Report: Be aware of Android Apps
Summary
About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report.
Topics
Update: Headline change to reflect that SMobile says it isn't criticizing the Android model
About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.
Some of the apps were found to have the ability to do things like make calls and send text messages without the mobile user doing anything. For instance, five percent of the apps can place calls to any number and two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges, security firm SMobile Systems concluded in its Android market threat report. SMobile is not saying those apps are all malicious, but is making the point that there is a potential for abuse.
Meanwhile, dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of emails and text messages, phone call information, and device location, said Dan Hoffman, chief technology officer at SMobile Systems.
For more on this story, read Report says be aware of what your Android app does on CNET News.
Just In
"Android requires application developers to declare the permissions their application will need in order to interact with the system and its data. As a result, SMobile has incorporated patent pending technology to use application permissions and other identifying attributes to determine what an application can do and subsequently, identify Spyware and other malicious applications.. This provides a prime opportunity to identify an application that is trying to access sensitive data or communications and then assist the user in determining if this access is truly necessary for an application."
Sounds like they're selling a firewall like ZoneAlarm, that pops up a warning when an application requests some data. Filtered by the permissions, so if the application is not flagged to obtain the contents of an email, popping up a false positive would be dumb, so it looks like they filter for the permissions.
He's basically claiming 20% of applications are flagged to request some permission to some private data on the phone.
Sounds like they're selling a firewall like ZoneAlarm, that pops up a warning when an application requests some data. Filtered by the permissions, so if the application is not flagged to obtain the contents of an email, popping up a false positive would be dumb, so it looks like they filter for the permissions.
He's basically claiming 20% of applications are flagged to request some permission to some private data on the phone.
@guihombre Right. He's kind of missing the point. If an application accesses my contacts to, for example, display pictures of all my contacts in a graphical way, that's not a security breach, and the application can't do it unless I explicitly ALLOW it when it asks during installation. It puts the power (and the responsibility) into the hands of the user. Now whether that's a good idea or not is up for debate. Most people just click "Allow" on everything without bothering to read it - a by-product of too many EULAs and Terms & Conditions I think - so there could be significant identity theft issues here.
@timothyt@... Great example!
Now try explaining this away: "two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges."
I sure can see the utility of apps that "send unknown SMS messages to premium numbers that incur expensive charges" with your explicit permission.
I say, Android is now ready to be adopted by enterprise.
Now try explaining this away: "two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges."
I sure can see the utility of apps that "send unknown SMS messages to premium numbers that incur expensive charges" with your explicit permission.
I say, Android is now ready to be adopted by enterprise.
maybe it's time for adware/spyware company google to have a more curated approach to their app market. waiting for the first android virus to spread ...
@banned from zdnet "... five percent of the apps can place calls to any number and two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges,..."
Now I KNOW I don't want Android!
Now I KNOW I don't want Android!
@vulpine@... So you install an application, it tells you BEFORE installation that "This application requires access to your phone in order to make calls and send text messages. Proceed?" and now Android isn't secure. How is being informed of exactly what the app requires from your phone to work and asking you to confirm these access rights a break down in the OS? If that was the case, Windows should have died years ago.
@banned from zdnet Hey banned.... since you're such an avid Apple freak, why don't you tell that to SMobile? So they can help Apple clear up their's and AT&T's Personal Data Leaks in Apps, Safari Browser, Account Profiles, etc!
SMobile SCREAMS FIRE..... when there hasn't even been a match lit on Android. haha.... As compared to Apple and AT&T's whipping out your personal iPhone account data (no other phones affected) and their iOS's Browser getting dumped on in the opening minutes of PWN2OWN!
You Apple iNazis should learn to keep your mouths shut until you really have something to scream about. lol.... In the meantime Chrome has been declared the most Secure Browser and yet to fall at PWN2OWN! ....and it's now on more PC's than Safari, so what does that tell you?
#1 If you own iPhone, iPad or iPod Touch..... change your Service Provider! ....(oh yeah you can't)
#2 In America you are as locked in to AT&T as you are into Apple's Fascist Garden Walled iOS. So what can you do? Jail Break your devices and unlock them? lol... El Steve-o would take a dim-witted view of that!
