//honeypot demagogic

 Forum DhammaCitta. Forum Diskusi Buddhis Indonesia

Author Topic: Google Removes Vital Privacy Feature From Android, Claiming Its Release Was Accidental  (Read 4258 times)

0 Members and 1 Guest are viewing this topic.

Offline kullatiro

  • Sebelumnya: Daimond
  • KalyanaMitta
  • *****
  • Posts: 6.116
  • Reputasi: 95
  • Gender: Male
  • Ehmm, Selamat mencapai Nibbana
Yesterday, we published a blog post lauding an extremely important app privacy feature that was added in Android 4.3

. That feature allows users to install
apps while preventing the app from
collecting sensitive data like the
user's location or address book.


 After we published the post, several people contacted us to say that the
feature had actually been removed in Android 4.4.2, which was released earlier this week. Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone.
When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.Many instances of apps "breaking" when they are denied the ability to collect data like a location or an address book or an IMEI number can easily be fixed by, for instance, giving them back a fake location, an empty address book, or an IMEI
number of all zeroes. Alternatively, Google could document for developers that these API calls may fail for privacy reasons. A good hybrid would be to use fake data for old versions of the Android API and cleanly defined Java exceptions in
the next API level . As with many other changes that occur across Android devices and Android versions, some app developers might have to do minor updates to keep up.
The disappearance of App Ops is alarming news for Android users.The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.
A moment ago, it looked as though Google cared about this massive
privacy problem. Now we have our doubts. The only way to dispel them frankly, is for Google to urgently reenable the App Ops interface, as well as adding some polish and completing the fundamental pieces that it is missing:

Android users should be able to disable all collection of trackable identifiers by an app with a single switch, including data like phone numbers, IMEIs, information about the user's accounts.

There should be a way to disable an app's network access entirely. It is clear that a large fraction of apps (including flashlights, wallpapers, UI skins, many
games) simply don't need network access and, as we saw last week, are prone to abuse it .

The App Ops interface needs to be smoothed out an properly integrated into the main OS user interface, including the Settings->Apps menus and the Play Store.

There are numerous ways to make App Ops work for developers. Pick one, and deploy it.

In the meantime, we're not sure what to say to Android users. If app privacy is especially important to you — if, for instance, you want to be able to install an app like Shazam or Skype or Brightest
Flashlight without giving it permission to know your location —

we would have to advise you not to accept the update to 4.4.2 . But this is also a catastrophic situation, because the update to Android 4.4.2 contains fixes to security and denial- of-service bugs

. So, for the time being, users will need to chose between either privacy or security on the Android devices, but not both.


https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them

Offline kullatiro

  • Sebelumnya: Daimond
  • KalyanaMitta
  • *****
  • Posts: 6.116
  • Reputasi: 95
  • Gender: Male
  • Ehmm, Selamat mencapai Nibbana
What Do Your Android Reader Apps Know About You?
« Reply #1 on: 23 December 2013, 11:09:50 AM »
When you read a book or an article on your Android device, how much power—and access to your personal
data—are you giving the app? A new comparison of 17 of the most popular reader apps, compiled by Matt Bernius, answers that question, and in some cases users may be revealing much more than they think. Nearly a quarter of the apps tested required access to location information; half of them ask for "phone state and identity", which would let them grab people's phone numbers and IMEI numbers; and a couple can retrieve a list of other running apps.

Android apps are required to specify what sort of access to the phone they can use, but these "permissions requests" screens can be opaque,
and without a chart like this one, it
can be difficult to tell if there are subtle but legitimate reasons why a particular class of app needs a particular type of permission.





 Unfortunately, Android permissions operate on a "take it or leave it" model. Google briefly included a hidden privacy feature that allowed users to deny certain requested data and access to apps, but has removed it in the latest version of Android.

There ways to get the privacy control back if you have a rooted device or install Cyanogenmod . But mainstream Android users are out luck.

https://www.eff.org/deeplinks/2013/12/your-android-reader-reading-you