Malicious permissions on popular applications

indee2025

indee2025

Member
Joined
Apr 4, 2010
Messages
185
Reaction score
8
Location
Tampa, FL
For those of you who don't know there are many applications that you use everyday that read important information from your device and does who knows what with it......

The Ebay app available from the market is an excellent example, this application has permissions to read your phones serial number, contacts, addresses & your SMS messaging....messages within ebay sent to your sellers or potential buyers are not utilizing your SMS function so why would ebay need permission for that?

There are times where an application that is basic needs important permissions such as a game that needs access to the phone state/network state...this is simply to make sure that when you get a call the game can interrupt itself & allow you to answer the call....as a developer I always disclose the reason why my app needs whatever permission needed in the description...

Words with Friends has a permission setting that allows it to write to the SD card on your device....why? Well the reason is simple, to create a folder on your device's memory that contains ad banners so that the app can pull an ad to show you while in game...if you knew that was the reason would you allow that? NO you wouldn't...

I ran across an application called "Permissions Denied" it has been very successful in shutting down applications that require bogus permissions & now for example I play words with friends without seeing any ads after each play (there is still the small banner at the bottom in the menu)I also used this to shut off network access to other apps to include ebay from accessing SMS...

There are other things you can do to protect your privacy, if you haven't yet go to the market>settings>scroll down to admob and turn off "serve ads based off my interests" believe it or not the market has a function that collects data from you and sends it back to google to process and send ads they think contain things of interest to you, unbelievable IMO...unless you shut this feature off they will continue to collect personal data from your device...

Also to save battery I have disabled "doublewear".....in other words I've shut off vrizon's backup assistant which isn't needed because google already backs up your contacts & info unless you ask them not to...why do you need 2 prgrams doing the same thing? infact restoring your data,settings & contacts is easier through google as it does it upon setup of any new device while verizons backup assistant needs a pin number from you after setup to access the same info...if any of you are interested in further eliminating useless functions and "cleaning out the attic" so to speak, just post here and I'll list more tips, I have my Bionic streamlined running only what I want and next to nothing else with no data drops, no issues.
 
1 issue I have is you seem to mix up what is "malicious" with some not nefarious items.

Case in point. The fact that Words with Friends creates a directory to serve its ads from, rather than pulling from the web avoids lag when showing the ad, so they cache it to a directory first. That is not malicious, that is smart. You blocking ads in a game that is ad based. Well... that is malicious. Games that are released as adware rather than charging are "paid" through ad revenue. If you can't afford to have the ad shown... don't play the game.
 
JayMonster said:
1 issue I have is you seem to mix up what is "malicious" with some not nefarious items.

Case in point. The fact that Words with Friends creates a directory to serve its ads from, rather than pulling from the web avoids lag when showing the ad, so they cache it to a directory first. That is not malicious, that is smart. You blocking ads in a game that is ad based. Well... that is malicious. Games that are released as adware rather than charging are "paid" through ad revenue. If you can't afford to have the ad shown... don't play the game.
Click to expand...

This, 100%

If I download a game that states right out that it is ad-supported, of course I have no problem granting it access to my sd card to cache the ads. Why would I have an issue with that? I downloaded an ad-supported app, so I would expect ads.

As for turning off the interest based ads? Personally, if I have to look at ads, i'd rather they be something I might be interested in.
 
WOW, I think both of you are missing the point, and you should check out how google merchant works with admob it's not the same as what you're seeing in WWF, it's not that I don't want WWF to make a buck off ads but instead I ask them not to save data to my device without first disclosing they intend to (please don't say they disclose this they don't do it properly) and don't try to tell me that a 4g LTE device will experience "Lag" trying to display an ad from their servers as that's a complete miss on the facts, a perfect example is deleting burstly image cache and loading up a game of angry birds you get banners with no lag and no images saved in a folder after deleting, birds still shoot just fine with servers feeding ads...

WWF can still display banners and collect funds via admob, my method simply stops them from installing a separate ad folder to pull from on my device, google admob is the banners, the other ad is revenue from a 3rd party company not admob & my deleting of that ability is not malicious...

Also it amazes me you're ok with google or any company selling your info, especially when you don't know what that info is, I wouldn't want to give anything of mine away without my consent or if I do I expect to be compensated for it, the ads that are interest based don't say what info is gathered, you have no idea what data is being collected and what's happening with it but you say you're 100% committed yourself to being ok with that? Very strange...if it wasn't a problem or privacy issue I assure you google wouldn't bother to put it in the market as an option I think ya just miss the boat on how that is bad to let unknown amounts of info be sent to whoever it may please...
 
I made no reference to the adMob ads that you can turn off. I turned it off, but I can see how others can see the benefit of seeing ads that may be more relevant to them. What makes this less than "nefarious" is the fact that you CAN turn off the adMob information if you so choose. Which I find it funny that you find it nefarious for that reason... whereas I see it as simply a way for Google to avoid people getting all up in arms about it. Fact is those that are worried about it, will turn it off, but the vast majority won't know or won't care to. I get what I want (it turned off), and Google (and games that use adMobs) get the revenue they want so that we can have ad based games. It works.

