or Connect
AppleInsider › Forums › Mobile › iPhone › Most popular Android app caught harvesting users contacts: Facebook
New Posts  All Forums:Forum Nav:

Most popular Android app caught harvesting users contacts: Facebook - Page 2

post #41 of 70
Quote:
Originally Posted by MADSCI3NCE View Post
 I'm not in control of some of my data when my best Android using friends have my phone number, personal email address, my physical address, etc. in their contacts and then they run something like this Facebook app.  

 

Or you could take it a step further and do like me. I don't have a single Android friend, so that solves that problem. lol.gif

post #42 of 70
Quote:
Originally Posted by hill60 View Post

Yawn, I see the usual brigade are here with their denials and excuses.

 

Yes, it really is amazing how people forget that iOS apps quietly stole contact information for years, before Apple finally got around to asking the user for permission in iOS 6... whereas Android users have always had to give that permission even before installation.

 

The real problem is the same on both OSes, and that is that it will often make sense for the user to give an app permission to access their contacts, (supposedly in order to make it easier to send email, texts, etc), but then that app might misuse that permission later on.

 

I think smartphones should have a log of such info snatches for users to check.

post #43 of 70

Made an account just to post this -- don't bash me. 

 

I think Google CAN fix this. Remember, unlike iOS, Android doesn't need a whole new version to add more services and functionality. Google could easily implement sort of a SuperUser type approach, where if an app tries to access contact info, you must click the little "Allow" or "Deny" button. Add a patch through Google Play Services, all should be fine for Froyo and Up... If you really are worried now, you could install one of the many antiviruses for Android, at the least, or like a previous poster said, bake in a Permissions Manager. But how sure are we that this is to take contacts. Doesn't Facebook have contact sync? Also, this reminds me, in Android ICS+, Google baked in the Contacts app to disallow facebook from contact syncing, so if Facebook is blocked from Contact Sync, how are they doing it...fishy fishy.  

post #44 of 70
Quote:
Originally Posted by Steven N. View Post

This is mostly a non-story in relationship to iOS strengths VS weaknesses compared to Android.  iOS has had its own cases of FUBARs in this exact type of thing as well.

 

The sad state is many applications use various frameworks with minimal testing going on as to what the frameworks do. Many of these are designed for analytics and, if you don't really do your homework, you can get caught with these things. This is not to excuse the behavior but iOS and Android are equally guilty with or without the fragmentation issues.

 

Actually this is total bullshit. This "exact kind of thing" actually cannot happen on iOS as all access to the address book must be requested and approved by the user.  There sis no way to get the phone number except by specifically giving the app access to contacts.  

 

This article is interesting to me as it sort of explains why Facebook is constantly, desperately, and usually underhandedly trying to get my phone number which I refuse to give them.  I can't even count the number of times I've logged onto Facebook on the web or using an app and it's tried some slight of hand to get my phone number or dig through my contacts or both.  Several of these occasions it was presented to me as a "crucial" thing or a matter of my own safety to give them my phone number and it's only the knowledge that this was a lie that stopped me from doing so.  I wonder how many people they fool into doing this on a daily basis?  

 

Google does the exact same thing.  

 

if there is one thing I've been asked by Google to do over and over again it's give them my mobile phone number or access to my contacts or both.  Underhanded fuckers, both of them.  

post #45 of 70
Quote:
Originally Posted by AppleInsider View Post

Because the various versions of Android have no coherent security policy regarding the sharing of personal data without the user's permission, Facebook's "automatic sharing" in its Android app affects everyone, even iOS users with Android friends.

 

Android apps have always required the user's permission to access personal data. Facebook is no different. As detailed here, Facebook requests permission to "access the phone features of the device...to determine the phone number and device IDs...." Android, whether for good or bad, has always presented the app's requested permissions to the user at install time and let the user decide whether to proceed. By contrast, iOS delegates this vetting process to the app store reviewers. Until iOS 6 introduced hooks to alert the user when a program wanted to access Contacts, the user had no idea what permissions apps requested, and instead trusted the reviewers to make the correct decisions.

 

Quote:
Originally Posted by AppleInsider View Post

Due to fragmentation on even new Android phones, Google's platform can't be similarly secured even if it were in Google's interests to stop app developers from sharing users' private data for advertising and social recommendation purposes.

 

The issue has nothing to do with fragmentation and everything to do with policy. Apps on both Android and iOS are sandboxed and can only perform actions that they have received permission for. On iOS, the app store reviewers inspect and grant the permissions. Android places that responsibility with the end user. Google could hire people to read the permissions lists of Google Play submissions if it wanted to. It has simply chosen not to, but that's a policy issue and not a technical one.

