

Amazon App Store's Free App of the Day is Perceived As Probable Spyware - wallflower
http://www.amazon.com/gp/product/B005SJTLUS?ie=UTF8&ref=mas_faad

======
EponymousCoward
Here's another scenario: idiotic developers ask for a boatload of permissions
"just in case" and don't realize how sketchy it looks.

~~~
dlikhten
Yea, Or they knew about the free app of the day and made a special farming one
that's essentially the ad version minus displayed ads.

I find it crazy the permissions required even from paid apps. And of course
amazon does not tell you them until AFTER you bought and downloaded the app.

~~~
newobj
Right from the technical details on that page (scroll about 1/3 of the way
down):

"Application Permissions: (Help me understand what permissions mean) Read only
access to phone state. Get information about the currently or recently running
tasks: a thumbnail representation of the tasks, what activities are running in
it, etc. Write to external storage. Open network sockets. Access information
about networks."

------
skymt
From Devolver's Twitter:

> SS: Kamikaze Attack is being updated on the Amazon App Store. There was a
> remnant permission from testing that is unused & will be removed.

[https://mobile.twitter.com/devolverdigital/status/1415672294...](https://mobile.twitter.com/devolverdigital/status/141567229450924032)

~~~
ldar15
Unfortunately, this is exactly what a phisher would say too, so it rightfully
has no effect on the discussion.

------
7rurl
Hmm. The Android Market page for this app has mostly positive reviews with no
mention of spyware that I could see:

<https://market.android.com/details?id=com.devolver.sska>

Also I found mentions of this game on various Serious Sam web sites and wikis,
so it appears to be a legitimate game.

Is it possible the Amazon version of the app has been modified and has had
spyware added to it?

Edit: Actually, the Android Market page lists the permissions and it lists the
"RETRIEVE RUNNING APPLICATIONS" permission there too. I'm guessing this is a
case of "app asks for more permissions than it needs" and "Amazon reviewers
flip out for no reason". Still, I don't plan on installing it on my phone.

~~~
ceejayoz
> I'm guessing this is a case of "app asks for more permissions than it needs"
> and "Amazon reviewers flip out for no reason".

Wouldn't that be "Amazon reviewers flip out because app asks for more
permissions than it needs"?

------
swasheck
In the site meta description: "The single greatest video game publisher and
production company ever created. Offices in Austin, TX and somewhere cool in
England."

Site Title: "Super Official Website"

They sound legit. Esp. with the picture of the crackhead "helpline operator."

~~~
jrabone
I didn't recognise the name either but to be fair, Devolver are mentioned as a
partner on Croteam's website (the original Serious Sam developers).

------
eli
Looks more like an organized effort to beat up on this app in order to bring
attention to sketchy Android privacy controls in general.

I'm not defending the app author here, but I don't think all these people
spontaneously decided to give the app poor reviews for requesting seemingly
unneeded permissions.

------
steipete
Why? Because of "Get information about the currently or recently running
tasks: a thumbnail representation of the tasks, what activities are running in
it, etc."?

~~~
wallflower
Thanks. I updated the title. I think I impulsively posted this as a commentary
on app permissions in general. Android is notorious for the ominous but very
granular permissions. Apple is better but they still have that gaping security
hole where any app can read or write to your personal address book.

It appears GET_TASK may be used to prevent ad loading when the app is
backgrounded. Mobclix.

Also, it appears if I remove the Amazon App Store app, some apps simply refuse
to let you run them, asking for you to launch the Amazon App Store. I think
the Amazon released apps, some of them, may be phoning the mothership. I am
not yet concerned or paranoid enough to sniff the net traffic with a proxy.

------
winter_blue
An app review process where permissions asked for are reviewed and approved
before releasing them on the App store might help fix this.

Apps that require little or no permissions could skip the review process and
go straight into the market.

~~~
bdonlan
Apps are reviewed; apparently not in too much detail, though.

