These days there are so many apps infested with spyware or adware, and it almost seems as if the stores themselves are promoting them in exchange for a cut. And some apps that start off clean get "updated" to include ads and spying. How do you find free apps that aren't infested?
Original Submission
This discussion has been archived.
No new comments can be posted.
Ask Soylent: Where to Get Spyware-Free Apps
|
Log In/Create an Account
| Top
| 42 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 4, Informative) by canopic jug on Saturday June 06 2015, @04:02PM
You should be able to find them in your distro's repository.
Money is not free speech. Elections should not be auctions.
(Score: 5, Informative) by DarkMorph on Saturday June 06 2015, @04:13PM
On the off-chance you may be wondering why ChatSecure disappeared from F-Droid, you need to add the Guardian Project's repo to your F-Droid. It's listed there. See: https://guardianproject.info/fdroid/ [guardianproject.info]
(Score: 2) by Nerdfest on Saturday June 06 2015, @04:19PM
I seem to remember some apps in F-Droid with ads, but I believe you are warned. I may also be remembering incorrectly and am too lazy to check.
(Score: 2) by Marand on Saturday June 06 2015, @11:23PM
Usually (at least, I've never seen an exception so far) the f-droid versions of apps strip out the Google ads functionality because it's non-free, and the descriptions include warning in red text about things like "endorses non-free services" etc. If you browse the apps from the website you can go to a wiki entry for each app that usually gives some extra information, too.
Theoretically you could still be getting spyware I suppose, because there's nothing preventing the source from being malicious and just unread (or thoroughly obfuscated), but it's a safer bet than picking a random app off the play store.
The negative (because there's always one) is that the f-droid app can't do bulk updates, so for each app that has an update you have to tap it, tap the version you want, wait for download, then accept the new install. This isn't a UI failure on F-droid's part, though, it's a restriction Google imposes on everyone but themselves.
(Score: 2) by Nerdfest on Sunday June 07 2015, @02:59PM
nothing to do with Google, I was thinking of things like AdBlock that inject their own ads.
(Score: 2) by Marand on Sunday June 07 2015, @10:19PM
Oh, no clue. Nothing I've installed had done anything like that. It seems to be rare, at least compared to stuff on the Play store, but that doesn't mean nobody does it.
(Score: 0) by Anonymous Coward on Sunday June 07 2015, @06:38PM
Because the apps in F-Droid are open source they strip out the advertising library and replace it with one that doesn't do anything. It does mention this in the package info, so maybe that is what you were thinking of. Perhaps they didn't used to do this, but have since I started using it, which I think is more than 2 years, perhaps 3.
(Score: 1) by penguinoid on Sunday June 07 2015, @12:17AM
Thanks! F-droid sounds exactly like what I was looking for.
RIP Slashdot. Killed by greedy bastards.
(Score: 3, Informative) by Marand on Saturday June 06 2015, @11:40PM
Just going to add that, even if you're not using Linux|BSD, this is still useful advice if you're hunting desktop apps. Most -- but not all -- popular FOSS software tends to make its way to Windows and/or OS X as well, so you can search the Ubuntu [ubuntu.com] or Debian [debian.org] package lists to find software. If you find a package that seems interesting, it includes info about the project's homepage, which can be used to find binaries for other OSes.
(Score: 1, Redundant) by Techwolf on Saturday June 06 2015, @04:09PM
Easy, just use the f-droid store.
(Score: 0, Informative) by Anonymous Coward on Saturday June 06 2015, @04:12PM
https://f-droid.org/ [f-droid.org]
Lame filterhhhhjderffrgghgffghughjhh
(Score: 4, Interesting) by cosurgi on Saturday June 06 2015, @04:28PM
I agree with the other guy: use your distribution's repository.
Though you didn't mention the real culprit: I suppose that you are trying to use windows. Or maybe other non opensource OS. Only opensource guarantees that you will stay free of spyware or ads. Because if someone adds them, someone else will fork and remove them (and flame the perpetrator).