In the meantime you all are just sitting ducks, stuck behind a paper thin Garden Wall that can go up in flames with the stroke of a Hacker! .....in your face straight up, you are all doomed with only the protection of Apple's Thought Police. While they attempt to erase and throw the competition "Down the Memory Hole" of what the REAL WORLD is like, on the Web with things like FLASH! ....and btw.. the latest version of FLASH includes Hardware Accelerated SPEED and Energy Efficient Security that hasn't been attacked.... nor is it likely and that even on Android and every other mobile OS Platform!
So enjoy your vanilla flavored iOS that restricts you from using the full hardware capability of the hardware. Hardware that is bound to have Android running on it soon. Because it's the same chip as what Samsung makes for Apple as they do themselves, with their Hummingbird A8. That.... btw will have FULL Multi-Tasking (not fake task switching), Full Flash, full 3G Video Conferencing, even on your own AT&T (screwed for Apple only) Network!
SMobile SCREAMS FIRE..... when there hasn't even been a match lit on Android. haha.... As compared to Apple and AT&T's whipping out your personal iPhone account data (no other phones affected) and their iOS's Browser getting dumped on in the opening minutes of PWN2OWN!
You Apple iNazis should learn to keep your mouths shut until you really have something to scream about. lol.... In the meantime Chrome has been declared the most Secure Browser and yet to fall at PWN2OWN! ....and it's now on more PC's than Safari, so what does that tell you?
#1 If you own iPhone, iPad or iPod Touch..... change your Service Provider! ....(oh yeah you can't)
#2 In America you are as locked in to AT&T as you are into Apple's Fascist Garden Walled iOS. So what can you do? Jail Break your devices and unlock them? lol... El Steve-o would take a dim-witted view of that!
In the meantime you all are just sitting ducks, stuck behind a paper thin Garden Wall that can go up in flames with the stroke of a Hacker! .....in your face straight up, you are all doomed with only the protection of Apple's Thought Police. While they attempt to erase and throw the competition "Down the Memory Hole" of what the REAL WORLD is like, on the Web with things like FLASH! ....and btw.. the latest version of FLASH includes Hardware Accelerated SPEED and Energy Efficient Security that hasn't been attacked.... nor is it likely and that even on Android and every other mobile OS Platform!
So enjoy your vanilla flavored iOS that restricts you from using the full hardware capability of the hardware. Hardware that is bound to have Android running on it soon. Because it's the same chip as what Samsung makes for Apple as they do themselves, with their Hummingbird A8. That.... btw will have FULL Multi-Tasking (not fake task switching), Full Flash, full 3G Video Conferencing, even on your own AT&T (screwed for Apple only) Network!
...your widdle spiel is gonna get everybody to give up their iPhone?
lol...
lol...
@i2fun@... tell us when you get your GED
@gennx30 So you might want to tell that to your "Thought Police". But be sure to have your bags packed for your ride down their memory hole to hell!
BTW... I've worked in commercial networking for 20 years. I'm also what you might call a code warrior. That's somebody that codes on multiple platforms and languages. I'm not speaking of human languages (although I speak several and English isn't even my primary language). I can even code in Objective C FYI
BTW... I've worked in commercial networking for 20 years. I'm also what you might call a code warrior. That's somebody that codes on multiple platforms and languages. I'm not speaking of human languages (although I speak several and English isn't even my primary language). I can even code in Objective C FYI
So, a company that sells security software for mobile platforms is telling us that our mobile platforms are not secure per se... uhm, interesting.
No, wait, it is not.
No, wait, it is not.
@JordiFenix
there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.
when 20% of the apps on the android market are spyware you should listen and think about your platform of choice. oh wait, the whole google business model revolves around adware and spyware.
there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.
when 20% of the apps on the android market are spyware you should listen and think about your platform of choice. oh wait, the whole google business model revolves around adware and spyware.
@banned from zdnet
"there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.
