The first chink in Android's armor

[Carniphage]

And now that Apple has iAds - it would be foolish to say that google sells customers to its advertisers and not say the same about Apple.

But nice try at being clever (not the poster quoted above - but Carniphage)

That's a fair point.

iAds does present a risk. If it becomes profitable it could make Apple attend to the needs of advertisers at the expense of users.

But lets be clear. The iPhone is the most profitable handset on the planet, and 99.9% of that revenue comes about as a result of selling a desirable product directly at consumers. (Albeit selling through the flatulent corpses of carriers)

Android is barely a break-even proposition for Android - with the benefits of mobile search just about covering their development expenses. Plus mobile advertising. Please remember that 100% of that cash is from advertising.

C.

 

[NT1440]

iPhone completely lacks any permission system. The user has absolutely no control over what data gets accessed by any given application. I

That is complete ********. Apple rejects countless apps because of sharing that goes around their requirement to notify and ask the user using apples own notification system.

Watch Steve Job's D8 conference interview this year and educate yourself.

 

[Daveoc64]

That is complete ********. Apple rejects countless apps because of sharing that goes around their requirement to notify and ask the user using apples own notification system.

Watch Steve Job's D8 conference interview this year and educate yourself.

They are entirely correct.

In order to use many different features in Android, Apps must request permission from the user before the App is installed.

This isn't just Push Notifications and Location (like iOS prompts for), this is virtually anything.

Assuming that you read the permissions an Android App requires, you can really control what your phone is doing.

 

[samcraig]

Yes, some other vendors have compromised their devices to stay sweet with the carriers. But surely, that's a pretty clear signal of defeat.

C.

You really can't compare. The overall strategies are different. Apple has an "advantage" - they make one and only one phone.

Other manufacturers, to succeed with their business model, have to appeal to the carriers. It's not a signal of defeat. it's just a different business model.

 

[NT1440]

They are entirely correct.

In order to use many different features in Android, Apps must request permission from the user before the App is installed.

This isn't just Push Notifications and Location (like iOS prompts for), this is virtually anything.

Assuming that you read the permissions an Android App requires, you can really control what your phone is doing.

Uh, you're not responding to anything I said. I don't know about Android, hence why I commented on that poster's lie about Apple.

 

[Small White Car]

They are entirely correct.

In order to use many different features in Android, Apps must request permission from the user before the App is installed.

So, wait...look at the original post's report. You're saying that these apps asked "Can I send your phone number to an advertiser?" and people said 'ok' to that?

Seriously??

 

[smiddlehurst]

They are entirely correct.

In order to use many different features in Android, Apps must request permission from the user before the App is installed.

This isn't just Push Notifications and Location (like iOS prompts for), this is virtually anything.

Assuming that you read the permissions an Android App requires, you can really control what your phone is doing.

The problem is, and I seem to be saying this a lot recently about Android sadly, it's a geek solution. It works for users who known what, for instance, the GPS location services are and what they do but for the majority (and this is the market Google is making ground in right now) it's going to be meaningless. Worse, it's not a particularly effective solution even for the geeks as there's no breakdown as to why a service is being used so dodgy uses can be hidden by legitimate ones.

I don't think this is a particularly big problem for Android UNLESS the media go into full-on feeding frenzy the same way they did for the iPhone 4 antenna issue and blow it out of proportion. If that happens then there really may be a problem because there's no single spokesman / company for Android to help firefight it. Frankly there are much bigger concerns with Android to worry about, not the least being the imminent arrival of Windows Phone 7 (now THERE'S something I never thought I'd say six months ago).

 

[Daveoc64]

So, wait...look at the original post's report. You're saying that these apps asked "Can I send your phone number to an advertiser?" and people said 'ok' to that?

Seriously??

It wouldn't be worded like that, but that's roughly how it works.

If you download a game and it wants to access your location, I'd ask why - just like I do on my iPhone. Angry Birds doesn't need to know where I am.

 

[Small White Car]

It wouldn't be worded like that, but that's roughly how it works.

