[Radius]

I have two crazy ideas.

#1: The end user should know that any dialog showing up asking about permissions should at least be a little concerned or curious to see it and should perhaps ask someone what it means. Otherwise, give the kid a gun. It might not be pretty but it's sometimes good for a laugh.

#2: I'm not sure this one has come up before, but don't install the application if you're concerned about it.

Posted from my CrackBerry at wapforums.crackberry.com

[Radius]

I think he just wants apps that are not going to ask for an extra information that is NOT relevant to the app itself.....

Or at least thats what I'm getting out of it...

What if it's just asking as a default? Just because you allow access to all services doesn't mean it uses them. And that's the catch.

I'm pretty sure QuickPull doesn't care if it has access to a phonebook or not, yet the permission is enabled.

Posted from my CrackBerry at wapforums.crackberry.com

[Shao128]

I think he just wants apps that are not going to ask for an extra information that is NOT relevant to the app itself.....

Or at least thats what I'm getting out of it...

And that is completely fair and I completely understand that point. The easiest way to deal with that is with your wallet. Don't buy the app. You could also contact the developer and ask why it is asking for that permission. It may even just be a mistake in their code. Then if all else fails, post about it either on forums or as a review for the app.

The OP has come across (first from his thread title) that this is a problem with BlackBerry. And then from a previous post (before I corrected him) that the permissions are given with a single click with the user not knowing what they are agreeing to.

[joeldf]

Right there is says QP wants access to Location Data. If you do not want to provide that, deny it and uninstall. What more do you want RIM to do for you in this case? They've protected you as much as they can, but its up to you to do the rest.

I have to ask, but why "uninstall". Couldn't you just "deny" access to the location data, but still leave it installed?

[Shao128]

I have to ask, but why "uninstall". Couldn't you just "deny" access to the location data, but still leave it installed?

Yes, you could, but it depends how the app is written. Some apps may function normally just without a certain feature, others may refuse to run at all until that permission is granted.

[Pi Guy 3.14]

Hey Shao, as a developer, do you require people to enable all of the permissions? If so, are you able to access/extract ANYTHING from the end user?

I think I already know the answer, but I want to hear it from you. Bc if you say you're not able to extract that info then that should be that answer to the OP questions/concerns...

Posted from my CrackBerry at wapforums.crackberry.com

[Rider-on-the-storm]

I think he just wants apps that are not going to ask for an extra information that is NOT relevant to the app itself.....

Or at least thats what I'm getting out of it...

Yup.


And, these apps, that are obvious attempts to gain access to unrelated resources could be tossed out of app world all together?

Thats what RIM can do for me.

I see this as a big deal, obviously I am alone. It almost seems that this forum may be slanted due to the percentage of developers that come here etc..
But, you guys need to put yourselves in a non-geek/ owners position, what if a kid was given a BB after destroying his iPhone? The apps are locked down pretty tight in the App Store, but we can clearly see that free apps in appworld could be used by a developer to track the child's movements, speed, shopping habits and a host of other things that may not be legal in all states.

He/she did not agree to a EULA, they were never informed.

I wonder if, for example, developers like Steelthorn would ever be willing to adjust the app?

[Shao128]

Yup.


And, these apps, that are obvious attempts to gain access to unrelated resources could be tossed out of app world all together?

Thats what RIM can do for me.

If the app isnt doing anything with that data then its just poor programming. Because the app requested the permission does not mean its doing anything bad. Maybe RIM looked at it and decided it was safe? Maybe they didnt but we dont know. Why not contact AppWorld support and let them know of your concern? BlackBerry - App World Help �€“ Connect to App World Support Have you emailed the developer to ask why it needs that permission?

You have it in your head that everyone is defending apps that do something like spy. But no one here is saying that. Why do you continue to imply that? We are saying if you install apps and are worried dont allow extra permissions, that is it. We are trying to explain how to protect yourself, not saying that it is ok for apps to spy on you.

[Shao128]

Hey Shao, as a developer, do you require people to enable all of the permissions? If so, are you able to access/extract ANYTHING from the end user?

I think I already know the answer, but I want to hear it from you. Bc if you say you're not able to extract that info then that should be that answer to the OP questions/concerns...

This reply will get lengthy but I going to go into a bit of detail just so that people understand a little better about permissions.

I will admit for FlashOn to simplify the instructions I just say set permissions to allow. That was just laziness at the time of release (theres a whole back story to it, you can find it on the forums) so the release was rushed in a day to get it out. Anyhow, I never properly integrated the permissions manager to ask for the specific permission it needs, but it just needs input simulation enabled beyond the default and anyone who emails or contacts me to ask about it I let them know they can just leave everything else at default. When I get around to updating it again Ill fix that.

Beyond that my main apps... Wallpaper Changer doesnt need anything about default. SearchIt connects to google for suggestions and it will prompt for that. Leave It On requires input simulation and an SMS listener above default permissions so it prompts for that and nothing more.

Now that all being said if an app does request all permissions and they are granted they can do a lot of things that the user may not want.

When you grant an application trusted permissions you give it the default permissions RIM thinks is fair to give an application. It gives safe enough permissions that the app really can't "Spy" on the user or do much out of its little area.

