
Things overheard on the WiFi from my Android smartphone - akent
http://www.freedom-to-tinker.com/blog/dwallach/things-overheard-wifi-my-android-smartphone
======
wallflower
I don't care that much about the GPS function since that is usually sent over
3G/4G (which in theory is harder to sniff).

But the apps that request access to your Contacts? I wanted to install an
application recently (some recipe thing that had good UX) but it requested
READ_CONTACTS. So I balked and didn't install it.

Why did a recipe app need access to my Contacts? To be fair, all of your iOS
Contacts are wide-open to any SDK app (they never bothered to lock it down
like GPS).

I think the real solution is something like LittleSnitch for Droid. It would
have to be installed as a Root process though on a rooted phone.

[http://developer.android.com/reference/android/Manifest.perm...](http://developer.android.com/reference/android/Manifest.permission.html)

~~~
krobertson
In their case, it sounds like GPS was sent over wifi by the apps.

But the bigger thing is regarding why those apps need GPS coordinates. Much
like a recipe app needing contacts, and app that doesn't need to know my
location shouldn't be transmitting it.

~~~
nl
In the comments attached to that post the creator of ShopSavvy pointed out
that it is a local shopping app, that by design needs to know your location -
that's kind of the point of the app.

The reply was that he'd prefer to have options about the degree of accuracy
given to the app.

While I can see that argument, at the current point in time I think ShopSavvy
is doing the correct thing by it's users (ie, simplifying things, and removing
unnecessary options)

------
pnathan
What I found fascinating was the Mallory MITM 'testing' program.

<https://bitbucket.org/IntrepidusGroup/mallory>

[http://intrepidusgroup.com/insight/2010/12/mallory-and-me-
se...](http://intrepidusgroup.com/insight/2010/12/mallory-and-me-setting-up-a-
mobile-mallory-gateway/)

------
bitexploder
Hello. I am one of the main authors of Mallory, the tool used to perform the
MiTM in the linked blog post. I just updated our Mallory home page a bit
(<http://intrepidusgroup.com/insight/mallory/>) to be more helpful. If you
have any questions on running Mallory let me know.

Mallory does a lot of MiTM things and is primarily a testing tool we use to
break mobile applications. The best feature that is hard to find elsewhere is
live TCP stream pausing and editing.

We will be releasing a new version at SOURCE Boston next week that beats the
pants off of the current "stable" version in terms of usability (the new
version is the head on our bitbucket repo). :)

------
akent
Disturbing: "SoundHound and ShopSaavy transmit your fine GPS coordinates
whenever you make a request to them."

~~~
mhansen
Not that disturbing. They ask for these permissions when you install them.

~~~
akent
Sure. And I chose not to install because of that. But why do they need them?

SoundHound claim location information is "saved with your searches in History
to help you remember where you heard the song. This can be disabled under
Options."
[http://www.appbrain.com/app/soundhound/com.melodis.midomiMus...](http://www.appbrain.com/app/soundhound/com.melodis.midomiMusicIdentifier.freemium)

... which is a nice idea, but why does it need to transmit your coordinates
over the network?

~~~
dotBen
_But why do they need them?_ (warning, litteral answer ahead)

Because the makers of the app want to use location to obtain better quality
adverts for the financial return of their app. (or at least, their
agents/brokers who place the ads want to do that on their behalf).

If you are playing a game or an app with litte monetizable intention-
orientated behavior (eg a shoe shopping app would have shoe orientated
adverts) then you need to use something like location to at least get one
dimension of context.

If you don't want the GPS locations going up, perhaps you should buy the paid
version of the app (most do have a paid, no-ad version).

~~~
linhat
Maybe they use the location information to improve their service (i'm _really_
just imagining here). You hear a song somewhere, a club, a bus, wherever and
Soundhound is able to identify it. Somebody near you hears the same sound, but
Soundhound can't identify it, maybe it is to noisy, the sound to low, for
whatever reason they can't tell you what song it is, but they have the good
recognition from somebody close to you, so they might be able to narrow it
down... Again, just hypothetical, that's just what i would do from an
engineer's perspective, i'm almost sure, they are not doing anything fancy
like this.

~~~
wallflower
I thought this article in the NYTimes was interesting because it revealed that
music identification software companies have former talent scouts working to
identify new, trendy music before it goes mainstream.

[http://www.nytimes.com/2011/02/14/technology/14shazam.html?_...](http://www.nytimes.com/2011/02/14/technology/14shazam.html?_r=2&pagewanted=all)

