06-09-10 08:35 PM
39 12
tools
  1. Rider-on-the-storm's Avatar
    Why is it that so many forum members are "ok" with the huge privacy issues with third party apps? I started a thread in another section asking about why a certain app needs access to my gps data,this is an app that in no way needs this data to function, yet it insists that it has access to it. You probably have many apps like this, even talk lock needs more than it should be allowed to see.
    The theme of the thread really came down to most members being fine with it and not understanding why I objected inthe first place since "google does it!"... Why would I want someone that develops an app in a dorm room or parents basement gaining access to my phone data and doing who knows what with it?

    I think the community really needs to step back and take a hard look at spyware on our devices, the same people that discount this as no big deal spend good money and time making sure there windows pc is locked down with spyware and antivirus software..WTF?

    Does anyone else share my concern on this issue? Does anyone produce an app to watch out for this kinda thing?
    06-09-10 12:37 PM
  2. Radius's Avatar
    Very very simple solution.

    Don't install the app if you don't want it.

    I am more worried about the devices that don't tell you what it's linking into and it all just happens automatically. At least here we get a sense of what it's doing.
    06-09-10 12:40 PM
  3. Shao128's Avatar
    I think the community really needs to step back and take a hard look at spyware on our devices, the same people that discount this as no big deal spend good money and time making sure there windows pc is locked down with spyware and antivirus software..WTF?
    That is a good point, and actually kind of funny, today we had a vendor update their software package which we use in our company. They claim Vista and Win7 compatibility now (we had to keep certain machines on XP for this software), their solution for Vista/7 compatibility was disable UAC. I dont think so, we'll be dropping them.

    Does anyone else share my concern on this issue? Does anyone produce an app to watch out for this kinda thing?
    3rd party apps dont have visibility to see what other applications are doing. That would be a security concern if they did, the irony of it all

    As Radius said, if an application is requesting permissions you are not comfortable with, then deny it and un-install.
    06-09-10 12:42 PM
  4. Username00089's Avatar
    The app developer can be developing the app from a dungeon. Because personally,
    I'm not concerned about my "security" on my phone. I don't care if an app
    developer was able to somehow, someway be able to record my phone calls.
    What's he/she going to hear? About how I'm degrading the chick I was with last
    night? About how at work everybody is stupid and I'm smart? I don't care if the
    developer knows where I am.

    So as already stated, just uninstall the app if you don't like it needing your GPS
    location. It's just that simple.
    06-09-10 12:46 PM
  5. Radius's Avatar
    Shao, the part you quote is interesting as I practice no security on my PC at all. Zero. Period.

    Sort of.

    I have my primary OS for my offline apps and I lock down the network connections. Then I use VMWare to install a fresh OS with no personal info on it at all, or even regular user files. I use that for my online life at home and if viruses flood it, who cares? I simply copy over it from a backup and I'm up and running in 2 minutes.

    I would really suggest this approach to anyone who's worried about security in general. Or if you have kids that just surf like crazy and the viruses come flooding in.
    06-09-10 12:49 PM
  6. Radius's Avatar
    The app developer can be developing the app from a dungeon. Because personally,
    I'm not concerned about my "security" on my phone. I don't care if an app
    developer was able to somehow, someway be able to record my phone calls.
    What's he/she going to hear? About how I'm degrading the chick I was with last
    night? About how at work everybody is stupid and I'm smart? I don't care if the
    developer knows where I am.

    So as already stated, just uninstall the app if you don't like it needing your GPS
    location. It's just that simple.
    You would be worried if you saw an app in the app list named Taliban_target_gps_locator I think. Just saying.
    06-09-10 12:51 PM
  7. Rider-on-the-storm's Avatar
    I can already tell that most of you thnk that everyone can tell when an app could be malicious...I doubt my wife can. She installed some app that changes the led and makes it do the color dance when I email her, it looks like it has an open door to everything. Who was going to tell her that?
    06-09-10 01:00 PM
  8. Radius's Avatar
    I can already tell that most of you thnk that everyone can tell when an app could be malicious...I doubt my wife can. She installed some app that changes the led and makes it do the color dance when I email her, it looks like it has an open door to everything. Who was going to tell her that?
    Chuck Ryder would have, if he existed.

    I stick with the big companies, small unknown developers can do anything they like including harvest data. It's a given.

    When you deal with a big company you have to read the EULA though, that is the caveat. And understand it, that's the other.
    06-09-10 01:03 PM
  9. coolguy78240's Avatar
    Download kisses from app world, it searches for spyware and malware.
    06-09-10 01:22 PM
  10. Shao128's Avatar
    Shao, the part you quote is interesting as I practice no security on my PC at all. Zero. Period.

    Sort of.

    I have my primary OS for my offline apps and I lock down the network connections. Then I use VMWare to install a fresh OS with no personal info on it at all, or even regular user files. I use that for my online life at home and if viruses flood it, who cares? I simply copy over it from a backup and I'm up and running in 2 minutes.

