What does signed mean in comparison to the Android and iOS app stores?
Does the average customer know that if they bypass the Android Marketplace and install an app they downloaded from another site that it’s not going to be signed and could potentially be harmful?
1 Signed means exactly the same than in Apple App Store, you have to sign up for a developer account, pay and every app you publish is signed with you unique id.
2 Sideloading apps is disabled by default, when you turn it on you have a nice warning about what implies sideloading an app outside the market
Yes, it's disputed. That an app has some permission doesn't imply that the app is collecting data.
Gwydion, you may have missed this in an earlier posting:
Quote:
"[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device?s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail?s password is also not transmitted unless you included the password in your phone?s voicemail number field.
We?re not yet certain on what the developer?s intentions are for using the pieces of data it does send to China ? so we can?t outright call it malicious ? but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone?s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data."
So yes, unless further information is forthcoming - there is every appearance that in fact the app collected/collects info and sends it elsewhere. What is in diispute is the claim in the OA that is was MORE than whatis called out above.
No issues with the 3 Android phones and two Android tablets in my home, but the spouse's iPhone 4 appears to be dropping calls a bit more than usual today (as indicated by her angrily exclaiming as much upon walking through the door this evening), and the old iPhone 3g didn't take too kindly to that last firmware update.
Oh Well... I guess we're just Android-Lucky
Sorry, but your post makes no sense to me, it's not like the hackers are going to tell the people who downloaded their app, "hey we just stole your info - thanks." You may not have downloaded the app in question and who's to say the next android app you d/l won't be hacker free? Hackers don't tell the people whose info they steal that they stole it, you don't find out till you notice banking problems or they start using your info for some other malicious purpose or start spamming you and everyone on your contact list. That's the worry with their marketplace you won't know till it's too late.
1 Signed means exactly the same than in Apple App Store, you have to sign up for a developer account, pay and every app you publish is signed with you unique id.
I guess I wasn’t clear enough on this point. My question wasn’t about what signed itself means, but what the level of in-depth analyzing this different stores take before approving, signing and deeming safe for all users.
Gwydion, you may have missed this in an earlier posting:
So yes, unless further information is forthcoming - there is every appearance that in fact the app collected/collects info and sends it elsewhere. What is in diispute is the claim in the OA that is was MORE than whatis called out above.
Yes, I have seen it, and when first they said that was collected some information and sended somewhere and later they say that no, this information is not collected, is this other I start to doubt what forensic have done.
And I doubt when a security company doesn't know about the things they are studying, like Android permissions.
I guess I wasn’t clear enough on this point. My question wasn’t about what signed itself means, but what steps an app takes and how scrutinized it is being stores to get signed and approved and deemed safe for all users.
Ah, completely different way from App Store, apps are not scrutinized. You can publish anything you want anytime you want.
And yes, Apple scrutinizing makes App Store more secure than Android Market
Who'da thunk a site named APPLEINSIDER would be biased??!! Dur. Contributors here don't have to look all day long for Android stuff - it gets reported and recorded in AI for general comment, if it's relevant. Your commentary smacks of the worst kind of defensiveness - spoken to in volumes by the effort you took to prove to the posters here how even-handed you are, how you like some parts of the iPhone, but not others. It is not in dispute that the app in the article collected info - so no "may/may not" about it. Whether it was the deep delve that was originally claimed is in dispute - and that's OK. I don't expect any balance on the threads over in Androidland and I expect all kinds of diatribe about perceived and imagined faults of the iPhone, Apple or ATT - and get it in reams of screen drivel. It's OK - my expectations are met - you have highly unrealistic expectations and went to great lengths to prove it. Just stop. These are not the commenters you are looking for. This is AI - a site about Apple, complete with a fine set of internalized trolls and clueless idiots to match any on the Android fan fora.
If you wish I can throw you a bone as condescending as your comments, but it's unneccessary and not worth my time. Get over yourself. Enjoy Android. Don't sweat the Apple fansites commentary - see its real easy. Move on.
