
You can't trust Amazon Underground - dajbelshaw
http://discours.es/2016/you-cant-trust-amazon-underground
======
Anon1096
I have Xprivacy and Cyanogenmod's privacy guard, and also use the Amazon
Underground store and apps. I can tell you that with location, contacts, and
most other permissions blocked the apps work just fine. So whatever the author
did to get this result, it isn't from blocking permissions.

It also seems strange that someone who cares so much about his privacy doesn't
have xposed with Xprivacy, because then he could have spoofed the data instead
of having to block it all together.

~~~
mtgx
Using Xprivacy probably means you're giving up a significant portion of your
security for increased privacy. When you are rooted and your bootloader is
unlocked you're more exposed to hacking and malware. Also, last I heard the
most popular root application by far (SuperSU) was silently acquired by a
Chinese company.

I'm not saying you shouldn't use Xprivacy or other root-enabled apps, though,
as some are very useful and it may be the only way to get Google to build in
some of those features eventually, but just be aware of the trade-off you're
making.

~~~
xorcist
I thought "rooted" in the Android sense just meant that you had sudo
installed.

Why would malware be helped by having sudo installed? A privilege escalation
attack has no use for it, unless you think there are security holes in sudo.
Has there been or do you have reason to believe there are?

I heard these statements before and I'm never sure what to make of it. For a
casual user, the possibility to click yes to a sudo dialog is a code path to
disaster, but as these things need to be flashed specifically (which is a big
hurdle in itself) I'm not sure how big problem it is in practice.

------
nameoda
Amazon Underground pays the app developer for the duration of usage of the
app, and so needs to track how long you are using the app for. Perhaps it
needs data tracking enabled to identify the duration of usage?

~~~
GavinMcG
Did you read the screenshot? That's exactly what Amazon says it needs data
tracking for.

(For those who haven't read the article: The author only discovered this
because they have CyanogenMod and a permissions blocker installed and in use.
Most people wouldn't be told they were being tracked.)

~~~
kevb
It's actually just a setting in the Amazon Underground app to disable tracking
of apps. The "actually free" apps require the setting enabled. He disabled it
and it's telling him that. The CyanogenMod/Privacy Guard/Location stuff is all
unrelated.

------
victorhooi
What is the fear here?

I'm not talking about shady apps you downloaded off some dodgy pirated Android
app store, or apps where you agree to this sort of tracking so you get free
apps (e.g. Amazon Underground, which the author is using).

I mean - official apps such as Twitter, Snapchat, or say Microsoft or Google
applications.

Can anybody quantify what they are scared of, if an app tracks how often you
use it, or collects anonymised metrics?

~~~
eps
"Scared"?

Will I be "scared" if a guest at my house is live-streaming his stay to the
Internet without my knowledge or approval? Hell, no. I'll be _pissed_.

Now, that's _exactly_ naive, careless and fundamentally ignorant comment that
the erosion of privacy is all about. You seem to genuienly think that tracking
is not just acceptable, but a norm in some situatioons.

Not just several years ago if an OS or an app phoned home it was a scandal. It
was commonly accepted that your gadget was yours, and anything running on it
was a guest that had to follow some decency and basic etiquette norms. Theh,
the push started - can we report this, just once? Can we report that, weekly?
We'll call it a "telemetry", it's less scary that way. Perhaps you are getting
tired of pushing OK, shall we do it automatically? OK, so we'll now just
default to automatic. and make it hard to disable. Heck, we'll just build it
in, because nobody now seems to be giving a fuck anyway.

But here's the best part - we now even have users _who are campaigning on our
behalf_ to not give a fuck. That's just grand.

~~~
victorhooi
Yes, but you avoided my question - what exactly is the fear here?

As in, is there a particular type of data, or information about your app usage
that you don't want developers having access to?

I worked at a trading company before, and one of the reasons we pushed out
telemetry was due to user's feature requests - users would request features,
and we wanted to see if they were actually using them, so that we could
prioritise developer time accordingly.

That is a concrete example of how this data is _useful_.

I am curious about any concrete examples from the other side.

~~~
thetmkay
Why does it have to be fear, rather than preference?

Maybe there's no data you're _afraid_ of leaking, but you would _prefer_ never
to leak that data. It's a consumer choice - the problem here is lack of
transparency/information to the consumer.

The cultural standard is what we accept to be appropriate - do we want to
accept a cultural standard of everything you use is tracked and logged by
default?

~~~
victorhooi
If that's your preference, then you are free to _not_ use those webapps, or
mobile apps - why would yo use Gmail, or Instagram, or Twitter, or Facebook,
if you were worried about your data being held by a third party?

We shouldn't automatically assume people are stupid, or that they are being
"duped".

There are numerous advantages to using a cloud-hosted service - if you tried
to replicate Gmail or Dropbox, to the same level of reliability, performance
and sharing features - the engineering effort alone would probably stump many
of us.

Once again - is there a concrete fear here from application developers knowing
how we use their applications? And is it one that we think people are somehow
unaware of?

~~~
darklajid
You asked for fear three times in a row. People tried to make you understand
that 'fear' isn't the problem. I'm not sure how to state it more clearly:
"It's not fear"

You presented a very weird case to begin with by implying that the reason
people wouldn't want to be tracked is 'fear'. Why?

Maybe you're really just saying "Okay, ignoring all the other reasons why you
might not like tracking: Are there any inherent flaws in tracking/something we
can do to make this more trustworthy", but right now I feel as if you're
presenting a weird "Either you consent to us tracking you or you fear
something (specific)" choice.