Well how would it be worded? I'm baffled that people would approve apps to send their phone number out to unknown places. I'm just trying to figure out how anyone would say 'yes' to that.

 

[kdarling]

Android is barely a break-even proposition for Android - with the benefits of mobile search just about covering their development expenses. Plus mobile advertising. Please remember that 100% of that cash is from advertising.

Goldman Sachs estimates at least $800 million in Android related income and savings right now.

 

[smiddlehurst]

You really can't compare. The overall strategies are different. Apple has an "advantage" - they make one and only one phone.

Other manufacturers, to succeed with their business model, have to appeal to the carriers. It's not a signal of defeat. it's just a different business model.

The problem with that argument is that Google COULD choose to insist that some of the more dim-witted Carrier demands aren't allowed. Oh, they can't stop manufacturers using Android if they're in the Open Handset Alliance but they do have the final say as to whether or not you get Google apps including, crucially, the Market. We now know they've exercised that leverage to stop competing services being used (Skyhook), there's no reason they couldn't insist that, oh, any handset with apps that can't be removed don't get Market. Google have a LOT of leverage over Android phones for that very reason, it's a shame they aren't willing to use that leverage to reign in the carriers a little more than they do.

 

[smiddlehurst]

Well how would it be worded? I'm baffled that people would approve apps to send their phone number out to unknown places. I'm just trying to figure out how anyone would say 'yes' to that.

Example:

The problem comes when an app that could genuinely have reasons to access those services also uses them to capture your personal data. Very difficult to tell that's happening.

 

[kdarling]

So, wait...look at the original post's report. You're saying that these apps asked "Can I send your phone number to an advertiser?" and people said 'ok' to that?

Seriously??

Basically, yeah.

There's a well known case of an iPhone tip calculator that was secretly sending people's Contacts info to a server in China. Apple didn't know about it. And the users certainly didn't, because iOS has no warnings about that. It was discovered only by accident.

Now, if you were about to install a similar Android tip calculator, it would have to list that it wanted access to your Contacts and the Internet. That at least gives the user a chance to go "Hmm... that doesn't sound right"... and cancel the installation.

Moreover, that Android access list gives third party groups an excellent pointer to apps that they should monitor or check out, to see if they're doing something they shouldn't. (Which is exactly why we see publicity stunts like this report.) With iOS, you'd have to check out every single app.

 

[Daveoc64]

Well how would it be worded? I'm baffled that people would approve apps to send their phone number out to unknown places. I'm just trying to figure out how anyone would say 'yes' to that.

It wont say how the App is using the data (neither does iOS), but it will tell you what it's doing including:

- Using an internet connection
- Trying to interact with your Twitter/Facebook etc. accounts
- Trying to read/write to your contacts
- Trying to use location - which is broken down further into coarse location (Cellular/Wi-Fi) and fine location (i.e. GPS
- Trying to make phone calls
- Trying to send/receive text messages
- Trying to use hardware like the Camera
- Trying to use bluetooth

If you download a calculator App and it wants to use the Camera, something isn't right.

As has been pointed out above, you could have a malicious App that has a genuine need to include these permissions, but I see no reason why that couldn't happen with iOS. Apple can't see everything that an App does when they test it.

 

[Small White Car]

The problem comes when an app that could genuinely have reasons to access those services also uses them to capture your personal data. Very difficult to tell that's happening.

Yep, I suspect that the apps sending out phone numbers only used the language you see in your photo: Read phone state and identity

So of course, that's not very helpful. It's not telling you what it will do with that info once it "reads" it. This means everyone talking about how Android is safe because it warns you are pretty much lying. (At least, lying by ommision if not directly lying.) It's notactually warning you what will happen.

The important thing is not that these apps exist. That will happen anywhere. The key is, what happens once they're found out? With Apple, they'll pull the app from the store. We've seen it happen. What happens to these Android apps? Can anyone really stop them? I don't know how that works.

 

[Daveoc64]

What happens to these Android apps? Can anyone really stop them? I don't know how that works.