Gee, that's funny. According to the SMobile Systems website, they do....
http://www.smobilesystems.com/online-store/
"there is no security software that can be installed on android phones that help against apps that are basically spyware. even if this company wanted to it couldn't sell you anything.
Gee, that's funny. According to the SMobile Systems website, they do....
http://www.smobilesystems.com/online-store/
@banned from zdnet
Then again, if they say, as a "generic buzz": "warning, android applications are bad! They spy on you!" Most non-tech savvy users will rush to ANY solutions that they feel enhance they security. Look no further! SMobile Systems themselves offer such solution.
Look, I know most applications look into your data. The data they are supposed to look at is specified before you install those applications. Read the info before you install and, if you don't feel confortable with that, don't install the application. Otherwise: pebkac (we should update that to reflect the reality of mobile phones by the way...pebtsac= problem exists between tactile screen and chair?).
Most people, me included, doesn't have anything in their phones that is really worth to be spied upon. They simply look where you are (geolocation) and maybe what you are interested in (your search history) so they can offer ads better suited to your interests.
Having ads all around us seems to be unavoidable. Those ads can be well targeted at least, and that is what Google gives you. And you know what? Sometimes you actually find something useful and interesting thanks to well-targeted ads.
Then again, if they say, as a "generic buzz": "warning, android applications are bad! They spy on you!" Most non-tech savvy users will rush to ANY solutions that they feel enhance they security. Look no further! SMobile Systems themselves offer such solution.
Look, I know most applications look into your data. The data they are supposed to look at is specified before you install those applications. Read the info before you install and, if you don't feel confortable with that, don't install the application. Otherwise: pebkac (we should update that to reflect the reality of mobile phones by the way...pebtsac= problem exists between tactile screen and chair?).
Most people, me included, doesn't have anything in their phones that is really worth to be spied upon. They simply look where you are (geolocation) and maybe what you are interested in (your search history) so they can offer ads better suited to your interests.
Having ads all around us seems to be unavoidable. Those ads can be well targeted at least, and that is what Google gives you. And you know what? Sometimes you actually find something useful and interesting thanks to well-targeted ads.
@babyboomer57
you understand the word spyware? no? then please don't comment. they sell antivirus, antispam and security apps. there is no app they can sell that protects you from other apps that are spyware.
the only one that could protect you from this threat is google, if they would curate their store and would not allow spyware apps in it. but of course they don't.
please first try to understand the topic then post.
you understand the word spyware? no? then please don't comment. they sell antivirus, antispam and security apps. there is no app they can sell that protects you from other apps that are spyware.
the only one that could protect you from this threat is google, if they would curate their store and would not allow spyware apps in it. but of course they don't.
please first try to understand the topic then post.
@JordiFenix
didn't you read the article?
when you install your app does it ask you if you allow to:
- make calls and send text messages without the mobile user doing anything
- place calls to any number
- to send unknown SMS messages to premium numbers that incur expensive charges
did you read the article or are you only to afraid that your whole "so open!" android meme is about to collapse?
didn't you read the article?
when you install your app does it ask you if you allow to:
- make calls and send text messages without the mobile user doing anything
- place calls to any number
- to send unknown SMS messages to premium numbers that incur expensive charges
did you read the article or are you only to afraid that your whole "so open!" android meme is about to collapse?
@banned from zdnet
See, as usual, you are the one that can't read.
From the SMobile home page:
"SMobile?s Management Console, Anti-Theft and Identity Protection and Parental Control applications provide users with complete mobile security against viruses, spyware and network attacks"
As far as even needing the protection, as several people have pointed out already, you are told before you even download an Android app what it has access to on your phone. If you don't like it, don't install it. Simple.
See, as usual, you are the one that can't read.
From the SMobile home page:
"SMobile?s Management Console, Anti-Theft and Identity Protection and Parental Control applications provide users with complete mobile security against viruses, spyware and network attacks"
As far as even needing the protection, as several people have pointed out already, you are told before you even download an Android app what it has access to on your phone. If you don't like it, don't install it. Simple.
