
Some Android apps caught covertly sending GPS data to advertisers - lotusleaf1987
http://arstechnica.com/security/news/2010/09/some-android-apps-found-to-covertly-send-gps-data-to-advertisers.ars
======
poundy
I don't understand technology behind app approval, code review, etc. But,
would this happen in the iOS app store? Given their more stringent approval
process?

~~~
ergo98
An application in the Apple app store purported to be a flashlight app but was
actually a tethering application: There was no secret binary obfuscation or
amazing hacking, it just simply said "I am A" while actually being B. That
should give insight into the depth of analysis that occurs with Apple's
curation: they are concerned about functionality overlap and other high level
things, and there are zero guarantees that the application does what it says
it does.

On Android there are very granular permissions, and an application cannot do
anything -- like getting your coarse or fine position -- that it wasn't
specifically granted rights to, however like the article mentions it's hardly
difficult to social engineer an explanation for why the right should exist.
And of course, sometimes benign apps do need far reaching rights in a way that
causes user security fatigue. Barcode Scanner, for instance, scans barcodes
and looks up products, yet on install it demands -- all or nothing -- that it
have access to your contacts. That concerned me greatly, but I later learned
that it can also generate barcodes for your contacts.

Android security can be improved. For instance apps should have _optional_
right requests. I would say no to contacts on Barcode Scanner, for instance,
and it should live without that right, just as I would say "no" to a game
where I don't use geolocation matching for if it wants positional data. There
should also be the option for an "on use" right setting, where, for instance,
whenever it asks for my fine position I have to individually grant that right,
which is the one thing that iOS does right.

This is ultimately simply an installer issue -- the reality is that apps
already can probe to see if a given right is available, and can enable/disable
functionality based upon it. All that is needed is for the installer to
provide the boolean.

Overall, though, I feel far more secure with the granular permissions model of
Android than with the all-or-nothing (aside from fine position) iOS model.

~~~
StavrosK
I don't have an Android device, but what you describe is half-way to a
fantastic OS. If each application could specify some text for a permission,
the installer could then display it to the user ("This application wants to
access your contacts for the following reason: Generating barcodes for
contacts") and the user could check/uncheck what he wanted.

Obviously, almost everyone would just press "accept" all the time, but users
could become more and more educated about security (it's not that hard to
grasp that an app needs access to contacts), and that security model would
possibly be the best of both worlds.

------
meelash
Here is the actual research paper that this news story is based on:
<http://appanalysis.org/tdroid10.pdf>

Also addressing the point by ergo98
<http://news.ycombinator.com/item?id=1744151>, a single anecdote does not a
convincing argument make. iOS's approval process has a number of explicitly
stated goals, one of which is preventing what is happening in this case. So
mentioning one app that happened to sneak by the approval process for a short
amount of time is meaningless for drawing any real conclusions.

In general, having all the permissions of an app determined at install time
seems very flawed to me (whether or not those permissions are optional). Why
not ask for permission, when necessary, during the app use, so the user knows
exactly what is requiring those permissions? That model is used by desktop
apps, and it is the way I would implement it. The up-front permissions model
is like sites that ask for your email first before they allow you to read
their content- generally scams.

~~~
ergo98
>Also addressing the point by ergo98

The reply button is available for your convenience.

>a single anecdote does not a convincing argument make

It isn't an anecdote.

People submit binaries to Apple, and they either do static and dynamic code
analysis, or they don't. I have _never_ heard about them rejecting an
application based upon such analysis, and in this case we know that it was an
incredible deviation from the stated purpose.

But let's assume they do start doing such analysis -- because they have such a
limited runtime security check, to circumvent it is trivial obfuscation. Of
course developers needn't even bother with that.

The reality is that we have no frigging clue what apps in the App Store are
doing -- Android is an open enough, transparent enough ecosystem that it is an
easy, obvious target for researchers.

No one, to my knowledge, is doing similar analysis of the iOS market.

~~~
meelash
If I understand your point correctly, it can be summarized as "Applications
are probably doing whatever the heck they want on iOS too, we just don't know
about it." If that's not your general idea, please correct me. There are at
least two problems with this statement:

1) You are contending that Apple is in an equally powerless position to
prevent apps from deviating from stated purposes. Yet even the app in the
anecdote you brought as an illustrative example has been removed by Apple. If
any other iOS app was found to be in violation by anyone, and Apple found out
about it, it could be removed immediately. In contrast, the apps tested in
this research paper will likely still be in the Android marketplace one year
from now, and because people don't read the news, they will likely be as
popular.

2) I don't think it's really that difficult to do similar analysis on the iOS
market at all. Just connect to the internet via a router with some kind of
packet sniffing. Obviously, until someone actually does it, we're just
guessing- you're guessing that apps on iOS are just as bad, and I'm guessing
otherwise- but to blame the lack of information on iOS not being transparent
enough for researchers doesn't seem accurate.

~~~
ergo98
"If I understand your point correctly"

You don't.

"You are contending that Apple is in an equally powerless position"

No, I'm not.

"Yet even the app in the anecdote"

It isn't an anecdote.

------
gte910h
And what about the web sites which essentially do the same? Geo IP....

------
sixwing
This is exactly the reason I'm loving the Privacy Advisor feature in the beta
of Lookout's premium product.

