Article is the equivalent of an Apple fanboy sticking his tongue out at Android fanboys. classy.
Actually it's not. It tells me that even if I chose to use iOS to protect my privacy because I prefer it's security options that doesn't exempt me from stories like this. I'm not in control of some of my data when my best Android using friends have my phone number, personal email address, my physical address, etc. in their contacts and then they run something like this Facebook app. Data I've taken extra steps to keep out of Facebook's grubby hands has now possibly been uploaded to their great big private info vacuum in the clouds. Frankly that pisses me off.
"Don't ask for whom the bell tolls … it tolls for thee!" It not about iOS vs Android - when crap like this happens we're all compromised and it has to stop.
I'm not in control of some of my data when my best Android using friends have my phone number, personal email address, my physical address, etc. in their contacts and then they run something like this Facebook app.
Or you could take it a step further and do like me. I don't have a single Android friend, so that solves that problem.
Yawn, I see the usual brigade are here with their denials and excuses.
Yes, it really is amazing how people forget that iOS apps quietly stole contact information for years, before Apple finally got around to asking the user for permission in iOS 6... whereas Android users have always had to give that permission even before installation.
The real problem is the same on both OSes, and that is that it will often make sense for the user to give an app permission to access their contacts, (supposedly in order to make it easier to send email, texts, etc), but then that app might misuse that permission later on.
I think smartphones should have a log of such info snatches for users to check.
Made an account just to post this -- don't bash me.
I think Google CAN fix this. Remember, unlike iOS, Android doesn't need a whole new version to add more services and functionality. Google could easily implement sort of a SuperUser type approach, where if an app tries to access contact info, you must click the little "Allow" or "Deny" button. Add a patch through Google Play Services, all should be fine for Froyo and Up... If you really are worried now, you could install one of the many antiviruses for Android, at the least, or like a previous poster said, bake in a Permissions Manager. But how sure are we that this is to take contacts. Doesn't Facebook have contact sync? Also, this reminds me, in Android ICS+, Google baked in the Contacts app to disallow facebook from contact syncing, so if Facebook is blocked from Contact Sync, how are they doing it...fishy fishy.
This is mostly a non-story in relationship to iOS strengths VS weaknesses compared to Android. iOS has had its own cases of FUBARs in this exact type of thing as well.
The sad state is many applications use various frameworks with minimal testing going on as to what the frameworks do. Many of these are designed for analytics and, if you don't really do your homework, you can get caught with these things. This is not to excuse the behavior but iOS and Android are equally guilty with or without the fragmentation issues.
Actually this is total bullshit. This "exact kind of thing" actually cannot happen on iOS as all access to the address book must be requested and approved by the user. There sis no way to get the phone number except by specifically giving the app access to contacts.
This article is interesting to me as it sort of explains why Facebook is constantly, desperately, and usually underhandedly trying to get my phone number which I refuse to give them. I can't even count the number of times I've logged onto Facebook on the web or using an app and it's tried some slight of hand to get my phone number or dig through my contacts or both. Several of these occasions it was presented to me as a "crucial" thing or a matter of my own safety to give them my phone number and it's only the knowledge that this was a lie that stopped me from doing so. I wonder how many people they fool into doing this on a daily basis?
Google does the exact same thing.
if there is one thing I've been asked by Google to do over and over again it's give them my mobile phone number or access to my contacts or both. Underhanded fuckers, both of them.
Because the various versions of Android have no coherent security policy regarding the sharing of personal data without the user's permission, Facebook's "automatic sharing" in its Android app affects everyone, even iOS users with Android friends.
Android apps have always required the user's permission to access personal data. Facebook is no different. As detailed here, Facebook requests permission to "access the phone features of the device...to determine the phone number and device IDs...." Android, whether for good or bad, has always presented the app's requested permissions to the user at install time and let the user decide whether to proceed. By contrast, iOS delegates this vetting process to the app store reviewers. Until iOS 6 introduced hooks to alert the user when a program wanted to access Contacts, the user had no idea what permissions apps requested, and instead trusted the reviewers to make the correct decisions.