@banned from zdnet
To quote:
when you install your app does it ask you if you allow to:
- make calls and send text messages without the mobile user doing anything
- place calls to any number
- to send unknown SMS messages to premium numbers that incur expensive charges
Actually Yes it does. If you go to install an app that does this big huge red letters come up and tell you that this is what the app will do. Pretty much verbatum. You can still install it if you want to. Nothing stopping you. Again this is not a problem. It does come up and tell you this. you can simply hit the back button on the marketplace and not install it. See, as an android user you have choices. Your not locked into the "We are apple and we decide what is best for you and you will love us for it" mentality.
To quote:
when you install your app does it ask you if you allow to:
- make calls and send text messages without the mobile user doing anything
- place calls to any number
- to send unknown SMS messages to premium numbers that incur expensive charges
Actually Yes it does. If you go to install an app that does this big huge red letters come up and tell you that this is what the app will do. Pretty much verbatum. You can still install it if you want to. Nothing stopping you. Again this is not a problem. It does come up and tell you this. you can simply hit the back button on the marketplace and not install it. See, as an android user you have choices. Your not locked into the "We are apple and we decide what is best for you and you will love us for it" mentality.
@banned from zdnet The difference is SMobile would be banned from offering their services to identify potential Applications that may (in the Pre-Crime Prevention Future of Apple's closed World) may toss their TOS and use these privileges against the users of their Apps. This goes for both Markets btw. But in an Open Android Market and the Web, we face these possibilities every moment we use our compute devices on the Internet!
looking at their website, it sure appears to be a marketing ploy. make people afraid of something, then say that you have the solution for it. I'm surprised this was even deemed worth mentioning.
@raistdejesus
they don't have a product to sell. how could they? what could you install to protect you from 10.000 apps in the android marketplace that are basically spyware.
they don't have a product to sell. how could they? what could you install to protect you from 10.000 apps in the android marketplace that are basically spyware.
"to protect you from 10.000 apps in the android marketplace that are basically spyware"
Wow. We REALLY must be in danger.
Wow. We REALLY must be in danger.
@banned from zdnet :10.000 apps in the android marketplace that are basically spyware?
Spyware is when an something collects information - without your knowledge.
and to quote you back --> please first try to understand the topic then post.
Since the android installer tells you every system service that an app will leverage, to let an app do that without your knowledge would make you the same type of person who lives in kansas and complains they didn't know that their insurance policy didn't cover tornadoes (no offense to midwesterners, I saw a guy on tv recently...)
If you install an SMS app, and the installer tells you it can read phone state and send SMS messages - well that figures.
If you install an app that puts stupid cowbell noises over music and the installer tells you that it can read the SD card, send phone calls, has full internet acces, and uses dozens of system tools --- and you ignore that --- then you kinda deserve what is coming...
Spyware is when an something collects information - without your knowledge.
and to quote you back --> please first try to understand the topic then post.
Since the android installer tells you every system service that an app will leverage, to let an app do that without your knowledge would make you the same type of person who lives in kansas and complains they didn't know that their insurance policy didn't cover tornadoes (no offense to midwesterners, I saw a guy on tv recently...)
If you install an SMS app, and the installer tells you it can read phone state and send SMS messages - well that figures.
If you install an app that puts stupid cowbell noises over music and the installer tells you that it can read the SD card, send phone calls, has full internet acces, and uses dozens of system tools --- and you ignore that --- then you kinda deserve what is coming...
@banned from zdnet They are not spyware. All apps request permission to have access to sensitive portions of your phone (yes even making calls and sending text messages) so get off you're clueless horse.
If you can get those figures, you should have some idea of which apps are the evil ones. Does anyone have, or has anyone published, such a list? Or is it like that corollary to Murphy's Law? "37.5% of statistics are invented on the spot."
@JM1981 Let's see now. When installing the app, I am told what it will do re:app access and actions to data I may deem sensitive and gives ME the choice of whether to install or not. Since open hardware/software is about choice, I think I like it just fine, thank you very much. How do you like your closed platform which affords you the choice of...what exactly?