Just because I take a more reasonable stance on the iPhone/Android debate doesn't mean i'm being "defensive" of Android. Your mistake level-headedness for extreme fanboyism.. it's not. I understand that this whole forum is crawling with trolls and fanboys, but that doesn't mean everybody can't be a little more civil. Perhaps I'm the odd one for not hating Apple and all it's supporters..
Quote:
Originally Posted by Gwydion
Yes, it's disputed. That an app has some permission doesn't imply that the app is collecting data.
Exactly. Just because an app has permission to access information doesn't mean it's using or transmitting it.
The iPhone has similar problems with rogue apps. I think this is the biggest flaw in downloading apps for phones or iPods - you are at the risk of having data stolen and forwarded to criminals. You would think that the iPhone people would be more careful, but they are not.
Just had to create an account for this. The hatred here towards android is scary. For the record I own and have owned many products from both sides of this discussion.
I'm currently an Android user, I own an iPad, Macbook and PC and I don't and never will understand what can only be described as the fan boy behavior occurring on this thread.
Lets face it, if it weren't for Android, Apples major rival, there would be very little to no competition, causing the entire mobile market to become almost stagnant.\
First of all ... welcome to AI discussion.
The "hatred" you speak of is just a reaction to user's of other formats coming on to a Mac discussion board and continually trying their best to tell us why we are wrong to choose Apple.
Question for you: If a visitor to your home started to tell you why you were stupid to buy/decorate your home like this ..... would you not get PO'd at them ... I know I would not be inviting them back anytime soon. Problem is ... here you don't need an invitation to participate and you can display any kind of distasteful behavior you feel the need to.
As for Android supplying healthy competition ... There was no Android when the first iPhone was introduced, a phone that everyone and their dog has been trying, mostly without success, to reproduce.
I've said it before and I'll say it again...... Apple's best competition comes from Apple itself .... always has ... always will.
By the way, with those permissions an app can't read most of the thing the reports says.
Your point is not for the avg user, the avg user doesn't know how to turn off/on most options on their phone or home computer, most (not all) use their devices as they come out of the box. You're tech smart I'm guessing and know how to do such things, many do not.
My friend recently visited and he's a smart guy but not tech smart and I had to setup his email and teach him some tricks on the iPhone he didn't know - same for another friend. So, you and many here may know how to make their tech items more safe or set them up, but this and many other hacker apps will hurt the avg user.
Yes, I have seen it, and when first they said that was collected some information and sended somewhere and later they say that no, this information is not collected, is this other I start to doubt what forensic have done.
And I doubt when a security company doesn't know about the things they are studying, like Android permissions.
OK, so the all-or-nothing approach to accuracy is especially convenient when defending a platform's vulnerability - we see it all the time in Apple supporters - so I'll accept that argument at face value. However, it is perhaps too convenient to say, "well since they don't toe the mark on one aspect of their report the whole thing is wrong" - as in throwing the baby out with the bathwater - if you've heard the term before. And irresponsible as a stance from a security prespective - rather better to take the vulnerability at face-value and deal with it as real until proven otherwise than to simply shrug it off - yes?
Well said TBell. Since the dawn of the computing age until the iPhone, it was completely up to the user what software they were allowed to install on there computers.
Did a PC always allow Mac software to run on it? .... No.
Did a Mac always allow PC software to run on it? .... No.
Only by "jailbreaking" most computing devices is the user "completely free" to run anyone's software.. so, IMHO, your post is completely wrong.
Wow, Lookout wants to sell software to "protect" us from mobile malware, yet they can't even accurately diagnose a threat before crying wolf.
I'm not sure if they blew it, or if it was misreported. This massive "threat" isn't even mentioned in their blog, so they are clearly in backpedal mode while they try to get their junk in a pile.
That said, every Android app install presents a list of of access permissions and requires explicit user approval before it will install. If you install a wallpaper app and give permission for it to access your phone data, that is your fault for being careless.