Quote:
Originally Posted by AppleInsider
Due to fragmentation on even new Android phones, Google's platform can't be similarly secured even if it were in Google's interests to stop app developers from sharing users' private data for advertising and social recommendation purposes.
The issue has nothing to do with fragmentation and everything to do with policy. Apps on both Android and iOS are sandboxed and can only perform actions that they have received permission for. On iOS, the app store reviewers inspect and grant the permissions. Android places that responsibility with the end user. Google could hire people to read the permissions lists of Google Play submissions if it wanted to. It has simply chosen not to, but that's a policy issue and not a technical one.
Quote:
Originally Posted by AppleInsider
No comment was made in the article about the complete lack of messaging security on other mobile platforms where SMS messaging isn't encrypted at all, including Android and Windows Mobile.
Well, SMS messaging isn't encrypted on iOS either or else an iPhone user would not be able to text anyone not using an iPhone. It's more fair to compare iMessage to chat programs like skype.
I wouldn't bee too sure even about the Apple Facebook implementation, I had students I work with in my lab suggested for "friending" when I've deliberately never put in my employment or university affiliation. EVER and they have zero association with anyone I had listed as friends. Maybe they're suggesting people that run off the same WiFi network? As would be the case in the lab....
I think this is the same kind of nefarious bullshit that LinkedIn uses. For instance I work at a large institution at the moment and I'm on LinkedIn. Whenever someone at that same institution does something on LinkedIn, I get what looks like a "personal" email from that person (who I don't know at all since it's a huge institution), asking me to link up with them. It's actually not an email from them at all of course, it's just that their database shows that we work at the same location, and has identified me as someone who *should* have more links, so I get spammed by a cleverly crafted entirely fake email.
It's practically criminal. In fact if the purpose was illegal instead of merely social linking, it would be a federal crime to craft such an email as its outright fraudulent behaviour.
Third article in a row with a specious connection to being even Apple rumor, much less news and the fourth that is nothing but hit whoring.
Did everyone go on vacay and leave DED in charge.
But it gives Dilger to use for the ten thousandth time the chart comparing OS versions. And that's ignoring the blatant lie in the title. Dilger should really seek professional help for his obsession with a corporation and the extreme hatred he spews forth at the "enemies" of that corporation.
I'm not in control of some of my data when my best Android using friends have my phone number, personal email address, my physical address, etc. in their contacts and then they run something like this Facebook app. Data I've taken extra steps to keep out of Facebook's grubby hands has now possibly been uploaded to their great big private info vacuum in the clouds. Frankly that pisses me off.
How would that be any different if an iOS using friend gave the Facebook app permission to their contacts? Since on either platform you have to explicitly give permission for an app to access your contacts. Despite what the article title would have you believe, the Android Facebook app is only sending the phone number of the device it is installed on, not the phone's entire contacts list (which it can't do since it doesn't yet have permission to access it.). Yes, that's not appropriate either but it's also not "harvesting user's contacts" at least not without being given permission.
Your link is from early 2012. Since then, Apple added required notification and permissions requests in order for apps to read your Contacts, as the article quite clearly explained. Since iOS 6 was released, virtually the entire installed base is now using it.
The situation on Android is that Apps just say they need to do "this and that" before you ever install them, and so every app has all the "permissions" its developers have the balls to say they need, and users have no control over running the apps with or without granted access.
Google could fix this, but the entire installed base would never get an update.
Well, SMS messaging isn't encrypted on iOS either or else an iPhone user would not be able to text anyone not using an iPhone. It's more fair to compare iMessage to chat programs like skype.
iPhone to iPhone (or to Mac, or to iPad, in any combo) messages are encrypted. Apple can't encrypt messages for other platforms that they could read, so they get plain text SMS, but that's clearly indicated in the UI.
Skype is a different app. You can't text somebody and seamlessly upgrade your conversation to encrypted one on other platforms.
Yes, it really is amazing how people forget that iOS apps quietly stole contact information for years, before Apple finally got around to asking the user for permission in iOS 6... whereas Android users have always had to give that permission even before installation.