Difficult to use an OS with a repository? Maybe, but recently it becomes a little better. This week my daughter started complaining that her windows is getting slow & very weird. Of course it was rigged with spyware & junk. I told her to never click anything, and better not use it at all and use ubuntu. I installed both OSes for her so that she could dual boot and do homework on ubuntu and play some games on windows. But this week the windows got so unbearable that I started to look for alternatives more seriously, and I found playonlinux package in ubuntu repos. It has a nice user forums too, where people post bash scripts for installing various windows games. Then inside playonlinux you just click in menu to execute this script, and voila - few hours later the game works. At least that one particular game that she really wanted to play. Playonlinux uses all released wine versions, and picks the right one for the game, also the script configures all the weird options that this particular game wants.
So, I tell you: time to switch :)
#
#\ @ ? [adom.de] Colonize Mars [kozicki.pl]
#
(Score: 2) by Grishnakh on Saturday June 06 2015, @04:43PM
I agree with the other guy: use your distribution's repository.
Though you didn't mention the real culprit: I suppose that you are trying to use windows.
Not necessarily: he could be using Android or iOS.
Yes, if you're talking about a desktop PC, the answer is plain and simple: use a good Linux distro, and get all your "apps" from that distro's repository. Problem solved. What if you're using Windows? Simple: download a good Linux distro ISO, wipe out your Windows install (save your personal data of course), and install Linux. Problem solved. No more viruses, spyware, adware, bloatware, etc.
But these days, people are frequently talking about their phones; it isn't so easy here, because iOS and Android have such a lock on the market, and there aren't really any truly open-source OSes (even community open-source versions of Android still rely on proprietary drivers and such). And for the apps, you're really screwed because there just aren't that many open-source mobile apps, and so many people use certain popular closed-source apps for a lot of things. A few big ones that come to mind which I use are Google Maps (navigation), other Google integration apps (like Calendar, Gmail, etc.), Tinder, OKCupid, online banking apps from your bank, Uber, Meetup, and of course the Google Play store. On the desktop, none of these things are necessary, because you just use them in your browser. But that doesn't usually work so well on mobile devices since part of the attraction is the tie-in to the phone's notification system (so for instance, you get a notification when someone on OKCupid messages you), or to other functions on the phone, plus of course the fact that website, even ones supposedly designed for mobile devices, universally suck when viewed on mobile browsers.
(Score: 3, Insightful) by Runaway1956 on Saturday June 06 2015, @04:50PM
I, uhhhh, have to disagree with you, at least in part. Android really IS a good open source OS. If anything, it's too open. Somewhat like a BSD license, vendors are permitted to bend and stretch Android into any contortions they like. Something got lost along the way, with phones being "locked" into proprietary channels. Sucks - but you CAN root your Android and reinstall to your own liking. Alas - far to many people are uncaring, unknowing, or just can't be bothered - or some combination of the three.
(Score: 2) by jmorris on Saturday June 06 2015, @06:20PM
Browser based apps would work equally well for most of the cases you cite, notification is a solved problem too. Your phone already has a connection to Google's messaging service along with something called A MOBILE PHONE. No, the 'app' world mostly exists because they want to put the other crap on your phone and be able to run it 24/7.
We learned an important lesson with apps, put a check off box in the development environment saying "Do you want money?" and people check the box, explaining why there is almost no Free Software on mobile platforms. When it was Free Software or found a software company a lot of people would just let it go. Especially in an environment where almost all of the competing apps are equally infested and there is no easy way to even find the one lone holdout that isn't. We have to start agitating for the Big G to clearly mark the anti-features as clearly as F-Droid does. (Forget the fruit store, anybody there already agreed they like throwing money at crap.)
(Score: 0) by Anonymous Coward on Saturday June 06 2015, @07:08PM
wipe out your Windows install [...] and install Linux
First, it would have been good if the submitter had mentioned what OS he is actually using.
No more viruses, spyware, adware, bloatware, etc.
This far into The Decade of Linux on the Desktop, yours is sage advice.
It is the rare app these days that doesn't have a Linux-compatible port|equivalent|replacement.
In the cases where that is not so, installing ($0, FOSS) VirtualBox and installing Windoze inside that virtual machine can handle the cases of must-have Windoze-only apps (no dual-boot/rebooting necessary).
