iOS Photo and Video Privacy Issues Highlighted with New Test Application

Amazing Iceman · Feb 28, 2012

Brandon Abell said:
You really don't see the difference between permissions for a file's metadata, and permissions for the file's *contents*?

Wow.

The problem in question is with photos. Granting access to photos means granting access to the actual image and any metadata embedded in each photo file.
This has been happening for a very long time already, and now the media is starting to make a big deal about it.

So, what are you talking about, that I don't see the difference of what?

danimal99 · Feb 28, 2012

This is not an issue and it makes me wonder how long all these people showing outrage have been using these devices. This isn't trying to sneak anything by the user- the location permission popup was added a couple of iOS versions ago specifically because photos contained location data. Accessing your photos or camera are only an issue because some knucklehead is trying to make it an issue. Apps can't just go grab photos out of your library. It does NOT work that way.

All of us who are actual developers have to be shaking our heads at this.

BaldiMac · Feb 28, 2012

kalsta said:
It was and is a problem. But there's a pretty big difference between downloading a bit of shareware from a developer you've never heard of, and buying an app from Apple, knowing that Apple has approved it.

And yet, in the last two decades, I doubt you could find many people complaining that all Windows apps can access your photo library. Let alone a NYTimes story about it.

Apple states:

'The app approval process is in place to ensure that applications are reliable, perform as expected, and are free of explicit and offensive material.'

If an app asks for permission to access your location, and then secretly uploads all your personal photos to a remote server, do you think that meets Apple's stated goals? Has it performed as expected?

Make no mistake, Apple took on a serious task when they created the App Store and individual app vetting. It was a huge undertaking, and I respect that, but having undertaken it, they have a responsibility to users who might reasonably expect better protection of their private and potentially sensitive data.

So because Apple is trying to do all they can to prevent malware on iOS, you expect them not only to be perfect, but also protect you from theoretical threats in addition to actual ones. That standard is too high.

Apple has a procedure in place if a app manages to sneak functionality through the vetting process that violates Apple's guidelines. The app can be removed from the store, killed remotely if necessary, and the developer can be prevented from distributing any more apps. This is a big stick.

krzyglue said:
I agree, except for your assertion that "iOS does more to prevent the actual problem" than any other OS. While Android's un-regulated market is an issue, the fact that when you download an app, the user is informed of what information it can access is a definite plus over iOS. No this is not infalliable, but this is one layer of security iOS does not have. A user would/should be mighty suspicious if a flashlight app needs access to your location data or contacts. Or, if you're going to argue that such a flashlight app wouldn't make it to the store, this would at least give the user choice when downloading an app. Privacy after all, should be within our control.

Anyone who knows anything about security will attest to the fact that a good defense consists of layers of protection.

I'm not sure how that disagrees with my statement. Android does something different than iOS, but Apple does more. And, of course, Android's permission strategy is of questionable value when you consider the problem of notification overload. The Android permission system would have done nothing to prevent the last two iOS privacy issues highlighted by the media (Path and photo library accesss).

doctor-don said:
NO app should be allowed to access a user's address book - ever. If it does, it's right down in the gutter with Tagged, LinkedIn, Shoppybag, etc. Next thing you know, email is being sent to people in your address book, and the addressees open it because it came from you. Make the fine for this abuse equal to the net value of the person or company doing it. Or just OFF WITH THEIR HEADS.

You didn't really think that one through, did you?

Winter Charm · Feb 28, 2012

Mad-B-One said:
What happens if you jailbroke your phone? Now, Apps don't even get tested if they use loopholes like this. One more reason for me to stay inside the AppStore environment. At least I could sue Apple if their software allowed for it and despite their review of Apps they still break into my libraries.

I fully understand that the loophole needs to be closed regardless. And I assume that this is not the only one. Probably browsing history, documents and others are accessible without asking for proper permission somehow. I know, I assume a lot here, but since this is already the second major workaround the users' proper permission, I am probably not too far off.

