June 11, 2014 By: Pulser_G2
After yesterday’s article about Google’s recent changes to the Play Store that post a number of privacy concerns for users, today we are going to look at the three most popular options for users to protect their own privacy on their Android devices. First though, let’s take a look at how they work, and what they are for.
Since the start, Android has had a permissions system, to allow users to control what apps are able to do on their device. When an application is installed, the user is prompted to agree to the permissions that an app requires. The Android operating system ensures apps cannot use permissions they have not requested, and the user is responsible for deciding if an app can be installed.
At first this worked well, as users could see what data an app could access. Unfortunately, however, developers found that very few users paid much attention to the permissions prompts, and it became more common for developers to use more and more permissions–presumably to either improve user experience or monetize their apps.
In light of this, today we have reached a point where a front-page featured game from the Play Store makes use of the following permissions:
All this for a game that lets you play some fantasy football? At this point, I must open up a few questions to the reader (feel free to discuss in the comments below): Is there any possible justification for about half of these permissions? Is it necessary for this app to see what other apps a user is using? Or to see what accounts the user has on his/her device? Or to access your exact location in the world using GPS? Or to read your IMEI number, and the phone number of someone you are on a phone call with?
This is not an isolated incident. It is just the first app I selected on the front page of the Play Store. Select another, and have a look for yourself! Because of the fact that the vast majority of apps are now making use of what I argue to be excessive permissions, a growing number of users feel it’s no longer enough to simply not use applications that use excessive permissions. That gives rise to a common request, which is for users to select which permissions an app can access. This returns the balance of power towards the user, whose phone is running the app, rather than the developer, who was previously free to dictate the permissions their app required to run.
The obvious solution for the tech community is to develop ways to have greater control over what apps are able to do, and to prevent them from using all of the permissions which they request. The three most common ways to revoke permissions are App Ops, Privacy Guard, and XPrivacy.
The first way to get more control over your device is via a feature known as “App Ops.” This was originally introduced by Google in Android 4.3 as a hidden feature. With the release of KitKat, Google made it more difficult to access App Ops, but continued to introduce new improvements to the feature. Ultimately in Android 4.4.2, Google removed access to App Ops. However, it’s still possible to access with root and an Xposed modification or custom ROM.
The main limitation of App Ops is that, being made by Google, it only lets you block access to things that they are willing to let you block. Notably, App Ops doesn’t provide any ability to control whether an application should have access to the Internet. It’s also not possible to prevent apps from uniquely identifying your device, or you as a user, via your third party accounts. This means that an app can still tie together all of your account identities on your device and access your IMEI and other unique device identifiers with the appropriate permissions, and it’s not possible to prevent this using App Ops.
A cynic could argue that Google has a serious ulterior motive to prevent users from blocking apps from accessing the Internet. After all, Google has incentive to push their in-app advertising and gather information about users for Google Analytics. Likewise, Google is proficient at creating a profile of its users, which would explain why it’s not possible to block your identity from applications via your account names. The ability to access unique device identifiers only helps to allow other applications to track your usage (and thus allow Google to track your usage across applications).
For this reason, we believe that while App Ops is a lot better than nothing (you can control access to your contacts, messages, location, and so on), it is definitely not the best solution for protecting your privacy. There are a number of types of data that cannot be blocked, and it appears these may be related to Google’s motives in tracking and gathering data on its users. As such, we recommend you look at alternatives.
Privacy Guard is a feature originally developed by CyanogenMod to place a simple user interface over App Ops with a single “on/ off” toggle to control it. As such, Privacy Guard is subject to the same criticisms as App Ops in its limitations. It also imposes a notification at all times while running an application protected by Privacy Guard, supposedly to remind users that it is in operation.
Unfortunately, however, Privacy Guard makes no attempt to anonymize users or prevent apps from tracking their sessions via device identifiers or Internet access. With a single on-off control however, it’s certainly easy to use for beginners, and the default settings should be fairly good. The only downside is the lack of granularity, meaning that an app needing access to your location cannot be allowed that, while still blocking contacts and calendar access. Nonetheless, as a one-click solution, it works nicely. It does require the user to install a custom firmware though, which spoils the benefits of one-click appeal.
XPrivacy is the Swiss Army Knife of Android privacy protection. Compared to the other solutions we’ve looked at here, XPrivacy is much more customizable, but also much more complicated as a result. If you’re unfamiliar with Android permissions, XPrivacy is probably not the best place to start. It requires the Xposed framework, which means you also need a rooted device. However, XPrivacy should work on almost any ROM.