    I would really suggest this approach to anyone who's worried about security in general. Or if you have kids that just surf like crazy and the viruses come flooding in.
    Lol, well in my case this situation is in our corporate environment. Users need to be protected form themselves

    One of my machines at home that just acts as a HTPC has no security of any sorts on it though, but its strictly used for media.
    06-09-10 01:27 PM
  11. Radius's Avatar
    Lol, well in my case this situation is in our corporate environment. Users need to be protected form themselves

    One of my machines at home that just acts as a HTPC has no security of any sorts on it though, but its strictly used for media.
    Ah yes, each one is a bull in the china shop all on their own. Expand that to a herd and you have some real issues.
    06-09-10 01:29 PM
  12. Shao128's Avatar
    I can already tell that most of you thnk that everyone can tell when an app could be malicious...I doubt my wife can. She installed some app that changes the led and makes it do the color dance when I email her, it looks like it has an open door to everything. Who was going to tell her that?
    What would you suggest as a better alternative? It prompts you now telling you what the application is requesting? In the case of the app you tried with GPS are you saying RIM should remove GPS functionality from their OS?

    Download kisses from app world, it searches for spyware and malware.

    Kisses is not going to help in this situation. I dont know how kisses works internally but I would suspect all its doing is checking for a module name of known spyware like "imbad.cod". Im not aware of any spyware so I dont know what it would be doing. But as I stated before 3rd party apps can NOT see what other apps are doing. So kisses will not help with this.
    06-09-10 01:30 PM
  13. MrObvious's Avatar
    Being paranoid about security isn't a bad thing, but I don't let it consume me. Just take as reasonable precautions as you can and let it go at that. If a certain app wants access to GPS, don't use it. If there are bluetooth exploits, leave bluetooth off (which I do BTW). If you must keep a certain thing private, encrypt it.
    06-09-10 01:45 PM
  14. Radius's Avatar
    Let's just cut to the main issue here: security.

    I've said it before and I will post this again many more times in a multitude of threads before I die. Security doesn't mean what you think it does with the BB phones.

    Like any phone you can install any app that does as it likes, the BB phones are no different than any others.

    Security refers to BES, and it is on the corporate management side. To the regular user the BB phones are like iPhone or anything else for security when you get right down to it.
    06-09-10 02:03 PM
  15. Branta's Avatar
    BES is only part of the story and provides additional "security features" which can be locked down. The whole device is designed to allow security if the user wants it. OTOH on a non-BES device the user can bypass, disable, or otherwise defeat the available features either deliberately or accidentally.
    06-09-10 02:19 PM
  16. Rider-on-the-storm's Avatar
    What would you suggest as a better alternative? It prompts you now telling you what the application is requesting? In the case of the app you tried with GPS are you saying RIM should remove GPS functionality from their OS?
    Apps DO NOT tell you what they are requesting. They word it in a way that is very vague.

    What needs to happen is apps should not be allowed to gain trusted status with one click....come on, do you really think everyone knows what they are doing with these things.

    How many people that come here even know about "permissions" or where to even find them? Every day new users are asking the same questions over and over while the app makers are starting to get better and better at selling our location and search terms etc.. to whoever wants it. Just look at Nobex or Iheart, they thrive from that stuff. I have a feeling they dont provide these services to make money on traditional advertisements anymore.


    "Just dont install the app" Wow. What kind of lame excuse is that for allowing data harvesting to go on? How many people out here in smartphone land even come here to read this stuff? People install and go on with living without giving a second thought to what "trusted" really means and what they are giving away for the use of a fart maker or other "free" toy app.

    I swear it's like having a PC in 1992 all over again, people are being used as data aggregation devices and have no clue.
    06-09-10 02:36 PM
  17. Radius's Avatar
    Apps DO NOT tell you what they are requesting. They word it in a way that is very vague.

    What needs to happen is apps should not be allowed to gain trusted status with one click....come on, do you really think everyone knows what they are doing with these things.

    How many people that come here even know about "permissions" or where to even find them? Every day new users are asking the same questions over and over while the app makers are starting to get better and better at selling our location and search terms etc.. to whoever wants it. Just look at Nobex or Iheart, they thrive from that stuff. I have a feeling they dont provide these services to make money on traditional advertisements anymore.


    "Just dont install the app" Wow. What kind of lame excuse is that for allowing data harvesting to go on? How many people out here in smartphone land even come here to read this stuff? People install and go on with living without giving a second thought to what "trusted" really means and what they are giving away for the use of a fart maker or other "free" toy app.

    I swear it's like having a PC in 1992 all over again, people are being used as data aggregation devices and have no clue.
    So you're saying you want complete and utter security without having to know anything or manage any settings?

    easy, don't install the software.
    06-09-10 02:41 PM
  18. Shao128's Avatar
    Apps DO NOT tell you what they are requesting. They word it in a way that is very vague.

