or Connect
AppleInsider › Forums › Mobile › iPhone › Samsung's "free" Jay Z album delivered via Android spyware app
New Posts  All Forums:Forum Nav:

Samsung's "free" Jay Z album delivered via Android spyware app

post #1 of 82
Thread Starter 
In a promotion for its Galaxy phones, Samsung announced it would deliver a million free copies of Brooklyn rapper Jay Z's new album days before its official release. But it did so using a spyware Android app designed to track your location and harvest phone numbers you call, your device ID and which apps you use.

Jay Z Samsung app
Source: Google Play


Samsung's free Android mobile app "JAY Z Magna Carta" only works with select models, specifically the new Galaxy S 4, Galaxy S III, Galaxy Note II. But as New York Times music critic Jon Pareles wrote, "It?s an ugly piece of software."

"It?s an ugly piece of software."Samsung paid $5 million for the early distribution rights of the "Magna Carta Holy Grail" album, which ironically comes from an artist with lyrics that are "indignant about phone surveillance and bribing witnesses," Pareles stated.

The singer's 2010 track "Jay?s Back ASAP" complained, "They tap, them feds don?t play fair/They pay rats to say that they?re part of your operation."

Samsung-style Free and Open



Taking advantage of Google's "Trojan Horse" Android security model, the Samsung app simply demands access to a broad range of rights on the user's phone before allowing installation, even though all it really does is play back the album. It does not add the songs to a user's music library.

This includes tracking users' "precise GPS location." The app permissions page is so unnecessarily invasive that fellow rapper Killer Mike tweeted in response, "I read this and? 'Naw I'm cool.'"

July 2, 2013


Unlike Apple's iOS, installed Android apps don't have to alert the user or ask for permission when they want to track the GPS location or access contacts or social network accounts, and there's actually provisions for apps to access users' phone call information and running apps. iOS is an app platform, not an ad platform.

Free love, NSA



Pareles added, "it demands permissions, including reading the phone?s status and identity." On Android, this includes obtaining a unique device ID that can be used by advertisers like a web cookie (but not eased by the user), but also includes collecting the user's phone number, tracking when the phone is in use on a call, and even "the remote number connected by a call."

In contrast, Apple has been incrementally working to increase users' privacy on iOS, warning developers in 2011 that they needed to stop relying upon iOS users' Unique User IDs because they would no longer be available. iOS 6 removed UUID access, effectively terminating OS-wide user tracking by ad networks.

In place of UUID, Apple's iOS 6 turned the tables to introduce an "Advertising Identifier," which serves as "a non-permanent, non-personal device identifier, that advertising networks will use to give you more control over advertisers' ability to use tracking methods."

I will tell your friends you love us



Samsung's new app "also gathers 'accounts,' the e-mail addresses and social-media user names connected to the phone," Pareles added. "When installed, it demanded a working log in to Facebook or Twitter and permission to post on the account."

In order to "unlock" lyrics within the app, users must tweet out a promo for each song on the album they want to read.

"It?s telling that Jay-Z ? who boasts regularly about his millions of sales ? and Samsung didn?t simply trust fans to post or tweet on their own," Pareles wrote.

Additionally, the app also demands permission to "retrieve running apps," which means it can "discover information about which applications are used on the device," another feature Google supports as a common permission on Android apps.

Why Samsung's "free" album app would need to track the GPS location, phone numbers, phone calls, social accounts and installed apps on users' phones is questionable enough, but even more interesting is that Android supports and enforces such invasive "app distributor's rights."

Fed-style surveillance on your open platform



"On some level, Jay-Z knows better. A streak of paranoia has been running through his lyrics for years," Pareles wrote, citing a line from ?Somewhere in America? that says, ?Feds still lurking/They see I?m still putting work in.?

"Yet now, it?s Jay-Z who?s lurking ? in my phone," he added. "Another song, 'Nickels and Dimes,' insists, 'The greatest form of giving is anonymous to anonymous.' For the gift of the album, fans aren?t anonymous to Jay-Z now. He?s another data miner, gathering more than half a million e-mail and social-media accounts. Maybe he should send us an apology."

