Too Paranoid Android?

[zuer-coli]

[Mods, I’m putting this in MPSIMS because this is mostly a rant. However if you think the pit would be a better place, please move.]

There seems to be a whole lot of Android Apps that want access to your camera or address book. The ostensible purpose of the App doesn’t seem to require such access.

I did learn that you do not have to give those permissions, although the app might not work correctly. I also learned that not all Apps ask for permissions, but I can’t say if this is true or if it is just the overworked imagination of some folk.

Here is where my own paranoia comes in, before I learned any of this, I put small pieces of black Electrical Tape over the camera the faces toward the user, on my phone I made a little opaque shutter that I can move if I want to use the camera. Slips between the protective case and the phone.

I have read enough to know why the App maker might want your address list. I guess this irks me as much as anything about Android App makers. Now to be fair, I choose to install these Apps and it’s also fair to say that I should have explored the ramifications of granting various permissions.

I will note that there are various places that detail how to cancel or lock permissions. So, there are ways to deal with the various issues and I am working on implementing some of those.

While I would be both ignorant and stupid to claim that I have learned a great deal about this issue, I do think I have enough to proceed. There is undoubtedly much more to learn about this issue.

However since this is more of a rant than anything else, I don’t think I have more to say.

To those who read without commenting, thank you.

To those who choose to take the time to comment, thank you.

Zuer-coli

[sevenwood]

I’m always concerned when an Android app wants access to my address book, and it’s often a reason for my not finishing installation of that app.

Other things, like the camera or notifications such as incoming email, I assume that the app wants to know when something else happens on your device so that it can go into sleep/shutdown mode when it’s about to lose the device’s focus.

I’m not always right - I just make assumptions.

[Senegoid]

I share zuer-coli’s paranoia. I don’t even have a smart phone, but I have a laptop with a camera. I’ve taped over it. And I NEVER put ANY contacts in my address book.

My real address book consists of a little spiral-bound notebook in which I write names, addresses, and phones and e-addresses of interest. Any apps that want to read my electronic address book so they can sell all my friends to all the spammers of the world, be my guest.

[Beckdawrek]

Why are you covering camera? Is this something I need to know?

[Senegoid]

I’m camera shy.

[Senegoid]

Actually — it’s because of the stories one reads from time to time of mal-ware that gets into your computer or smart phone that turns the camera on and sends images to some-unknown-place you might not want. They can collect images of you in private, or images of your home or bedroom showing if you have anything a burgler might like to take, or by government agencies to spy on you — whatever you can imagine.

That kind of mal-ware can also turn on the microphone and eavesdrop on you. That’s a bit harder to control, as you’d have to dig into your mochine and cut some wires.

There was a case a few years ago that made a lot of headlines — a school had issued laptops to all its students. They had put an app on those laptops whereby school administrators could, remotely, turn on the camera and spy on those students in the privacy of their homes. They claimed that the purpose was to locate and recover stolen laptops, and IIRC they did recover a few this way. But they also got pics of students in various stages of undress in the (supposedly) privacy of their bedrooms. It blew up into a big scandal.

[Senegoid]

ETA: Link to Wikipedia page about the school that surreptitiously spied on students in their homes via remotely controlled cameras on their laptops:

Robbins v. Lower Merion School District

The apps also eavesdropped on their chat logs and records of web sites they visited.

Unrelated article from Christian Science Monitor:
Why you should cover your webcam

A man in California pleaded guilty last year to charges that he hacked into the computers of young women and used their webcams to take nude photos for an extortion scheme. Jared Abrahams, who will be sentenced in March, used malicious software to turn on the built-in cameras remotely.

Most laptops protect against such intrusions with small lights that go on whenever the camera is in use. However, new research from Johns Hopkins University in Baltimore shows that clever hackers can disable the indicator light on some computers, leaving people unaware that their webcam may be recording.

This raises new questions about how best to protect your privacy not only from what you do online but also what you do at home.

[Chronos]

What gets me, is the app for the local transit company (the same company makes an equivalent app for many other cities’ transit systems; I assume they’re all the same under the hood with slightly different skins). It asks for every permission conceivable, except one. Now, I can understand it asking for, for instance, GPS location: That’s so the user can ask “How can I get from here to Public Square?”, or the like. But why on Earth would it want to use the camera, or my contacts?

The kicker, though, is the one permission that it doesn’t ask for: In-app purchases. The primary purpose of this app is to be able to buy fares, so it’s going to need to be able to get financial information somehow. I could either do my financial transactions through Google or my phone company, which I already know, and trust to do it competently, or I can deal with some company I’d never heard of, and which has God-knows-what security set up for their credit card database. Tell me again why I should choose the latter?

It’s sometimes said that, if you’re not the customer, you’re the product. Well, here, it looks like even though you are the customer, you’re still the product.