~~~
victorhooi
Well, if it's not fear, is there another reason you don't want application or
webapp developers tracking your usage of their services?

I mean, isn't the whole _point_ of these services that you store your data
remotely on their services?

Why would you voluntarily choose to use something like Gmail, Instagram,
Twitter, Dropbox etc, if you were concerned about the company in question or
didn't trust them?

There are companies I _won 't_ use, precisely because of concerns like this
(e.g. Sony, Lenovo) - but if somebody chooses to use a service, it's probably
because the benefits of that service outweigh the "costs" to them.

In the case of Amazon Underground, which is the subject of the OP, I think
it's a bit disingenuous to say, oh gee, I want free paid apps, but I don't
want to allow Amazon to track my usage....which is sort of how the app
developers get re-compensated.

Assuming you have voluntarily chosen to use a webapp or mobile app what are
the key objections around those developers collecting telemetry data from you?

------
xorcist
There is a desktop client for Play store called Racoon. When I used my phone
for several years without a Google account, from time to time I would need
some app (for taxes, bankning, public transport, whatever) that was
distributed via the Play Store exclusively, but I had no problem downloading
that APK using Racoon and installing it separately. You don't get notified of
updates, and updating is a manual process, but for for a single user that
wants to avoid the Google services it's workable.

~~~
smt88
> _You don 't get notified of updates, and updating is a manual process_

That's a lot of extra work, but it's also a huge security problem. Is it
really worth the extra privacy? After all, you can't really hide yourself from
Google because they index the entire web and public databases and your
friends' emails...

~~~
xorcist
That's the question. I think it depends on why you didn't want to install the
Google Services in the first place. I mostly didn't want the remote wipe and
remote code execution privileges the Google Services come with. It wasn't
primarily a question of privacy as such.

I doubt the security problems are huge. Most userland apps run as a dedicated
user. Security problems with the Google Services are potentially much more
serious.

~~~
smt88
> _I doubt the security problems are huge. Most userland apps run as a
> dedicated user._

There are tons of security holes that aren't prevented by running under
separate users. I remember examples where sensitive data was being stored in
the clear, where other apps could get to it.

------
13of40
Web apps know when and how often you use them, too. As long as Amazon
Underground tells you in its TOS I don't see a lot of difference.

~~~
gruez
Yeah, but do web apps lock you out if you deny their location requests?

~~~
terinjokes
I've attempted to use a couple that have done so.

------
seanwilson
So the Amazon Underground tracking requires location tracking as well? If it
was just usage tracking I don't see an issue with it seeing as Amazon
Underground is meant to be optional and you get free apps in return.

~~~
taneem
No it does not. It only requires usage tracking to pay the developer for time
used.

~~~
detaro
So what is "data tracking"/"usage tracking" and how is it turned off/blocked
on the authors device? As far as I know Cyanogenmod only blocks some APIs like
location, contacts

~~~
BrandonSmith
Any application can request the permission to track certain Android app
lifecycle events. In this case, when an app gains and loses foreground focus.

Data and location API access are separate permissions. But if all three are
obtained, fairly detailed correlations can be made.

Although I don't know much about Cyanogenmod, it is likely it enables global
toggles for the app lifecycle permission.

------
pmarini01
Replace Amazon Underground crapp with the regular Amazon Appstore:
[http://www.apkmirror.com/apk/amazon-mobile-
llc/appstore/](http://www.apkmirror.com/apk/amazon-mobile-llc/appstore/)

Disable "Collect App Usage Data" from settings, install apps, enjoy.

~~~
huac
does the regular Amazon Appstore have 'free' paid apps?

------
venomsnake
Can't you feed it fake data?

------
mesozoic
If you actually research it at all they're very clear that they track users
time spent in each app as that is how they pay developers.

------
enig_matic7
This happened to one of my mates: 1\. Ordered some stuff from Amazon using Tor
2\. Amazon tracked the change in IP 3\. Amazon automatically cancelled the
orders and sent a password reset email saying his account may have been
compromised

~~~
anc84
Sounds like bad OPSec. If he used his normal account via Tor he identified
himself towards Amazon. Amazon checking against a list of Tor exit nodes and
warning customers is a good thing. I say that as a Tor lover.

------
dovdov
Free has a price.

------
j4kp07
It's a FREE app. If you don't like it, don't agree to the terms and quit using
the app.

~~~
dajbelshaw
Indeed, and that's the case with everything - Google, Facebook, Twitter, etc.

I get it.

My point in this post is that I (who am interested in privacy and rights
online) didn't realise what was going on, how is Joe Average going to know?

~~~
iainmerrick
Amazon aren't being particularly underhand here; a tiny bit of googling will
explain how Underground relies on app usage tracking ( _not_ location
tracking).

I agree that "Joe Average" may not question the free lunch, and that's a
problem, but it's exactly the same problem as existing free apps like Gmail,
Facebook, etc.

If you're a technical person with an interest in privacy issues, you need to
pay a bit more attention.

~~~
dajbelshaw
Cheers. :)

------
peteretep
I love that Apple is run by a man whose pretty vanilla personal life would get
him harassed by the security apparatus of lots of countries -- it really gives
me faith that Apple make a good faith best-effort to protect user privacy in
their walled gardens.