The app's rollout wasn't without flaw either, Pareles noted. "The app didn?t deliver my album for more than hour after it was supposed to be available. Jay-Z?s sponsors at Samsung proved themselves not only intrusive, but technically inept."

With official Samsung Android apps like these, who needs malware authors?



Earlier this week, Bluebox Labs noted a security flaw that can enable anyone to surreptitiously replace a vendors' trusted installed apps with a rogue version that the Android OS can't identify as corrupted, therefore gaining widespread access to spy on the user.

However, given Samsung's first party spyware tool disguised as a free album, users don't have to worry about rogue malware developers snooping on their activities, calls, apps and location. They're already being exploited by their phone's maker and the operating system it runs, which are optimized for data collection and remote monitoring.
post #2 of 82

awesome!

post #3 of 82
If you don't read permissions it's your fault. Oops......
post #4 of 82
It's because Nas > Jay-Z
post #5 of 82
If you're not paying for it; you're the product.
"Proof is irrelevant" - Solipsism
Reply
"Proof is irrelevant" - Solipsism
Reply
post #6 of 82
Seems to be a test of what people are willing to give up for a free album. I would find it funny if they couldn't give it away because everyone rejected the permissions required to install/use it.
post #7 of 82
This is actually very scary. A) That Google is so blatantly overt about data mining, and B) people are continually willing to give privet information away.
post #8 of 82

Any pre-released free album available from Apple app store?  I'll do a search now.

post #9 of 82
Quote:

Originally Posted by AppleInsider View Post

 

Taking advantage of Google's "Trojan Horse" Android security model, the Samsung app simply demands access to a broad range of rights on the user's phone before allowing installation, even though all it really does is play back the album.
...

Unlike Apple's iOS, installed Android apps don't have to alert the user or ask for permission when they want to track the GPS location or access contacts or social network accounts, and there's actually provisions for apps to access users' phone call information and running apps. iOS is an app platform, not an ad platform.

 

You cannot first say that the "app demands access" to location and contacts, and then turn around a few sentences later and claim that it did not "ask for permission".  Obviously it DID ask for permission.  

 

As for being a crap app, I'd agree.  It smacks of a newbie developer.  It sounds like someone took a sample code framework and accidentally left in a bunch of sample permission lines that probably aren't even used.  (Or if they are, then the project manager totally failed in oversight.)

 

In either case, this is not an Android thing.  It's a project management cluster mess.

post #10 of 82
Quote:
Originally Posted by AppleInsider View Post


Jay Z Samsung app
Source: Google Play


Taking advantage of Google's "Trojan Horse" Android security model, the Samsung app simply demands access to a broad range of rights on the user's phone before allowing installation, even though all it really does is play back the album. It does not add the songs to a user's music library.

This includes tracking users' "precise GPS location." The app permissions page is so unnecessarily invasive that fellow rapper Killer Mike tweeted in response, "I read this and? 'Naw I'm cool.'"

July 2, 2013


Unlike Apple's iOS, installed Android apps don't have to alert the user or ask for permission when they want to track the GPS location or access contacts or social network accounts, and there's actually provisions for apps to access users' phone call information and running apps. iOS is an app platform, not an ad platform.
 

 

Who ever wrote this article has never used an android device before. They are not aware that unlike and iOS device before downloading an app the user is greeted by the permissions of said app. That the permissions list what the app can do. Please do not say its a Trojan horse if you know what it can do. 

