[BB 4 me]

As a new BB user I was surprised to see a lot of apps ask me to leave my phone wide open to tracking (and what else?) "Quick pull 5.0.2" which I downloaded for free seems to need a lot of information about me just to reboot my phone.

From The Wall Street Journal:

December 18, 2010

Your Apps Are Watching You

The results of an investigation of smartphones are disturbing.

By Scott Thurm and Yukari Iwatani Kane


Few devices know more personal details about people than the smartphones in their pockets: phone numbers, current location, often the owner's real name—even a unique ID number that can never be changed or turned off.

These phones don't keep secrets. They are sharing this personal data widely and regularly, a Wall Street Journal investigation has found.

An examination of 101 popular smartphone "apps"—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders.

The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.

Among the apps tested, the iPhone apps transmitted more data than the apps on phones using Google Inc.'s Android operating system. Because of the test's size, it's not known if the pattern holds among the hundreds of thousands of apps available.

Apps sharing the most information included TextPlus 4, a popular iPhone app for text messaging. It sent the phone's unique ID number to eight ad companies and the phone's zip code, along with the user's age and gender, to two of them.

Both the Android and iPhone versions of Pandora, a popular music app, sent age, gender, location and phone identifiers to various ad networks. iPhone and Android versions of a game called Paper Toss—players try to throw paper wads into a trash can—each sent the phone's ID number to at least five ad companies. Grindr, an iPhone app for meeting gay men, sent gender, location and phone ID to three ad companies.

"In the world of mobile, there is no anonymity," says Michael Becker of the Mobile Marketing Association, an industry trade group. A cellphone is "always with us. It's always on."

Alt, shift, Del works faster anyway.

OK, start flaming the newbie

[JRSCCivic98]

No flaming from me. This is a perfect example of apps whoring themselves out to ad companies for more money. Everyone wants as much money as they can get now. Ad revenue in apps is a big plus for devs with no ethical regard.

Posted from my CrackBerry at wapforums.crackberry.com

[BB 4 me]

is it possible if a marketing company gets your phone's unique device ID they could continue to track even after the app has been removed?

[amazinglygraceless]

I'm going to play Devils' Advocate here. I don't think the ethics of any developer needs to be called into question and I fully support their, what was the indelicate term, "whoring" themselves out.

Why. Because for as hard as many of these developers work to bring a good app to market there are tons of equally unethical individuals and websites that have no compunction about circumventing the developers legitimate costs.

For every app a developer ACTUALLY sells I would hazard that 20 or more copies are pirated. How many threads have the Mod team shut down for posting warez, keygens, piracy sites etc. And that's just this one site. Across the web it is exponentionally worse

If more people BOUGHT the apps they find useful maybe developers would not be so quick to try finding other revenue. I say more power to them.

[JRSCCivic98]

I'm going to play Devils' Advocate here. I don't think the ethics of any developer needs to be called into question and I fully support their, what was the indelicate term, "whoring" themselves out.

Why. Because for as hard as many of these developers work to bring a good app to market there are tons of equally unethical individuals and websites that have no compunction about circumventing the developers legitimate costs.

For every app a developer ACTUALLY sells I would hazard that 20 or more copies are pirated. How many threads have the Mod team shut down for posting warez, keygens, piracy sites etc. And that's just this one site. Across the web it is exponentionally worse

If more people BOUGHT the apps they find useful maybe developers would not be so quick to try finding other revenue. I say more power to them.

Well, there's a right way and a wrong way to do it. JaredCo is a good example of how not to do it.

Also, you can implement ads in an app without phishing the person's phone for other info and sending that as well. What I find amuzing is that RIM prides themselves on a secure application layer, but what good is that if an app is written to have ALL ALLOW or it won't work, even if it doesn't requite ALL ALLOW for it to do what it's intended to do. Once those permissions are set, there's nothing keeping an app from stealing info.

For example, if an app is needed to add info to contacts as you select text, it would need full control of your contacts. Once that's done, there's nothing keeping it from reading and sending all your contacts info to a 3rd party. Mobile OSs (Blackberry included) need much better security control then they have now. It's a joke.

[diffused]

BTW, what should the permission settings beset at? Upon trying to learn and experimenting I know I goofed them all up and I have no idea what the default even is/was anymore.

[Reed McLay]

I goofed them all up and I have no idea what the default even is/was anymore.

The simple way is to reinstall the application to restore defaults. However, it is those default settings that are a cause for concern.