Kudos to Apple for trying to create a safe, idiot-proof App world. However, I don't need idiot-proof and would prefer some flexibility. Besides, the recent flashlight-tethering app was approved by Apple and then pulled after all the online buzz about it. So despite Apple's claims, it doesn't appear that they are meticulously examining the code for submitted apps...
Just because I take a more reasonable stance on the iPhone/Android debate doesn't mean i'm being "defensive" of Android. Your mistake level-headedness for extreme fanboyism.. it's not. I understand that this whole forum is crawling with trolls and fanboys, but that doesn't mean everybody can't be a little more civil. Perhaps I'm the odd one for not hating Apple and all it's supporters..
Exactly. Just because an app has permission to access information doesn't mean it's using or transmitting it.
According to your previous post you jumped in because you saw three pages of posting about this one issue - assumably you just happened along and this caught your attention somehow - don't get that - but OK - let's roll with it. The extent you went to appear reasonable in a random posting about a purported Android issue (and the accuracy of said report is even in question), on what is and has been for quite some time, an Apple-oriented "fan" site begs the question! You took great pains to present yourself here as level-headed - an act which is immediately suspect as far too many "defenders" (and "detractors")engage in exactly that behavior before making silly statements.
Again, it was reported via update (see up-thread) that the only thing in question about what was happening with the app was which information was being transmitted, not WHETHER information was being transmitted. Until it is proven differently it is safer to assume the validity of that statement and respond accordingly.
Tossing off words like "hate" and "love" is equally as specious for the defender as the detractor. Similarly for universals like "always", "never", "everyone", "no one" and so on. But to come to a fan site like this as say "now, now each platform has its merits and issues. Why can't we all link arms (metaphorically) and sing "kumbaya" is as arrant an act of silliness you could want. People aren't here to be the UN of technology. You were one of those kids who tried to stop recess fights and got beat up weren't you
Comments
Great argument, if it was one.
no i wasn't arguing or debating with you..
there's nothing to debate. ANDROID = FAIL.
There are two things to consider.
1 Signed means exactly the same than in Apple App Store, you have to sign up for a developer account, pay and every app you publish is signed with you unique id.
2 Sideloading apps is disabled by default, when you turn it on you have a nice warning about what implies sideloading an app outside the market
Yes, it's disputed. That an app has some permission doesn't imply that the app is collecting data.
Gwydion, you may have missed this in an earlier posting:
"[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device?s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail?s password is also not transmitted unless you included the password in your phone?s voicemail number field.
We?re not yet certain on what the developer?s intentions are for using the pieces of data it does send to China ? so we can?t outright call it malicious ? but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone?s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data."
So yes, unless further information is forthcoming - there is every appearance that in fact the app collected/collects info and sends it elsewhere. What is in diispute is the claim in the OA that is was MORE than whatis called out above.
no i wasn't arguing or debating with you..
there's nothing to debate. ANDROID = FAIL.
I see, only irrational fanatism.
No issues with the 3 Android phones and two Android tablets in my home, but the spouse's iPhone 4 appears to be dropping calls a bit more than usual today (as indicated by her angrily exclaiming as much upon walking through the door this evening), and the old iPhone 3g didn't take too kindly to that last firmware update.
Oh Well... I guess we're just Android-Lucky
Sorry, but your post makes no sense to me, it's not like the hackers are going to tell the people who downloaded their app, "hey we just stole your info - thanks." You may not have downloaded the app in question and who's to say the next android app you d/l won't be hacker free? Hackers don't tell the people whose info they steal that they stole it, you don't find out till you notice banking problems or they start using your info for some other malicious purpose or start spamming you and everyone on your contact list. That's the worry with their marketplace you won't know till it's too late.
1 Signed means exactly the same than in Apple App Store, you have to sign up for a developer account, pay and every app you publish is signed with you unique id.