Once done, make a snapshot of that virtualized OS install as a backup in case the usual expectation of Windoze occurs.
Should something undesired happen, nuke the install inside the VM and restore from the snapshot/backup.
It really is odd to imagine someone running Windoze on bare metal these days.
.
Fristy hit the bullseye pointing to the software repository of your Linux distro.
Looking back after leaving MICROS~1's stuff behind, it always amazes me how Windoze users run code they have downloaded from some site without even doing a checksum on that to assure that what they got is what they -think- they got.
If what you need isn't in the (well-vetted) repo of your distro, in the Ubuntu ecosystem there are also PPAs. [wikipedia.org]
Visiting your distro's help forum periodically will expose you to folks mentioning such things.
Look there for folks who have already solved the problem|filled the need that you have and can vouch for the PPA.
If your repo doesn't contain the desired app, compiling your software from source code is another option--and that is the ultimate in assuring that you are getting what you expect.
.
If the OS is Android, Cyanogenmod is Step 1 for proper permissions/security and Step 2 is Xprivacy (or Pdroid).
The Little Red Robot [google.com] is even farther in the direction of freedom than that--but fewer devices are supported. [replicant.us]
Airplane Mode has already been mentioned in this thread.
-- gewg_
(Score: 3, Insightful) by frojack on Saturday June 06 2015, @04:54PM
Usually when someone uses the word apps I assume mobile phones, iphone, Android.
Now all of this advice about a distros and compiling your own, and windows, fly out the window for 99.9999% of the people in the world.
If Sailfish OS, and a couple of others that are closer to linux ever takes off this might change, but even an adequate Linux Programmer is not well equipped to deal with the constraints of mobile device programming.
Its difficult to filter outgoing traffic. You can never be sure if a connection is needed or not, and even tracing an outbound connection back to the originating software running on the phone is a huge issue beyond most users.
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Saturday June 06 2015, @05:12PM
You can make the network stack (firewall) to only allow specific type of packets through? Ease up until the app works?
(Score: 2) by frojack on Saturday June 06 2015, @05:43PM
The spyware authors are all wise to this, and http or https for just about everything.
I occasionally use a hub upstream of my wifi router just so I can use wireshark to grab packets and IP Addresses.
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Sunday June 07 2015, @12:39AM
Fake their server? or pretend to be outside of coverage..?
(Score: 2) by frojack on Sunday June 07 2015, @01:07AM
There are apps that use the hosts file to make it appear that the mother ship is off line, or just resolve them all to 127.0.0.1
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Sunday June 07 2015, @01:24AM
The question is if the App will accept that state of things. And the hostfile is just a stopgap solution. It's better to enumerate hosts that are allowed.
(Score: 2) by GeminiDomino on Monday June 08 2015, @01:40AM
Its difficult to filter outgoing traffic.
I'm not sure if you're talking iOS, but it's pretty simple on most modern android phones. AFWall+ [f-droid.org] lets you block internet access on a per-app basis (for non-root apps, at least. Apparently root apps share a single entry). A lot of crap-laden shovelware won't crash outright if it can't find a net connection, since that's a good way to get your app dumped when there's no signal.
Definitely a must-have for android.
"We've been attacked by the intelligent, educated segment of our culture"
(Score: 3, Insightful) by mrsam on Saturday June 06 2015, @04:33PM
I don't have many apps on my Googlephone. But lately, while browsing for new apps, I started paying attention to the permissions the app requests, before installing.
So, let's say I'm looking to install some useless game. A timewaster. Now, for some reason it suddenly wants "Device ID & call information", which is described as "Allows the app to determine the phone number and device ids, whther a call is active, and the remote number connected by a call."
I'm anxious to see someone explain to me why a dumb game up wants to know my phone number, first of all, and not just that, but the number of whoever I happen to be talking to, at the time.
No soup for you.
So, I think that just paying attention to the permissions the app requires, will be sufficient to keep all the crap out. There are many apps out there whose permissions are quite sane. Just takes a littl while to find them.