When an app wants to go beyond that couple things could happen.

1) The OS will tell you that the app is trying to do something, for example, "MyApp is trying to establish an http connection with google.com" and gives the user the option to allow or deny this.

2) The app itself will prompt for permission, that is the "MyApp is requesting changes to its application control permissions" dialog that shows. The BB API allows for the app to check which permissions it has, and then prompt the user to change them if they are denied.

3) The app will fail. If the app doesnt check its permissions and is trying to do something that is denied the code will not run.

A properly written app will only ask for permissions it needs and nothing more.

So then what can an app do if all permissions are set to allow? Well this part is what can be scarey to people. A lot can be done. In theory an app could connect to a server and relay every email, sms, gps location etc... But keep in mind this is not specific of the BlackBerry OS, it could relate to any OS whether it be on the desktop or smartphone.

Ill use an example of SmrtGuard, its a great app and fits this example Im going to make. SmrtGuard its great in the way that if your phone is lost or stolen you can remotely wipe and track it. But what would stop an app developer from creating a spyware app to do the same thing? Nothing. So if those API were restricted by RIM apps like SmrtGuard would not be possible.

There are permissions to send and receive SMs, which could be used to spy on someone. But then we wouldn't have apps like CrunchSMS because it needs to send and receive SMS. Apps like BerryBuzz wouldnt be able to change the LED colour when a new SMS or email arrives because they too need to "listen" to them.

These are just a couple examples, the BB API has plenty more that can be done (and plenty it can't :P), that could allow for developers to do things that spy on users, but so does every other OS.

So yes to answer your question simply, a lot can be done with allowed permissions. It doesnt mean every app is spying on you or doing something it shouldnt. Thats why the best thing a user can do is educate themselves and just not allow everything an app requests if they are concerned. In my opinion RIM has done a decent job of letting the user know when an app is doing something beyond just normal permissions and gives them a chance to say no.

Also just to note, many many of the APIs that do anything beyond just basic stuff require the application to be signed. So a developer has to purchase signing keys from RIM (they dont cost much though) for their app to run.

If anyones really interested to see what is capable on a BB device you can have a look at the API here: BlackBerry JDE 5.0.0 API Reference a lot of it is easy to understand. Heres a description from Location (since it relates to the OP):

The Location class represents the standard set of basic location information. This includes the timestamped coordinates, accuracy, speed, heading, and information about the positioning method used for the location, plus an optional address.

Sorry for going for so long but hope that answers some questions

[weblou]

What if that chick is he's sister bro LOL

What's he/she going to hear? About how I'm degrading the chick I was with last
night?
So as already stated, just uninstall the app if you don't like it needing your GPS
location. It's just that simple.

Posted from my CrackBerry at wapforums.crackberry.com

[belfastdispatcher]

I have a mate who build an app for android. He also asks for location permissions but it's just that he can find out where are the most people that buy his app. Turned out to be asia.

Posted from my CrackBerry at wapforums.crackberry.com

[Branta]

I have a mate who build an app for android. He also asks for location permissions but it's just that he can find out where are the most people that buy his app.

That is a classical example of an untrustworthy developer. Permissions and features should be restricted to the functionality required for the application to perform its task. IOW it should do what it says on the box and not have hidden spy features.

Presuming that "sale" means he knows and records the identity of the buyer, here in Europe he would be almost certainly be breaking the data protection laws and at risk of prosecution. There is also the possibility of a criminal prosecution for illegally accessing a computer to retrieve location data.

[ruger141]

I'm gonna have to agree with the OP as well. I dont know too much about the permissions but I still feel leary when an app says it needs permission for something that should not be needed for that app. I only get my apps from App World as well. I dont like the argument "dont install it then" because every app I have would be ruled out then. A good example that is related: I like how I can have a Popup blocker on my PC and it will block popups but I can still view the webpage I intended to, I also have the option to view the popups if I like. So It should be setup in a way that you can choose what things you want an app to be able to have access to and block others and the app function fine as long as you dont block something that will obviously (for the average person) interfere with the app.

[jrdtechdotnet]

Yup.


And, these apps, that are obvious attempts to gain access to unrelated resources could be tossed out of app world all together?

Thats what RIM can do for me.

I see this as a big deal, obviously I am alone. It almost seems that this forum may be slanted due to the percentage of developers that come here etc..
But, you guys need to put yourselves in a non-geek/ owners position, what if a kid was given a BB after destroying his iPhone? The apps are locked down pretty tight in the App Store, but we can clearly see that free apps in appworld could be used by a developer to track the child's movements, speed, shopping habits and a host of other things that may not be legal in all states.

He/she did not agree to a EULA, they were never informed.

I wonder if, for example, developers like Steelthorn would ever be willing to adjust the app?

1. Free never ever means free, your paying for free apps in advertisements, data mining or both.
2. Personal Responsibility, it's up to you to know what your installing and how to adjust permissions.
3. What moron parent buys their kid an iPhone or Blackberry and why should everyone else have to deal with restrictions on apps because little Johnny wants to play with his phone?

One thing I will agree with is that EULA's should be available to read BEFORE you download and start the installation process.