The Android apps ask you specifically for these permissions when you go and install the application from the market. Some apps ask for location data, things like Maps HAVE TO HAVE IT OR THE APP IS USELESS. Things like Twitter, MySpace, and Facebook allow you to add your location you are posting from. FYI the iPhone Facebook app does this too, but doesnt ask your permissions when you install the app. Its an option you can turn on later, same with the Android app. The Android app at least tells you it will be accessing this data on your phone BEFORE you install it.
Now on to Text Messages:
Some apps offer you the ability to update your location to your friends via SMS, these apps have to have access to the messaging system on the phone in order to do this. If you install this type of app, you are obviously aware of its functionality so it is not an issue.
Calls are the same thing. ChompSMS for example gives you the option to CALL someone who has sent you a text message. Without access to the phones dialer this would not be possible. FYI same on the iPhone for its texting apps.
These "security" experts are obviously OBLIVIOUS to the fact that the OS is secured and needs to add special permissions to be able to access parts of the operating system so it can provide its functionality.
The Long and short of it is.....
Android tells you when you install the app what it has access to. If you don want that data out there you can choose not to install the app.
Now on to Text Messages:
Some apps offer you the ability to update your location to your friends via SMS, these apps have to have access to the messaging system on the phone in order to do this. If you install this type of app, you are obviously aware of its functionality so it is not an issue.
Calls are the same thing. ChompSMS for example gives you the option to CALL someone who has sent you a text message. Without access to the phones dialer this would not be possible. FYI same on the iPhone for its texting apps.
These "security" experts are obviously OBLIVIOUS to the fact that the OS is secured and needs to add special permissions to be able to access parts of the operating system so it can provide its functionality.
The Long and short of it is.....
Android tells you when you install the app what it has access to. If you don want that data out there you can choose not to install the app.
@jcohenlv@... What do you make of this quote though, "For instance, 5 percent of the apps can place calls to any number and 2 percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges" ?
The report actually says "3% of all of the Market submissions that have been analyzed could allow an application to send unknown premium SMS messages without the users interaction or authorization"
A jewel of the English language. Semantically very clear and accurate. Designed so the careless reader overlooks the "could".
I could allow my dog to pee on my bed or chew my slippers. I could allow a 10 year old drive my car.
But I do not.
The fact that the applications could send SMS hence can send them to premium services does not mean that they are designed to do that.
Yes, It is a security issue that the users must be aware of. No more, no less.
The fact that you have a land line that "could" be tapped, does not mean that phones are designed to spy.
A jewel of the English language. Semantically very clear and accurate. Designed so the careless reader overlooks the "could".
I could allow my dog to pee on my bed or chew my slippers. I could allow a 10 year old drive my car.
But I do not.
The fact that the applications could send SMS hence can send them to premium services does not mean that they are designed to do that.
Yes, It is a security issue that the users must be aware of. No more, no less.
The fact that you have a land line that "could" be tapped, does not mean that phones are designed to spy.
@rarsa uh.. I skimmed over the report. Found a software called, SMS Message Spy (Pro or Lite). Then I realized this is not that bogus of a report. Semantics of the English language or not.
@jcohenlv@...
Man, you said that much better than I could.
Man, you said that much better than I could.
@JordiFenix
Yes, these guys obviously haven't even USED the android market. They are just looking for something to get their ******* in a bunch. Most dumb users of smartphones are on iPhone anyway. Smart users are the ones that pick Android, and that's okay. I tell people all the time, living in Silicon Valley, that if their not tech savvy, get the iPhone.
Sheesh. In truth, the market lays everything out for you prior to installing and for the new user it might seem kind of hyperbolic when looking at the list of permissions. If you don't trust the dev or the app don't use it. Many of the apps are being used by lots of people (highest number of downloads it shows for any app is " >250,000 " so if a quarter of a million people were getting messed with on their apps, I think we'd all have heard of it by now.
In fact, there are a good number of Android users who can be very critical in their review of an app. So obviously there'd be some noise made if there was an issue.