Edit:
I hope they integrate something like a rights library which defines categotries of data, each prompting a different permission pop-up box so that Apps still work. The oposite, the pure sandbox where Apps can only access their own data, would be horrible. The user just has to be aware what which App is allowed to do and has to have contol of it.

100% agree. Toggle switches, exactly like they have for location services, would be a welcome change.

parapup · Feb 28, 2012

gkpm said:
OK Android fans, so which is the permission to read the photo roll on Android?

There isn't one for reading existing photos from gallery. It is understandable because just reading photos doesn't do much - they have to transmit it somewhere or modify them or take new ones to do the damage. For that, there are permissions.

So if a Flashlight app is asking for Internet permission or SD card write permission or Camera permission - there is every reason to not install it. So you can find a Flashlight app in market that only requires enabling the LED permission and you are assured that it won't be able to transmit/modify/take new pictures.

tl;dr - having a permissions model and easily and reliably verifiable runtime is much better than not having one and relying on manual surface testing.
Besides it is technically easy to verify runtime execution of Android apps as it is not native code. That's what Amazon does I think with their app store - there was a story about rejection due to excessive permissions and app doing more than the stated purpose. (Can't find the link right now.)

gkpm · Feb 28, 2012

parapup said:
There isn't one for reading existing photos from gallery. It is understandable because just reading photos doesn't do much - they have to transmit it somewhere or modify them or take new ones to do the damage. For that, there are permissions.

Well but most Android apps will have "Internet access" permission, that's very very common. Users won't even bat an eyelid over that one.

So an Android app with just "Internet access" permission can read all the photos - which doesn't need permission - and upload them to a server. Slightly frightening given that Android apps don't get that much checking at all.

To make matters worse, if apps want to be extra sneaky on Android they could even upload the photos via the web and Android's Intents system - without declaring an "Internet access" permission. No permissions at all necessary then.

I feel that, to have singled out iOS, the NYT either under-researched the topic or had other motives in their agenda.

krzyglue · Feb 28, 2012

BaldiMac said:
I'm not sure how that disagrees with my statement. Android does something different than iOS, but Apple does more. And, of course, Android's permission strategy is of questionable value when you consider the problem of notification overload. The Android permission system would have done nothing to prevent the last two iOS privacy issues highlighted by the media (Path and photo library accesss).

It's not a question of whether Apple does more or less, or whether Android does more or less. My point I'm trying to make is that while Apple may currently have a better system, the almost dismissive attitude you seem to be implying is unwarranted. Android has a layer of security that the App store ought to implement as well.

I also disagree with your assertion that the Android system is somehow ineffective. For one thing, it's hardly "information overload" when a user downloading an app is presented with a concise list of all the permissions the app needs to run. And no it wouldn't "prevent" the issues (whatever implausible definition there may be for prevention here), but accessing "Your personal information" would have been on the list for Path and accessing "Storage" would have appeared for the photo app when downloading from the Android market.

Besides, as I stated previously, this goes beyond just security as well, but allowing informed user choice.

jonnysods · Feb 28, 2012

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9A405)

Interesting. I dont really think that much about my info, I'm glad that someone is trying to look out for us (I think)

kalsta · Feb 28, 2012

BaldiMac said:
And yet, in the last two decades, I doubt you could find many people complaining that all Windows apps can access your photo library. Let alone a NYTimes story about it.

What Windows does and what the NY Times writes about is irrelevant. I'm talking about the situation with iOS and the App Store. Apple has taken it upon themselves to create and promote a platform where the user shouldn't have to worry about whether a particular app is siphoning their private photos off to some server. Giving an app permission to access location data should never allow that same app indiscriminate access to your photo library. End of story.

Just so you know, I'm not a Windows or Android fan. I am a long-time Mac user, and I also very much like the elegance and simplicity of iOS. But I will not defend Apple blindly. I applaud much of what Apple does, even defend them from time to time against some of the prejudiced nonsense that gets thrown around by religious tech zealots (I'll avoid mentioning any specific platforms here!)—but from time to time I am also critical of Apple.