The real problem is the same on both OSes, and that is that it will often make sense for the user to give an app permission to access their contacts, (supposedly in order to make it easier to send email, texts, etc), but then that app might misuse that permission later on.
I think smartphones should have a log of such info snatches for users to check.
No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.
<p style="font-size:12px;line-height:normal;font-family:Helvetica;">Your link is from early 2012. Since then, Apple added required notification and permissions requests in order for apps to read your Contacts, as the article quite clearly explained. Since iOS 6 was released, virtually the entire installed base is now using it. </p>
<p style="font-size:12px;line-height:normal;font-family:Helvetica;">The situation on Android is that Apps just say they need to do "this and that" before you ever install them, and so every app has all the "permissions" its developers have the balls to say they need, and users have no control over running the apps with or without granted access. </p>
<p style="font-size:12px;line-height:normal;font-family:Helvetica;">Google could fix this, but the entire installed base would never get an update.</p>
exactly. but those droid fans are desperately clutching at that old straw, because:
People still using FB? That's the first place the big brother is monitoring. Yeah, users' info is private until FB surrendering all info directly to the national security DB.
No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.
You're wrong if you think Google doesn't see the problem and won't fix it. You're even more wrong to say that they can't fix it. Google doesn't tie apps to the system for the most part. If they want, they can write an application that runs as a system app, place it on the market, and have users download it. They could even push out an update silently to Google Play Services. If you watched any of Google's I/O conference (which you likely didn't), you would have seen that they upgraded every Android phone on the planet without pushing a new version by adding peer-to-peer gaming, an updated set of location service APIs, cross-device notification sync, an enhanced cloud messaging service (something for developers), and cloud-based data backup APIs for apps. Please tell me again that you don't think they can push an update to fix permissions so I can have a hearty laugh.
No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.
Nothing he said was wrong. All the user needs are better permission management tools, which they could bake it into the Play Store app, Sort of like this guy did.
Comments
Quote:
Originally Posted by koop
Article is the equivalent of an Apple fanboy sticking his tongue out at Android fanboys. classy.
Actually it's not. It tells me that even if I chose to use iOS to protect my privacy because I prefer it's security options that doesn't exempt me from stories like this. I'm not in control of some of my data when my best Android using friends have my phone number, personal email address, my physical address, etc. in their contacts and then they run something like this Facebook app. Data I've taken extra steps to keep out of Facebook's grubby hands has now possibly been uploaded to their great big private info vacuum in the clouds. Frankly that pisses me off.
"Don't ask for whom the bell tolls … it tolls for thee!" It not about iOS vs Android - when crap like this happens we're all compromised and it has to stop.
Quote:
Originally Posted by MADSCI3NCE
I'm not in control of some of my data when my best Android using friends have my phone number, personal email address, my physical address, etc. in their contacts and then they run something like this Facebook app.
Or you could take it a step further and do like me. I don't have a single Android friend, so that solves that problem.
Quote:
Originally Posted by hill60
Yawn, I see the usual brigade are here with their denials and excuses.
Yes, it really is amazing how people forget that iOS apps quietly stole contact information for years, before Apple finally got around to asking the user for permission in iOS 6... whereas Android users have always had to give that permission even before installation.
The real problem is the same on both OSes, and that is that it will often make sense for the user to give an app permission to access their contacts, (supposedly in order to make it easier to send email, texts, etc), but then that app might misuse that permission later on.
I think smartphones should have a log of such info snatches for users to check.
Made an account just to post this -- don't bash me.
I think Google CAN fix this. Remember, unlike iOS, Android doesn't need a whole new version to add more services and functionality. Google could easily implement sort of a SuperUser type approach, where if an app tries to access contact info, you must click the little "Allow" or "Deny" button. Add a patch through Google Play Services, all should be fine for Froyo and Up... If you really are worried now, you could install one of the many antiviruses for Android, at the least, or like a previous poster said, bake in a Permissions Manager. But how sure are we that this is to take contacts. Doesn't Facebook have contact sync? Also, this reminds me, in Android ICS+, Google baked in the Contacts app to disallow facebook from contact syncing, so if Facebook is blocked from Contact Sync, how are they doing it...fishy fishy.