 

Quote:
  • YOUR LOCATION
    APPROXIMATE LOCATION (NETWORK-BASED)
    Allows the app to get your approximate location. This location is derived by location services using network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine approximately where you are.
    PRECISE LOCATION (GPS AND NETWORK-BASED)
    Allows the app to get your precise location using the Global Positioning System (GPS) or network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine where you are, and may consume additional battery power.
  • NETWORK COMMUNICATION
    FULL NETWORK ACCESS
    Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.
  • PHONE CALLS
    READ PHONE STATUS AND IDENTITY
    Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
  • STORAGE
    MODIFY OR DELETE THE CONTENTS OF YOUR USB STORAGE
    Allows the app to write to the USB storage.
  • YOUR APPLICATIONS INFORMATION
    RETRIEVE RUNNING APPS
    Allows the app to retrieve information about currently and recently running tasks. This may allow the app to discover information about which applications are used on the device.
  • YOUR ACCOUNTS
    FIND ACCOUNTS ON THE DEVICE
    Allows the app to get the list of accounts known by the device. This may include any accounts created by applications you have installed.
  • DEVELOPMENT TOOLS
    READ SENSITIVE LOG DATA
    Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
  • NETWORK COMMUNICATION
    VIEW NETWORK CONNECTIONS
    Allows the app to view information about network connections such as which networks exist and are connected.
    RECEIVE DATA FROM INTERNET
    Allows apps to accept cloud to device messages sent by the app's service. Using this service will incur data usage. Malicious apps could cause excess data usage.
    VIEW WI-FI CONNECTIONS
    Allows the app to view information about Wi-Fi networking, such as whether Wi-Fi is enabled and name of connected Wi-Fi devices.
  • SYSTEM TOOLS
    TEST ACCESS TO PROTECTED STORAGE
    Allows the app to test a permission for USB storage that will be available on future devices.
  • AFFECTS BATTERY
    CONTROL VIBRATION
    Allows the app to control the vibrator.
    PREVENT DEVICE FROM SLEEPING
    Allows the app to prevent the device from going to sleep.
  • YOUR APPLICATIONS INFORMATION
    RUN AT STARTUP
    Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the app to slow down the overall device by always running.

taken directly from that app. Its not a trojan horse its clearly explaining what it can do. Better then an iOS app where the user does not have any info like this unless it wants to use gps or their contacts.

post #11 of 82

I swear recently there seems to be alot of articles on here "stretching". Though, like any site they are after clicks and web traffic I suppose.

The app also apparently has you sign into your Twitter or Facebook. But this just in, if you dont agree with the permissions, don't click "accept". Amazing I know lol.

post #12 of 82
Quote:
Originally Posted by KDarling View Post

 

You cannot first say that the "app demands access" to location and contacts, and then turn around a few sentences later and claim that it did not "ask for permission".  Obviously it DID ask for permission.  

 

The issue is not confusing. There is a picture in the article that makes it really clear that the app quietly demands broad and unnecessary access before installation in a "EULA" style page users ignore, but then does not ask for permission after installation when it actually accesses your location, contacts, ect.

 

This was clearly explained in the article. Your ability to be confused says more about you than the article, especially when you know what the situation is and agree that it is ridiculous.

 

Put simply: an app shouldn't sneakily request nebulous, technically opaque "permissions" as a requirement for installation as Android does. It should clearly ask permission when it wants to do something that the user might not want it to do, in clear language the user can understand, as iOS does.

 

A better question is: why do you have throw up a smoke screen of petty, specious arguments about every criticism of egregious flaws in Android? Is it because you want to muddy the water to make everything sound equally bad? Because it isn't.

 

Android, as implemented by Google and Samsung, is a tweaked version of Java/Linux designed to spy on and harvest data from users while pretending to be "innovative" by throwing out half finished versions of things Apple has worked on for years. 

post #13 of 82

99 problems and spyware is one.

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #14 of 82

Wow. Knew who the author was just from reading the headline. No need to read the article, actually.

post #15 of 82
Quote:
Originally Posted by Corrections View Post

 

Put simply: an app shouldn't sneakily request nebulous, technically opaque "permissions" as a requirement for installation as Android does. It should clearly ask permission when it wants to do something that the user might not want it to do, in clear language the user can understand, as iOS does.

 

 

How is it "sneaky" when it clearly says what the app wants access to? Unless you're illiterate it's pretty straight forward.

post #16 of 82
Originally Posted by Richard Getz View Post

This is actually very scary. A) That Google is so blatantly overt about data mining, and B) people are continually willing to give privet information away.

