

Android Apps, Spyware, & Marketing - volomike

I want to see the Android OS succeed, and am learning how to develop Android apps with PhoneGap, but there's a glaring hole that needs fixing. It seems to me that developers can use it for marketing or malicious intent.<p>- Imagine a free and fun soundboard app for some movie star you like, such as Christopher Walken. You install the app, but it says it needs access to your contact information. A naive user may just shrug their shoulders and click OK on that permission request during installation. But then within 24 hours, they start receiving spam email, direct mail, and even telemarketing calls to their home phone and even their mobile phone. And why? Well, they opted in, but they didn't know what they were opting in for.<p>- Next, imagine that same app, but oddly it needs permission to your microphone or camera and without telling you why. When you install it and use it, the thing remotely spies on you for criminal purposes.<p>Google, we really need to fix this by separating those kinds of apps out in the marketplace from the rest, and by making it crystal clear to users why this information would be used if they opt in for it. It's not an easy thing to fix if we want a surge of app growth. However, if this thing hits the nightly news with an expose on how completely exposed we are to opt-in marketing and malicious apps that spy on us remotely through the camera or microphone -- it's going to kill Android for a good long time.<p>So, Google, let's fix this before it hits the evening news.
======
volomike
I don't know why this is not being responded to. It is evidently very
important. Would it help if I shared a university study that focused on the
Android?

<http://www.appanalysis.org/>

It states, and I quote: "Using TaintDroid, we studied 30 popular Android
applications that use location, camera, microphone data. We found that 15 send
users' location information to remote advertisement or analytics servers.
However, none of the fifteen applications mentions such data collection
practice in the user license agreements, if present at all." Yikes!!!

------
volomike
Bruce Schneier and others have commented on this problem recently as well:

[http://www.schneier.com/blog/archives/2010/08/eavesdropping_...](http://www.schneier.com/blog/archives/2010/08/eavesdropping_s.html)