Quote:
Originally Posted by Steven N.
This is mostly a non-story in relationship to iOS strengths VS weaknesses compared to Android. iOS has had its own cases of FUBARs in this exact type of thing as well.
The sad state is many applications use various frameworks with minimal testing going on as to what the frameworks do. Many of these are designed for analytics and, if you don't really do your homework, you can get caught with these things. This is not to excuse the behavior but iOS and Android are equally guilty with or without the fragmentation issues.
Actually this is total bullshit. This "exact kind of thing" actually cannot happen on iOS as all access to the address book must be requested and approved by the user. There sis no way to get the phone number except by specifically giving the app access to contacts.
This article is interesting to me as it sort of explains why Facebook is constantly, desperately, and usually underhandedly trying to get my phone number which I refuse to give them. I can't even count the number of times I've logged onto Facebook on the web or using an app and it's tried some slight of hand to get my phone number or dig through my contacts or both. Several of these occasions it was presented to me as a "crucial" thing or a matter of my own safety to give them my phone number and it's only the knowledge that this was a lie that stopped me from doing so. I wonder how many people they fool into doing this on a daily basis?
Google does the exact same thing.
if there is one thing I've been asked by Google to do over and over again it's give them my mobile phone number or access to my contacts or both. Underhanded fuckers, both of them.
Quote:
Originally Posted by AppleInsider
Because the various versions of Android have no coherent security policy regarding the sharing of personal data without the user's permission, Facebook's "automatic sharing" in its Android app affects everyone, even iOS users with Android friends.
Android apps have always required the user's permission to access personal data. Facebook is no different. As detailed here, Facebook requests permission to "access the phone features of the device...to determine the phone number and device IDs...." Android, whether for good or bad, has always presented the app's requested permissions to the user at install time and let the user decide whether to proceed. By contrast, iOS delegates this vetting process to the app store reviewers. Until iOS 6 introduced hooks to alert the user when a program wanted to access Contacts, the user had no idea what permissions apps requested, and instead trusted the reviewers to make the correct decisions.
Quote:
Originally Posted by AppleInsider
Due to fragmentation on even new Android phones, Google's platform can't be similarly secured even if it were in Google's interests to stop app developers from sharing users' private data for advertising and social recommendation purposes.
The issue has nothing to do with fragmentation and everything to do with policy. Apps on both Android and iOS are sandboxed and can only perform actions that they have received permission for. On iOS, the app store reviewers inspect and grant the permissions. Android places that responsibility with the end user. Google could hire people to read the permissions lists of Google Play submissions if it wanted to. It has simply chosen not to, but that's a policy issue and not a technical one.
Quote:
Originally Posted by AppleInsider
No comment was made in the article about the complete lack of messaging security on other mobile platforms where SMS messaging isn't encrypted at all, including Android and Windows Mobile.
Well, SMS messaging isn't encrypted on iOS either or else an iPhone user would not be able to text anyone not using an iPhone. It's more fair to compare iMessage to chat programs like skype.
Quote:
Originally Posted by os2baba
http://gizmodo.com/5885321/how-iphone-apps-steal-your-contact-data-and-why-you-cant-stop-it
That article is total bullshit. And anyone who trusts Gizmodo of all places to have any kind of reliable information on anything is just an idiot.
Quote:
Originally Posted by jfc1138
I wouldn't bee too sure even about the Apple Facebook implementation, I had students I work with in my lab suggested for "friending" when I've deliberately never put in my employment or university affiliation. EVER and they have zero association with anyone I had listed as friends. Maybe they're suggesting people that run off the same WiFi network? As would be the case in the lab....
I think this is the same kind of nefarious bullshit that LinkedIn uses. For instance I work at a large institution at the moment and I'm on LinkedIn. Whenever someone at that same institution does something on LinkedIn, I get what looks like a "personal" email from that person (who I don't know at all since it's a huge institution), asking me to link up with them. It's actually not an email from them at all of course, it's just that their database shows that we work at the same location, and has identified me as someone who *should* have more links, so I get spammed by a cleverly crafted entirely fake email.
