SoylentNews is people
SoylentNews
MIT researchers have found that much of the data transferred to and from the 500 most popular free applications for Google Android cellphones make little or no difference to the user's experience.
Of those "covert" communications, roughly half appear to be initiated by standard Android analytics packages, which report statistics on usage patterns and program performance and are intended to help developers improve applications.
"The interesting part is that the other 50 percent cannot be attributed to analytics," says Julia Rubin, a postdoc in MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), who led the new study. "There might be a very good reason for this covert communication. We are not trying to say that it has to be eliminated. We're just saying the user needs to be informed."
The original paper [PDF] came via MIT.
(Score: 4, Insightful) by Runaway1956 on Friday November 20 2015, @05:03AM
AC nails it. When I call my wife from the car to see if I should stop at the grocery store on the way home, the ONLY flows of data should involve routing my conversation, and then the conversation itself. If I decide to play an online game from the phone, then I expect routing data to flow, and the game. Nothing more, nothing less. And, when I play a game that I've downloaded, there should BE NO DATA FLOW TO OR FROM THE NETWORK WHATSOEVER. Virtually anything and everything that doesn't involve routing and my intended data exchange is spyware. Malware. Unwanted, malicious software, performing tasks that I did not request. It makes no difference if that software is reporting to the developer, the imam, NSA, the pope, the KGB, or some punk ass kid in Brooklyn who rooted my phone - it is all malware.
Regarding routing data, it is expected that the telco must route the flow of data that I have initiated. It is a requirement that I forward some minimal bits of data. If I desire to read the Google news feed, then I must inform the Telco what I want to read, so that they can locate it, and send it to me. That should be the start point, as well as the end point, of routing data. There should be absolutely no record of data transactions forwarded or recorded, ANYWHERE. Not on the Telco's servers, not at NSA, not at GCHQ, or in some tacky apartment in Brooklyn, New York.
If my phone will work to my expectations with sixty percent of the data flow blocked, then all of that data flow is parasitic in nature. Prying and intrusive spying from any source is evil. I won't accept it from my boss, my preacher, or my government, and damned sure not from some "developer" whose application is just a front for collecting data.
(Score: 2) by frojack on Friday November 20 2015, @05:29AM
AC nails it. When I call my wife from the car to see if I should stop at the grocery store on the way home, the ONLY flows of data should involve routing my conversation, and then the conversation itself. If I decide to play an online game from the phone, then I expect routing data to flow, and the game. Nothing more, nothing less.
Wait, we are not talking about a 1985 dumb flip phone here. The article is about smart phones.
You installed those applications on the phone, and you gave each app permission to periodically check in.
The weather
Time synchronization.
Email checks or idled socket timeout and refresh cycles
Messaging, presence indicators
Tower re-negotiations
Calendar checking for updates
Did you turn on location services?
Any social media apps you might have installed checking in...
Look at settings, in phone, check your running apps. Any one of them that were authorized to use the net, might be using the net.
Check the cached applications too. While not running NOW, they might have been mere seconds before.
Your phone isn't a single process device. There is a lot going on. You don't want that happening, you better go back to a "dumb" phone.
No, you are mistaken. I've always had this sig.
(Score: 2) by Runaway1956 on Friday November 20 2015, @05:44AM
Uh-huh - there's a lot going on, of course. But, the idea that a developer should have the privilege of secretly monitoring all that stuff that is going on is ludicrous. The idea that my weather app should be communicating with anything other than NOAA (or equivalent) is equally ludicrous.
You are merely confirming that people should have the ability to fine tune permissions, based on INFORMED consent. Idiots who click through a page of EULA, and don't bother to see what permissions the app demands almost deserve to be spied on. My position is that the EULA should be clear, concise, and above all, honest. "If you use our app, we're going to spy on you 24/7" would be the sort of EULA I'm talking about. With informed consent, people can decide that it's not worth installing the app.
Each and every communication that your phone makes to the internet should be approved of, by the end user. Fine grained permissions should be the rule, not the exception.
(Score: 2) by frojack on Friday November 20 2015, @06:26AM
Yes, we are all in favor of fine-tuneable permissions.
But your Weather app doesn't get its info from NOAA. It gets it from the app provider, or maybe Google, or Apple, depending on the phone. Accuweather, Weather.com, Weather Underground, etc. And, it has to know where you are to give you the correct weather, right? So it has to fetch the location, doesn't it? And it might need to hit Skyhook [skyhookwireless.com] or Google to to find the location of wifi routers in the area (to avoid using GPS satellites for power saving reasons). Or if it was allowed (by you) to use GPS, it may have to fetch aGPS updates from the nearest tower.
So you see, your simple weather update can launch a virtual cascade of network activity.
And that is not unusual for many legitimate apps. The don't all just do one thing, and exit.
Now NONE of these things are the clandestine transmissions covered in the article. I only mention them to clear up your misconception about what data flows are normal for a smart phone.
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by hemocyanin on Friday November 20 2015, @06:40AM
But why does the weather app need to have access to my contacts list, camera, and microphone?
I upgraded my phone about six months ago and this time, I've been evaluating the permissions requested against the utility of the app. Some random poker games wants to know everything and the kitchen sink? I decide I don't need it. I wish more people would go this route as it would put pressure on app developers to limit themselves to what the app actually needs access to in order to do its job. Anything that wants access to everything should be ignored into non-existence.