Do I hold Apple to a high standard? Sure. How do you think Apple has been able to produce so many amazing products over the years? Largely because of one man who held the company to impossible standards. He's gone now, but surely us customers can continue to honour that tradition.

parapup · Feb 28, 2012

gkpm said:
Well but most Android apps will have "Internet access" permission, that's very very common. Users won't even bat an eyelid over that one.

So an Android app with just "Internet access" permission can read all the photos - which doesn't need permission - and upload them to a server. Slightly frightening given that Android apps don't get that much checking at all.

Well the whole idea behind the Apple App Store "curation" was to enable idiots to safely use 3rd party apps. Android market never curated stuff and they never created the expectation that users can be stupid and still be safe. So there is a difference there - on Android, like Windows, if you are reasonably clueful you can avoid malware easily. There are ways to do that. However on iOS app store users are complacent and so is Apple many times. Plus on iOS users are never told like Android as to what permissions the app is asking for. You just have to assume Apple somehow figured out the app isn't doing anything beyond reasonable.

On my Nexus running CM7 I can turn off the Internet access permission for the Flashlight app. If I downloaded apps from Amazon, I can be more certain than on Apple App Store that I am getting what I expected. Point is I can choose not to install an app or selectively turn off permissions on Android if I find something suspicious based on the permissions the app requested. I can't do that on iOS - I install what Apple approves and being native code they don't seem to have Android's advantage of runtime verification like Amazon does or Google can do.

BaldiMac · Feb 28, 2012

krzyglue said:
It's not a question of whether Apple does more or less, or whether Android does more or less.

Actually that's exactly the question, because this conversation started when you said you disagreed with my assertion that ""iOS does more to prevent the actual problem" than any other OS.

My point I'm trying to make is that while Apple may currently have a better system, the almost dismissive attitude you seem to be implying is unwarranted. Android has a layer of security that the App store ought to implement as well.

Why should they implement it if it doesn't actually solve the problems that we are discussing?

I also disagree with your assertion that the Android system is somehow ineffective. For one thing, it's hardly "information overload" when a user downloading an app is presented with a concise list of all the permissions the app needs to run.

Information without context is often misleading. It's been shown over and over again that when you ask permission for something over and over again, people start to just hit "Okay".

And no it wouldn't "prevent" the issues (whatever implausible definition there may be for prevention), but the accessing "Your personal information" would have been on the list for Path and accessing "Storage" would have appeared for the photo app.

Why would the average person be concerned if a social networking app wants access to your address book? The problem wasn't the access, it was that Path uploaded the data to their servers without permission.

As far as the photo access, there are no permissions on Android to access your photo library. And if there were, it's not going to raise suspicion that a photo app need access to your library. The problem highlighted here was that it could then upload those photos to a remote server.

Besides, as I stated above, this goes beyond just security as well, but allowing informed user choice.

Sure. That could be useful to an otherwise well-informed user.

gkpm · Feb 28, 2012

parapup said:
However on iOS app store users are complacent and so is Apple many times. [...]
On my Nexus running CM7 I can turn off the Internet access permission for the Flashlight app. [...] and being native code they don't seem to have Android's advantage of runtime verification like Amazon does.

That's the common theme I keep hearing: if you get burned by malware on Android it's your own fault, you should have rooted the phone and installed privacy protectors (like you yourself did with CyanogenMod).

Unfortunately you'll find that 99.9% of Android users ARE also complacent, not just iOS's. Google even encourages this behaviour with PR stating their market is protected by the Google "Bouncer" [1] - btw, has that stopped any malware?

As for the "being native they can't check" argument that's just silly, Apple can and does trace API calls and sandboxing violations from apps, that's how they find apps that are using undocumented APIs. They've become increasingly better at it too, unlike some other bouncers.

[1] http://www.msnbc.msn.com/id/4625620.../t/google-bounces-malware-out-android-market/

jeffe · Feb 28, 2012

There are apps on Android that handle data permissions very well.

For instance, I'm notified each time certain apps access my personal information, access the internet, and I'm also able to prevent those apps from accessing that information as well.