 

Its not just creepy.  It's Google-creepy (tm).

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #17 of 82
Quote:
Originally Posted by Apple v. Samsung View Post

 

Who ever wrote this article has never used an android device before. They are not aware that unlike and iOS device before downloading an app the user is greeted by the permissions of said app. That the permissions list what the app can do. Please do not say its a Trojan horse if you know what it can do. 

 

Dear copy/paste troll: I love your devotion to an adware/spyware platform, but nobody is confused here. The article clearly says:

 

"installed Android apps don't have to alert the user or ask for permission"

 

Once you see a free app and click install, your rights end and Android begins enforcing the adware/spyware's rights.

 

If you're cool with that, that's fine. Nobody is taking away your Android friend. The point is that throwing some opaque disclosure in a pile of text the user must "agree" to while downloading is not cool with most people. Ever heard of complains about EULA?

 

The open source community used to care before Google came in and dictated that open source was now going to be all about harvesting the "community" for ads. You're just one of the suckers dependent upon an adware/spyware giant to deliver your iOS knockoff. 

post #18 of 82
Quote:
Originally Posted by SalmanPak View Post

Wow. Knew who the author was just from reading the headline. No need to read the article, actually.

 

Yes, why concern yourself with facts when you can just demonize the blogger who relayed them to you from the NYT?

post #19 of 82

Yes, the app displays a list of access rights it claims. and certainly everybody reads this and if not, it's their problem. that's why Trojans, etc are not a problem on PCs anymore. Oh wait....

Yeah, well, you know, that's just, like, my opinion, man.
Reply
Yeah, well, you know, that's just, like, my opinion, man.
Reply
post #20 of 82

EULA's and Android's permission request screen are light years apart in length and complexity of terminology.  Drawing comparisons between the two is either being ignorant (excusable) or deceitful.

"Proof is irrelevant" - Solipsism
Reply
"Proof is irrelevant" - Solipsism
Reply
post #21 of 82

It's interesting how many trollish comments there are on this thread by users with 11, 33, 88 posts.

Newbies all attacking an AppleInsider article.  Could just be the latest wave of the misguided "Yay Open!"

crowd lashing out in anger in any and all ways after news of that "master key" Android exploit spread.

The exploit that makes 99% of all Android devices vulnerable.  The exploit that can turn any harmless

Android app into a malicious Trojan without changing its cryptographic signature.  Yeah.  That one.

 

Or maybe they're getting 10 cents per post from Samsung.  You know, to attempt to discredit

any and all negative news about Samsung and Android.  For pennies a post.  Tough job.

 

Good luck with that, fellas. Just remember that every time you post here, you're contributing to

AppleInsider's web traffic, which boosts its Page ranking, which increases their ad revenue.

Thank you for helping to keep AppleInsider successful!

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #22 of 82
Quote:
Originally Posted by ipen View Post

Any pre-released free album available from Apple app store?  I'll do a search now.

Actually Apple has released free content many times on iTunes, not just music but also videos. They also have had entire online streamed concerts so before you go running your mouth be sure you know what you're talking about.
post #23 of 82
Quote:
Originally Posted by Corrections View Post

 

Dear copy/paste troll: I love your devotion to an adware/spyware platform, but nobody is confused here. The article clearly says:

 

"installed Android apps don't have to alert the user or ask for permission"

So a popup saying what the app has permission to access your gps does not count as a request for your permission. If you have to choose to accept

post #24 of 82
What I found most amusing besides the obvious data gathering overreach (hello! why do you need to know who I'm calling?) is Samsung trying to get into the music scene. Good luck with that. Apple is a decade ahead, and iTunes music plays on even the oldest iPods, not just on whatever products Samsung is currently trying to move out of their inventory cave.