(Score: 4, Insightful) by frojack on Saturday June 06 2015, @05:10PM
I'm anxious to see someone explain to me why a dumb game up wants to know my phone number,
Chances are, the app doesn't want your phone number.
(If the app still plays while in airplane mode its probably not dependent on any thing like that).
What you see here, is the fault of Android's methods of bundling permissions into groups.
You want the game to exit, or maybe just save-state and idle when a phone call comes in.
So the game is responsible to check if the phone is ringing or in a call.
Rather than making some simple OS flag for that, Android puts the onus on the programmer to call some API (or something) every few milliseconds to get phone state.
And if you do anything with that phone API, you have to declare that you do all the things that API might be able to do.
So apps look much worse than they are in many cases. (Probably in MOST cases).
Want to play against your friends over the network? Ok, now it needs full network access, access to your contacts, and a metric BOATLOAD of other crap.
And IOS is similar. This isn't strictly an Android problem.
The blame lies squarely with the OS developer, and its probably going to stay that way until the permissions architecture changes radically to become much more granular.
http://www.cyanogenmod.org/ [cyanogenmod.org] was starting to make more granular permissions, such that you could restrict each app to specific granular permissions, and if they failed to work with that limited subset then too bad for that app. http://www.androidcentral.com/cyanogenmod-updating-privacy-guard-20-new-features-coming-cm102 [androidcentral.com]
However, I have not been following the project close enough to know if they are still working that way or have sold out to the venture capitalists.
No, you are mistaken. I've always had this sig.
(Score: 5, Informative) by fritsd on Saturday June 06 2015, @06:45PM
So the game is responsible to check if the phone is ringing or in a call.
Actually frojack, I think that's incorrect, or at least it used to be incorrect a while ago. In fact I think what you say is dangerously misinformed: who told you that? Or, alternatively, I could be showing my ignorance here, because I'm only a beginning android developer. In which case I apologize to you.
The app writer is warned that the OS has the right to cut off your app at any moment, e.g if something urgent happens like, indeed, a phone call, or just that the phone goes in idle mode, or that the user clicked on something else.
The app doesn't need to know shit about what exactly happened, only that your app's current active Activity *will* get its onPause() method called by the OS.
The Activity superclass of your class calls onSaveInstanceState() at those times so you just override that handler. It's a bit more complicated if you have to build up or tear down a connection to a remote database, for example, but simple games don't need that.
Simple games need this:
onSaveInstanceState(Bundle saveInstanceState) {
saveInstanceState.putInt(MYSCORE, this.score);
}
android does the rest when/if yor Activity's onResume() gets called.
Can you imagine that every running app has to compete to check for the phone state every few milliseconds? that would be ridiculously ineffective. Instead, the lifecycle of the apps is managed by the system.
See image: http://developer.android.com/images/training/basics/basic-lifecycle-paused.png [android.com]
I learnt that apps are *not* first-class citizens, the user is the first class citizen, and if your app is unresponsive on a tiny slow computer, or if it loses state during the onPause .. onStop .. onRestart .. onResume cycles then your app is crap.
PS soylent news maintainers: I had to try 5 times to post this message, kept getting timeouts errors and logouts. Something deteriorated a lot in the past week.
(Score: 3, Interesting) by frojack on Saturday June 06 2015, @07:51PM
I've seen statements to that effect in the websites of many app developers, ones that i tend to trust. I might be misinterpreting them.
I've also seen articles by developers trying to explain it.
Some examples:
http://www.androidcentral.com/look-application-permissions [androidcentral.com]
http://www.howtogeek.com/190863/androids-app-permissions-were-just-simplified-now-theyre-much-less-secure/ [howtogeek.com]
(hundreds more by just seaching "why app permissions" in google.
Of course, I've also seen some permissions apologist articles:
http://www.techrepublic.com/article/why-handing-android-app-permission-control-back-to-users-is-a-mistake/ [techrepublic.com]
No, you are mistaken. I've always had this sig.
(Score: 2) by fritsd on Saturday June 06 2015, @10:12PM
I read that "howtogeek" article you linked to, and I agree it would be very bad news if that is true.