As far as I'm concerned, certain apps do not need my contact information, my location, or need to access the Internet and I am able to explicitly deny them those rights. Sure - Some features on the app might not work like a 'find friends' or something, but I can just look them up manually.

It is incredible to see just how often some apps try to access my contacts or location over the course of just one day and I'm happy that I'm able to prevent them from succeeding.

newagemac · Feb 28, 2012

parapup said:
There isn't one for reading existing photos from gallery. It is understandable because just reading photos doesn't do much - they have to transmit it somewhere or modify them or take new ones to do the damage. For that, there are permissions.

So if a Flashlight app is asking for Internet permission or SD card write permission or Camera permission - there is every reason to not install it. So you can find a Flashlight app in market that only requires enabling the LED permission and you are assured that it won't be able to transmit/modify/take new pictures.

tl;dr - having a permissions model and easily and reliably verifiable runtime is much better than not having one and relying on manual surface testing.
Besides it is technically easy to verify runtime execution of Android apps as it is not native code. That's what Amazon does I think with their app store - there was a story about rejection due to excessive permissions and app doing more than the stated purpose. (Can't find the link right now.)

The point though is that all a rogue app would have to do then on Android is be the type of app that actually should require the necessary permission. Then they can do whatever the heck they want with that access.

What makes you think some malware outfit has to make their app a flashlight app? These malware people aren't stupid. On Android, if someone wanted to send all your photos to some server somewhere, all they would have to do is create a photo editing app or any app where it makes complete sense that the app in question needs the permissions requested. Since there is no vetting process on Android, there is no way to know what it is actually doing once it has access. You are left completely vulnerable. There is no way around that.

krzyglue · Feb 28, 2012

BaldiMac said:
Actually that's exactly the question, because this conversation started when you said you disagreed with my assertion that ""iOS does more to prevent the actual problem" than any other OS.

Yeah disagreeing doesn't mean I believe the opposite of the opinion you were expressing

BaldiMac said:
Why should they implement it if it doesn't actually solve the problems that we are discussing?

See below.

BaldiMac said:
Information without context is often misleading. It's been shown over and over again that when you ask permission for something over and over again, people start to just hit "Okay".

The fact is then with such an attitude, virtually any security system that requires user consent is useless. No it's not perfect nor is it the only part of the solution, but it's one more layer.

BaldiMac said:
Why would the average person be concerned if a social networking app wants access to your address book? The problem wasn't the access, it was that Path uploaded the data to their servers without permission.

You could definitely build a social networking app which didn't need access to contact data. An "average" user might not care if their address book is being accessed period, but for those who are concerned, they can see which apps are doing it on the App store.

BaldiMac said:
As far as the photo access, there are no permissions on Android to access your photo library. And if there were, it's not going to raise suspicion that a photo app need access to your library. The problem highlighted here was that it could then upload those photos to a remote server.

I don't have an Android phone so I could be wrong, but I was under the impression all photos are just stored in "Storage" (as there is no central photo library). There is a permission for access to this. Besides, I'm talking about the model here, not specifics.

BaldiMac · Feb 28, 2012

kalsta said:
What Windows does and what the NY Times writes about is irrelevant. I'm talking about the situation with iOS and the App Store. Apple has taken it upon themselves to create and promote a platform where the user shouldn't have to worry about whether a particular app is siphoning their private photos off to some server. Giving an app permission to access location data should never allow that same app indiscriminate access to your photo library. End of story.

Just so you know, I'm not a Windows or Android fan. I am a long-time Mac user, and I also very much like the elegance and simplicity of iOS. But I will not defend Apple blindly. I applaud much of what Apple does, even defend them from time to time against some of the prejudiced nonsense that gets thrown around by religious tech zealots (I'll avoid mentioning any specific platforms here!)but from time to time I am also critical of Apple.

Do I hold Apple to a high standard? Sure. How do you think Apple has been able to produce so many amazing products over the years? Largely because of one man who held the company to impossible standards. He's gone now, but surely us customers can continue to honour that tradition.