ALSO, when viewing an app, you can email the dev directly and ask them about why they need a permission.
I'll keep enjoying my Moto Droid OC'ed to 1 Ghz, with 14 homescreen widgets.
Yes, these guys obviously haven't even USED the android market. They are just looking for something to get their ******* in a bunch. Most dumb users of smartphones are on iPhone anyway. Smart users are the ones that pick Android, and that's okay. I tell people all the time, living in Silicon Valley, that if their not tech savvy, get the iPhone.
Sheesh. In truth, the market lays everything out for you prior to installing and for the new user it might seem kind of hyperbolic when looking at the list of permissions. If you don't trust the dev or the app don't use it. Many of the apps are being used by lots of people (highest number of downloads it shows for any app is " >250,000 " so if a quarter of a million people were getting messed with on their apps, I think we'd all have heard of it by now.
In fact, there are a good number of Android users who can be very critical in their review of an app. So obviously there'd be some noise made if there was an issue.
ALSO, when viewing an app, you can email the dev directly and ask them about why they need a permission.
I'll keep enjoying my Moto Droid OC'ed to 1 Ghz, with 14 homescreen widgets.
Just like in the pc world.. if there were no profit in finding malware and vulnerabilities, probably 90% of exploits would never come to fruition or ever be utilized. Since companies can make money out of finding vulnerabilities and prove that you are succeptable, it behooves them to find vulnerabilities and make them public which in turn sells more of their product... hmmm...
@10W1V1
what product do they want to sell to you? there is no product. only the fact that 10.000 of the apps in the android marketplace are basically spyware.
what product do they want to sell to you? there is no product. only the fact that 10.000 of the apps in the android marketplace are basically spyware.
@banned from zdnet
The fallout from this report could be used as a market study, used to determine a possible market entry with an anti-spyware/malware app for Android. Why else would they choose to make this known as a company, rather than as individuals?
The fallout from this report could be used as a market study, used to determine a possible market entry with an anti-spyware/malware app for Android. Why else would they choose to make this known as a company, rather than as individuals?
@banned from zdnet
There you go again...
There you go again...
Based on your comments I would be tempted to infer that you Didn't read the report and Have never used an Android.
This to me, disqualifies any comments.
The report points at security risks, not at security breaches. (I hope you know the difference)
This to me, disqualifies any comments.
The report points at security risks, not at security breaches. (I hope you know the difference)
@Ronzo3
no app can protect you from another app. this has be done at the os level by google. but they refuse to curate their store and let any app be downloaded to any android phone. these spyware apps have the abilty to send your data to any recipient, make calls or send sms to expensive numbers. but google doesn't have the means or the will to review apps. so spyware and other malicious code can be in any app you download from the android market.
no app can protect you from another app. this has be done at the os level by google. but they refuse to curate their store and let any app be downloaded to any android phone. these spyware apps have the abilty to send your data to any recipient, make calls or send sms to expensive numbers. but google doesn't have the means or the will to review apps. so spyware and other malicious code can be in any app you download from the android market.
@banned from zdnet You did read the post which said that Android apps disclose all of that prior to your decision to install, right? And that the iPhone store has apps which do roughly the same thing and do NOT disclose that prior to install, right? You did read that and understand it, right?
@banned from zdnet blah blah blah blah ... hammering on (incorrectly) about a report that has already been .. well .. admitted to be wrong does not make you right.
Sorry you said something? All I heard was "blah blahblah"
Sorry you said something? All I heard was "blah blahblah"
@10W1V1... irrelevant conclusion, and sweeping generalizations. Certainly you can formulate an argument on facts rather than creating fallacious ones.
Interesting - all of you Android fans kept harping on the iPhone and it's supposed deficiencies compared to Android and now what do we have here? Ah yes, For instance, five percent of the apps can place calls to any number and two percent can allow an app to send unknown SMS messages to premium numbers that incur expensive charges Just so you know there is NO app for that in the Apple App Store...
@athynz
jcohenlv@ explains it perfectly in his post. Read it please.
