03-10-11 05:42 PM
63 123
tools
  1. JRSCCivic98's Avatar
    Because it's "open" and they don't care until people get attacked. Open is all good and well but if this is what I make myself vulnerable to, then no thanks. I rather them become a little less "open" to protect users than to just be happy to allow any and everything on your device.
    So what's RIM's excuse then with JaredCo?

    Give me a break. The "open" platform designation doesn't mean let developers write malitious code for it. Windows isn't open and people write crap for it every day. That's not a good enough excuse and as others have said above, an open platform is about user control over it, not getting reemed by the apps in the platforms app store. If they were using open sites like Cydia or something along those lines to install their apps I wouldn't have an issue with it, but when those malitious apps come off the company's own app stores, I have an issue with it.
    03-02-11 11:07 AM
  2. scorpiodsu's Avatar
    So what's RIM's excuse then with JaredCo?

    Give me a break. The "open" platform designation doesn't mean let developers write malitious code for it. Windows isn't open and people write crap for it every day. That's not a good enough excuse and as others have said above, an open platform is about user control over it, not getting reemed by the apps in the platforms app store. If they were using open sites like Cydia or something along those lines to install their apps I wouldn't have an issue with it, but when those malitious apps come off the company's own app stores, I have an issue with it.
    I fully agree. I wasn't using it as an excuse but more of a dig at what people proclaim to be so great about the platform. The "openness" of Android shouldn't allow these types of apps to be distributed directly through their market. You're right, it's one thing to go outside the market and download a harmful app and another to get it directly from the market. Frankly, I'm sick of the whole "open" argument. If open means Google doesn't watch what goes into their market then that's a problem. I'd rather have tighter controls, quality and more security than allows any and everything on the platform. Maybe not Apple tight, but not Google "loose".

    I wonder what's google's definition of "open" compared to users. Is it only allowing the user to have control or allow users to put anything on it without restriction. When was the last time they rejected an App and we heard about it? People are always making a big deal when Apple rejects an app. So I agree with you.... maybe Google need to tweak what "openness" should really mean to the end user.
    Last edited by scorpiodsu; 03-02-11 at 11:27 AM.
    03-02-11 11:24 AM
  3. rayzryd266's Avatar
    It would seem like discussing the permission settings would be helpful in a thread like this. I would suspect that most users don't have a clue what they are for and therefore allow everything when an app or theme asks for it.

    I agree that RIM should monitor this better and that would benefit everyone involved - but the user has to take a little credit for the faults if they blindly jump into this as well. Just my opinion
    03-02-11 11:26 AM
  4. scorpiodsu's Avatar
    It would seem like discussing the permission settings would be helpful in a thread like this. I would suspect that most users don't have a clue what they are for and therefore allow everything when an app or theme asks for it.

    I agree that RIM should monitor this better and that would benefit everyone involved - but the user has to take a little credit for the faults if they blindly jump into this as well. Just my opinion
    I agree but I'm wondering if these apps really had any permission settings that are much different than other apps that aren't dangerous. Sometimes the permission settings are very broad like "access to location information". That tells me what you have access to but not what you will use it for. And some of the other broad permissions as well. I agree some fault is with the user if they don't pay attention BUT at the same time, they should have never been in the market in the first place. It would appear that Google doesn't care what goes in their and have no idea what they do to their users devices and data and that's not protecting the user at all. As smart phone users you do place some type of trust in your manufacturer/platform to do their due diligence to keep harmful threats away. Apparently, either Google doesn't care until it's too late or because they are so "open". Who knows.
    03-02-11 11:39 AM
  5. JRSCCivic98's Avatar
    It would seem like discussing the permission settings would be helpful in a thread like this. I would suspect that most users don't have a clue what they are for and therefore allow everything when an app or theme asks for it.

    I agree that RIM should monitor this better and that would benefit everyone involved - but the user has to take a little credit for the faults if they blindly jump into this as well. Just my opinion
    This is a moot point because if I write an app that does contact management (let's say adding in numbers from the call log to existing contacts), then my app needs full access to both the Phone and Contacts on a BB. Once I have that, I can farm any info I need. There are no finer permissions than that which would depict that I only have permission to read the call log and write to the Contacts database but not read the call log and send that info elsewhere. Because of this, even BB isn't secure from these type of threats.
    03-02-11 11:49 AM
  6. scorpiodsu's Avatar
    This is a moot point because if I write an app that does contact management (let's say adding in numbers from the call log to existing contacts), then my app needs full access to both the Phone and Contacts on a BB. Once I have that, I can farm any info I need. There are no finer permissions than that which would depict that I only have permission to read the call log and write to the Contacts database but not read the call log and send that info elsewhere. Because of this, even BB isn't secure from these type of threats.
    Exactly. The permissions just tell what the apps has access to but not what can be done with that info now that it has access. There are no "fine prints" that say "This application may or may not use the contact information on this device to.......".