The "androidcentral" article, the paragraph about phone calls, *sounds* wrong. I'm not saying it *is* wrong, I haven't checked it. But consider:
I can't think of any reason why any app, except for the single one app that is an Intent listener for telephone calls, needs to know if your phone is about to ring.
Suppose you're some manager of Google Android, but you understand about computers. The spec says that the apps are managed by the system and the resources are managed by the system. Would you entrust your customers' Valuable Android Experience(TM) on their Expensive Phone(TM) to the responsibility of some random Chinese student programmer who sells a $ 0.15 tetris clone to always meticulously (A) poll the hardware for events that mean it has to stop, and (B) invoke onSaveInstanceState() in the correct way to relinquish audio control,
or would you just write it so that (A) the OS stops the active aps except for the (high-priority) phone listener, and (B) any app that doesn't relinquish audio control itself gets killed 1 ms later by the system, and restarted the "boring" way instead of with a fast onResume() call, and if you lost your Tetris score then at least the actual phone calling experience went flawlessly and you can complain via the app store to get your $ 0.15 back.
I do not have the time/energy to download the AOSP source code and check the watered-down permissions issue for myself. Can anyone tell in which versions it's crap?
(Score: 2) by frojack on Sunday June 07 2015, @01:03AM
I do not have the time/energy to download the AOSP source code and check the watered-down permissions issue for myself.
Same boat here. No time to crawl through that mountain of code.
But I did find an App by F-Secure called App Permissions [google.com] which allows you to set a filter (such as show only those apps that can read phone state), and the number that can read phone state is pretty amazing.
Why do all those things have read-phone-state?
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Sunday June 07 2015, @01:37AM
Huh. Looking at the app permissions and the ease and ability of users to control/override them, and users not having a power user mode so they don't need to root their phones to automate stuff like turn on and off- GPS, mobile data roaming, airplane mode, etc; I'd say google or someone else is the first class citizen not the user.
(Score: 2) by kaszz on Saturday June 06 2015, @04:41PM
As others already mentioned F-Droid [f-droid.org], change the operating system into one that can properly sandbox and fake queries.
(Score: 2, Touché) by mamer-retrogamer on Saturday June 06 2015, @07:17PM
I found this site via a post on another site (which shall remain nameless), and in 2 minutes of reading intelligent comments in this story, I've gleaned more knowledge than in the last two years on the nameless forebear of this site. Kudos SoylentNews.
(Score: 3, Interesting) by mtrycz on Saturday June 06 2015, @08:02PM
Virtually all of modern devices come with spyware preinstalled. It comes in both the form of vendor apps and google apps.
Google apps is separate from the android operating system, and is closed source; but many android apps depend heavily on it, and it's a big part of the so-called "android experience". Google apps contain the play store, google maps, mail, location service, google analythics, and some more. Every one mines the shit out of you.
I believe this was actually THE reason google went into the mobile market: it's a gold mine. They were wise enough to keep gapps separate from the os, though.
So, you should start with a "clean" os, something like AOSP or the custom mods. I am unaware if any of these are fully spyware-free: for example CyanogenMod (that I personally use) uses Google Analythics libraries to get usage data. Since it's open source, the official wiki suggests that you can recompile the rom with a google analythics shim library with null calls, but I'm not an Andorid developer and it would probably take days to properly set up the environment etc. so I didn't go that route.
The first app you should install is the firewall (everybody has already reccomended F-droid, for obvious reasons). AFWall+ is neat and comes with a witelist approach: no app will have network access unless you explicitly say so. It might be a little tricky to set it up right at first, but it's a very nice thing to have.
Also, remeber that even if you fix your OS to not spy on you, there's always the metal that could do it. In this story the modem (which is a separate chip from the processor) has root access rights to the device and can be remote-controlled https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor [fsf.org] .
I tried a FirefoxOS phone for a few months (I lost it on a bus, unfortunately), and I have to say I liked it. The security model looks so much better and since it's not "mainstream", there are barely any spyware targeting it (there's the obvious analythics and ads, but no targeted apps yet). My device (ZTE Open C: 4", quad-core, 1G RAM) could be dual-booted with Android *without* gapps, but with some minimal crapware preinstalled. That's one of the reasons the device costed less than a similarly specc'd Android: companies have to pay google a fee to preinstall gapps.
tl;dr: in 2015 it's barely humanly possible to dodge spyware.