As to WWF, you state that while you still see the banners, you do not get the other ads that were originally coming up. That is where my issue is. This is not a "bogus permission" issue, this is you turning off at least part of the ad system that supports the game. Again, it puts the ads in the folder for speed of display. It is not gathering data from your SD card, so your claim of "bogus permissions" and such do not apply. But you are still "guilty" of removing the ad revenue stream. As to the "disclosure", I am not sure exactly what you are complaining about. They disclose they are writing to and reading from your SD card... what exactly is the problem... that they don't tell you it is an advertisement that is written there? Really?!

I'm sorry, I agree with the point of being careful with permissions you allow apps to use. But, this is an exaple of taking dilligence and applying it too broadly.
 
[/QUOTE]As to WWF, you state that while you still see the banners, you do not get the other ads that were originally coming up. That is where my issue is. This is not a "bogus permission" issue, this is you turning off at least part of the ad system that supports the game. Again, it puts the ads in the folder for speed of display. It is not gathering data from your SD card, so your claim of "bogus permissions" and such do not apply. But you are still "guilty" of removing the ad revenue stream. As to the "disclosure", I am not sure exactly what you are complaining about. They disclose they are writing to and reading from your SD card... what exactly is the problem... that they don't tell you it is an advertisement that is written there? Really?!

I'm sorry, I agree with the point of being careful with permissions you allow apps to use. But, this is an exaple of taking dilligence and applying it too broadly.[/QUOTE]

Wrong again.......the ads you see after playing a move is not admob...the banners are a function of admob, the additional ads are put in by WWF seeking revenue from another ad service...that is a HUGE difference, also telling me you will write to SD card in permissions is too vague and let's people think you meant writing to SD for maybe score keeping reference or identity verification keys etc, how many downloads do you think they would get if it said "we need permission to write to your SD card so we can serve you ads during gameplay."
On another note, how incapable do you think technology is these days that servers can't carry KB ad data to a device running 3G, 4G or wifi?? This is not a reason to justify writing to my SD card....you would benefit from doing some research on your claim that without a folder on the SD to reference ads the game would lag as that is simply not true..,no matter how many times you state otherwise.
 
As for the WWF 'issue',

Bandwidth is a nefarious thing by nature, due to capitalism and the free market (among other things like energy use due to processing and such). The game caching ads to your phone is a very smart thing and has nothing to do with 'lagging your game'. It's to save all parties involved whatever the cost would be to serve the ads in the first place.

There are plenty of malicious apps that DO use your phone and their services against you, but the things you've stated have none of this maliciousness.
 
It is not a question of the server having lag, 3G (and even 4G) can be less than perfect at times. When you are browsing the web, a dropped packet means (almost) nothing, but when you are waiting for a game to play it can be the difference between a good and bad user experience (just think back to the first release of Angry Birds on Android).

[FONT=Arial, Helvetica, sans-serif]kptphalkon also brings up a good point.

And this still is not nefarious... no matter how many times you claim it is. [/FONT]​
 
ads don't bother me in the least and i do not block them. if some dude takes time out of his life to code an app which i like and use, then he deserves to be compensated for his time. if i don't want the ads, then i won't install his app. simple and fair.

getting back to the OP, what bothers me are apps that request lots of unnecessary permissions (internet, phone ID, etc) that do not display ads. GO SMS is an example. check out all those permissions guys. think about how much work (and money) it takes to design and maintain an app like that. they aren't doing it out of the kindness of their heart - they don't display ads but they do collect and sell your private information (and your texts too for all you know).

it's a business you know, should be obvious but most folks don't really seem to care.
 
OP. I hear you and appreciate your post. To each their own.

Sent from my DROID BIONIC using DroidForums
 
JayMonster said:
It is not a question of the server having lag, 3G (and even 4G) can be less than perfect at times. When you are browsing the web, a dropped packet means (almost) nothing, but when you are waiting for a game to play it can be the difference between a good and bad user experience (just think back to the first release of Angry Birds on Android).

kptphalkon also brings up a good point.

And this still is not nefarious... no matter how many times you claim it is.
Click to expand...

I never once used the term nefarious, you did, please stop trolling the thread...it's really not effective for you to just restate the same thing repeatedly, we got what your saying...it's wrong, but we got it....
 
True, you didn't use nefarious, but you did title the thread "Malicious.." which is fairly similar. I don't think he is spamming the thread, merely strongly disagreeing with you.
 
You must log in or register to reply here.

Similar threads

D
Ringdroid & Permissions
Replies
2
Views
3K
davidwilp
D
S
Permissions explained?
Replies
4
Views
19K
molinus
M
DroidModderX
Cyanogen Mod adds AppOps, Privacy Guard Functionality to 10.2
Replies
1
Views
7K
Big Ry
Big Ry
M
Ap Update Permissions - Any Way to Restrict Permissions?
Replies
2
Views
2K
vatothe0
vatothe0
Jeffrey
Gain control over app permissions with Ap Ops (Rooted Devices)
Replies
9
Views
2K
Jeffrey
Jeffrey
Back
Top