(Score: 2) by frojack on Friday November 20 2015, @07:07AM
Exactly. People have been bitching about this for a long time.
With Android 6, (marshmallow) Google has finally done what Androgen Mod has done earlier, and is allowing much finer grained permissions.
See: https://www.android.com/versions/marshmallow-6-0/#choice-and-control [android.com]
http://www.greenbot.com/article/2990078/android/how-to-toggle-app-permissions-in-android-marshmallow.html [greenbot.com]
Its not a perfect system yet.
No, you are mistaken. I've always had this sig.
(Score: 4, Informative) by urza9814 on Friday November 20 2015, @02:13PM
This is why I love Cyanogenmod...
Quick example -- I recently installed WhatsApp (after my coworkers spent weeks harassing me about it...) It wants a hell of a lot of access, but I'm not giving it. At first the app wouldn't work at all, until I relented a bit and gave it access to my contacts list, since it apparently doesn't have its own. It's tried to *change* my contact list 27 times so far -- every single attempt has been denied. It wants permission to use my camera and microphone, alter the text messages already stored on my device, change my network settings, read my calendar and call log...but I don't give it those permissions. Although to be fair, Cyanogenmod monitors how many times it attempts to use those permissions too, and so far it hasn't. But I'm not taking any chances. It's read my contact list successfully 1015 times (and been denied 635); it's used the vibrate function successfully 29 times, given 62 notifications, woken the device up 2181 times (hmm...I'm going to switch that to denied actually....)
I love this privacy guard feature. Apparently something similar is coming to stock Android eventually, but for now Cyanogenmod is a good way to go. Still doesn't help with situations like your weather app sending data to Google since it's just network or no network...but that's why I rooted the device so I can route all my traffic though proxies. Google thinks I'm in Romania right now.
(Score: 4, Informative) by Runaway1956 on Friday November 20 2015, @06:51AM
Actually, the weather app has no need to know where I am. I can set any number of locations - only one on a poorly designed app, maybe thousands on a really good app. If I want to know what the weather will be when I get home, I click "home". If I want the weather at work, I click "work". Or, "grandma's house" or "fair grounds" or "Talladega Raceway" or . . .
The app has no need to track me, to report the weather I want.
(Score: 2) by frojack on Friday November 20 2015, @07:00AM
Sure, and most have a thing called "current location".
But you are making my point for me. There are constant data-flows in any smartphone, not all of them mysterious.
No, you are mistaken. I've always had this sig.
(Score: 2) by Runaway1956 on Friday November 20 2015, @07:18AM
"not all of them mysterious."
So - because I know what some of the data flow is, I should just accept that all the data is benign. Sorry, that's not good enough. You don't have to be paranoid to understand that bad people have bad reasons to spy on you.
(Score: 2) by frojack on Friday November 20 2015, @08:01AM
No one said you should accept all data flows. And I pointed out that Google is changing the permissions system to accommodate more control.
So what, EXACTLY, is it that you want?
And what are you going to do for a smartphone until your wish is granted?
No, you are mistaken. I've always had this sig.
(Score: 2) by Runaway1956 on Friday November 20 2015, @08:22AM
I want cyanogen mod fine grained permissions to be standard fare on all smartphones. No spying, or more precisely, only spying that the user explicitly opts in to.
(Score: 1, Insightful) by Anonymous Coward on Friday November 20 2015, @05:53AM
You installed those applications on the phone, and you gave each app permission to periodically check in
Incorrect, these are "all-or-nothing" permissions. Sometimes they fall under "permission to use the internet". It's the equivalent of "sure, you can exist but I'm going to pump you with a big rubber d*ck for as long as you do... Don't like it? Why don't you stop existing...". The argument "well then don't use those things" is not a valid solution because the problem that the original AC refers to is that this has become the norm, and there effectively aren't any alternatives to it unless rolling your own apps.
The weather, Time synchronization, Email checks or idled socket timeout and refresh cycles, Messaging, presence indicators, Tower re-negotiations, Calendar checking for updates
Yes, and those apps are fine as long as they're just doing that. What we're talking about is when these apps are transferring data unrelated to their primary task
Did you turn on location services?
Heck no. It's already bad enough that my telco knows where my phone every second that it's switched on
Any social media apps you might have installed checking in...
none of that cruft comes even close to my devices.
Any one of them that were authorized to use the net, might be using the net.
Sure, and as long as they do that in order to fulfill their primary function, I have no problem with it.
Here's an analogy, how would you like it if "ls" sent the file listing to the developers of "ls" every time you execute the command? All under the moniker of "Improving The User Experience". What about a browser sending every single URL you request to the maker of the browser?
What the original AC is (rightfully) complaining about, are apps transmitting data which is not part of the functionality that the app is offering. THAT is the problem
(Score: 2) by q.kontinuum on Friday November 20 2015, @06:58AM
It is [a/the only] valid solution as long as your life does not depend on those apps. It's called the "free market". If enough people stop using these kind of apps, and start shedding out money for properly, privacy aware implemented apps, there will be a market for privacy-aware apps, and more such apps will be available.
Or use an open source system. Chances are people will find ways to provide dummy-interfaces for some of the permissions you want to redraw without the app noticing.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by TheRaven on Friday November 20 2015, @10:08AM
sudo mod me up