In capitalist America, ads view YOU!
(Score: 1, Informative) by Anonymous Coward on Sunday June 07 2015, @04:55AM
This is what I was going to post. I would start with http://replicant.us [replicant.us]
(Score: 2) by PizzaRollPlinkett on Saturday June 06 2015, @08:37PM
People want free and 99-cent apps, and they get them. The app stores are full of them. The spyware/adware/tracking stuff is the real price you pay. You want free apps, then the time, expertise, equipment (which ain't cheap), and training to create them has to be paid for somehow by someone. Someone once said something about a free lunch. Anyone remember that quote?
Would anyone at all support a high-quality, expensive app? Would enough people support one to fund a kickstarter project? I hear crickets. If you can't make a living doing something, then it's going to turn to rot, which app stores are doing now.
Even Apple, the boutique hardware company that charges high prices, has fueled the apps-on-the-cheap model.
(E-mail me if you want a pizza roll!)
(Score: 5, Insightful) by isostatic on Saturday June 06 2015, @08:42PM
You want free apps, then the time, expertise, equipment (which ain't cheap), and training to create them has to be paid for somehow by someone
Interesting. In the real world we all use software that is free. Really free. I'm not aware of any adware/spyware/tracking in the linux kernel, or apache, or bind, or my web browser, or my IRC client, or text editor, or document editor, or spreadsheet, or a host of software. Why is mobile software so different?
(Score: 2) by drussell on Saturday June 06 2015, @09:10PM
Why is mobile software so different?
Because the majority of the masses are clueless enough to pay for a ringtone/ringtune or put up with ads, upsells and BS in a "free" app, etc. etc.
I think most people these days must be somehow subconsciously addicted to wasting money.
It's very sad.
(Score: 2) by mtrycz on Saturday June 06 2015, @09:30PM
Because it's a very "young" market, and the industries had a jump on it. Free/Open source is slower in comparision to aggresive market penetration, bazillions monetizing startups, etc.
Anyway FOSS will still be the solution in the long run. Just use what's available for the time being and try not to get locked in.
In capitalist America, ads view YOU!
(Score: 0) by Anonymous Coward on Sunday June 07 2015, @01:48AM
Because you're using an ecosystem run by for-profit companies like Apple and Google. This is why the ecosystem kind of sucks and is full of spyware crap. Stick to not-for-profit endeavors and some of the corruption goes away.
(Score: 2) by PizzaRollPlinkett on Sunday June 07 2015, @10:26AM
One difference is that mobile software is expensive to develop. With iOS, you have to pay to play just to release an app, plus you have to buy Apple devices and computers. Android is cheaper, but still not free like building a white-box computer from parts.
Other free software is platform-oriented, like Apache, Emacs, etc. Free software tends to be software everyone needs to do basic work. The farther you get away from common platforms (and common programs like word processors) the less free software you find. The kind of stuff that has malware/adware in it is rarely found in free software.
(E-mail me if you want a pizza roll!)
(Score: 2) by Common Joe on Sunday June 07 2015, @04:00PM
There's a website www.portableapps.com [portableapps.com] which caters to people who want portable apps (i.e., no installation required) on Windows. Most software there is "free" and there are a lot of interesting things on there. (I have to say that I'm a little disappointed with the portable versions of Firefox and LibreOffice, as I find they aren't 100% portable but the majority of programs I find there seem to be.)
(Score: 2) by Freeman on Tuesday June 09 2015, @11:38PM
I realize that the original post is geared towards Phone Apps / Stores, but it can also be a pain to find good/safe windows installers. Other than going to the homepage for each application, there are at least a couple of sites that I find to be trustworthy. I have had good experience with http://www.portableapps.com/ [portableapps.com] and http://www.filehippo.com/ [filehippo.com]. Filehippo still has some advertisements and stuff on their pages, but I haven't found a single installer that's been untrustworthy.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"