It's practically criminal. In fact if the purpose was illegal instead of merely social linking, it would be a federal crime to craft such an email as its outright fraudulent behaviour.
It's all done with databases anyhow.
Quote:
Originally Posted by koop
Enjoy having this link completely ignored by the "outraged" icabal. Such information can not penetrate the Apple bubble-sphere.
Look into it. It's false information as is much of the stuff that Gizmodo spreads around.
But it gives Dilger to use for the ten thousandth time the chart comparing OS versions. And that's ignoring the blatant lie in the title. Dilger should really seek professional help for his obsession with a corporation and the extreme hatred he spews forth at the "enemies" of that corporation.
How would that be any different if an iOS using friend gave the Facebook app permission to their contacts? Since on either platform you have to explicitly give permission for an app to access your contacts. Despite what the article title would have you believe, the Android Facebook app is only sending the phone number of the device it is installed on, not the phone's entire contacts list (which it can't do since it doesn't yet have permission to access it.). Yes, that's not appropriate either but it's also not "harvesting user's contacts" at least not without being given permission.
Quote:
Originally Posted by os2baba
http://gizmodo.com/5885321/how-iphone-apps-steal-your-contact-data-and-why-you-cant-stop-it
Your link is from early 2012. Since then, Apple added required notification and permissions requests in order for apps to read your Contacts, as the article quite clearly explained. Since iOS 6 was released, virtually the entire installed base is now using it.
The situation on Android is that Apps just say they need to do "this and that" before you ever install them, and so every app has all the "permissions" its developers have the balls to say they need, and users have no control over running the apps with or without granted access.
Google could fix this, but the entire installed base would never get an update.
Quote:
Originally Posted by d4NjvRzf
Well, SMS messaging isn't encrypted on iOS either or else an iPhone user would not be able to text anyone not using an iPhone. It's more fair to compare iMessage to chat programs like skype.
iPhone to iPhone (or to Mac, or to iPad, in any combo) messages are encrypted. Apple can't encrypt messages for other platforms that they could read, so they get plain text SMS, but that's clearly indicated in the UI.
Skype is a different app. You can't text somebody and seamlessly upgrade your conversation to encrypted one on other platforms.
Quote:
Originally Posted by KDarling
Yes, it really is amazing how people forget that iOS apps quietly stole contact information for years, before Apple finally got around to asking the user for permission in iOS 6... whereas Android users have always had to give that permission even before installation.
The real problem is the same on both OSes, and that is that it will often make sense for the user to give an app permission to access their contacts, (supposedly in order to make it easier to send email, texts, etc), but then that app might misuse that permission later on.
I think smartphones should have a log of such info snatches for users to check.
No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.
exactly. but those droid fans are desperately clutching at that old straw, because:
Android = spyware.
and they know it.
People still using FB? That's the first place the big brother is monitoring. Yeah, users' info is private until FB surrendering all info directly to the national security DB.
Quote:
Originally Posted by Corrections
No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.
You're wrong if you think Google doesn't see the problem and won't fix it. You're even more wrong to say that they can't fix it. Google doesn't tie apps to the system for the most part. If they want, they can write an application that runs as a system app, place it on the market, and have users download it. They could even push out an update silently to Google Play Services. If you watched any of Google's I/O conference (which you likely didn't), you would have seen that they upgraded every Android phone on the planet without pushing a new version by adding peer-to-peer gaming, an updated set of location service APIs, cross-device notification sync, an enhanced cloud messaging service (something for developers), and cloud-based data backup APIs for apps. Please tell me again that you don't think they can push an update to fix permissions so I can have a hearty laugh.
Quote:
Originally Posted by Corrections
No you are wrong, it is not the same. Apple identified a problem and fixed it. Google doesn't see a problem, won't fix it, and really can't fix it for the installed base.
Nothing he said was wrong. All the user needs are better permission management tools, which they could bake it into the Play Store app, Sort of like this guy did.
Block the trolls, guys. Don't quote them. It's offensive to see their muck.