    I'm not 100% sure but I think when developers submit apps to Apple they have to submit both the permissions and what can/will be done with that and has to be approved. A little more scrutiny doesn't hurt us.
    03-02-11 11:56 AM
  7. kbz1960's Avatar
    So what's RIM's excuse then with JaredCo?

    Give me a break. The "open" platform designation doesn't mean let developers write malitious code for it. Windows isn't open and people write crap for it every day. That's not a good enough excuse and as others have said above, an open platform is about user control over it, not getting reemed by the apps in the platforms app store. If they were using open sites like Cydia or something along those lines to install their apps I wouldn't have an issue with it, but when those malitious apps come off the company's own app stores, I have an issue with it.
    Exactly if you get an app from an approved central location you should be assured it is safe. If you download apps from screwyou.com you should expect maybe something won't be right with it.
    03-02-11 01:13 PM
  8. rayzryd266's Avatar
    This is a moot point because if I write an app that does contact management (let's say adding in numbers from the call log to existing contacts), then my app needs full access to both the Phone and Contacts on a BB. Once I have that, I can farm any info I need. There are no finer permissions than that which would depict that I only have permission to read the call log and write to the Contacts database but not read the call log and send that info elsewhere. Because of this, even BB isn't secure from these type of threats.
    If this is the case it really falls back on the developers (if they plan to utilize the information in a way other than what the app was intended for). In that case what would be the solution? RIM can't possibly know the intent of every developer (and in all honesty....how hard would it be to flat out lie about your app or your intentions with it?). It would be near impossible to filter out all the potential hazards (short of hiring your own developing team and banning all others).

    Idk...I wish there were an easier solution
    03-02-11 02:25 PM
  9. howarmat's Avatar
    If this is the case it really falls back on the developers (if they plan to utilize the information in a way other than what the app was intended for). In that case what would be the solution? RIM can't possibly know the intent of every developer (and in all honesty....how hard would it be to flat out lie about your app or your intentions with it?). It would be near impossible to filter out all the potential hazards (short of hiring your own developing team and banning all others).

    Idk...I wish there were an easier solution
    except for the fact that there are KNOWN apps doing **** and yet RIM has not pulled them from the market. so they are turn a blind eye and letting people download the apps and get screwed while the customer has no clue.
    Rickroller likes this.
    03-02-11 02:27 PM
  10. JRSCCivic98's Avatar
    If this is the case it really falls back on the developers (if they plan to utilize the information in a way other than what the app was intended for). In that case what would be the solution? RIM can't possibly know the intent of every developer (and in all honesty....how hard would it be to flat out lie about your app or your intentions with it?). It would be near impossible to filter out all the potential hazards (short of hiring your own developing team and banning all others).

    Idk...I wish there were an easier solution
    There is a solution. RIM can run every app through a virtual machine debugger and see exactly what each app does along the way. If they were to do this with every app before publishing it as part of regular certification process, we wouldn't be here talking.
    03-02-11 08:28 PM
  11. i7guy's Avatar
    There is a solution. RIM can run every app through a virtual machine debugger and see exactly what each app does along the way. If they were to do this with every app before publishing it as part of regular certification process, we wouldn't be here talking.
    Apple and Android could do the exact same thing. I do this on Windows using virtual machines., malware products and network traffic analyzers.
    03-02-11 10:25 PM
  12. BBMINI's Avatar
    except for the fact that there are KNOWN apps doing **** and yet RIM has not pulled them from the market. so they are turn a blind eye and letting people download the apps and get screwed while the customer has no clue.
    Correct. This is incredibly irritating to me that Jared Co and other backhanded developers are still on AppWorld. It's a shame to see all the glaring, excited reviews on AppWorld of JaredCo's "Flashlight" app, only to think about how those folks don't know what they've really just downloaded.

    Related to that, I was very proud of Kevin, CB and MobiHand when Kevin announced the removal of JaredCo's apps from MobiHand due to CB community feedback (see Kevin's posts here: http://forums.crackberry.com/f19/why...r-apps-569582/. He mentioned that he was also going to escalate the complaints to RIM, but we'll see if anything comes of that. My guess, unfortunately, is No.
    03-10-11 05:28 PM
  13. BBMINI's Avatar
    ^^^ UPDATE: MobiHand unfortunately still offers 15 BB apps by JaredCo. Sorry to accidentally mislead anyone, but I've just discovered this. I also posted an update in the other JaredCo-related thread referenced above. They're gone from CB's store but not from MobiHand like Kevin had claimed. Not meaning to hijack the thread, but wanted to clarify my previous post since I had thought MH had totally removed JaredCo's apps -- evidently not.
    03-10-11 05:42 PM
63 123
LINK TO POST COPIED TO CLIPBOARD