooted phone and some app asks for superuser access, but you get a requester asking for permissions as well).
Each app has to specifically ask for permissions or the system will deny it. A spyware has to ask for those permissions or it won't work.
Some permission requests to look out for:
- "Call phone"
can be used by the application to silently dial some "premium" numbers
- "Send SMS"
can be used to send SMS to special "premium" numbers
- "Record phone calls"
can be harmful if associated with "internet access" permission
- "Access fine location"/"access coarse location" and "internet access"
can be used for tracking purposes
Many apps ask for:
- "Phone identity" / "internet access"
they use it for "statistics purposes" (flurry.com mostly) but it is bad. The developer should always inform the user about those.
BTW, that an app is open source makes no difference. Someone can always (willingly or not) tamper with the final build. And not everyone reviews open source apps.

zapek666 said:
A spyware has to ask for those permissions or it won't work.
Click to expand...
Click to collapse
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?

ppirate said:
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
Click to expand...
Click to collapse
Don´t tell me that you evaluate the source code of each application you load from the market. And even so, how would you know the difference between what is shown to you and the final build, available on the market?

vlissine said:
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
Click to expand...
Click to collapse
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Android apps are all sandboxed into their own homes.
A good example of a suspicious application is HTML5 Reference.
"This HTML5 reference lists all tags supported in the HTML5 specification.", fine. Let's look at the permissions:
Network communication: full Internet access
Phone calls: read phone state and identity
While the first 2 could be produced as a side effect of the developer implementing some "statistics library" (flurry.com or so), the next 2:
Your location: fine (GPS) location
Your personal information: read sensitive log data
Are a giveaway that this app does a bit more than just listing HTML reference tags

zapek666 said:
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Click to expand...
Click to collapse
Ok, how about a picture viewer, which usually picks pictures from each and every
directory, no matter if you want it (and not only from memory card).

Hey vlissine and zapek666. You both have a point.
One individual cannot review every code he or she uses. And also one does not only uses his or her own builds of the projects. But every now and then, I have to go into a project, mostly to add functionality. During that time, I usually have to go over a lot of code to understand the program. It is no guarantee, but you can imagine that some strange code will stand out.
I'm surely not the only person. So while one individual is not capable of such an endeavor. A lot are.
Your other point is as valid as can be. But here again, builds are comparable.
Surely, one does not have to find himself or herself obliged to use certain kind of projects. But to me, when I have the change, I use and support the open source project. One important reason is because of the concern raised by the original poster!

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Apparently we were not that paranoid, thinking of spying apps

Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..

farsight73 said:
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
Click to expand...
Click to collapse
One more option - stop giving stupid advises when you have nothing to say.

maybe apps need to call functions or need it to run?
write them your self if your that bothered?
...
Sent from my E10i using the XDA mobile application powered by Tapatalk

[Q] How can we stop Android from phoning home?

Many of you have probably already read the news:
Apple, Google Receive Phone Users' Locations
I must say, they're doing it to a degree beyond what most of us may have assumed was taking place.
How can we stop this? Do we know if cooked ROMs also do it?
Update 4/25/2011 5:00PM ET:
- Here's how I stop Android from phoning home.
- I dont' use this, but here's a sweet google removal script.
- A seperate thread for discussion: Why the data Android sends to Google is less anonymous than Apple's implementation
Update 4/26/2011 9:25PM ET:
- [Q] How do we protect our Android device from the CelleBrite UFED?
Update 6/8/2011 5:24PM ET:
- Use Autostarts to stop apps from opening behind your back!

Its not that they care where you are personally, you're more of an anonomous statistic to them. They use these huge mountains of collected data to decide which markets are the most potentially lucrative fir them to invest their zillions of dollars of advertising and marketing money into. You and I will likely never be directly affected by our locations being disclosed, save for more accurate search suggestions from our google search widgets.
Sent from my HTC HD2 using XDA App

I'll ask again to try and keep this thread on topic. Anyone who wants to discuss why the companies do it is free to start another thread and discuss that there.
How can we stop this? Do we know if cooked ROMs also do it?

Droidwall...

