Apple app privacy question

Discussion in 'iPhone' started by Rsrchr123, Jul 4, 2011.

  1. Rsrchr123 macrumors regular

    Joined:
    Mar 12, 2010
    #1
    So I saw that on certain Droid devices, the carrier (inexcusably) bundles apps that cannot be removed. Facebook is one such app and in looking at the permissions on the page, I was alarmed to see that it can potentially read your private SMS messages.

    My question is if Apple allows apps to do that? My gut would be no, that surely a developer who submitted an app that could read your SMS would have it summarily rejected. Anyone know for sure?
     
  2. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #2
    Apple do not allow carrier bundling of unremovable apps (or any carrier alteration of the firmware). Apps cannot read your SMS messages or history at all (unless you jailbrake your phone in which case apps can read and do pretty much anything so if you value your privacy don't).
     
  3. radiogoober macrumors 6502a

    Joined:
    Jun 7, 2011
    #3
    Unlike Android and other such completely crappy and crippled platforms, Apple's iOS does not allow carriers to put crapware on the iPhone, nor do they allow any app to read your SMS or other private data.
     
  4. Rsrchr123 thread starter macrumors regular

    Joined:
    Mar 12, 2010
    #4
    Thanks for that info. I didn't think they would allow that but I wanted to be sure. I'm still on a 3G phone and I'm chomping at the bit to upgrade. I just can't pull the trigger on an Android device because of concerns such as these (among others). Yet when I see reports that a new iPhone won't be here 'til next year, it doesn't exactly inspire loyalty to the brand. I think they're going to make a lot of people mad if they wait that long. The core will stay but people at the fringes will wonder why they should buy a device that is way behind the curve technologically speaking (and of course, ignoring concerns such as mine). So alas, I'm stuck for now.
     
  5. PNutts macrumors 601

    PNutts

    Joined:
    Jul 24, 2008
    Location:
    Pacific Northwest, US
    #5
    I don't have the link handy (sorry) but there are a couple of threads in this forum that discuss a Symantec study of iOS vs. Android security models. A good read and enlightening.
     
  6. Rsrchr123 thread starter macrumors regular

    Joined:
    Mar 12, 2010
    #6
    http://www.electronista.com/articles/11/06/28/symantec.says.android.slipping.vs.ios.on.security/

    This might be it. It's interesting but doesn't compel me or mitigate my concerns. It's not just security/malware. It's privacy. The idea that Facebook could read my texts is unnerving to say the least...same for the other apps out there which are bundled with the phone (a la Blockbuster and at least one game of which I know).

    Wouldn't be a problem if Apple would stop d*cking around and trickling out features that every other phone on the market is offering. I couldn't afford an upgrade for awhile but now that I can, I don't understand why I have to potentially wait 'til next year for it.
     
  7. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #7
    I don't understand how Android (which allows something) is "crippled" and iOS (which artificially does not allow something) is not crippled.
     
  8. LizKat macrumors 68040

    LizKat

    Joined:
    Aug 5, 2004
    Location:
    Catskill Mountains
    #8
    Gee you make it sound like your phone was hacked out of an old pay-phone booth and installed in a cardboard box to make it portable. I do have some sense of how you feel, though. I had skipped from original iPhone to the 3GS and now figure I should wait again for the next one... Still, what I have is not that far behind the curve, and a new iPhone will be here before I know it, assuming I don't spend the interim period staring at the clock and thinking how much time has been spent staring at the clock ;)

    Anyway I'm glad you made your original post. :) I also have wondered about the privacy of data on the iPhone as far as apps being restricted to their own piece of the turf. I don't keep much personal data on the iPhone anyway, but now I feel a little more comfortable about what's on there staying with the particular apps that manage it.
     
  9. Rsrchr123 thread starter macrumors regular

    Joined:
    Mar 12, 2010
    #9
    Well, with the specs on the 3G, they are lousy compared to what's out there now. I'm guessing only 2-3 MP's on the camera..no video..no multitasking..processor is slow.. It's hard to stomach that when I could get an Inspire 4G for $99 thru AT&T or free through Amazon (still thru AT&T).

