personal information and mobile apps

As a taste of things to come, consider the position in Oztraya. The government there abolished free speech (Section 18C of the Race Discrimination Act 1975) and is now seeking bipartisan support for legislation to force Internet Service Providers to capture all metadata (date,time,person or web address that the call went to, etc) for every call and store it for two years; and give the security services access to the data on demand. Big Brother is here, folks. Makes the people collecting your data just for sales promotions seem quite benign.

Just FYI, it’s customary to include an article link when you start a comment thread on columns and staff reports:

What personal information can mobile apps get from you, and why do they want it?
Concerns about governments getting the information certainly adds to the mix in this post-Snowden era, yes.

I found the answer a little lacking, and way too eager to blame the moneycounters.

That’s not to say that a lot of apps aren’t written by jerks who want to scrape every bit of info out there they can, but a lot of times apps have a bunch of crazy permissions because permission categories can be very broad.

Any app that has some sort of social aspect might reasonably want access to your contact list to make importing contacts easier. It also might want permission for internet access for the function of the app itself, or to show ads, or whatever.

That doesn’t mean the app is going to take your contacts and upload them to some server out there, but it could.

Also, I looked up the History Channel app on the Google Play store, and the permissions list doesn’t look anything like what the questioner was asking. Nothing about camera access at all, no pictures either, though there is an “able to use storage” permission. Also nothing about phone records, but there is the generic “Phone status and identity” option, which I see in almost every app, and I believe is the basic “app need to know if someone’s trying to call when you’re using it” permission.

Android’s permission list approach has some serious issues. It’s confusing and it’s hard to tell what is being requested. It’s also an all or none approach. If you don’t consent to the entire list, you don’t get the app.

Sometimes requests that look omnimous are benign once you understand them. Access to my camera and photos? Sure, if this app allows you to post photos or take pictures and post them to the sight, it needs the access. Maybe the app allows you to edit pictures or paste them into documents.

I remember the alarm when Facebook Messanger came out. It wants permission to access my Facebook account? It wants to access my contacts? It wants to access my camera? Of couse! You want to send messages to people your address book. You want to send pictures. Your Messanger account is your facebook account.

i like the iOS approach a bit better. Permission is requested as needed. You want to send a picture? The app asks you at that time. Ah, of course the app wants access to my camera! The only thing I’d like is to have the option of “Just this time” to the Yes/No choices. You can always go to settings and remove permission, but that’s a bit complex. The problem is once I grant permission to my photos so I can post one picture, the app has permission to access all of my photos from then on.

Cecil ends with " but at least the Speaker of the House isn’t looking at pictures of your boner."

Hmmm …not sure how he can be sure of that. After all, the current Speaker is John Boehner!

If he was, it would just seem, well, appropriate.

For Android, there are some limited privacy apps that try to give the user control over other apps permissions, but they don’t seem to generally work.

Right now the two best options are to root your Android device. Then you can run XPrivacy to take back access control. If, even better, run Cyanogenmod OS, which has a built-in Privacy Control guard that you can use.

In any case, one really great strategy is to halt installation of any app that requires weird permissions.

But since so many people have no clue about privacy needs, the app writers won’t even notice the loss of customers.

It reminds me of those “Candy bar for your password?” surveys. Humans are the weakest link in security.

But, what are weird permissions? An app might ask for access to my camera and microphone. That’s pretty weird. With those two permissions, the app could spy on me everywhere! But, what if the app allows me to send pictures and voice messages? Yes, such an app needs access to my phone and microphone. Maybe not so weird after all.

I am a highly technical person, and I found Android’s permissions absolutely scary and almost unreadable. Each app seemed to need a half dozen or so cryptic permissions. I could barely figure it out. It’s like those end user and privacy policy agreements that spawn everywhere. The iPhone recently spewed at me a 12 page license agreement, and all I was doing was upgrading to the next patch release. Do you think I have any inkling what it said? For all I know, I just agreed to mow Tim Cook’s lawn on alternate Sundays.

That gets trickier all the time. Give out your email account and password? NEVER! Except of course, I want that spam filtering service. Allow apps to post on my Facebook or Twitter account? A lot of people use tools like HootSuite to help them control their social media accounts. However, to use HootSuite, you need to grant it almost complete access to your accounts.

Mr. Anthony Noto, the CFO of Twitter had his account hacked today. So far, no word what happened. Was it a poisoned link that granted the spammer access to the account? Or, did Mr. Noto get his password stolen? No word yet.

However, if the highest officials at Twitter can’t figure out how to keep their Twitter account safe, it doesn’t seem to say that we, the masses of users, have much hope.

om·ni·mous, adj., “all-foreboding”
Powers &8^]