Android or Spydroid
 

"Some of the most popular apps written for Google's Android phones do not tell users what data they are gathering, says a study by US researchers."

continue reading here....

http://www.bbc.co.uk/news/technology-11443111

is it possible to have something like a firewall application working in background which can report all these unwanted background activities in maemo?

Re: Android or Spydroid
 

Yes and no. It doesn't seem feasible to have a program which flawlessly monitors all network traffic and picks out all secret "phone home"-style activity.

On the other hand, there's nothing to stop someone analysing specific traffic for suspicious behaviour by hand (e.g. Wireshark captures?) or even developing firewall or other packet inspection software which blocked known offenders.

Re: Android or Spydroid
 

This is one of the things why closed source are dangerous. Although Maemos extras-devel could be a security threat it is still safer than most closed sourced programs available.

So Android and iOS will always be a bigger target than Maemo/Meegos open-sourced strategy.

There is ways to do this already but i am not aware of any user-friendly way..

Re: Android or Spydroid
 

there is something called Droidwall

Of course only on rooted and specific phones from "aware non-average users"
http://www.androlib.com/android.appl...wall-jDxB.aspx

When will people realize how to threat their sensitive data on a computer?
When will they realize they are running around like kids with toys with mini computers giving away privacy / sensitive data for free?

Will Go0gle be government before they realize?

Re: Android or Spydroid
 

I wish on Maemo somebody could port something like Little Snitch

As far as android goes - the purpose is data gathering isn't it?
The whole concept of "allow program to access gps , contacts, screen YES / NO" is fishy. They know damn well impatient and unknowledgable users will YESKip these questions.

Re: Android or Spydroid
 

Sure, but what are they going to do? Go the iOS/WP7 route and deny users any and all control over the device?

Re: Android or Spydroid
 

Seems to me the only fair thing to do - or hand out Android phones for free with a disclaimer.

Re: Android or Spydroid
 

Some news for Spydroid aware users:

Taintdroid is an open source software to be integrated in custom Android roms that will monitor the privacy sensitive information such as IMEI, telephone number, etc.. sent into the void behind the smartphone user's back.
http://appanalysis.org/index.html

Be sure to check the demo to see Taintdroid in action against a random Wallpaper app :D

Now I wonder if there are any Maemo applications that are this aggressive?

Re: Android or Spydroid
 

Actually it hardly seems fair, considering that as the iPhone has shown that denying users control doesn't protect you in the slightest.

What does handing android phones out for free have to do with this?

There might be in the future, but at this point I don't know of any. Considering that most applications in Extras went through a hell of a review and are open source, I don't think anyone would bother (that and the small user base.)

Perhaps with MeeGo and a wider user base it might be of concern.

Re: Android or Spydroid
 

Re: Android or Spydroid
 

Android needs an application for that? Maemo has it built in the system.

Re: Android or Spydroid
 

And you guys are 100% sure this isn't happening in our ecosystem?

Android is popular enough to be a target of such study (who knows the actual intention, but it spouted beneficial result anyhow).. can't say the same to 'us'.

Re: Android or Spydroid
 

http://img214.imageshack.us/img214/1...swordreuse.png

i love communicating through the medium of XKCD :)

Re: Android or Spydroid
 

Nope. Guess that means it's time to slather on the DRM. No root console for you, someone might use it against you!

That said, I doubt it. And merely tossing out FUD isn't good enough, if you want to make the implication it's up to you to show it :)

Re: Android or Spydroid
 

I have to say for a few weeks i seen this topic coming sooner or later...

Recently i purchased a cheap android device for my wife, and as she is on pay as you go contract i also delete the access point to prevent the phone from going online via the phone access point, but she can still get to the web via our wifi, the problem i notice straight away with the android phone is that most applications try to retrieve your wifi information for position and location and the gps information build into the phone alone doesn't seem to be enough...

the problem with google and other companies gathering this kind of information is that google then recognises your router details and with the rest of information collected they basically get your physical location and make this info available for anyone to cross reference for example to view your location via street view, as it has been demostrate recently by some hackers, in think in particular firefox allows web sites to anonymous gather your router information... which not only google most likely already gathered when they were going around the streets to capture the street view images but also from the actually applications anonymously gathering collecting this kind of information... basically as it has been demonstrate a dodgy script running on a site can gather this info.

Re: Android or Spydroid
 

You must be unfamiliar with cherry, from Nokia itself with PR1.2
http://talk.maemo.org/showthread.php?t=53565

Re: Android or Spydroid
 

You're welcome:
http://www.androidcentral.com/taintd...-android-phone

Re: Android or Spydroid
 

Yes. Well then, since making boatloads of money has kept microsoft from being evil, the xkcd premise is correct and we have nothing to worry about.