The main advantage of XPrivacy over alternatives is the sheer breadth and granularity of restrictions you can impose on apps. You can restrict an app to only be able to access and see certain accounts on your device, block access to your clipboard (to stop an app from accessing copied data), and even block access to the Internet, both directly, and via the web browser (to prevent any means of covert data exfiltration from your device). If there’s something you want to restrict, it’s almost guaranteed XPrivacy can restrict it.
Despite being a very powerful tool, there’s a large learning curve behind XPrivacy. I’d suggest reading through all the documentation on XDA Recognized Developer m66b’s Github repository (did I mention it’s fully open source?), and his thread on the XDA forums, for more information.
Overall, if you want absolute control over your private data, I’d recommend you check out XPrivacy. It takes a lot of getting used to, but it gives you unparalleled choice. If you are not quite as certain about what you’re doing, using App Ops will give you good control, albeit without the ability to control Internet access and data that identifies you as the user of the device. Both App Ops and XPrivacy are available on any ROM, via Xposed plugins. Privacy Guard is good for someone who simply wants a one-click solution, but the need to install a custom ROM to achieve it is a limitation in this regard, as you cannot (currently) find an implementation on stock firmwares.
July 13, 2013 By: Samantha
Looks like even we Australians haven’t been able to stay clear from the unprecedented, mass surveillance that Americans have been subjected to, as The Sydney Morning Herald (SMH) has revealed today. It may or may not come as a shock that Australia’s largest telecommunications company Telstra has had a secret pact with the US intelligence agencies for at least a decade, obliging Telstra to store mass volumes of communication data of Australians for potential investigations by the US in the future.
An agreement penned when 50.1 percent of Telstra was still owned by the Australian Federal Government, it obliged Telstra to meet the demands of the FBI and Justice Department to “provide technical or other assistance to facilitate…electronic surveillance,” while allowing for all communications involving a US point of contact to be stored in a secure storage facility located on US soil and managed and sifted through by Americans with top-level security clearance. This data includes phone calls, emails, and online messages.
This means if you’re an Australian who’s contacted anyone in the US in the last decade at least, those related phone calls, emails, and online messages are stored in some dark, dank dungeon of borderline criminality with big, shameful ‘Made in Australia’ and ‘Owned by the US’ stickers all over it. That’s not a very desirable place for your private information to be stored.
SMH has also confirmed that the agreement was still in operation “as recently as March 2011,” while Telstra has disappeared in their White House replica doghouse with the tail between the legs, refusing to comment or answer detailed questions about it.
This is a major concern for Aussies, as although the contract does not “authorise Telstra or law enforcement agencies to undertake surveillance” (SMH), the legality of the contract is very questionable, if not an “invasion of privacy and erosion of Australia’s sovereignty,” as spoken by the Greens on Friday. This is so, as there a a number of legislation such as the Telecommunications (Interception and Access) Act 1979 (Cth) and Telecommunications Act 1997 (Cth) that govern the ‘privacy of communications,’ with the former “[prohibiting] the interception of communications passing over a telecommunications system and prohibits access to stored communications (i.e. email, SMS and voice mail messages) except where authorised in specific circumstances” (Electronic Frontiers Australia).
And for Optus customers, don’t feel so safe, as our second largest telecommunications company has also declined to comment whether they have stored data for “potential surveillance by US, or Australian, authorities” (SMH). This also certainly doesn’t mean that all you folks with unmentioned companies such as Vodafone are exempt from such probings.
Let’s see how this unfolds, shall we?
“It’s How We [Dis]Connect” Telstra Advertisement
[Source: Sydney Morning Herald]
Privacy has always been a concern, and has somewhat heightened by recent revelations. And although I doubt any government would resort to using apps to ‘maintain national security,’ there are still dodgy ‘developers’ out there you need to look out for. So to help out with that, XDA Senior Member jacksparao introduced Who is Tracking.
Who is Tracking generates a list of apps that have some form of network access on your device. This means Who is Tracking will display any apps that have access to your device via Bluetooth, WiFi, GPS, and your mobile network, allowing you to spot and act on anything that just doesn’t seem right. In addition, Who is Tracking has a ‘Test Anyone Tracking You’ feature, which brings up any connected services on your device. Other nifty little features include the option to wipe your GPS history and shortcuts to enable mock GPS locations, as well as a to your security settings.
With Who is Tracking, you may be surprised with how many apps have access to your device in ways you’d never even consider. The app is still under active development by jacksparao, so we hope to see more improvements and additions in the future. It’s compatible with devices running Android version 2.2 or newer, and is free from the Play store. For more information, check out the original thread.
There’s no denying that privacy is a huge concern for a large number of mobile users across all operating systems. Short of smashing your wireless router and trading down to a 3310 that’s kept in a lead-lined box until you need to make a call, it can be incredibly difficult to keep track of where, when, and to whom your personal information is divulged.
