"Lookout also discovered that 14 percent of the surveyed free applications available for Apple's iPhone have the capability to access a user's contact data."
Well there's the rub. There's no distinction made whether they actually do or not, or simply that they CAN "access a user's contact data". Well, sure! How many apps do you have that CAN access that data if you ask them to? To forward something, send as an email, etc.? Mail does. Tons of my apps do, by design, on purpose, and because we specifically want them to have that "access".
Making that feature sound scary by default is "bad journalism"... They use different words almost synonymously. "Access", and "Capture" or "Collect". There's a huge difference in the action and intent between those concepts.
They should be focused on those apps that "capture" or "collect" and transmit personal data without a user's implicit permission.
Can anyone name one iOS app that does? I'd love to know about it...
Apple REALLY needs to add finely-tunable controls that put the device OWNER in control of ALL access an app makes. This should be in the Settings for EACH app, as well as a GLOBAL setting.
Apple REALLY needs to add finely-tunable controls that put the device OWNER in control of ALL access an app makes. This should be in the Settings for EACH app, as well as a GLOBAL setting.
yeah eventually all the data should be like iOS's GPS where the users have total control over it. And explicitly ask the user every-time it's triggered.
Apple REALLY needs to add finely-tunable controls that put the device OWNER in control of ALL access an app makes. This should be in the Settings for EACH app, as well as a GLOBAL setting.
No. That's a security black hole by relying on the user to customize each application's security settings.
Making a set of security policies that all Developers adhere to is an intelligent solution.
What are we talking about, here? Which malicious apps are in the app store that steal personal user information and send the data off to bad people in Schengen China? Hello! Hello! Is this thing on?
....what kind of BS FUD reporting is this? Garbage. On the heals of discovering an app on Android that steals a lot of info without notice or permission, accessing contacts as a stated function in an iPhone app, with full knowledge and permission, gets even mentioned in the same breath in a security article. Absolute garbage.
Accessing the contacts and pinpointing your GPS location, is the whole point to the app. These functions are the reason users downloaded them in the first place. Obviously Lookout, and Apple Insider are only interested in creating controversy and FUD because that is their business model.
Um, the Android breach of personal info to China yesterday makes that defense unnecessary.
Hope you and your new Chinese friends enjoy your Android.
Personally, Android has been nothing short of 'enjoyable' from day one, and (unlike the norm in here) I don't going around speaking for the experiences of others.
Additionally: Given the fanatically unreasonable attitudes displayed by far too many regarding these matters, the article recently posted on foxnews.com (sadly) might not be too far off the mark http://techcrunch.com/2010/07/29/apple-religion/
Personally, Android has been nothing short of 'enjoyable' from day one, and (unlike the norm in here) I don't going around speaking for the experiences of others.
Additionally: Given the fanatically unreasonable attitudes displayed by far too many regarding these matters, the article recently posted on foxnews.com (sadly) might not be too far off the mark http://techcrunch.com/2010/07/29/apple-religion/
That meme has to be tossed off too at intervals now doesn't.
It does seem like a rather enormous oversight to not require a user's permission to access any of their data such as contacts. Hopefully Apple will remedy that soon.
BUT, the big difference is that the app can't (if Apple is doing their job, that is) do anything malicious with the info. Besides, the only bad thing that could result is spam emails and solicitation phone calls. Much better than having passwords stolen.
Wow, that is the weakest standard I've ever heard of before in the personal data protection arena.
Amazing how years of battling against organized crime stealing people's personal info goes up in smoke because people fall in love with irresponsible products and value convenience over safety.
Apple and Google releasing internet appliances without strict personal data protection is a huge step backwards. You may love that your "apps" automatically slurp up your contacts, but I am NOT happy to that my friends who use iPhones/Pads are unwittingly exposing my contact info to international data criminals (such as the Chinese incident on record), and that it's called a "feature," and that I have NO way of stopping them.
yeah eventually all the data should be like iOS's GPS where the users have total control over it. And explicitly ask the user every-time it's triggered.
You mean something like this?
?Mac has issued a salutation. ?Cancel or allow??
?You are pointing out Vista?s flaws. Cancel or allow.?
?You are coming to a sad realization. Cancel or allow.?
Yep, that'll work well when most users on either platform regard these as annoyances - not help.
