Announcement

Collapse
No announcement yet.

Tablet Apps security..how afraid should we be?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

    Tablet Apps security..how afraid should we be?

    Hi Folks,
    I found your wonderful site via a good ol google search after buying an Arnova 10 G2, i'm a photographer and not very 'puter savvy altho' to my suprise i managed to install Bob's 1.4 root thanks to your excellent tut'..thanks again for this.
    When i got the tablet all i had in mind for its use was to use it as a little portable picture portfolio to show clients rather than toteing a laptop everywhere but after reading the posts on here i was delighted to discover how powerful, or should i say useful these things could be, now that i've dicovered the world of app's.
    Of course i wanted to download everything in sight, then i started to read the reviews to narrow things down a little, the idea of email on the move without an internet dongle sounded fantastic plus a sync'd
    calender to boot seemed just what i needed.
    Then. when reading the reviews for some apps i see the permissions tab beside it,and as far as i can make out we allow these app's access to stuff we would never dream of allowing on our computers, we have anti virus this..spyware that..firewall the other but i dont hear anyone too fussed about their tablet..or does it just go without saying and you all do in fact have all that stuff installed.
    here's an example of what i mean (sorry for the lenght of the copy n paste)
    Permissions

    This application has access to the following:
    • Your accounts manage the accounts list
      Allows the app to perform operations like adding and removing accounts, and deleting their password.
      use the authentication credentials of an account
      Allows the app to request authentication tokens.
    • Network communication full Internet access
      Allows the app to create network sockets.
    • Your personal information read calendar events plus confidential information
      Allows the app to read all calendar events stored on your tablet, including those of friends or coworkers. Malicious apps may extract personal information from these calendars without the owners' knowledge. Allows the app to read all calendar events stored on your phone, including those of friends or coworkers. Malicious apps may extract personal information from these calendars without the owners' knowledge.
      add or modify calendar events and send email to guests without owners' knowledge
      Allows the app to send event invitations as the calendar owner and add, remove, change events that you can modify on your device, including those of friends or co-workers. Malicious apps may send spam emails that appear to come from calendar owners, modify events without the owners' knowledge, or add fake events.
    • Phone calls read phone state and identity
      Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
    • Storage modify/delete USB storage contents modify/delete SD card contents
      Allows the app to write to the USB storage. Allows the app to write to the SD card.
    • System tools prevent tablet from sleeping prevent phone from sleeping
      Allows the app to prevent the tablet from going to sleep. Allows the app to prevent the phone from going to sleep.
    Show allHide
    • Your accounts discover known accounts
      Allows the app to get the list of accounts known by the tablet. Allows the app to get the list of accounts known by the phone.
      view configured accounts
      Allows apps to see the usernames (email addresses) of the Google account(s) you have configured.
    • Hardware controls control vibrator
      Allows the app to control the vibrator.
    • Network communication view network state
      Allows the app to view the state of all networks.
    • System tools automatically start at boot
      Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the tablet and allow the app to slow down the overall tablet by always running. Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the phone and allow the app to slow down the overall phone by always running.
    • Default Market billing service
      Allows the user to purchase items through Market from within this application
      enable or disable app components
      Allows the app to change whether a component of another app is enabled or not. Malicious apps may use this to disable important tablet capabilities. Care must be used with this permission, as it is possible to get app components into an unusable, inconsistent, or unstable state. Allows the app to change whether a component of another app is enabled or not. Malicious apps may use this to disable important phone capabilities. Care must be used with this permission, as it is possible to get app components into an unusable, inconsistent, or unstable state.
      ME AGAIN,
      This was from a calender app,..I was going to run my client emails thru' this but after reading that lot i'm definitley not as i would be mortified if my email contact list got compromised.
      Sooo, am i being paraniod or what, what do you guys do? or should i not use this device for email etc.
      Sorry for posting such a duh newbie question but with these tablets now coming unto the UK market at this price i suspect you will get lots of peeps like me seeking help so maybe this could be the New to Tablets Thread

    #2
    This is an interesting thread. I plan to respond myself but not tonight.

    BUT... I am moving ths to main forum as this is not just about Arnova.

    This thread has philosophical points as well as freedon of privacy. All of which to some mean nothing but to other have great meaning!
    I suspect your over 30? Anyone younger I think does not care or realize this. They are "mobile connected" and just take what they do as "playing in the game".

    Welcome to the world of Mobile devices where the RULES have changed forever. YOU as a Mobile user are tracked, checked, watched in many ways, and thus you have no privacy! Thats the new world! Us older guys think about that but kids just go with it as they are willing to trade privacy for the technology!

    Only comments I have to say is.... If you have nothing to hide then why worry? Well... is that true?
    BIG philosophical convo here

    Bob
    "Pzebacz im, bo nie wiedzą, co czynią"
    "Прости им, они не ведают, что творят"
    "Perdona loro perché non sanno quello che fanno"
    "Vergib ihnen, denn sie wissen nicht, was sie tun"
    "Vergeef hen want ze weten niet wat ze doen"
    "Pardonne-leur car ils ne savent pas ce qu'ils font"
    "Perdónalos porque no saben que lo que hacen"
    "Oprosti im, jer ne znaju što čine"
    "Forgive them as they know not what they do"





    Comment


      #3
      On a more technical point of view, the problem about android apps is that you only have the choice to accept all permissions requested by an app or just reject them alltogether and not install the app.