I was so mad when I heard what they were doing, I wanted to throw my phone out the window. How is it even legal for them to do this, regardless of where its anonymous or not its still bs and I want that crap off my phone. I am a newb to the whole android and software thing and I wish I could help.

There out to find your house and steal your prized poodle. Honestly if its for marketing then it what it is. Honestly if you want to get mad at something, get mad at T-Mobile for throttling 4G speeds. I see what your saying but I would like them putting the right ads for my area and know quickest way to the quickie-e-mart.
Also we are using their OS.
Every other OS is monitored also.
Sent from my UD Glacier

What's with the useless comments defending these companies?
Can anyone answer the question - DO cooked ROMs also track your location?
According to this article, Android tracks the last 50 mobile masts and last 200 WiFi networks.
This is a problem, anyone have the solution?

I found this comment on one of the articles, does this explain it?
All mobile phones keep a record of the locations and unique IDs of the most recent mobile masts that it has communicated with. It's called the neighbour cell list and normally it enables the phone to connect to the network more quickly than it otherwise would. GSM mobile phones have done this since about 1992.
To see the benefits storing the neighbour cell list compare the time it takes a mobile to find a network after it is switched on in a new location, e.g., after a long flight, with the time it takes to find a network when the phone is switched on in the location where it was switched off.
The difference in the iPhone case is that the iPhone is keeping this information for such a long period of time.
Click to expand...
Click to collapse

wrapper said:
I found this comment on one of the articles, does this explain it?
Click to expand...
Click to collapse
That is about the iPhone storing, not about a device sending GPS location data day and night.
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.

There's a related app named HiSurfing, but one reviewer says that does not work as well as DroidWall. Seems DroidWall does a better job of keeping things from slipping out when they've been blocked.

Darnell_Chat_TN said:
So far, the only mentioned potential solution is Droidwall.
I'm going to play around with that.
Click to expand...
Click to collapse
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.

I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.

wrapper said:
The only viable option I can see to block is "10052: Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync."
Problem is, I use some of these.
Click to expand...
Click to collapse
Yea, it uses a different listing number on my device, but "Network Location, Google Calendar Sync, Google Services Framework, Google Contacts Sync" may be the one to disable to stop the device from phoning home. I sync my data locally (via MyPhoneExplorer), so I can't think of any personal need for those, I've disabled that from all network and WiFi connectivity.
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.

Darnell_Chat_TN said:
I've done some testing (blocking an app I could test with) and the firewall continues to work even after exiting DroidWall and even after killing DroidWall with a task killer. That's good to see so it won't be any burden on the battery.
Click to expand...
Click to collapse
That's because DroidWall is just an interface for iptables, the built-in firewall. So your battery life will not change at all, that's correct.
I'm not any expert that can test for "certain" whether my device has really stopped phoning Google with my location data, but this seems to be the best shot for now.
Click to expand...
Click to collapse
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.

frosty_ice said:
You could connect to your wireless network, run a sniffer like Wireshark on your PC and check whether any packets are transmitted to Google servers.
Click to expand...
Click to collapse
Or turn on my router's logging and check there, yea either of those would work.
Not sure if/when I'll get around to it .

droidhell said:
I have ultimate juice defender it has a section in it where you can control how and when apps connect to the network, but I don't know if it will stop the Droid from phoning home.
Click to expand...
Click to collapse
that seems like the best app if it works, any way to verify?

slapshot136 said:
that seems like the best app if it works, any way to verify?
Click to expand...
Click to collapse
I'm new to Droid, I really don't know how to test and see, it does stop other app really well, as far as a OS I don't know.

From what i here it's all stored in a location history file.
One simple solution might be to routinely delete this file.
Doesn't exactly solve the problem.

Might we consider expanding the subject to protecting our privacy? If not, I apologize in advance, as I think it is all connected.
It is probably Darnell's call, as he started the thread.
In the meantime, please consider this article: http://bit.ly/gCynrh

So let me understand this. I buy access to a network for my phone, which I also paid for. My location information, which is the result of my purchases is being used to generate income. So I'm allowing my spent cash to generate data and be leveraged to generate income. My information wouldn't exist with out my investment in the technology, so I own it.
I'm paying to be stalked !!!
Reduce my bill, provide remuneration for my investment in this technology, prove that it's anonymous, remember since I paid for the means to generate the data- the data belongs to me.
BTW for $1.50 I'll wire the battery to switch off, try getting data then.
I'd rather have an app which monitors my relevant info and bills the users for access to it.