I guess I wasn’t clear enough on this point. My question wasn’t about what signed itself means, but what the level of in-depth analyzing this different stores take before approving, signing and deeming safe for all users.
Gwydion, you may have missed this in an earlier posting:
So yes, unless further information is forthcoming - there is every appearance that in fact the app collected/collects info and sends it elsewhere. What is in diispute is the claim in the OA that is was MORE than whatis called out above.
Yes, I have seen it, and when first they said that was collected some information and sended somewhere and later they say that no, this information is not collected, is this other I start to doubt what forensic have done.
And I doubt when a security company doesn't know about the things they are studying, like Android permissions.
I guess I wasn’t clear enough on this point. My question wasn’t about what signed itself means, but what steps an app takes and how scrutinized it is being stores to get signed and approved and deemed safe for all users.
Ah, completely different way from App Store, apps are not scrutinized. You can publish anything you want anytime you want.
And yes, Apple scrutinizing makes App Store more secure than Android Market
Who'da thunk a site named APPLEINSIDER would be biased??!! Dur. Contributors here don't have to look all day long for Android stuff - it gets reported and recorded in AI for general comment, if it's relevant. Your commentary smacks of the worst kind of defensiveness - spoken to in volumes by the effort you took to prove to the posters here how even-handed you are, how you like some parts of the iPhone, but not others. It is not in dispute that the app in the article collected info - so no "may/may not" about it. Whether it was the deep delve that was originally claimed is in dispute - and that's OK. I don't expect any balance on the threads over in Androidland and I expect all kinds of diatribe about perceived and imagined faults of the iPhone, Apple or ATT - and get it in reams of screen drivel. It's OK - my expectations are met - you have highly unrealistic expectations and went to great lengths to prove it. Just stop. These are not the commenters you are looking for. This is AI - a site about Apple, complete with a fine set of internalized trolls and clueless idiots to match any on the Android fan fora.
If you wish I can throw you a bone as condescending as your comments, but it's unneccessary and not worth my time. Get over yourself. Enjoy Android. Don't sweat the Apple fansites commentary - see its real easy. Move on.
Just because I take a more reasonable stance on the iPhone/Android debate doesn't mean i'm being "defensive" of Android. Your mistake level-headedness for extreme fanboyism.. it's not. I understand that this whole forum is crawling with trolls and fanboys, but that doesn't mean everybody can't be a little more civil. Perhaps I'm the odd one for not hating Apple and all it's supporters..
Yes, it's disputed. That an app has some permission doesn't imply that the app is collecting data.
Exactly. Just because an app has permission to access information doesn't mean it's using or transmitting it.
I see, only irrational fanatism.
it's not irrational fanatism to criticize an insecure OS that failed to protect millions of users from spyware.
Just had to create an account for this. The hatred here towards android is scary. For the record I own and have owned many products from both sides of this discussion.
I'm currently an Android user, I own an iPad, Macbook and PC and I don't and never will understand what can only be described as the fan boy behavior occurring on this thread.
Lets face it, if it weren't for Android, Apples major rival, there would be very little to no competition, causing the entire mobile market to become almost stagnant.
First of all ... welcome to AI discussion.
The "hatred" you speak of is just a reaction to user's of other formats coming on to a Mac discussion board and continually trying their best to tell us why we are wrong to choose Apple.
Question for you: If a visitor to your home started to tell you why you were stupid to buy/decorate your home like this ..... would you not get PO'd at them ... I know I would not be inviting them back anytime soon. Problem is ... here you don't need an invitation to participate and you can display any kind of distasteful behavior you feel the need to.
As for Android supplying healthy competition ... There was no Android when the first iPhone was introduced, a phone that everyone and their dog has been trying, mostly without success, to reproduce.
I've said it before and I'll say it again...... Apple's best competition comes from Apple itself .... always has ... always will.
In any case, again, welcome to AI.
By the way, with those permissions an app can't read most of the thing the reports says.