Just checked one of my important Apps, All permissions are set wide open. Do I trust them enough to see my Contacts and messages?

Things that make you go Humm.

Posted from my CrackBerry at wapforums.crackberry.com

[Reed McLay]

Options / Advanced Options / Applications. Select the Application, Menu / Edit Permissions. Make sure you expand each group.



Posted from my CrackBerry at wapforums.crackberry.com

[amazinglygraceless]

Well, there's a right way and a wrong way to do it. JaredCo is a good example of how not to do it.

Right way and wrong way are completely subjective and dependent on ones
personal sense of ethics and fair play although your cited developer is indeed
way over the top (personal opinion)

Again, I have absolutely no issue with a developer finding other revenue
streams when their apps, many of which are cheap, are pirated 8 ways to Sunday.

The security shortcomings I don't think I need to address as we have always been on
the same page in this area.

[diffused]

My problem is, is that I don't understand all the settings/terminology to tell if it's important or not. For instance, Input Simulation, User Data (is the user me or them), Security Timer Reset, Display Information while Locked (again is this them being able to see my screen or what?). So I guess a person could just deny every app and spend time testing each one. Also some of my RIM core stuff have permissions.

[howiewolverine]

Do you happen to know the specific 'permissions' setting to protect the UDID information? Thank you in advance.

[bbman93]

this is creepy

[Reed McLay]

I just noticed, there is a function to edit Default Permissions. That explains why I have granted universal Allow.



Posted from my CrackBerry at wapforums.crackberry.com

[diffused]

That is what I meant. I changed the defaults which overrides all the apps and I don't know what they were set at to begin with.

[BB 4 me]

As a new user It's much easier to screen my apps to see if they will still work with permissions restricted as I only have a few. The ones I have deleted are sometimes challenging to uninstall though.

-Are there any good tutorials that will detail how we can help protect our privacy?

-The choices of how we set "connections, Interactions, User data" should be more specific than "Allow, Custom, Deny" . What about "custom" interactions? Is there a way to see what these settings are and what the effects are?

-Are there any app developers out there making app's that we can use to control our information?

Many thanks to all the knowledgable users on this site! What a great resource!!

[BB 4 me]

just discovered the drop down for interactions. I'll wade through with prompt instead of allow.

[hexwulf]

I'm going to play Devils' Advocate here. I don't think the ethics of any developer needs to be called into question and I fully support their, what was the indelicate term, "whoring" themselves out.

Why. Because for as hard as many of these developers work to bring a good app to market there are tons of equally unethical individuals and websites that have no compunction about circumventing the developers legitimate costs.

For every app a developer ACTUALLY sells I would hazard that 20 or more copies are pirated. How many threads have the Mod team shut down for posting warez, keygens, piracy sites etc. And that's just this one site. Across the web it is exponentionally worse

If more people BOUGHT the apps they find useful maybe developers would not be so quick to try finding other revenue. I say more power to them.

But essentially this hurts / punishes users who purchase an app, with some sort of expectation to privacy, yet find their info being distributed just the same as one who pirates the same software?

It comes down to the developer, vs the user. If the developer is pushing out shady apps, strike them down / dont support the developer. If a user pirates an app, same deal, strike em down. Dont lump everyone in together, and allow the excuse of recouping losses due to pirates, in order to breach privacy of all users.

Maybe the system needs a change, in that developers should be required to have a section explaining what preferences/requirements have to be set to allow, and the reasoning behind it. Then users can make a more informed decision to purchase and support developers who put that time and effort into full disclosure (a pain in the arse for them I am sure). That would focus my purchase habits to developers that go the extra mile in distinguishing themselves further from a more shifty J-Co like situation.

[JRSCCivic98]

I just noticed, there is a function to edit Default Permissions. That explains why I have granted universal Allow.



Posted from my CrackBerry at wapforums.crackberry.com

I was wanting to post about this as well. Some people have left instructions in numerious threads (I've seen posts in the past) that instruct users to edit the Default Properties, which inturn changes the inherent "out of the box" Permissions that the OS sets on all apps installed on the device. If you set the Default Permissions to all Allow, all apps installed from that point on will inherit those same permissions.

The big issue with BB is that their permissions are not similar to file system permissions. They have Allow/Deny/Prompt, but nothing more defining like "Read, Write, Modify, Allow to Transmit, Deny Transmit, etc." It would be super nice if RIM would rewrite their permissions settings when thy move to QNX. This BS about Allow/Deny/Prompt to the different databases is kindergarden. They need more refined permission control.

