[Discuss] Android privacy

Tom Metro tmetro+blu at gmail.com
Tue Jul 2 20:21:00 EDT 2013


Richard Pieri wrote:
> And while we're on the subject, pay attention to what permissions
> various applications want to have. I recently went through my list to
> identify and purge things that seemed suspicious. 

There is a tool that will do this for you:

Clueful Privacy Advisor by Bitdefender
https://play.google.com/store/apps/details?id=com.bitdefender.clueful

It will scan your apps already installed, or put up a notification with
a privacy rating for an app as it gets installed or updated. It just
looks at the permissions the app requests and follow some rules to score
the degree to which it potentially invades your privacy.

I'm not sure in the end it is all that useful, if you are technical
enough to read and understand the permissions yourself. It can, however,
be an easy way to quickly spot the "high risk" apps you've already
installed, so you can give some consideration to whether you want to
keep them.


> Things like a terminal program requiring complete access to my
> telephone call records. Things like a dice roller for role-playing
> games requiring full access to wifi and baseband networks.

Yes, there are countless examples of permission overreach.

I get why Google didn't make this an "ask and grant" setting for each
permission, as it would end up being like the application firewall in
Windows Vista that just pestered users with a barrage of dialogs asking
for permission to do stuff, which I'm sure most users just said yes to
everything. Doing so would be a usability mess.

But they also could have supported an advance user mode where you allow
the user to disable selective permissions at install time. Had they done
that, developers would have to go to greater lengths to explain and
justify why they need each permission (some do), and they'd also have to
test their apps to make sure they don't crash when a requested resource
isn't available. (Which is supposedly what happens now, as Dan mentioned
about CyanogenMod and the WisperSystems guys said they ran into with
their app firewall.)

The current all or nothing approach removes an important aspect of
control from the end user.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/



More information about the Discuss mailing list