Again, Apple has procedures in place in the rare instance that an app that violates their policies passes the vetting process. The problem that we are discussing can only be solved through curation. No permission system is going to stop an app from uploading your information to a remote server if it's willing to masquerade as an trusted app.

And unless you expect Apple to require and examine the source code to every app they publish, there will be apps that sneak in undeclared functionality in violation of Apple's terms. High standards are one thing, but you have to be reasonable.

newagemac · Feb 28, 2012

parapup said:
Well the whole idea behind the Apple App Store "curation" was to enable idiots to safely use 3rd party apps. Android market never curated stuff and they never created the expectation that users can be stupid and still be safe. So there is a difference there - on Android, like Windows, if you are reasonably clueful you can avoid malware easily. There are ways to do that. However on iOS app store users are complacent and so is Apple many times. Plus on iOS users are never told like Android as to what permissions the app is asking for. You just have to assume Apple somehow figured out the app isn't doing anything beyond reasonable.

On my Nexus running CM7 I can turn off the Internet access permission for the Flashlight app. If I downloaded apps from Amazon, I can be more certain than on Apple App Store that I am getting what I expected. Point is I can choose not to install an app or selectively turn off permissions on Android if I find something suspicious based on the permissions the app requested. I can't do that on iOS - I install what Apple approves and being native code they don't seem to have Android's advantage of runtime verification like Amazon does or Google can do.

There is no such thing as being "reasonably clueful" on Android with this. If you give an app permissions, you have no idea what exactly it is going to do with those permissions. You give a contact management app permission to access your contacts on Android but there is no way to determine what the heck the app is actually going to do with your contacts. It could be selling your contacts, deleting your contacts, or anything it pleases. With no curation process, you are left vulnerable. No "permissions" system will ever be able to stop an app like that.

There might be one or two that get through with Apple every now and then. No security is perfect. It's actually news when an app is found to do something it shouldn't on the App Store. But Android is literally infested with malware. To the point where it's not even worth mentioning anymore because it is so common. And it's getting worse. Last report I've seen was 2011 saw an increase of over 3000% (yes that is 3 zeroes).

BaldiMac · Feb 28, 2012

krzyglue said:
The fact is then with such an attitude, virtually any security system that requires user consent is useless. No it's not perfect nor is it the only part of the solution, but it's one more layer.

Sure, it's another layer, but you have to balance that with the added annoyance.

You could definitely build a social networking app which didn't need access to contact data. An "average" user might not care if their address book is being accessed period, but for those who are concerned, they can see which apps are doing it on the App store.

That's not my point. If you installed Path, a well publicized, well reviewed, social networking app on Android, it would have asked for permission to view your address book and access the internet. Why would either of those permissions throw up a red flag for a reasonable person?

I don't have an Android phone so I could be wrong, but I was under the impression all photos are just stored in "Storage" (as there is no central photo library). There is a permission for access to this.

Someone posted a link to Adobe Photoshop Express on the Android Market a few post ago. It reads the photo roll. Here are the permissions it requests:

NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.

YOUR PERSONAL INFORMATION
READ CONTACT DATA
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.

PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.

SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.

With precedent like that from a legitimate company like Adobe, what kind of permissions are you going to say no to!

hstewart · Feb 28, 2012

I wonder why that Apple must lock the API down so much, because of thing like this. This seams pretty sneaky that they must use developer code - which means that the app can't be updated to store because it would not past verification. This means that this app is using illegal APIs.

Casiotone · Feb 28, 2012

Next week in the New York Times : iOS apps can capture and stream video from your camera to unknown servers without asking your permission...

Now, most of these "privacy violating" APIs are there since iPhone OS 3.0 (before it was called iOS).

I'm trying to understand why almost nobody made a fuss about it then, even among Apple critics. (I'm not trying to make a point here, I really wonder why)

These APIs (direct access to contact, music, photos and camera) were requested time and time again by developers.

Before that, their absence was used as an example why iOS was so closed and Android so open because it had third party address books, music players and bar code scanners.