And you said
"Just so you know there is NO app for that in the Apple App Store"
Wow. Did you check all of them out? I mean, there are a LOT of them. I mean are you sure? Totally SURE? Did you made a study? Or you just trust that the AppStore police will protect you and your (sorry, their) phone?
jcohenlv@ explains it perfectly in his post. Read it please.
And you said
"Just so you know there is NO app for that in the Apple App Store"
Wow. Did you check all of them out? I mean, there are a LOT of them. I mean are you sure? Totally SURE? Did you made a study? Or you just trust that the AppStore police will protect you and your (sorry, their) phone?
@JordiFenix
yes, totally sure. hence the word curated. every app sold in the app store is reviewed by apple. they make sure that no app contains any spyware or malicious code. that's one of the main ideas of the curated approach.
yes, totally sure. hence the word curated. every app sold in the app store is reviewed by apple. they make sure that no app contains any spyware or malicious code. that's one of the main ideas of the curated approach.
@banned from zdnet
"they make sure that no app contains any spyware or malicious code."
Really? Are you sure they review all the source code for all apps submitted to make sure that they don't send your private data to some server somewhere, maybe a month down the road? I would be surprised if they even check a large percentage of functionality. Basically the only thing they are policing is to make sure the app doesn't use any private APIs, and that it doesn't have any prohibited content or duplicate any of Apple's own apps. If someone wanted to get spyware or malicious code past them, I don't think it would be that difficult.
"they make sure that no app contains any spyware or malicious code."
Really? Are you sure they review all the source code for all apps submitted to make sure that they don't send your private data to some server somewhere, maybe a month down the road? I would be surprised if they even check a large percentage of functionality. Basically the only thing they are policing is to make sure the app doesn't use any private APIs, and that it doesn't have any prohibited content or duplicate any of Apple's own apps. If someone wanted to get spyware or malicious code past them, I don't think it would be that difficult.
@JordiFenix
Why do Apple take so much of time for reviewing the apps before letting them go. You think it is Big Brotherish, nope, aside from UX Guidelines checking they make sure the apps are not breaching anything related to privacy and security. But given the fact that things are made and supervised by human, there may be some apps that miss this and get surfaced in AppStore, but once it goes into Apple notice, Apple will not show any soft corner for the developers who put them there and the apps will be pushed out immediately.
--Ram--
Why do Apple take so much of time for reviewing the apps before letting them go. You think it is Big Brotherish, nope, aside from UX Guidelines checking they make sure the apps are not breaching anything related to privacy and security. But given the fact that things are made and supervised by human, there may be some apps that miss this and get surfaced in AppStore, but once it goes into Apple notice, Apple will not show any soft corner for the developers who put them there and the apps will be pushed out immediately.
--Ram--
End of the day its the users responsibility to limit access.
Some applications require access to info to work as designed, or offer features etc.
iPhone has many security issues as well and so does symbian and others. Look at the security probs of apple at the moment? The article should be titled "Beware of Mobile device applications"
End of the day, if my entire contents of messages and contacts was exposed to the world , then besides getting a few more Indian phone centre calls, then I really wouldn't give a crap.
"Oh no they read the text I sent to my wife! Now the world will know I love her! Oh No!!!!!!"
The paranoia of security is unbelievable, use common sense with any device and if you have the access codes to fort knox then don't store it on unsecured devices, or devices that can easily be lost, stolen, borrowed etc.
Some applications require access to info to work as designed, or offer features etc.
iPhone has many security issues as well and so does symbian and others. Look at the security probs of apple at the moment? The article should be titled "Beware of Mobile device applications"
End of the day, if my entire contents of messages and contacts was exposed to the world , then besides getting a few more Indian phone centre calls, then I really wouldn't give a crap.
"Oh no they read the text I sent to my wife! Now the world will know I love her! Oh No!!!!!!"
The paranoia of security is unbelievable, use common sense with any device and if you have the access codes to fort knox then don't store it on unsecured devices, or devices that can easily be lost, stolen, borrowed etc.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