Re: Android or Spydroid
 

Nokia: Don't be lame

DOH!

*cough* Nokia secret SMS closed-source trojans (AFAYK) don't exist! NAaaaaaaaww!

Re: Android or Spydroid
 

Yes yes, that's been pointed out twice now.

But I suppose that reinforces my point that being locked down doesn't help you in the slightest.

Re: Android or Spydroid
 

Yes, being much more open is a good way to prevent surreptitious behavior. This is why Maemo fails just as much as Android. They're both just as lamed up in that particular way. I really.. really hope MeeGo isn't ruined by device-locked firmware images (ala Tivo)--because I really am hoping to finally have a good open OS on a portable that I can trust. In the meantime, the Android vs Maemo pissing contests just seem silly and I take them for the silly conversations that they are.

Re: Android or Spydroid
 

How much of code review is going on in our current repositories?
Even if the number is close to 100%, do you think it's scalable when the amount of code is as high as what Apple's AppStore is stocking right now? (250,000 apps)

I think the solution to this particular problem still has to exist on a more sane OS permission control (something more granular than what Android has, but they're already on the right track) AND an active filtering system (firewall).

Re: Android or Spydroid
 

Microsoft's solution to this in Windows Phone 7 is sandboxing the application and only allowing a certain amount of API calls which the user must confirm. For example if an application wishes to send an sms, it invokes the SMS Api populating the phone number and message and then gives the user the option to confirm or deny.

The downside to this is that application customisation deep within the system is not possible however user security is quite high.

Re: Android or Spydroid
 

But application sandboxing does not address any phoning home done by microsoft, the handset manufacturer, or the telephone company.

Re: Android or Spydroid
 

Indeed, security is high both for and against the user ;)

Re: Android or Spydroid
 

Except in the case where the handset manufacturer and telephone company only have access to the same API invokes.

As for MS on the other hand, true, you cannot be sure.

Re: Android or Spydroid
 

Yeeesh, the minute your phone connects to a tower you are giving up personal information.

BTW, what do people think is the reason Google got into cell phone operating systems for in the first place?

It's not because they wanted to just make our lives easier. There is a quid for that quo and most of us agree to this "something" that they harvest, every time we click that "accept terms" button at the bottom of that annoying page that seems to pop up right before we check out that coolest new web app or suttin'. :p

Services like Last.fm, Instinctiv, and Pandora aren't "free" to use because someone wants to teach the world to sing in perfect harmony. :rolleyes:
It's because companies like Coka-Cola want you to buy more of their product and the providers of these "free" services are selling these companies on the idea that some of the information that they gather will help them do just that. :eek:

Re: Android or Spydroid
 

and here is an article about the geolocation hack

http://www.theregister.co.uk/2010/08...eet_view_hack/

Re: Android or Spydroid
 

you're thinking of Symbian?

Re: Android or Spydroid
 

So as well as bringing all the famous bugs and instabilities from desktop Windows onto the phone, it will also be bringing the dreaded UAC? Vista lovers will sure feel at home ;)

Re: Android or Spydroid
 

This is true. On the other hand, the consumers can only give up so much before there's push-back, and that's quickly becoming the situation.

Re: Android or Spydroid
 

I understand that. What I don't understand is the "incredulous" component of some of the posts.

The only way I have been able to treat the whole thing is:

1: Assume everything you do with a cell phone can be eventually traced back to you. It is now the same as the internet.

2: Maintain two separate and distinct lines. One for professional communications and the other for personal/entertainment/ or anything else communications... much like we have now learned to do with email addy's.

I'm thinkin' that two distinct lines (mine are from two different carriers) will eventually become the norm for those wishing to avoid some of the repercussions of all this.

This of course then gets back to the inconvenience of carrying two devices but the reality is that when on work time or missions all one needs to be is "near" their personal device and vice versa.

Grandma or for that matter, HotNtasty19@wherever.com does not "need" to have instant access to you when you are tasked with doing something professionally.

Likewise, when you hook up with HotNtasty19@wherever.com for drinks after work, your boss doesn't "need" to have instant access to your down time or have easy access to any information about your "friends" from a social network.

I imagine that the business that will first gain the most from this consumer naivety about privacy coupled with the rise in the use of social networks will be bill collectors. :eek:

I'm sure we can think of a whole bunch of simular scenarios as well. :p

Re: Android or Spydroid
 

I used to think that... but people don't really care about privacy any longer until it hits them. Then it's important.

But if/when the push-back comes, I can't wait to see what's going to happen. I fear only a small percentage of people will get behind it. And those folks will get ridiculed a bit... because the majority don't just get what they're giving away.