Your point is not for the avg user, the avg user doesn't know how to turn off/on most options on their phone or home computer, most (not all) use their devices as they come out of the box. You're tech smart I'm guessing and know how to do such things, many do not.
My friend recently visited and he's a smart guy but not tech smart and I had to setup his email and teach him some tricks on the iPhone he didn't know - same for another friend. So, you and many here may know how to make their tech items more safe or set them up, but this and many other hacker apps will hurt the avg user.
Yes, I have seen it, and when first they said that was collected some information and sended somewhere and later they say that no, this information is not collected, is this other I start to doubt what forensic have done.
And I doubt when a security company doesn't know about the things they are studying, like Android permissions.
OK, so the all-or-nothing approach to accuracy is especially convenient when defending a platform's vulnerability - we see it all the time in Apple supporters - so I'll accept that argument at face value. However, it is perhaps too convenient to say, "well since they don't toe the mark on one aspect of their report the whole thing is wrong" - as in throwing the baby out with the bathwater - if you've heard the term before. And irresponsible as a stance from a security prespective - rather better to take the vulnerability at face-value and deal with it as real until proven otherwise than to simply shrug it off - yes?
Well said TBell. Since the dawn of the computing age until the iPhone, it was completely up to the user what software they were allowed to install on there computers.
Did a PC always allow Mac software to run on it? .... No.
Did a Mac always allow PC software to run on it? .... No.
Only by "jailbreaking" most computing devices is the user "completely free" to run anyone's software.. so, IMHO, your post is completely wrong.
it's not irrational fanatism to criticize an insecure OS that failed to protect millions of users from spyware.
Which spyware?
... only difference is that the information is now going to someone in Shenzen...
Hey hey hey... now you've gone too far, I've been to Shenzhen a couple times and have fond memories. Made some good friends there... leave them alone.
I'm not sure if they blew it, or if it was misreported. This massive "threat" isn't even mentioned in their blog, so they are clearly in backpedal mode while they try to get their junk in a pile.
That said, every Android app install presents a list of of access permissions and requires explicit user approval before it will install. If you install a wallpaper app and give permission for it to access your phone data, that is your fault for being careless.
Kudos to Apple for trying to create a safe, idiot-proof App world. However, I don't need idiot-proof and would prefer some flexibility. Besides, the recent flashlight-tethering app was approved by Apple and then pulled after all the online buzz about it. So despite Apple's claims, it doesn't appear that they are meticulously examining the code for submitted apps...
Just because I take a more reasonable stance on the iPhone/Android debate doesn't mean i'm being "defensive" of Android. Your mistake level-headedness for extreme fanboyism.. it's not. I understand that this whole forum is crawling with trolls and fanboys, but that doesn't mean everybody can't be a little more civil. Perhaps I'm the odd one for not hating Apple and all it's supporters..
Exactly. Just because an app has permission to access information doesn't mean it's using or transmitting it.
According to your previous post you jumped in because you saw three pages of posting about this one issue - assumably you just happened along and this caught your attention somehow - don't get that - but OK - let's roll with it. The extent you went to appear reasonable in a random posting about a purported Android issue (and the accuracy of said report is even in question), on what is and has been for quite some time, an Apple-oriented "fan" site begs the question! You took great pains to present yourself here as level-headed - an act which is immediately suspect as far too many "defenders" (and "detractors")engage in exactly that behavior before making silly statements.
Again, it was reported via update (see up-thread) that the only thing in question about what was happening with the app was which information was being transmitted, not WHETHER information was being transmitted. Until it is proven differently it is safer to assume the validity of that statement and respond accordingly.
Tossing off words like "hate" and "love" is equally as specious for the defender as the detractor. Similarly for universals like "always", "never", "everyone", "no one" and so on. But to come to a fan site like this as say "now, now each platform has its merits and issues. Why can't we all link arms (metaphorically) and sing "kumbaya" is as arrant an act of silliness you could want. People aren't here to be the UN of technology. You were one of those kids who tried to stop recess fights and got beat up weren't you