Wouldn't be surprised in a future update if the first time a program wants to access your contacts it will need to ask. Internally it may need to hold on to some sort of key to access the contacts database. This still doesn't help you if the app should be legitimately accessing contacts. This article is falsely implying that Apple did something wrong with respect to security. Their certainly is room for improvement but at least the phone isn't left in the open with no safety like Android. The fact that they don't have a malware problem despite having majority smartphone share should speak for itself.
Apple is in a much better situation then Google if they did have a problem too. If an app did manage to sneak through the approval process, Apple could black list it later. They already have a blacklist system in-place for malware. There just hasn't been an instance of them using it yet. Apple is also scanning apps to see what APIs they are using. If you have a flashlight app that accesses contacts they probably know something is up.
Wow, that is the weakest standard I've ever heard of before in the personal data protection arena.
Amazing how years of battling against organized crime stealing people's personal info goes up in smoke because people fall in love with irresponsible products and value convenience over safety.
Apple and Google releasing internet appliances without strict personal data protection is a huge step backwards. You may love that your "apps" automatically slurp up your contacts, but I am NOT happy to that my friends who use iPhones/Pads are unwittingly exposing my contact info to international data criminals (such as the Chinese incident on record), and that it's called a "feature," and that I have NO way of stopping them.
You can't live in a reinforced nuclear-resistant bunker AND have big bay windows that give you a lovely view of the neighborhood, and instant access to everything. You pick and choose what you desire as your user experience.
You can in fact lock-down both the Android phones and the iPhone. You can choose to NOT access the internet which is by far the largest attack vector for these devices. You can choose to not load any apps that allow access to any user data on the phone. You can choose to not text. It's all about your choices. But you HAVE to choose, security or convenience. They are NOT mutually incompatible, but darn close.
Personally, Android has been nothing short of 'enjoyable' from day one, and (unlike the norm in here) I don't going around speaking for the experiences of others.
Additionally: Given the fanatically unreasonable attitudes displayed by far too many regarding these matters, the article recently posted on foxnews.com (sadly) might not be too far off the mark http://techcrunch.com/2010/07/29/apple-religion/
...Go over to CNET or just google the name AndroidFTW (just like I typed it) and tell me they are not treating Android and Google as a whole as a religion. That Fox article is flame bait waiting to happen. Point is you can find "religious" fanatics associated with a lot of different material things. Where do you think the term "crackberry" came from?
They are using the term "capability", isn't ANY app is "capable" of accessing your contacts if the coder wishes so? And wouldn't that translates to 100% of apps are "capable" of accessing the sensitive information on the phones?
Exactly, I don't understand what this statistic is trying to point out. ANY app CAN access the Contacts if it wanted to. It is an open API for iPhone app developers.
You can't live in a reinforced nuclear-resistant bunker AND have big bay windows that give you a lovely view of the neighborhood, and instant access to everything. You pick and choose what you desire as your user experience.
You can in fact lock-down both the Android phones and the iPhone. You can choose to NOT access the internet which is by far the largest attack vector for these devices. You can choose to not load any apps that allow access to any user data on the phone. You can choose to not text. It's all about your choices. But you HAVE to choose, security or convenience. They are NOT mutually incompatible, but darn close.
But the openness of the Android phone is like living on the south side of Chicago with the doors unlocked and no security system with a chest full of gold in your living room. I understand the benefits of an open system... but you at least need to have some sort of security mechanisms. Having a store that does simple security validation will help. It doesn't need to be closed for that, but it doesn't work so well if you allow alternative runtimes. Personally the biggest reason I like the AppStore isn't related to security. It keeps more people honest so they buy their software. That has created a more competitive market with lower prices. Video game companies have been saying this about piracy for years... I just never believed them that the price would actually drop. Guess I was wrong, but I expect that this is partially due to indies.
I know of two in the App Store off the top of my head (but they warn you before hand).
Dragon Dictation and Vlingo. I am sure there are plenty others and possibly even some that don't warn you before hand. Again living inside a walled garden does not mean your data is entirely safe.
I mean come on, developers are a lot smarter than those who Apple employs to review apps. Developers can work around many things if they are so inclined. It has happened many times before. Some of you need to stop being so naive about Apple. Yes Android is much worse but Apple is not Fort Knox by any stretch of the imagination. Hackers have been exploiting iOS software since it debuted in 2007.