Didn't it occur back then to anyone "sensible" that all these apps doing fun and useful things with your photos, live video, music and contacts never asked for your permission?

jeffe · Feb 28, 2012

What you say is not entirely true. On Android, there are apps available to those who care enough that allow you to know what other apps are doing in some respects. You'll know exactly when it connects to the internet, when it accesses your contacts, your location, and you are able to on a case by case basis deny or grant access if you so decide.

I would not be surprised if apple will one day incorporate this into IOS.

newagemac said:
There is no such thing as being "reasonably clueful" on Android with this. If you give an app permissions, you have no idea what exactly it is going to do with those permissions. You give a contact management app permission to access your contacts on Android but there is no way to determine what the heck the app is actually going to do with your contacts. It could be selling your contacts, deleting your contacts, or anything it pleases. With no curation process, you are left vulnerable. No "permissions" system will ever be able to stop an app like that.

There might be one or two that get through with Apple every now and then. No security is perfect. It's actually news when an app is found to do something it shouldn't on the App Store. But Android is literally infested with malware. To the point where it's not even worth mentioning anymore because it is so common. And it's getting worse. Last report I've seen was 2011 saw an increase of over 3000% (yes that is 3 zeroes).

krzyglue · Feb 28, 2012

BaldiMac said:
Sure, it's another layer, but you have to balance that with the added annoyance.

True. Just my opinion that the benefits do outweigh the annoyance, that's all.

BaldiMac said:
That's not my point. If you installed Path, a well publicized, well reviewed, social networking app on Android, it would have asked for permission to view your address book and access the internet. Why would either of those permissions throw up a red flag for a reasonable person?

It wouldn't, but at least you are informed of this. The whole kerfluffle over the iOS app was that the user didn't know his/her contacts were being accessed (at least this is my perception of the controversy), not the act itself. Important distinction.

BaldiMac said:
Someone posted a link to Adobe Photoshop Express on the Android Market a few post ago. It reads the photo roll. Here are the permissions it requests:

NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.

YOUR PERSONAL INFORMATION
READ CONTACT DATA
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.

PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.

SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.

With precedent like that from a legitimate company like Adobe, what kind of permissions are you going to say no to!

Again I don't have an android phone, but someone on the Verge mentioned that the way the Photoshop app works in accessing storage is quite different. Something about the user needing to manually "add" photos to the app to access them. The point was (I think) that it didn't automagically import all your photos.

EDIT: Oh I see your point. The "precedent" isn't the issue here. If the user is gonna ignore it, then well at the end of the day that's his or her prerogative. Just like anyone who instinctively stabs at "Allow" for a location data request in iOS.

drummingcraig · Feb 28, 2012

writingdevil said:
"...within the JB'ing community there are a lot of devs who look out for their users & customers..."
Not sure what this claim is based on? You could probably say that about any group, but specifics?

I don't have a specific list of devs who have taken a pledge of loyalty and honestly towards consumers. But from the time I have spent on JB sites, forums and online communities I know that folks who intentionally go out of their way to scam users are not usually seen in a favorable light. Besides, most of these people are developing apps to make money just like the devs submitting to Apple via iTunes, and you don't make money as a grassroots developer by ripping off or otherwise harming your customers.

I am not pretending that there are not malicious programmers out there. But I have no evidence to the contrary of them being in the minority.

"...so long as you deal with reputable sources..."
how does one determine a "reputable source"?

Again, if you are a JB'er or spend time inthe JB community you know what repositories are considered "legit", and you know that by venturing into other less verifiable sources you are wading into unknown waters. Cydia automatically points you to a handful which you can source most apps from.

"... use some common sense..."
this whole post seems pretty general, which is ok, but, for me, it doesn't really deal with specifics of the issue, just generalizations. Any new tips are always helpful to all, of based on more than inside information about a site.

I don't really know exactly what you're getting at here. Common sense is common sense. It applies to all walks of life including computing. Most of us are lucky enough to know when something seems too good to be true or doesn't feel right. I can't point you to any specifics on how to acquire that sense.