      With apps that require root privileges, that is even worse, as if you give an app superuser permission, it can do a lot of things without mentioning the permissions at install.

      For rooted apps, all you can do is trust it or not, and that is not much that can be done, I think.

      For normal apps, however, there is one interesting app, that you can yse to revoke any permission for an app.
      It's called PDroid, and it works quite well. The only problem is that you cannot simply install the PDroid apk.

      The app is twofold : There is an apk for managing permissions for every installed app, but there is also a patch that you have to include in the rom to enable this "extended" permission management, which is not possible by default in android.

      Comment


        #4
        Another tool which is easier to install : LBE Privacy Guard. It just neend root and can revoke permissions of installed apps.

        Comment


          #5
          i tend not to have private information on my tab but my phone on the other hand well thats a different story i can see your point here for a personal user like my self so what what the heck i have nothing to hide but was about a business how would an app with access to contacts fall into the data protection act and should we be able to be watched any way i am 27 and this does concern me but dosnt look like there is much we can do about it now unless we refuse to use modern tech which i wouldnt live without now so although i am not over the moon with all this watching and tracking i live with for the sake of better tech and whos to say we havnt been being watched and tracked for years now just only been aware of it since tech has improved

          well there is my ramble lol

          ricky
          Ricky
          New here but learning something new everyday

          Comment


            #6
            Thanks for chipping in guys..i kinda suspected as much..it is indeed a phlosophical Q Bob..I'll add my 4cents when i can get time to put in down in a, hopefully rational fashion.

            Comment


              #7
              Originally posted by cybertwigg View Post
              i tend not to have private information on my tab but my phone on the other hand well thats a different story
              ricky
              I think a LOT of us are this way out of necessity.

              Comment


                #8
                PDroid patch and how to add it into ROMs

                Just registered to ask about PDroid and found this thread.

                I amd 30+ but I think everone should be concerned. Indeed one should not put sensitive info on a tablet/phone, but with g+/email/fb/twitter etc. naturally living on them, and given that most of our activities nowadays have a digital trace, it is awfully hard not to entrust a lot to the portables.

                So we are tracked anyways. We are forced to trust organizations like google or fb. We don't have a real choice there; besides, I tend to believe that given their size and profile, if they do something bad or stupid, we tend to know and they tend to be corrected; and they probably won't do the outright evil things easily. (I may be too naive ...) But the same cannot be extended to no-name apps. It is like that I do tell my bank my SSN, but if McDonald's wants my SSN for buying a burger I'd been pissed.

                The folks at XDA has worked out a version of Droid for ICS/JB and even have automatic patcher for the "naked" versions of roms. For other ROMs the option is to recompile, which is unfortunately beyond the resource of many (myself included).

                On the other hand the patching seems straight forward for someone who can recompile ... If this is the case, and since folks here like Bob would be building ROMs for specific devices, is it possible to include this as an enhancement in the ROMs you build?

                I for one would be hugely grateful.

                Sean

                Comment


                  #9
                  Originally posted by snehne View Post
                  Just registered to ask about PDroid and found this thread.

                  I amd 30+ but I think everone should be concerned. Indeed one should not put sensitive info on a tablet/phone, but with g+/email/fb/twitter etc. naturally living on them, and given that most of our activities nowadays have a digital trace, it is awfully hard not to entrust a lot to the portables.

                  So we are tracked anyways. We are forced to trust organizations like google or fb. We don't have a real choice there; besides, I tend to believe that given their size and profile, if they do something bad or stupid, we tend to know and they tend to be corrected; and they probably won't do the outright evil things easily. (I may be too naive ...) But the same cannot be extended to no-name apps. It is like that I do tell my bank my SSN, but if McDonald's wants my SSN for buying a burger I'd been pissed.

                  The folks at XDA has worked out a version of Droid for ICS/JB and even have automatic patcher for the "naked" versions of roms. For other ROMs the option is to recompile, which is unfortunately beyond the resource of many (myself included).

                  On the other hand the patching seems straight forward for someone who can recompile ... If this is the case, and since folks here like Bob would be building ROMs for specific devices, is it possible to include this as an enhancement in the ROMs you build?

                  I for one would be hugely grateful.

                  Sean
                  PDroid is indeed a really good tool for privacy and controlling which information apps can access.
                  Anyway, it requires patching, so a manual recompilation of the kernel, which is for the moment not done for many arnova tabs.

                  I'm still searching how to do it, on the arnova 10G2, which I own, but I didn't succeed yet...
                  Anyway, I'm 34 years old, and like you, I'm really much concerned about privacy. And that's why I won't let google know anything private about me (ok, I registered my credit card on google play to buy apps, but it doesn't tell much about me )

                  And I really hope I can compile a 10G2 kernel soon, but that is not easy at all. So don't expect it soon, and rely on your own paranoia to keep you safe from fb and google.

                  If you have linux skills, maybe you can help in this field. I don't have enough time to make significant progress in that field, but it doestn't mean it is hard to do.

                  Comment

                  Working...
                  X