What are we talking about, here? Which malicious apps are in the app store that steal personal user information and send the data off to bad people in Schengen China? Hello! Hello! Is this thing on?
You don't have to know... this article's only existence is to sugar coat the Andorid apps that sends personal information to China.
Comments
It's only a start. More comming.
anything to protect the hive, my friend.
"Lookout also discovered that 14 percent of the surveyed free applications available for Apple's iPhone have the capability to access a user's contact data."
Well there's the rub. There's no distinction made whether they actually do or not, or simply that they CAN "access a user's contact data". Well, sure! How many apps do you have that CAN access that data if you ask them to? To forward something, send as an email, etc.? Mail does. Tons of my apps do, by design, on purpose, and because we specifically want them to have that "access".
Making that feature sound scary by default is "bad journalism"... They use different words almost synonymously. "Access", and "Capture" or "Collect". There's a huge difference in the action and intent between those concepts.
They should be focused on those apps that "capture" or "collect" and transmit personal data without a user's implicit permission.
Can anyone name one iOS app that does? I'd love to know about it...
Apple REALLY needs to add finely-tunable controls that put the device OWNER in control of ALL access an app makes. This should be in the Settings for EACH app, as well as a GLOBAL setting.
yeah eventually all the data should be like iOS's GPS where the users have total control over it. And explicitly ask the user every-time it's triggered.
Apple REALLY needs to add finely-tunable controls that put the device OWNER in control of ALL access an app makes. This should be in the Settings for EACH app, as well as a GLOBAL setting.
No. That's a security black hole by relying on the user to customize each application's security settings.
Making a set of security policies that all Developers adhere to is an intelligent solution.
....what kind of BS FUD reporting is this? Garbage. On the heals of discovering an app on Android that steals a lot of info without notice or permission, accessing contacts as a stated function in an iPhone app, with full knowledge and permission, gets even mentioned in the same breath in a security article. Absolute garbage.
Accessing the contacts and pinpointing your GPS location, is the whole point to the app. These functions are the reason users downloaded them in the first place. Obviously Lookout, and Apple Insider are only interested in creating controversy and FUD because that is their business model.
Precisely.
Um, the Android breach of personal info to China yesterday makes that defense unnecessary.
Hope you and your new Chinese friends enjoy your Android.
Personally, Android has been nothing short of 'enjoyable' from day one, and (unlike the norm in here) I don't going around speaking for the experiences of others.
Additionally: Given the fanatically unreasonable attitudes displayed by far too many regarding these matters, the article recently posted on foxnews.com (sadly) might not be too far off the mark http://techcrunch.com/2010/07/29/apple-religion/
Love to see the 'Keepers of the Fruit' response to this, as we await the flood of 'Walled Garden Defenders' to arrive...
it certainly beats living under the bridge and chasing goats now doesn't it?
At least you have a good view and can post your silliness quickly from there.
Personally, Android has been nothing short of 'enjoyable' from day one, and (unlike the norm in here) I don't going around speaking for the experiences of others.
Additionally: Given the fanatically unreasonable attitudes displayed by far too many regarding these matters, the article recently posted on foxnews.com (sadly) might not be too far off the mark http://techcrunch.com/2010/07/29/apple-religion/
That meme has to be tossed off too at intervals now doesn't.
-kpluck
BUT, the big difference is that the app can't (if Apple is doing their job, that is) do anything malicious with the info. Besides, the only bad thing that could result is spam emails and solicitation phone calls. Much better than having passwords stolen.
Wow, that is the weakest standard I've ever heard of before in the personal data protection arena.
Amazing how years of battling against organized crime stealing people's personal info goes up in smoke because people fall in love with irresponsible products and value convenience over safety.
Apple and Google releasing internet appliances without strict personal data protection is a huge step backwards. You may love that your "apps" automatically slurp up your contacts, but I am NOT happy to that my friends who use iPhones/Pads are unwittingly exposing my contact info to international data criminals (such as the Chinese incident on record), and that it's called a "feature," and that I have NO way of stopping them.
yeah eventually all the data should be like iOS's GPS where the users have total control over it. And explicitly ask the user every-time it's triggered.
You mean something like this?
?Mac has issued a salutation. ?Cancel or allow??