Android applications require various permissions, which you are no doubt familiar with by now. Most require these for valid reasons. Some, however, may take advantage of a particular permission and use it to do something you might not be aware of or have expected. Apart from installing only applications that you absolutely need and trust, the best way to try and eliminate the possibility of permissions being abused is to use something like OpenPDroid to adjust these permissions on a per-app basis. The only downside to such a modification is that it can be difficult to put in place for the average user. XDA Senior Member M66B has taken a step towards making permissions management a whole lot easier with a little help from the Xposed Framework.
XPrivacy is an Xposed module that allows the user to view all the currently installed applications on their device and then adjust the individual permissions that app is able to use. Instead of simply preventing the application from collecting the data it is looking for, which can lead to force closes, XPrivacy will provide false data such as an empty contact list or spoofed location. A full list of the possible restrictions and any other information you could possibly want is available from M66B’s Github. The module is also open source, which is nice.
If privacy is a concern for you, take a look at the original thread for more information.
Android, as an operating system, is fairly unique in that it makes users aware of the permissions available to apps in a fairly transparent way. Compared to Blackberry or iOS, which issue granular prompts such as “Can Angry Birds access your location?” or “Can Instagram access your camera to take photos?” There is a somewhat subtle difference here: The rivals give the user a choice about these requests.
Jump over to Android where, after installing an app, it has free reign to use every permission you agreed to. While this doesn’t sound an issue, let’s take a look at the Play Store. Let’s look at a nice, popular app (for better or for worse): Facebook.
The Facebook app has permissions to:
Getting tired and out of breath yet? It’s not over yet though! Facebook can also:
What is perhaps most disconcerting is that while Google acknowledges openly the risks in each permission (I suggest you take a read at the detailed description of some of the permissions on a Play Store listing), the company takes no steps to help you with this. Thus, the entire Android ecosystem is built around you trusting the developer to play fair, and not do anything dodgy.
And while I might be unique in my recommendation (which I firmly believe is warranted in this day and age given recent information revealing the extent of mass surveillance that is ongoing) to trust nobody, not even yourself. For this reason, I suggest the Android permissions system is totally flawed, in relying on developers to not abuse permissions, and not request excessive permissions. How many torch apps on Android have more than the required camera permission (to enable the camera)? I’d suggest most do, feel free to take a look!
You’d think the Android community would rally against such behaviou, but it’s reached a point where it is acceptable for developers to declare a need for excessively gratuitous permissions in order to use their apps. What happened to user choice? I then was pointed towards this post on G+ by Steve Kondik (XDA Recognized Developer cyanogen), which I read with much dismay. While I do not use G+ (closed platform, requiring far too much data to be disclosed to Google), I would suggest that with respect, the need for user privacy and security MUST come first, as it’s clear app developers cannot “do” security.
Perhaps if Google introduced zero tolerance for moronic errors in security (plaintext passwords, gathering contacts data, obtaining device IDs that are not hashed suitably with a cryptographic hash etc), it might offer an incentive to consider security? Given many users (wrongly) reuse passwords between services, the sending of plaintext passwords should be sufficient, in this author’s opinion, to justify immediate removal of all of a developer’s apps from the Play Store, forever.
Some people just don’t know how to do security. And for them, I sigh. Users deserve security, and privacy, and unless you go ahead and look at the OpenPDroid project on XDA (which I strongly suggest you check out), you are pretty much being abandoned by even the leader of CyanogenMod. While I appreciate his concerns for app developers, it is simply inexcusable to not look into fixing the glaring hole that is contacts access. This is 2013, the era of social engineering, and I cannot choose selectively which apps see which contacts in my address book? REALLY?
Something needs to happen here, before people wake up and smell the coffee, and realize this isn’t sustainable. It’s time users became more aware about what apps are doing, and the extent of data mining that is ongoing. It’s your data, and it should be entirely your choice who gets it.
You shouldn’t have to avoid an app because you don’t like the look of its permissions; you should be able to (whether as stock Google feature, or custom ROM feature) be able to selectively decline to allow an app to access your data. And this should be done gracefully, either providing empty data (for contacts, or similar), or null data (i.e. requesting phone number or IMEI should return the same response as a tablet lacking these identifiers).
Is it right to deny your users the choice, to make life “easier” for app developers? (arguably to allow them to capture user data more easily) I argue it’s not, and it’s time the Android community unites to put an end to apps having free reign over YOUR data. If this concerns you, why not check out the aforementioned OpenPDroid (and similar) projects on XDA, and see if you can help out, or test, or contribute to the cause?