    As far as privacy, anything on your phone should be yours and yours alone - not subject to being scanned by an app that you didn't even download/want. The AT&T rep with whom I spoke said something very troubling, which was "giving up privacy is just part of the world in which we live." Sorry, but I disagree. I strongly disagree with that statement. What if, for example, it was the government doing this, not FB?

    Furthermore, when I attempted to do research on what those apps can do in terms of permissions, I had a very difficult time finding out what they meant. So when I see, on the Android marketplace, an app that has phone permissions, and the description says that it can tell your phone number and the phone number of the person you are talking to, how can I not be troubled by that? If I'm talking to my grandmother, for example, how do I know that her number is being sold to some agency for profit and that she won't get spammed? That doesn't seem far-fetched. I just don't know. It frustrates me to no end to be at Apple's mercy whenever they decide to trickle out features - I think that is disrespectful to loyal customers, but if you value your privacy, what other choice do you have? None that I know of, unless you want to - gag - use a Blackberry.
     
  10. PNutts macrumors 601

    PNutts

    Joined:
    Jul 24, 2008
    Location:
    Pacific Northwest, US
    #10

    That's it. Good golly... You can read it and get your answer or you can go on wondering and posting. I'm in a good mood today so from the article:

    Isolation (Sandboxing)

    The iOS operating system isolates each app from every other app on the system—apps aren’t allowed to view or modify each other’s data, logic, etc. One app can’t even find out if another app is present on the device. Nor can apps access the iOS operating system kernel—they can’t install privileged “drivers” on the device or otherwise obtain root-level (administrator) access to the device. This inherent design choice ensures a high degree of separation between apps, and between each app and the operating system.

    The isolation approach implemented by iOS completely prevents each app from accessing other apps’ data—this policy is enforced regardless of whether apps encrypt their data or not, so long as the device has not been jail-broken. Moreover, beyond the library of media files, the calendar, and the contact database which are all acces-sible to any app, iOS has no centralized repository of shared data that might pose a serious compromise risk.

    --And here's the evaluation of Android:

    How effective is Android’s isolation system?

    Since Android isolates each app from every other app on the system, from most of the device’s services, and from the operating system itself, this means that if an attacker compromises a legitimate app, they will not be able to attack other apps or the Android operating system itself. This is a positive of Android’s isolation model.

    Let’s consider Android’s Web browser. Web browsers are by far the most targeted class of legitimate application, since attackers know that Web browsers often have security flaws that can easily be exploited by a properly crafted malicious Web page. Imagine that an attacker posted a malicious Web page that attacked a known flaw of Android’s Web browser. If an unsuspecting user surfed to this Web page, the attack could inject itself into theAndroid browser and begin running. Once running in the Web browser’s process, would this attack pose a threat? Yes and no.

    First, Android’s isolation policy would ensure that the attack could not spread beyond the browser to other apps on the system or to the operating system kernel itself. However, such an attack could access any parts of the system that the Web browser app had been granted permission to access. For example, if the Web browser had permission to save or modify data on the user’s SD storage card (for example, to save downloads on the card), then the attacker could take advantage of this permission to corrupt data on the SD storage card. Therefore, an attacker effectively gains the same control over the device as the app they manage to attack, with varying implications depending on the set of permissions requested by the compromised app.

    Moreover, malicious code within the attacked process can also steal any data that flows through the process itself. In the case of a Web browser, the attack could easily obtain login names, passwords, credit card numbers,CCV security codes, account numbers, browsing history, bookmarks, etc. Since mobile users often access internal enterprise applications via their mobile Web browser, this could lead to leakage of highly sensitive enterprisedata, even if VPN or SSL encryption are employed. And such a malicious agent in the browser could also initiate malicious transactions on behalf of the user, without their consent.
     
  11. PNutts macrumors 601

    PNutts

    Joined:
    Jul 24, 2008
    Location:
    Pacific Northwest, US
    #11
    I consider Andriod crippled in the sense that the carriers in the US are hobbling/controlling it. Not a condemnation of the OS itself, only the execution.
     
  12. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #12
    Ah ok, That makes sense. The US carriers have a poor track record with branding and pre-installed crap on handsets.
     

Share This Page