

PrivacyGrade: Grading the Privacy of Smartphone Apps - guardian5x
http://privacygrade.org/

======
dobbsbob
How did WhatsApp receive an A rating when it can access your mic and camera to
record without confirmation?

~~~
cryptolect
Considering the functionality that wasn't reviewed, I don't think it should be
advertised as "A".

It might be "A" for the expected permissions, but if there's extra permissions
which haven't been investigated, these should be marked down until explained.
This would encourage app owners to work with whoever maintains the database to
get accurate ratings. If Whatsapp is an A today, there's no incentive for the
developers to justify / assist with anything unexplained permissions
remaining.

In it's current state, if it's awarding A scores while significant permissions
are unexplained, it doesn't help the end user.

------
mediaserf
Facebook gets an A? All the egregious permissions say "Not analyzed yet". In
cases where permissions aren't analyzed the grade should at least be marked as
tentative / incomplete.

~~~
Eye_of_Mordor
If trust is earned then they should all be graded 'D' until shown otherwise.

------
AdmiralAsshat
I don't see any information about how information is communicated between my
phone and the app's servers. To me, that's a pretty big privacy concern. If
Pulse, for instance, is connected to my LinkedIn account, are my credentials
for authenticating with the app being sent over plaintext?

I suppose the above is more of a "security" concern than a "privacy" concern,
but I think they are ultimately one and the same.

------
Brakenshire
Seems to be based on 'does this app have an apparently plausible reason for
requesting the permission?' but nothing beyond that. Some app might introduce
some incidental feature that requires access to browsing history, that doesn't
justify giving it that permission.

Anyway, it's an impressive website, good to see new work being done in this
area. Access to smartphone data is a wild west at the moment.

------
Kapow2112
I think this just highlights a problem with app permissions. Why should the
Kindle app (
[http://privacygrade.org/apps/com.amazon.kindle.html](http://privacygrade.org/apps/com.amazon.kindle.html)
) require phone status and identity? (Also how is "not analyzed yet" helpful?)

~~~
Kapow2112
Even worse, why can Skype (
[http://privacygrade.org/apps/com.skype.raider.html](http://privacygrade.org/apps/com.skype.raider.html)
) read my text messages when I definitely never want to use the feature?

------
Eye_of_Mordor
Anything that can read my contacts should automatically be a 'D' in my
opinion. Take pictures and access the internet - that's a 'D' too. I know this
site is measuring the difference to people's expectations, but privacy needs
to be re-framed once you have an out of control government in the mix.

~~~
jmnicolas
Given your username I find it a bit ironic that you're talking about "an out
of control government" :-)

------
thrush
Is this Android only?