?You are pointing out Vista?s flaws. Cancel or allow.?
?You are coming to a sad realization. Cancel or allow.?
Yep, that'll work well when most users on either platform regard these as annoyances - not help.
Apple is in a much better situation then Google if they did have a problem too. If an app did manage to sneak through the approval process, Apple could black list it later. They already have a blacklist system in-place for malware. There just hasn't been an instance of them using it yet. Apple is also scanning apps to see what APIs they are using. If you have a flashlight app that accesses contacts they probably know something is up.
Wow, that is the weakest standard I've ever heard of before in the personal data protection arena.
Amazing how years of battling against organized crime stealing people's personal info goes up in smoke because people fall in love with irresponsible products and value convenience over safety.
Apple and Google releasing internet appliances without strict personal data protection is a huge step backwards. You may love that your "apps" automatically slurp up your contacts, but I am NOT happy to that my friends who use iPhones/Pads are unwittingly exposing my contact info to international data criminals (such as the Chinese incident on record), and that it's called a "feature," and that I have NO way of stopping them.
You can't live in a reinforced nuclear-resistant bunker AND have big bay windows that give you a lovely view of the neighborhood, and instant access to everything. You pick and choose what you desire as your user experience.
You can in fact lock-down both the Android phones and the iPhone. You can choose to NOT access the internet which is by far the largest attack vector for these devices. You can choose to not load any apps that allow access to any user data on the phone. You can choose to not text. It's all about your choices. But you HAVE to choose, security or convenience. They are NOT mutually incompatible, but darn close.
Personally, Android has been nothing short of 'enjoyable' from day one, and (unlike the norm in here) I don't going around speaking for the experiences of others.
Additionally: Given the fanatically unreasonable attitudes displayed by far too many regarding these matters, the article recently posted on foxnews.com (sadly) might not be too far off the mark http://techcrunch.com/2010/07/29/apple-religion/
...Go over to CNET or just google the name AndroidFTW (just like I typed it) and tell me they are not treating Android and Google as a whole as a religion. That Fox article is flame bait waiting to happen. Point is you can find "religious" fanatics associated with a lot of different material things. Where do you think the term "crackberry" came from?
They are using the term "capability", isn't ANY app is "capable" of accessing your contacts if the coder wishes so? And wouldn't that translates to 100% of apps are "capable" of accessing the sensitive information on the phones?
Exactly, I don't understand what this statistic is trying to point out. ANY app CAN access the Contacts if it wanted to. It is an open API for iPhone app developers.
You can't live in a reinforced nuclear-resistant bunker AND have big bay windows that give you a lovely view of the neighborhood, and instant access to everything. You pick and choose what you desire as your user experience.
You can in fact lock-down both the Android phones and the iPhone. You can choose to NOT access the internet which is by far the largest attack vector for these devices. You can choose to not load any apps that allow access to any user data on the phone. You can choose to not text. It's all about your choices. But you HAVE to choose, security or convenience. They are NOT mutually incompatible, but darn close.
But the openness of the Android phone is like living on the south side of Chicago with the doors unlocked and no security system with a chest full of gold in your living room. I understand the benefits of an open system... but you at least need to have some sort of security mechanisms. Having a store that does simple security validation will help. It doesn't need to be closed for that, but it doesn't work so well if you allow alternative runtimes. Personally the biggest reason I like the AppStore isn't related to security. It keeps more people honest so they buy their software. That has created a more competitive market with lower prices. Video game companies have been saying this about piracy for years... I just never believed them that the price would actually drop. Guess I was wrong, but I expect that this is partially due to indies.
Dragon Dictation and Vlingo. I am sure there are plenty others and possibly even some that don't warn you before hand. Again living inside a walled garden does not mean your data is entirely safe.
I mean come on, developers are a lot smarter than those who Apple employs to review apps. Developers can work around many things if they are so inclined. It has happened many times before. Some of you need to stop being so naive about Apple. Yes Android is much worse but Apple is not Fort Knox by any stretch of the imagination. Hackers have been exploiting iOS software since it debuted in 2007.
What are we talking about, here? Which malicious apps are in the app store that steal personal user information and send the data off to bad people in Schengen China? Hello! Hello! Is this thing on?
You don't have to know... this article's only existence is to sugar coat the Andorid apps that sends personal information to China.