 

Quote:
Originally Posted by AppleInsider View Post

No comment was made in the article about the complete lack of messaging security on other mobile platforms where SMS messaging isn't encrypted at all, including Android and Windows Mobile.

 

Well, SMS messaging isn't encrypted on iOS either or else an iPhone user would not be able to text anyone not using an iPhone. It's more fair to compare iMessage to chat programs like skype.  


Edited by d4NjvRzf - 7/1/13 at 6:17pm
post #46 of 70

 

That article is total bullshit.  And anyone who trusts Gizmodo of all places to have any kind of reliable information on anything is just an idiot.  

post #47 of 70
Quote:
Originally Posted by jfc1138 View Post

I wouldn't bee too sure even about the Apple Facebook implementation, I had students I work with in my lab suggested for "friending" when I've deliberately never put in my employment or university affiliation. EVER and they have zero association with anyone I had listed as friends. Maybe they're suggesting people that run off the same WiFi network? As would be the case in the lab....

 

I think this is the same kind of nefarious bullshit that LinkedIn uses.  For instance I work at a large institution at the moment and I'm on LinkedIn.  Whenever someone at that same institution does something on LinkedIn, I get what looks like a "personal" email from that person (who I don't know at all since it's a huge institution), asking me to link up with them.  It's actually not an email from them at all of course, it's just that their database shows that we work at the same location, and has identified me as someone who *should* have more links, so I get spammed by a cleverly crafted entirely fake email.  

 

It's practically criminal.  In fact if the purpose was illegal instead of merely social linking, it would be a federal crime to craft such an email as its outright fraudulent behaviour.  

 

It's all done with databases anyhow.  

post #48 of 70
Quote:
Originally Posted by koop View Post

 

Enjoy having this link completely ignored by the "outraged" icabal. Such information can not penetrate the Apple bubble-sphere. 

 

Look into it.  It's false information as is much of the stuff that Gizmodo spreads around.  

post #49 of 70
Quote:
Originally Posted by MADSCI3NCE View Post

 I'm not in control of some of my data when my best Android using friends have my phone number, personal email address, my physical address, etc. in their contacts and then they run something like this Facebook app.  Data I've taken extra steps to keep out of Facebook's grubby hands has now possibly been uploaded to their great big private info vacuum in the clouds.  Frankly that pisses me off.

How would that be any different if an iOS using friend gave the Facebook app permission to their contacts? Since on either platform you have to explicitly give permission for an app to access your contacts. Despite what the article title would have you believe, the Android Facebook app is only sending the phone number of the device it is installed on, not the phone's entire contacts list (which it can't do since it doesn't yet have permission to access it.). Yes, that's not appropriate either but it's also not "harvesting user's contacts" at least not without being given permission.
post #50 of 70

 

 

Your link is from early 2012. Since then, Apple added required notification and permissions requests in order for apps to read your Contacts, as the article quite clearly explained. Since iOS 6 was released, virtually the entire installed base is now using it. 

 

The situation on Android is that Apps just say they need to do "this and that" before you ever install them, and so every app has all the "permissions" its developers have the balls to say they need, and users have no control over running the apps with or without granted access. 

 

Google could fix this, but the entire installed base would never get an update.

post #51 of 70
Quote:
Originally Posted by d4NjvRzf View Post

 

Well, SMS messaging isn't encrypted on iOS either or else an iPhone user would not be able to text anyone not using an iPhone. It's more fair to compare iMessage to chat programs like skype.  

 

iPhone to iPhone (or to Mac, or to iPad, in any combo) messages are encrypted. Apple can't encrypt messages for other platforms that they could read, so they get plain text SMS, but that's clearly indicated in the UI. 

 

Skype is a different app. You can't text somebody and seamlessly upgrade your conversation to encrypted one on other platforms.

post #52 of 70
Quote:
Originally Posted by KDarling View Post

 

Yes, it really is amazing how people forget that iOS apps quietly stole contact information for years, before Apple finally got around to asking the user for permission in iOS 6... whereas Android users have always had to give that permission even before installation.

 

The real problem is the same on both OSes, and that is that it will often make sense for the user to give an app permission to access their contacts, (supposedly in order to make it easier to send email, texts, etc), but then that app might misuse that permission later on.

 

I think smartphones should have a log of such info snatches for users to check.

 

 

No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.

post #53 of 70
Who does Facebook think they are, the NSA?
post #54 of 70
Quote:
Originally Posted by Corrections View Post

 



Your link is from early 2012. Since then, Apple added required notification and permissions requests in order for apps to read your Contacts, as the article quite clearly explained. Since iOS 6 was released, virtually the entire installed base is now using it. 