Right Said Fred · Feb 28, 2012

Interesting.

parapup · Feb 28, 2012

newagemac said:
The point though is that all a rogue app would have to do then on Android is be the type of app that actually should require the necessary permission. Then they can do whatever the heck they want with that access.

What makes you think some malware outfit has to make their app a flashlight app? These malware people aren't stupid. On Android, if someone wanted to send all your photos to some server somewhere, all they would have to do is create a photo editing app or any app where it makes complete sense that the app in question needs the permissions requested. Since there is no vetting process on Android, there is no way to know what it is actually doing once it has access. You are left completely vulnerable. There is no way around that.

So what alternative do you suggest? Not asking permissions and not informing users about the permissions while relying on provably imperfect Apple curation that can and does fail subject to human error or carelessness? It's like you are asking what's the point of door locks if thieves can break the windows and enter in anyways. Security (and information) is a barrier just like door locks - the more you can put without hurting usability the better. Not having any or having one less than possible is not such a good idea.

I also stated that Amazon does run time verification of what apps do which is possible thanks to Android architecture. Which means if an app was submitted to Amazon Android store - it is vetted. You could choose not to install suspicious apps from Google market and install their vetted counterparts with similar functionality from Amazon's store while being reasonably sure that Amazon has tested the app and not found anything obviously wrong.

So stop making it sound like Apple has a best shot at security because they don't have permissions model and they manually check all apps. That is demonstrably not true. The fact remains that Android is much better positioned security wise due to the permissions model.

Would you also dismiss Mac App Store's sandboxing model as ineffective? Apple is essentially doing something very similar to Android there - permissions.

The basic idea behind sandboxing is simple: Apps that run in a sandboxed environment are prevented from accessing system resources that could lead to the disclosure of sensitive information (like the file system or the Clipboard) or that could be used for nefarious purposes (like the network). Developers must explicitly ask Apple for permission to access each resource and be prepared to justify their request as part of the Mac App Store submission process

----------

newagemac said:
There is no such thing as being "reasonably clueful" on Android with this. If you give an app permissions, you have no idea what exactly it is going to do with those permissions. You give a contact management app permission to access your contacts on Android but there is no way to determine what the heck the app is actually going to do with your contacts. It could be selling your contacts, deleting your contacts, or anything it pleases. With no curation process, you are left vulnerable. No "permissions" system will ever be able to stop an app like that.

There might be one or two that get through with Apple every now and then. No security is perfect. It's actually news when an app is found to do something it shouldn't on the App Store. But Android is literally infested with malware. To the point where it's not even worth mentioning anymore because it is so common. And it's getting worse. Last report I've seen was 2011 saw an increase of over 3000% (yes that is 3 zeroes).

Instead of FUD how about you stick to facts - you do understand that percentages don't tell you the true story (1 app last year, 4 this - how many % is that!) and most all of them are made up stories by Antivirus vendors?

And you also keep making pointless arguments about the permissions model without suggesting any better alternative. If you think about it a bit - having permissions model and informing users of app permissions and letting them turn them off is WAY better than having no permissions model at all. There can be no argument about it - the argument you are making is tangential - that Google allows malware apps in market for some time before they yank them thanks to the runtime analysis and permissions model. That has nothing to do with permissions model being ineffective - it only has something to do with the fact that Google never claimed to curate the apps and they were a bit sloppy about enforcing the security. How many malware apps have you found in Amazon app store - they use the same exact Android permission model and great automated testing and vetting to achieve security.

iOS Photo and Video Privacy Issues Highlighted with New Test Application

macrumors 603

macrumors regular

macrumors G3

macrumors 6502a

macrumors 65816

macrumors 6502

macrumors regular

macrumors G3

macrumors 68000

macrumors 65816

macrumors G3

macrumors 6502

macrumors 6502a

macrumors 68020

macrumors regular

macrumors G3

macrumors 68020

macrumors G3

macrumors regular

macrumors 6502a

macrumors 6502a

macrumors regular

macrumors 6502a

macrumors newbie

macrumors 65816

Our Staff