Android protection of personal data from apps

Discussion in 'Android OS' started by GoodPDAuser, Aug 16, 2014.

  1. GoodPDAuser

    GoodPDAuser Mobile Deity

    Messages:
    141
    Likes Received:
    23
    Trophy Points:
    23
    I'm having trouble following this thread because of constant messages to upgrade Java plugin. I'm trying to get this post out before my session gets hijacked by that message again. I just updated to java 6.67 on Win 7 64-bit yesterday, and attempting to do so again today outside of the Firefox plugin message simply results in the notification that I'm already up to date. Anyway, the message seems to be no longer popping up now that I restarted FF, but when it did, Microsoft Security essentials always presented a message that it detected something and was cleaning up threads.

    Will review the responses above soon...

    P.S. When it did pop up, the java update message sent me to some download site that I didn't recognize, something about rapid download link, or some-such. The apparent up-to-date version was something like 7.23. Before sending me to that site, I was asked for my admin password. So if it's not legit, somebody has obsconded with my admin password. Sigh............

    P.P.S. The prompt for admin password might not have been made by the weird
    java update message, but I changed the password anyway, probably too late to
    protect anything if bad things were intended). But now I'm getting the java update messages again:

    •The file & download site: setup.exe from http://wwwDOTdownrapidDOTcom (visiting this site is not recommended)

    •MSE message: "Threats detected...something something something...no action required"

    Most java updates allow you to continue if you so choose. This one, strangely, did not, at least not by clicking on the "X" at the upper right corner to close the box. I didn't want to click "Cancel" because I'm not sure whether it is possible to create a dialogue box where "Cancel" really gives unwanted permission.
     
    Last edited: Aug 17, 2014
  2. GoodPDAuser

    GoodPDAuser Mobile Deity

    Messages:
    141
    Likes Received:
    23
    Trophy Points:
    23
    OK, I posted about the virus-like behaviour of the java update prompts to the "Site Suggestions, Help and Announcements" forum. Forging ahead with the topic of this thread...

    @lelisa13p: Thanks for posting to the xenForo Upgrade thread.

    @RickAgresta: I was resigned to having to disallow app installation up front based on the data it professes to access. The bgr.com link indicates that there are many exploratory efforts to create a layer between your data and the apps so that you can still install the apps, but feed it fake info rather than your actual personal data. What a round about way to circumvent a shortcoming in the OS, and as far as I know, none of the efforts have yet led to a product that has been reported as ready for public consumption.

    @Hook: My. Gosh. Thank you for that info, Hook. I ran into info that Apps Ops was incorporated into Android, but never would have imagined that they would remove it. After seeing your post, some googling turned up the info in your post. I recall encountering them in the past, before I had any grasp of how the OSs work and what are the important features to pay attention to.

    I still believe that Android is the way to go simply because I don't want to carry around my (separate) FM radio. But I need a better feel (from crowd surfing!) for whether the OS actually enforces the protection of PIM data. If you allow an app installation because it professes not to access your contacts or notes, does Android actually ensure that it does not?

    Apart from that, I've also had some time to reflect on the discussion in my other thread. The next point will diffuse the focus of this thread, but I hope it will not cause this thread to close and get redirected to the other thread; the conversation there covers too many factors. The next point is ISP-ware, which is quite plausibly baked into the ROM. I don't feel like rooting the device as a beginner in order to burn in new ROM and avoid ISP-ware, so I was going to buy the relatively cheap Moto G from some ISP-neutral shop somewhere. A shame, since I have quite bit of tab built up with the ISP. Does this seem sensible, or is there some consideration that I've overlooked which makes my decision to be excessive for the aim (avoidance of ISPware)?
     
  3. Hook

    Hook Have keyboard, will travel

    Messages:
    20,213
    Likes Received:
    13,443
    Trophy Points:
    288
    My recommendation would be to get the Moto G from Google Play. They are a good price and, like Nexuses, have no carrierware on them.
     
    scjjtt likes this.
  4. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,497
    Likes Received:
    21,478
    Trophy Points:
    288
    tend to agree with Hook; you can find it in the Devices section (left-hand side) of the Play Store; in the subsequent page, the 8Gb and 16Gb models are toward the bottom of the page (for $20 more American, I'd get the 16Gb model).

    good luck with it
     
  5. GoodPDAuser

    GoodPDAuser Mobile Deity

    Messages:
    141
    Likes Received:
    23
    Trophy Points:
    23
    OK, thanks, looks like I'm forgoing my positive tab with the ISP.

    Can anyone comment authoritatively on the outstanding biggy, whether the OS is well built enough to actually prevent apps from accessing data that it doesn't profess to access at install time?
     
  6. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,497
    Likes Received:
    21,478
    Trophy Points:
    288
    … pure speculation follows…

    If an app wasn't vetted adequately then the OS would not "compare what the app said against what it's trying to do" I don't think.
    <speculation OFF>
    If the permissions of an app change with an upgrade to an existing, installed app, it's up to the user to decide whether or not to upgrade.

    Sorry, not authoritative, and I've never done the necessary research to provide references which might help.
     
  7. Hook

    Hook Have keyboard, will travel

    Messages:
    20,213
    Likes Received:
    13,443
    Trophy Points:
    288
    Though not claiming authority, the answer is a qualified yes. Android is Linux, more or less. It absolutely has a permission system that is quite robust. The qualification is always around whether everyone is playing by the rules. The Play Store lets you know what permissions are being asked for, including when they change (though you have to dig a bit to get details these days)and you have to approve. Those permissions are also listed under settings, apps (click the app for info) so you can review them later. If you don't like the permissions, uninstall the app. Apps have all and only the permissions they are given if they come from the Play Store. The robustness of the Linux-based permission system is what allowed apps ops to work (it still does if you are rooted).
     
    RickAgresta likes this.
  8. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Messages:
    23,902
    Likes Received:
    10,084
    Trophy Points:
    288
    I believe that Hook's reply is also further proof of the importance of only downloading from a reputable source.
     
    Hook, RickAgresta and headcronie like this.
  9. GoodPDAuser

    GoodPDAuser Mobile Deity

    Messages:
    141
    Likes Received:
    23
    Trophy Points:
    23
    Thank you for your input to the question of how enforceable the permissions are. I think my way ahead is clear. Then again, I've thought that before. This time, however, I'm sure.
     
  10. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Messages:
    23,902
    Likes Received:
    10,084
    Trophy Points:
    288
    Good luck and keep us posted.
     
Loading...

Share This Page