 



The situation on Android is that Apps just say they need to do "this and that" before you ever install them, and so every app has all the "permissions" its developers have the balls to say they need, and users have no control over running the apps with or without granted access. 



 



Google could fix this, but the entire installed base would never get an update.



exactly. but those droid fans are desperately clutching at that old straw, because:

Android = spyware.

and they know it.
post #55 of 70

People still using FB?  That's the first place the big brother is monitoring.  Yeah, users' info is private until FB surrendering all info directly to the national security DB.  

post #56 of 70
Quote:
Originally Posted by Corrections View Post

 

No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.

 

You're wrong if you think Google doesn't see the problem and won't fix it.  You're even more wrong to say that they can't fix it.  Google doesn't tie apps to the system for the most part.  If they want, they can write an application that runs as a system app, place it on the market, and have users download it.  They could even push out an update silently to Google Play Services.  If you watched any of Google's I/O conference (which you likely didn't), you would have seen that they upgraded every Android phone on the planet without pushing a new version by adding peer-to-peer gaming, an updated set of location service APIs, cross-device notification sync, an enhanced cloud messaging service (something for developers), and cloud-based data backup APIs for apps.  Please tell me again that you don't think they can push an update to fix permissions so I can have a hearty laugh.

post #57 of 70
Quote:
Originally Posted by Corrections View Post

 

No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.

Nothing he said was wrong. All the user needs are better permission management tools, which they could bake it into the Play Store app, Sort of like this guy did.

post #58 of 70

Block the trolls, guys. Don't quote them. It's offensive to see their muck.

When I find time to rewrite the laws of Physics, there'll Finally be some changes made round here!

I am not crazy! Three out of five court appointed psychiatrists said so.

Reply

When I find time to rewrite the laws of Physics, there'll Finally be some changes made round here!

I am not crazy! Three out of five court appointed psychiatrists said so.

Reply
post #59 of 70
Quote:
Originally Posted by mhikl View Post

Block the trolls, guys. Don't quote them. It's offensive to see their muck.

 

But then nobody will see your posts! lol.gif

post #60 of 70
Quote:
Originally Posted by koop View Post

 

Enjoy having this link completely ignored by the "outraged" icabal. Such information can not penetrate the Apple bubble-sphere. 

 

Except that this is no longer the case for iOS6 (> 92% usage) Settings->Privacy->Contacts.
post #61 of 70
Quote:
Originally Posted by Apple ][ View Post

I am so glad that I am not on Facebook and even more glad that I am not on Android. What a freakin' nightmare and disaster.

I thought I heard the French say the same about you, yesterday.
Quote:
Originally Posted by bmg1001 View Post

If you really are worried now, you could install one of the many antiviruses for Android

Antivirus software? That is sooo 1996.

People actually need that still? On your phone? I already know why Apple is gaining marketshare, in whatever market they're in, but not having to install antivirus software on your Mac or iPhone is one of many very clear reasons people switch.
Send from my iPhone. Excuse brevity and auto-corrupt.
Reply
Send from my iPhone. Excuse brevity and auto-corrupt.
Reply
post #62 of 70
Quote:
Originally Posted by Suddenly Newton View Post


You are correct, that is a valid option.

However, IF (1) users don't agree to the terms and conditions of use until they first use (launch) the app, and (2) the app harvests your data when you install it, (as the poorly-worded article states), but before you can consent to the terms and conditions of use, then Facebook is wrong.

 

If you download the app from the Google Play Store you do agree to the possibility of Facebook doing this before downloading. Now this may be difficult for some to understand but you do not install an app until after you download it..

When you click download for any app in Play Store you are given a list of access rights that the app has. You have to actively agree to continue with the download. It is a two step process so that you can not download without having seen this infomation. If you choose to ignore it then that is your choice..

With facebook you are warned that it can access your phone number and asked if you want to proceed. To do so and then say you did not know is being rather stupid isnt it..

It is just like the AppStore in app purchases problem where parents were downloading an app and their kids were spending big without their parents permission. The overwhelming feeling on this forum was that it was the parents fault for not reading the conditions. Apple was innocent because they warned people this could happen..

Funny how when Android does the same it is Androids fault and not the users..

I do not use the facebook app because I do not like the level of access that goes with it.
post #63 of 70
Quote:
Originally Posted by mrrodriguez View Post

I use a permission manager that I can choose what an app can and can't have access to. Google should bake it into Android to avoid this sort of problems. It'll also fix some malware problems.

 

It is baked into Android for every app.  To install anything the user has to give permission for whatever aspects an app wishes to access.  When it was found that anyone could get Apples users info at will, one of the many things Apple copied from Android was implementing app permissions. 