    What needs to happen is apps should not be allowed to gain trusted status with one click....come on, do you really think everyone knows what they are doing with these things.
    Trusted application status does not allow an application access to everything. It seems like you are trying to make a point here without being fully informed.

    The first time you run an application any additional elevated privileges it requests will be present to the user. The OS will explicitly tell you what the application is requesting access to. So when an app wants access to your GPS it will show a prompt and you can deny it there. What else are you looking for?

    Since QuickPull was the app you were having issues with I installed it to see what would happen. Guess what?





    Right there is says QP wants access to Location Data. If you do not want to provide that, deny it and uninstall. What more do you want RIM to do for you in this case? They've protected you as much as they can, but its up to you to do the rest.
    06-09-10 03:02 PM
  19. Rider-on-the-storm's Avatar
    So you're saying you want complete and utter security without having to know anything or manage any settings?

    easy, don't install the software.
    No, you are lost.
    I do not want apps to unjustly gain access to resources they do not interact with in the description. Just because you and I know how to check, does not make it right because many users are clueless.

    Would you be OK if the popular OSX app or the latest windows7 browser stored all of your credit card numbers by default without mentioning it to you?

    Sure you would.
    06-09-10 04:48 PM
  20. Radius's Avatar
    No, you are lost.
    I do not want apps to unjustly gain access to resources they do not interact with in the description. Just because you and I know how to check, does not make it right because many users are clueless.

    Would you be OK if the popular OSX app or the latest windows7 browser stored all of your credit card numbers by default without mentioning it to you?

    Sure you would.
    No, I wouldn't be happy. But I suspect you wouldn't be happy if you had a quiet app installed that did that for you. On the PC it's much easier for you to get applications that do that, even legitimate ones. They never even alert you and cases like this are in the news all the time.

    The benefit of BB's is they have the popup as is posted above that at least tells you it wants to modify permissions. That would be a big red flag for anyone installing an app and doesn't come much more plain than that.

    So that brings me to the quote above, RIM tells you it's going on so why throw an example out where you assume it doesn't? That is clearly not the case here.
    06-09-10 04:53 PM
  21. Rider-on-the-storm's Avatar
    Trusted application status does not allow an application access to everything. It seems like you are trying to make a point here without being fully informed.

    The first time you run an application any additional elevated privileges it requests will be present to the user. The OS will explicitly tell you what the application is requesting access to. So when an app wants access to your GPS it will show a prompt and you can deny it there. What else are you looking for?

    Since QuickPull was the app you were having issues with I installed it to see what would happen. Guess what?





    Right there is says QP wants access to Location Data. If you do not want to provide that, deny it and uninstall. What more do you want RIM to do for you in this case? They've protected you as much as they can, but its up to you to do the rest.

    I dont want RIM to do anything, are you RIM? Do you work for RIM? Is the site in any way related to or owned by RIM?

    But..you made my point for me..with one click it gained access to the location data & everything else. I already knew that, hence the reason for the threads..now smartball, what about the masses that DONT KNOW THAT?

    FWIW I did delete it, I call it spyware. But, it seems that some websites (and forum mods) want to call what these apps do "OK"?
    Go figure, one of the largest forums on the web about these things is justifying it? Or at least turning a blind eye.
    06-09-10 04:53 PM
  22. Radius's Avatar
    So even though information is provided it's just not enough. I get it.

    Here is the bottom line: you can't same someone from themselves. Give a kid a revolver and he's going to shoot himself. Why? Because he doesn't know any better. So in your case, be the responsible parent and teach the users around you what's going on.
    06-09-10 04:56 PM
  23. Shao128's Avatar
    I dont want RIM to do anything, are you RIM? Do you work for RIM? Is the site in any way related to or owned by RIM?

    But..you made my point for me..with one click it gained access to the location data & everything else. I already knew that, hence the reason for the threads..now smartball, what about the masses that DONT KNOW THAT?

    FWIW I did delete it, I call it spyware. But, it seems that some websites (and forum mods) want to call what these apps do "OK"?
    Go figure, one of the largest forums on the web about these things is justifying it? Or at least turning a blind eye.
    Who are you expecting to do something about it? If you dont like the permissions its asking for dont use it. I just dont get what you point is here. You are clearly looking for someone here to protect you, just look at the thread title "Privacy is dead...I thought security was the point of a blackberry!"

    Your device tells you an app wants addition information pops a new screen up with a description of what it is asking for and lets you either allow or deny those permissions. Again, its not 1 click, Trusted application permission and that dialog I posted are 2 completely different things.

    Nobody is justifying it or saying its ok, we are stating the facts here. The user is presented with the option to either allow or deny additional permissions. What more are you looking for?
    06-09-10 05:22 PM
  24. rolltide78's Avatar
    06-09-10 05:28 PM
  25. Pi Guy 3.14's Avatar
    I think he just wants apps that are not going to ask for an extra information that is NOT relevant to the app itself.....

    Or at least thats what I'm getting out of it...
    06-09-10 05:29 PM
39 12
LINK TO POST COPIED TO CLIPBOARD