This reminds me of when Microsoft would get people to come to Microsoft Store grand openings by giving away Miley Cyrus tickets, and a bunch of teen girls (who couldn't give two shits about Microsoft Office or Zune) would show up, and Ballmer could claim Apple Store-like crowds to the press.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #25 of 82
Quote:
Originally Posted by KDarling View Post

 

You cannot first say that the "app demands access" to location and contacts, and then turn around a few sentences later and claim that it did not "ask for permission".  Obviously it DID ask for permission.  

 

As for being a crap app, I'd agree.  It smacks of a newbie developer.  It sounds like someone took a sample code framework and accidentally left in a bunch of sample permission lines that probably aren't even used.  (Or if they are, then the project manager totally failed in oversight.)

 

In either case, this is not an Android thing.  It's a project management cluster mess.

 

Oh, K, it's definitely an Android thing. If it weren't, you wouldn't be here trying to convoke us it isn't. Nice try attempting to explain it away, but, as usual, embarrassing failure on your part.

post #26 of 82
Quote:
Originally Posted by ipen View Post

Any pre-released free album available from Apple app store?  I'll do a search now.

 

Lookit - I have an Android phone**, but damn... that's one very desperate defense you just threw up there. Seriously - you're asking folks to choose between some random rapper's new album w/ spyware, and doing without said album and spyware. 

 

Well gee - I think I'll do w/o the spyware in either case, thanks much.

 

 

** I abuse the crap out of my mobile gear, and since I only do email and play music on the thing, I find it apt to have a cheaper phone. If it breaks or I lose it, I'll have the Exchange admin remote-wipe the thing, then go buy another phone for $50 and call it good. I average about two years on a given phone, so it's pretty economical. Now for actual computing? I have an MBP because when it comes to computers, my needs and desires demand the absolute best. It's all about use case, really.

post #27 of 82
Quote:
Originally Posted by kpluck View Post

Sorry, spyware doesn't ask permission before it spies.

 

Sure it does - it's just really vague about being spyware when you install it. 

 

Take the last time you installed a Java update for your Windows box... if you weren't paying attention, you would very easily miss that little checkbox that says you want to install the (damned near uninstallable) Ask Toolbar into every browser you own. (and yes, it's malware: https://en.wikipedia.org/wiki/Ask.com ).

 

So yeah, technically they asked for your permission to install that bit o' malware into your Android phone... but I bet you had no clue as to the full ramifications of saying 'yes' until this article (or one like it) was posted. ;)

post #28 of 82
Quote:
Originally Posted by 3Eleven View Post

How is it "sneaky" when it clearly says what the app wants access to? Unless you're illiterate it's pretty straight forward.
I would say it's sneaky because 1) it doesn't need this sort of access to the device and 2) a user wouldn't expect an app that just plays music to require such deep access.

Also, Android users would see so many of these screens they are likely to push past them. Apps are likely to request multiple permissions that they would rarely use, or would use when it is obvious (e.g. A mapping app using GPS).

We have to be practical when assessing this. What portion of users installing this app would read the permissions screen? And WHY does this app need to request such permissions? Most people would just accept them even if they did read them, thinking they are unlikely to do them any harm.
post #29 of 82
A sign of Android problems, and Samsung too--but only a fairly minor one. Minor, and yet if Apple did this, stocks would crater, bloggers would be weeping Fox News-style tears, a congressional hearing would haul Tim Cook out of bed at 3am, and TV broadcasts would be interrupted with the banner "NATION IN OUTRAGE." (Luckily, sales and customer satisfaction would be unaffected.)
post #30 of 82
Quote:
Originally Posted by Apple v. Samsung View Post

So a popup saying what the app has permission to access your gps does not count as a request for your permission. If you have to choose to accept
The quote is 'installed apps'. Yes, you 'accept' the permissions (which most users don't, lets be honest. They just tap 'Accept' so they can install the app.) But the point is that once the app is installed, it will no longer ask for permission to do this stuff on a case-by-case basis.

If a user has installed 15 apps in the past month, and starts using a random app they installed 3 weeks ago, they've probably forgotten what permissions the app asked for, ESPECIALLY if its an app that wouldn't require those permissions (like an app that plays music requesting access to your phone calls).