 

If you read the App permissions list prior to installing Facebook- yep, its Facebook.   You have to give them permission for EVERYTHING.  Your location, contacts etc etc.  If you 'okay' that, then Facebook has its run of your information- and you gave them consent to do it.  You KNOW they are going to do it, if freakin' Facebook lol

 

Headline might as well read:

User give Facebook permission to view their bank accounts, and Facebook views all of their bank accounts!

 

Users can't pick and choose permissions on any platform, if you 'choose' not to give Facebook permission the app simply won't install.

 

Of course the source, Symantec, isn't going to highlight that.  Stop posting information from companies that try to scare people into buying 'malware' software that is more intrusive than the problem itself as though it were news.

post #64 of 70
Quote:
Originally Posted by Frood View Post

 

It is baked into Android for every app.  To install anything the user has to give permission for whatever aspects an app wishes to access.  When it was found that anyone could get Apples users info at will, one of the many things Apple copied from Android was implementing app permissions. 

 

 

To be fair, iOS apps always had to request permissions to do stuff but the requests were visible to the the app store reviewers, not the end users. In iOS 6, apps began declaring some of that information to users as well. 

 

 

Edit: It appears that I was slightly mistaken about the iOS permissions system. I had assumed that permissions on iOS worked like OS X sandbox "entitlements" where an app starts with no privileges and needs to explicitly declare its intention to perform each kind of action, which basically how android permissions work. Could one of you iOS devs out there clarify this matter?  


Edited by d4NjvRzf - 7/2/13 at 9:12am
post #65 of 70
Quote:
Originally Posted by andrzejls View Post

Read post #6 and stop trolling.

1. He's the one who posted post #6.
2. He's not trolling under any definition of the word.
post #66 of 70
Quote:
Originally Posted by ktappe View Post

So how's that open platform thing workin' out for ya?

Great! Thanks for asking.

When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #67 of 70
Quote:
Originally Posted by Frood View Post

 

It is baked into Android for every app.  To install anything the user has to give permission for whatever aspects an app wishes to access.  When it was found that anyone could get Apples users info at will, one of the many things Apple copied from Android was implementing app permissions. 

 

If you read the App permissions list prior to installing Facebook- yep, its Facebook.   You have to give them permission for EVERYTHING.  Your location, contacts etc etc.  If you 'okay' that, then Facebook has its run of your information- and you gave them consent to do it.  You KNOW they are going to do it, if freakin' Facebook lol

 

Headline might as well read:

User give Facebook permission to view their bank accounts, and Facebook views all of their bank accounts!

 

Users can't pick and choose permissions on any platform, if you 'choose' not to give Facebook permission the app simply won't install.

 

Of course the source, Symantec, isn't going to highlight that.  Stop posting information from companies that try to scare people into buying 'malware' software that is more intrusive than the problem itself as though it were news.

 

Android has had third party custom permission utilities since version 1. I block access to my contacts for all of my apps except the phone, especially Facebook (it works just fine). Simply download LBE Privacy Guard, this is a none issue. Well maybe for someone who doesn't spend time in reading what are the weakness of ones OS and then plugs them up. A simple Google search like; "Android custom app permissions" would have told you everything you needed to do.

When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #68 of 70
This sounds easy and simple for a prank caller, even more of a problem would be someone with a homemade app that advertises false, yet when opened takes data, then after you delete app they still got the data.

Apple is real simple with IOS security. When it is requested apple has message that appears deny or accept.
post #69 of 70
Quote:
Originally Posted by Nairb View Post

 

If you download the app from the Google Play Store you do agree to the possibility of Facebook doing this before downloading. Now this may be difficult for some to understand but you do not install an app until after you download it..

When you click download for any app in Play Store you are given a list of access rights that the app has. You have to actively agree to continue with the download. It is a two step process so that you can not download without having seen this infomation. If you choose to ignore it then that is your choice..
 

 

I wasn't aware that Google Play worked that way. Thanks for the info.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #70 of 70
Quote:
Originally Posted by Curtis Hannah View Post
Apple is real simple with IOS security. When it is requested apple has message that appears deny or accept.

 

While it helps, what some are trying to point out is that the initial prompt isn't a perfect solution on any OS.

 

This is because there are plenty of apps where on-phone local access to personal info makes sense, so the user would naturally click okay.

 

However, what's missing is that the user cannot know if the app will also send the personal data off-phone to some server.

 

It is very difficult, if not impossible, to prevent that situation, especially if it waited a while, so that initial testing would not show it.

 

It always boils down to common sense (a flashlight app doesn't need such access) and how much you trust the app developer.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Most popular Android app caught harvesting users contacts: Facebook