Researcher Says That 8% of Android Apps Are Leaking Private Information

http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.

Ur a good man
Sent from my PG86100 using XDA Premium App

Get an iPhone then.

Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.

Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.

if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning

This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.

A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol

xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol

Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.

I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.

Oh look iOS does this too.
/troll

DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%

[Q] How can I tell which things are running?/How to know if an app is trustworthy?

Hey,
When I turned on my phone the RAM it was taking was 300 MB, after a days use it is now 500MB (even after pressing 'clear RAM' button).
I've entered Settings->apps->running and it shows only two small things (the keyboard and some weather widget) which combined take only 20 MB.
So what is the rest of the memory is beign allocated for?
Thank you.

Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app

Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications

pc103 said:
Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
No, the closest I have is "Task Manager".
lenovoOwner said:
Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications
Click to expand...
Click to collapse
Thank you, indeed I see some more RAM guzzlers, but It seems like they make up most of the addition but not all of it ... plus funny thing, when I try to close everything (in 'running' and 'cache) and I reenter- here it is there again...
1) Can I see all of the elements that take up my ram (the system as well)?
2) Can I close them properly?
Thank you very much.
PS. Is there some comfortable way to jump between apps? Like in the Iphone where by pressing the 'Home' button will show you a bar with a row of icons of the currently active processes....

For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app

pc103 said:
For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
LOL {hit myself on the head}, didn't occur me to try...
pc103 said:
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
Click to expand...
Click to collapse
pc103 said:
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
I was hoping there is a way to avoid using apps...
Ok, I suppose it opens another question which I thought about creating a new thread for, but if the opportunity already arose...
How do you actually know if you can trust an app?
I'm kinda new to android and I'm much more used to the opennes of windows, also I'm pretty paranoid (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...

oy-ster said:
How do you actually know if you can trust an app?. . . (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...
Click to expand...
Click to collapse
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.

pc103 said:
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.
Click to expand...
Click to collapse
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
thx.
PS. my version is 4.1 but I'll see what I can do about Appops.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?

oy-ster said:
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
PS. my version is 4.1 but I'll see what I can do about Appops.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?
Click to expand...
Click to collapse
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.

I forgot to mention. 4.3 I'm running is on the 4.1.2 bootloader, completely avoiding lopsided knox security. I hope I didn't appear to recommend the OTA update. That's a personal choice.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app

pc103 said:
Quote:
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
Click to expand...
Click to collapse
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
pc103 said:
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.
Click to expand...
Click to collapse
Oh. Got it.
Anyway, Thank you!!!

oy-ster said:
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
...Anyway, Thank you!!!
Click to expand...
Click to collapse
You're welcome. To be fair, most times I've seen postings by people who background checked code it was in rom threads, or over root exploits or security apps. In most other cases due diligence is our best defense.

Best ROM today? Best ROM tomorrow? (no gapps)

I'm wondering what people think is the best ROM (no gapps) for this phone today, and how that's likely to evolve over time.
Do any ROMs stand out in terms of features, performance, or battery life? Are there any ROMs that have significant problems?
Are any ROMs "official", or likely to be? Should that be a concern or factor?
Also I'm looking to set this up no gapps, so micro-g integration is a factor. It seems like the Magisk module should work well enough with most ROMs, but I'm new to this part.

Bump. Anyone…?

"Best" is such a personal thing that I can only tell you that I'm using Resurrection Remix and am extremely pleased; lots of customization, stability, Slim Recents, and no Gapps are what make it perfect for me.
It's the first ROM I tried on this phone, and it works so well for me that I'm not (currently) considering trying something else...although my curiosity and general nature (see my sig) may lead me to trying out a different ROM...eventually, maybe.
- Resurrection Remix has a long history, but who knows for sure about developement for this phone?
- Feels nice and snappy to use, but I have no Gapps and I've only installed a few (5 or 6) apps.
- Battery life is great, for me, I don't use my phone much and go 3-4 days with still 80% left.
- Not interested in Google or microG, so can't speak to that.

