What bothers me is that some have it and other do not. It’s not hey guys it’s 2018 no one gat shieeet. no. Those who got it may not be on facebook, (or they even may) but you ask any of them who has real privacy, a question you’re gonna get: No Comment over and over again. Whether a personal, societal or national question. Guess why. Because that’s what privacy means, for those that can see more than 2 colours.
Are you not anything special in the eyes of the government, nation or whatever. No privacy for you. You work there? Oh, now you’re eligible of course. As george carlin said in one of his stand-up comedy shows: You and ME, we are not in the “club” Okay?
There are no real viruses on Android to worry about as everything is sandboxed inside a hypervisor. There are just rogue apps, apps that request permissions that the user mistakenly or absentmindedly grants. So unfortunately @pFtpr this actually is a bash android permissions thread.
I think the best way to systematically address this would be for users to vote to assign reputation to each permission and also require explanatory notes and designate each permission request as optional or mandatory from the developer, on each app. So you install Facebook Messenger, and it requests:
Precise location - 81% OK - Optional - This lets you tag your messages with your location.
Photos and media - 92% OK - Optional - This lets you attack photos, videos, and sounds to your messages.
Camera/microphone - 95% OK - Optional - This lets you take pictures and record audio to send to your friends.
Read, send, and receive SMS messages - 14% OK - Optional - This lets Facebook Messenger handle all of your SMS text messages.
Read phone status and identity - 5% OK - Optional - This lets you use Facebook Messenger to make phone calls.
Run at startup - 91% OK - Optional - This starts Facebook Messenger when your device turns on.
Draw over other apps - 40% OK - Optional - This allows faces to show on the corner of your screen.
And then anything voted >85% OK would be colored green, and anything mandatory would be bold, and anything red and bold would require the user to select “Yeah I know what I’m doing and really want to do this” to grant that permission.
Because that’s not Androids fault, but the developer’s, an app should still work with the remaining functionality. If it doesn’t either it’s really needed or on the developer.
In that case I don’t install them, but to each their own I guess.
'nuff said.
And who is supposed to check if that information is correct and complete? Especially on closed source apps?
As mentioned by other, a antivirus application which does not run as root (or with elevated privileges) is pointless. Apps are isolated from one another on many different layers and Android might just decide to kill a background application. Therefore, it may not even be running 100% of the time.
As for security features, I think Android improves as time passes. They have implemented a granular permission system and added SE Linux, which dramatically increases the security of a device if the rules are good/strong.
@Ruffalo There is genuine malware for Android and not just rogue apps, etc. For example, exploiting Stagefright could enable an attacker to create a Virus or Worm. (Luckily, Stagefright is rather dated).
I think the most important factor is updating the OS. Unfortunately, many OEMs let their device die after a rather short time span. Hence, the customer has to install a custom ROM in order to receive necessary security updates.
The Facebook app mentioned above wouldn’t be considered malware in the first place. The best method would be not installing this app, or heavily restricting its access through the permission system (and Lineage’s privacy guard, if Lineage is installed).
Indeed, I didn’t mean to say there were zero real non-rogue app threats on Android, but they are exceedingly rare.
@mihawk90: There’s no way to address that except by checking and trusting the app’s privacy policy. For example, if it asks for access to your photos to bejazzle them with kitty cat ears but actually uploads your tasteful nudes to the cloud to be printed in Lebanese porno rags, there’s no easy way to track that down.
Like the data collection there should be a service/AI whatever something, you could subscribe to or a one-time fee that instead of collecting. Scours the net for information from your ip’s, mac adresses etc. Thereby deleting anything you may have said and done. Now that’s would be an awesome service and real privacy. Is it happening? NOT
Seems I misunderstood you there. But you are right, why should malware developers deploy sophisticated attacks, when users can be coerced into installing some random crap in the first place. Interesting enough, if the device has anything less than Android 8.0, a zero permission app can basically get all permission it desires. ( Cloak & Dagger )
And install custom they should. It bring with it a wealth of things to improve your use and choice when using android. Including APP OPS!
Therein you can individually turn off any apps permission granularly. While pointed out above, cutting off all permissions will frequently break apps, but cutting them off one by one till you find the breaking point is a much better way to do it and then decide if what it still needs is okay for you.
It can even let you turn things off like camera permissions that if you were to use the camera through the app after it would crash, but if it is an app that you never use the camera with and do not want it trying to use it itself they frequently keep working fine as lo g as you don’t invoke that permission. This makes things safer and also let’s you know if shady things are happening as you can see the app crash when it tries something you have not allowed, if you did not cause the crash the app was up to not good.
Problem is… how do you explain your grandma how to install and maintain a custom ROM?
The simple answer is you don’t, and the not so simple answer is you do it for her and all of her 500 facebook friends. So… not really an option.
Imo not providing updates even through the warranty period should be treated as planned obsolescence, and most countries have laws against that already.
But it’s also a bit the fault of the users “needing” new phones every 6 months as soon as something new comes out, regardless whether they need it or not. Because 8 cores and 6GB of RAM is not enough for the facebook app I guess?
No, you just missed it. The proposal isn’t meant to force companies to adhere to their own privacy policies, because that’s impossible outside government regulation. The proposal is intended to inform users so they can make an educated decision without being obligated to go do an unlikely amount of homework.
I understood your proposal, but how are they to make an educated decision, when the information given is wrong and/or incomplete (and there’s no way to verify it)?
User ratings: Wisdom of the crowd, information trends towards being neither incomplete nor wrong, of course limited to information available to users.
Optional/Mandatory: If this is incorrect, you would immediately notice that and vote it down.
Written explanations: Come from the developer, and you have to trust them not to lie. Still offers some value for popular apps from large corporations. Facebook never actually lied.
It’s Androids fault for making everyone trust, some developer or business, they don’t even remotely know and for allowing for example camera apps, to access the web etc. This should be controlled by Android as a seal of quality on their os and code, instead of allowing unknown developers free reign. End of story
IDK what I’m reading here and honestly don’t know what to say lol.
So basically it’s Android’s fault that people are stupid? OK then.
Possible without that proposal, and already being done on the App Store.
So it’s the same situation as it is now, you have to trust the developer. It doesn’t change anything.
But still a billion people gave them full access (probably without even reading the permission texts and/or privacy policy and/or terms of service).
Point is: people that do this today won’t change that even if it were mandatory (and assuming it would be correct information).
No it means, that transparency should’t mean idiocy instead. If Android set certain categorical limits to what apps can and can’t do by their category. Developers can’t use the information (or even ask) Instead we got forced permission, which is what it basically is, now.
Noone is forcing you to use any app. If an app wants permissions you think it shouldn’t have, don’t allow them. And if the app doesn’t work after that, uninstall it and use an alternative. There’s alternative apps for pretty much everything these days that don’t want stupid permissions.
When I see a game that I might like and that want’s all the permissions, I deny it and tell them to fk off. Simple as that.
And besides that there are apps that just actually need those permissions because it’s what they do.
Don’t support the idiocy of stupid people, it won’t end well.