Just try and think more logically about how phones are used by regular Joes who don't think about this stuff. This app is being sneaky, because the makers know that most users won't have a clue what's going on.
post #31 of 82

There are lots of problems with this.  Not the least of which is that people who bought a Samsung to "get" the album early aren't actually getting the album.  Instead they are getting some app that happens to play the album.  That's not even close to getting a free album.  The fact that the crappy app just happens to ask for (presumably) unncessary permissions is just gravy. 

post #32 of 82
Quote:
Originally Posted by kpluck View Post

Sorry, spyware doesn't ask permission before it spies. Maybe some of the brain dead Apple fanboys that read this site buy into that, but most people of average or better intelligence do not.  This is really no different than some of the data collection that is done by Apple on iOS with users' permission. You don't like it, don't give the app permission.

 

It is a shame we don't get more intelligent debate/reporting in the tech press.

 

-kpluck

ah, this and all the other Droid apologists here ultimate line of defense - you should know Android and apps like this are data mining all kinds of info from you! and you said ok to get some free app or some cheap phone! so ... it's ok!

 

so if that's not "spyware," how about we just call it "stupidware"? or "bend over and grab you ankles-ware"? or at least "no privacy-ware"? or even better, "no privacy any-ware"?

 

and no, Apple does nothing like this. your apps still work even when you decline granting any location or other permissions. how lame.

post #33 of 82

SamsungInsider

 

Seems we can't go one day without this site bringing up Samsung and/or Android.

post #34 of 82
Quote:
Originally Posted by malax View Post

There are lots of problems with this.  Not the least of which is that people who bought a Samsung to "get" the album early aren't actually getting the album.  Instead they are getting some app that happens to play the album.  That's not even close to getting a free album.  The fact that the crappy app just happens to ask for (presumably) unncessary permissions is just gravy. 

 

If one chooses to accept that insane list of app permissions then they will get the album.  The tracks get downloaded into their music folder, it's not just a streaming app.

"Proof is irrelevant" - Solipsism
Reply
"Proof is irrelevant" - Solipsism
Reply
post #35 of 82
This is more disturbing than the NSA storing call metadata on a server, which can only access the data after a court order specifying who is being investigated and why. That's it, NSA can look once. But Google has setup Android to spy on every user for as long as they use that phone. Nice

Cheers !
Cheers !
Reply
Cheers !
Reply
post #36 of 82
Quote:
Originally Posted by KDarling View Post

 

You cannot first say that the "app demands access" to location and contacts, and then turn around a few sentences later and claim that it did not "ask for permission".  Obviously it DID ask for permission.  

 

...

 

No, you are misreading things yet again.  The author said that Android apps do not have to ask for permission.  Not that they never do.  This one did, others do not.  

post #37 of 82
Quote:
Originally Posted by ipen View Post

Any pre-released free album available from Apple app store?  I'll do a search now.

 

Perhaps you missed it a few months back when you could stream Justin Timberlake's "The 20/20 Experience" in full via iTunes before the release date.  And that's not the only artist to have that done by iTunes.

 

Don't type dumb stuff.

post #38 of 82
Quote:
Originally Posted by Gazoobee View Post

 

No, you are misreading things yet again.  The author said that Android apps do not have to ask for permission.  Not that they never do.  This one did, others do not.  

 

Others do not?  What apps can you install without first going thru the permissions page?

"Proof is irrelevant" - Solipsism
Reply
"Proof is irrelevant" - Solipsism
Reply
post #39 of 82

Isn't jay z himself is a virus?

post #40 of 82
Quote:
Originally Posted by DroidFTW View Post

 

If one chooses to accept that insane list of app permissions then they will get the album.  The tracks get downloaded into their music folder, it's not just a streaming app.

 

Ah.  The article implied otherwise: " even though all it really does is play back the album. It does not add the songs to a user's music library."

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Samsung's "free" Jay Z album delivered via Android spyware app