For example, an app that takes pics like a barcode scanner should be controlled to keep GPS data from being tagged to the pic or to whom it tries to send the data. A while ago, I had installed a specific OS version for the Storm that had very detailed network connectivity permissions. It would ask if Weatherbug could connect to a specific server for ads, etc. If you denied that permissions, the app would work, but the ads would not, which was great control. Then the next OS version removed this control for some silly reason. Since then, I haven't seen this type of control. Also, without wiping the application permission database entirely, you cannot go in and edit/see what the settings are for each specific app... ragardless of the screen you're seeing when you go to edit the app permissions. It also seems that when an app is uninstalled, the permissions set for it are NOT removed from the app permission database. When reinstalled (if the version doesn't change), the app picks up the same old permissions you had set on it before the uninstall.

I'm very surprised that no one's seeing this sort of behavior or that Blackberry is still being security certified with these glaring issues...

[BB 4 me]

The big issue with BB is that their permissions are not similar to file system permissions. They have Allow/Deny/Prompt, but nothing more defining like "Read, Write, Modify, Allow to Transmit, Deny Transmit, etc." It would be super nice if RIM would rewrite their permissions settings when thy move to QNX. This BS about Allow/Deny/Prompt to the different databases is kindergarden. They need more refined permission control.

Maybe if more people beef about this issue they will do something about it. I'm sure the people at RIM read Crackberry Forums (this means YOU!)

Then the next OS version removed this control for some silly reason. Since then, I haven't seen this type of control. Also, without wiping the application permission database entirely, you cannot go in and edit/see what the settings are for each specific app... ragardless of the screen you're seeing when you go to edit the app permissions. It also seems that when an app is uninstalled, the permissions set for it are NOT removed from the app permission database. When reinstalled (if the version doesn't change), the app picks up the same old permissions you had set on it before the uninstall.

NICE! Perhaps there is a lobby group that gets RIM in line with the data harvest. I'm sure there is a lot of money on the line

I'm very surprised that no one's seeing this sort of behavior or that Blackberry is still being security certified with these glaring issues...

On reading posts on Crackberry I was surprised to see the same... Hence my post . Hope people wise up enough to get RIM in line. After all we are the ones that actually buy the product.

[belfastdispatcher]

Well, what do you know, I open the paper(daily mail) to find an article about this but only referring to iphone, worst seems to be shazam app that comes preinstalled. Out of 101 apps tested, 47 sent the phone's location and 5 sent age, gender and other personal information and apparently users have no way of stopping the tracking.

Posted from my CrackBerry at wapforums.crackberry.com

[avt123]

Well, what do you know, I open the paper(daily mail) to find an article about this but only referring to iphone, worst seems to be shazam app that comes preinstalled. Out of 101 apps tested, 47 sent the phone's location and 5 sent age, gender and other personal information and apparently users have no way of stopping the tracking.

Posted from my CrackBerry at wapforums.crackberry.com

Is the article saying Shazam comes preinstalled on the iPhone or BB? If it's the iPhone, they are wrong unless European carriers are adding preinstalled apps to the iPhone. But, I do not see Steve Jobs allowing that.

[belfastdispatcher]

Is the article saying Shazam comes preinstalled on the iPhone or BB? If it's the iPhone, they are wrong unless European carriers are adding preinstalled apps to the iPhone. But, I do not see Steve Jobs allowing that.

They are only naming the iphone but make references to smartphones as well, but yes, they say Shazam comes preinstalled and they show the picture of a iphone 4.

Posted from my CrackBerry at wapforums.crackberry.com

[avt123]

They are only naming the iphone but make references to smartphones as well, but yes, they say Shazam comes preinstalled and they show the picture of a iphone 4.

Posted from my CrackBerry at wapforums.crackberry.com

Interesting. I'm surprised Steve is allowing this in Europe. Kinda sounds sketchy.

[sexyboy31]

It would be nice if someone out there that has a clue or maybe even the crack berry team would take a deeper look into this and let us no what we should be allowing and what we should not be allowing I think this will help us all deter main which apps should go or stay and what to better look out for in the future or maybe come up with a list off safe apps that users can look into this would help a lot

Posted from my CrackBerry at wapforums.crackberry.com

[syb0rg]

I thought this only happened in Android and Apple, I thought blackberry was secure and would leach information off of the phone?!?!?!?!?!

WHAT IS THIS WORLD COMING TO ????? THINK OF THE CHILDREN !!!!!