TiTiB said:
"Best" is such a personal thing
Click to expand...
Click to collapse
Certainly there's allowance for people to describe what they consider best.
TiTiB said:
I'm using Resurrection Remix and am extremely pleased
Click to expand...
Click to collapse
So far I'm liking RR, but IIUC there's no plans for that to be official for this phone.
Previously, I loved CR-Droid, but on this phone it's missing a lot. IIUC, there's a plan to make that official, but I haven't seen any progress for a few months.
TiTiB said:
Not interested in Google or microG, so can't speak to that
Click to expand...
Click to collapse
I'm curious, how does that work? I'm new to de-Googled phones, and I thought microG was kind of necessary to get most apps working. It certainly seems important for apps that use location, eg weather and mapping.

go vegan said:
Certainly there's allowance for people to describe what they consider best.
So far I'm liking RR, but IIUC there's no plans for that to be official for this phone.
Previously, I loved CR-Droid, but on this phone it's missing a lot. IIUC, there's a plan to make that official, but I haven't seen any progress for a few months.
I'm curious, how does that work? I'm new to de-Googled phones, and I thought microG was kind of necessary to get most apps working. It certainly seems important for apps that use location, eg weather and mapping.
Click to expand...
Click to collapse
I do my best to never allow anything to know my location. I use Open Street Maps in offline mode for maps, my weather app uses my zipcode, etc.
I'm totally ungoogled on my phone. F-droid apps only.
EDIIT: Preemptive correction. Not true about F-droid apps only, or even FOSS only. Obviously Brave Browser, for instance, is neither.

TiTiB said:
I do my best to never allow anything to know my location. I use Open Street Maps in offline mode for maps, my weather app uses my zipcode, etc.
Click to expand...
Click to collapse
I've been using this - https://f-droid.org/en/packages/com.tobykurien.webapps/
If I want a "web app" to have access to my location, I can permit that on an as-needed basis.
I'm also migrating towards weather apps from F-Droid - https://search.f-droid.org/?q=weather&lang=en
TiTiB said:
I'm totally ungoogled on my phone. F-droid apps only.
Click to expand...
Click to collapse
I'm not there yet, but I think I'm on my way. Location (via microG/NLP) is handy for lots of things, especially when I have control over it.
I'm new to de-Googled phones. Can you point me to resources about the pros and cons of microG? I was under the impression that it's kind of necessary for notifications and location services…? But maybe if you don't need/want notifications and location services, then there's no need for it?

go vegan said:
I've been using this - https://f-droid.org/en/packages/com.tobykurien.webapps/
If I want a "web app" to have access to my location, I can permit that on an as-needed basis.
I'm also migrating towards weather apps from F-Droid - https://search.f-droid.org/?q=weather&lang=en
I'm not there yet, but I think I'm on my way. Location (via microG/NLP) is handy for lots of things, especially when I have control over it.
I'm new to de-Googled phones. Can you point me to resources about the pros and cons of microG? I was under the impression that it's kind of necessary for notifications and location services…? But maybe if you don't need/want notifications and location services, then there's no need for it?
Click to expand...
Click to collapse
Haven't had interest in microG in years, and don't have any info about what is or is not required for location or notifications. I have no need for either. I use my phone for calls, texts, and, very rarely, web access via Brave, Bromite, or Fennec—that's it. If need to look at a map, I have it already downloaded is OSM.

TiTiB said:
I use my phone for calls, texts, and, very rarely, web access via Brave, Bromite, or Fennec—that's it. If need to look at a map, I have it already downloaded is OSM.
Click to expand...
Click to collapse
I use a dumb-phone for calls and texts. I use a smart-phone as a pocket-size portable computer.

Which custom rom did you end up trying? Im also on the same boat as you in terms of wanting to degoogle. I just successfully unlocked the bootloader and rooted the device via magisk. Now I'm trying to figure out the next step in getting rid of gapps and having microG in place of play services. The user fulalas created a debloat magisk module, and if that removes core gapps I'm wondering if implementing that and then installing microG will be the solution for me