Google has the exact same abilities that Apple does.

Both can pull Apps from the Market/Store.

Both can disable Apps remotely that turn out to be extremely malicious.

 

[Small White Car]

Google has the exact same abilities that Apple does.

Both can pull Apps from the Market/Store.

Both can disable Apps remotely that turn out to be extremely malicious.

So all the rehtoric over "Android is open because you can install whatever you want from anywhere" is just BS?

Is that what I'm missing? I'd thought that statement was true which is where my confusion is coming from. If THAT part is the lie than everything about this particular thread makes sense again.

 

[smiddlehurst]

Google has the exact same abilities that Apple does.

Both can pull Apps from the Market/Store.

Both can disable Apps remotely that turn out to be extremely malicious.

Yep, always find it interesting how a lot of people seem to think Android Market is a completely open resource with no control. Something that Android should probably think about adressing actually, they really need to start educating people about just how much control they have over Android (or at least certain aspects of it) even if it does mean having to drop that ridiculous 'we're open, open I tells ya!' line they're currently hiding behind.

I'd guess the problem comes when other app stores comes along. We know that Verizon is going to launch one (and you can bet that'll be installed on all their handsets pretty quickly) and it wouldn't be surprising to see other carriers do the same thing if there's money in it. Once you've got multiple sources for apps available to the average user there WILL be more and more apps that slip through the cracks.

 

[samcraig]

The problem is, and I seem to be saying this a lot recently about Android sadly, it's a geek solution. It works for users who known what, for instance, the GPS location services are and what they do but for the majority (and this is the market Google is making ground in right now) it's going to be meaningless. Worse, it's not a particularly effective solution even for the geeks as there's no breakdown as to why a service is being used so dodgy uses can be hidden by legitimate ones.

The same could be said about iOS and it's "multitasking" or other features which only a "geek" would know/understand/use

Different platforms. Different quirks. Both have their positives and negatives. The pissing contest is silly.

 

[Small White Car]

Yep, always find it interesting how a lot of people seem to think Android Market is a completely open resource with no control.

It's the story Android fans tell. It's certainly what I've been told.

If Google wants to correct it they need to start fighting against their biggest supporters. That can't be easy.

 

[Daveoc64]

So all the rehtoric over "Android is open because you can install whatever you want from anywhere" is just BS?

No.

I was referring to the Android Market when I stated that earlier.

With most Android devices you can install Apps by "Sideloading" them (where you copy them from a website or computer to your phone and install them that way).

If you do that, Google has no control over it. You'll still be shown the permissions request as shown in one of the above posts, as well as warnings that you should only install such an App if you really trust it (which is just common sense).

I can whip up an App in about 10 minutes and distribute it online to anyone with an Android device. They could install it and run it, and Google wouldn't have any control over what I had made.

 

[NT1440]

Are Android's warnings developer made and controlled or do they have to use Google approved API's?

 

[BaldiMac]

Basically, yeah.

There's a well known case of an iPhone tip calculator that was secretly sending people's Contacts info to a server in China. Apple didn't know about it. And the users certainly didn't, because iOS has no warnings about that. It was discovered only by accident.

For a well known story, I couldn't find anything about it. The only story I found similar to this was about an Android tip calculator.

http://androidoperatingsystem.net/2010/07/14/spyware-disguised-as-tip-calculator-app/

 

[Daveoc64]

Are Android's warnings developer made and controlled or do they have to use Google approved API's?

You must declare which permissions your App requires in a specific Manifest File.

If you try and use a feature (e.g. GPS) without requesting the relevant permission, your App will crash.

 

[Small White Car]

Google has the exact same abilities that Apple does.

With most Android devices you can install Apps by "Sideloading" them...

If you do that, Google has no control over it.

See, this is why people misunderstand Android. I'm getting 2 different stories here so how am I supposed to know what to believe? I don't have an Android phone. I can't try this stuff for myself. I have to go on what people tell me and if they keep changing their story then I'm lost.