{"id":251,"date":"2010-10-01T13:14:00","date_gmt":"2010-10-01T11:14:00","guid":{"rendered":"https:\/\/www.fussylogic.co.uk\/blog\/?p=251"},"modified":"2012-08-31T09:22:48","modified_gmt":"2012-08-31T08:22:48","slug":"android-applications-4","status":"publish","type":"post","link":"https:\/\/www.fussylogic.co.uk\/blog\/?p=251","title":{"rendered":"Android Applications"},"content":{"rendered":"<p>Paypal released an <a href=\"http:\/\/www.bestandroidappsreview.com\/2010\/08\/top-android-app-paypal-mobile.html\">Android app<\/a>.<\/p>\n<p>\u00e2\u20ac\u0153Great\u00e2\u20ac\u009d, thinks I, \u00e2\u20ac\u0153I\u00e2\u20ac\u2122ll install that\u00e2\u20ac\u009d. Here is the list of permissions that the paypal app \u00e2\u20ac\u0153requires\u00e2\u20ac\u009d:<\/p>\n<ul>\n<li>Your location, coarse and fine<\/li>\n<li>Full internet access<\/li>\n<li>Add or modify calendar events, send email to guests, read calendar events<\/li>\n<li>Read contact data<\/li>\n<li>Send Linux signals to applications<\/li>\n<li>Read phone state and identity<\/li>\n<\/ul>\n<p>You have got to be kidding me. There is no way I\u00e2\u20ac\u2122m giving an app that kind of access. I can accept that internet access is necessary; I can see that accessing my contacts would be useful to making payments to them (only just though); but it does not need calendar access, it does not need to know my phone\u00e2\u20ac\u2122s identity and why in the name of all that is holy does a paypal application need the ability to send low-level operating system signals to other applications? That one is even listed as a \u00e2\u20ac\u0153development\u00e2\u20ac\u009d permission. No way. Paypal need two things: my paypal account name and password. They do not need to know where I am, or my phone number.<\/p>\n<p>App vendors had better start getting the idea that they can\u00e2\u20ac\u2122t just arbitrarily grant themselves enormous access to my personal details because they happen to be stored on the same phone. The only way that vendors will learn this is if we all start vetoing apps that ask too much. App reviewers should be noting these things in their reviews \u00e2\u20ac\u201d are the permissions an app wants justified? What feature of an app uses each of those permissions?<\/p>\n<p>Ideally android would have a firewall-like facility for permissions so that I can install an app that wants all these permissions, but not actually grant them. Then, when the app calls the \u00e2\u20ac\u0153I\u00e2\u20ac\u2122d like to know your IMEI number\u00e2\u20ac\u009d system call, it just gets \u00e2\u20ac\u01530000\u00e2\u20ac\u201c0000\u00e2\u20ac\u201c0000\u00e2\u20ac\u201c0000\u00e2\u20ac\u009d back instead. i.e.\u00c2\u00a0no error, just not the real data. \u00e2\u20ac\u0153Read contacts\u00e2\u20ac\u009d would return \u00e2\u20ac\u01530 contacts found\u00e2\u20ac\u009d. Until then, reviewers should do their duty and publicly shame these overly invasive applications.<\/p>\n<p>Until then, Android owners should outright reject the installation of any application that has unjustified permissions.<\/p>\n<p>Update: <a href=\"http:\/\/arstechnica.com\/security\/news\/2010\/09\/some-android-apps-found-to-covertly-send-gps-data-to-advertisers.ars\">Colour me not in the least surprised<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Paypal released an Android app. \u00e2\u20ac\u0153Great\u00e2\u20ac\u009d, thinks I, \u00e2\u20ac\u0153I\u00e2\u20ac\u2122ll install that\u00e2\u20ac\u009d. Here is the list of permissions that the paypal app \u00e2\u20ac\u0153requires\u00e2\u20ac\u009d: Your location, coarse and fine Full internet access Add or modify calendar events, send email to guests, read calendar events Read contact data Send Linux signals to applications Read phone state and identity\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.fussylogic.co.uk\/blog\/?p=251\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[9,6],"_links":{"self":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/251"}],"collection":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=251"}],"version-history":[{"count":4,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/251\/revisions"}],"predecessor-version":[{"id":576,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/251\/revisions\/576"}],"wp:attachment":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}