07-25-11 12:38 PM
30 12
tools
  1. blackjack93117's Avatar
    Here is an alternate theory. Disclaimer: it is shear speculation - the best way to find out for certain is to contact the developer and ask.

    I think perhaps that the developer has created an HD movie and thinks that it may be of interest to some users. In the early release, his app downloaded the movie to the shared directory and everything worked fine. He then became worried that users could bypass the app and simply play the movie. So he made some changes, perhaps to download the content to the application data directory (which is inaccessible to the public.) At this point, something has gone horribly wrong and he is frantically trying to troubleshoot the problem and fix the app.

    The way that App World is currently set up makes makes it extremely difficult to correct a problem like this one. It is impossible for the developer to revert back to a previous version while corrections are being coded and tested. And it could take several days for the new version to be approved by the testing house.

    There is only one way to find out for sure - ask him via the support email address. He probably does not appreciate more people writing negative reviews about his app. He most certainly does not appreciate people speculating that his app is malware.
    And I as a user I am supposed to trust the developer because he says so, and because some people are happy with it that dont realize their data has been sucked out? I'm supposed to serve and worship the developer and worry if he appreciates me or not? What planet are you from? The planet Moron?

    I wasn't born to make developers happy I am the customer, remember? You're supposed to make me happy.

    Dont cry on my shoulder about how tough it is to be a developer - do something else if you dont like it.
    .
    Last edited by blackjack93117; 07-25-11 at 06:53 AM.
    07-25-11 06:35 AM
  2. blackjack93117's Avatar
    If I were anything resembling a serious developer, I'd state up front in my description that:

    1. I need to access your files
    2. Why I need to access your files
    3. What specifically I will and will not access and what I will and will not do with the information

    Snapple just had their little SNAFU with the secret GPS files, many studies are out indicating that application developers are harvesting information like plagues of tics and leeches to blood.

    This is an era of very severe and worsening privacy violation. Some of our pictures and information could cost us our jobs or worse if it got in the wrong place.

    The burden is not in any way, shape or form on the consumer to do anything but protect him or herself. Nowhere in the fireplace description was there mention of why the sudden shift to needing files access. No surprise whatsoever that some got confused or disoriented. The fact that some people are happy with the application is a complete red herring to the issue. We have no idea if their privacy has been compromised or not.
    EXACTLY. Well said.
    Thank you.
    Last edited by blackjack93117; 07-25-11 at 06:55 AM.
    07-25-11 06:40 AM
  3. blackjack93117's Avatar
    By the way is the planet Moron on your star chart? I may want to move there if everyone trusts every one and nobody ever does anything malicious. It sounds like I could take advantage of these people fairly easily.

    Nah sounds like they all have to worship and bow down to the whims of the smartass developer gods and worry about whether they are pleased with me or not. I just couldn't do that.
    Last edited by blackjack93117; 07-25-11 at 07:09 AM.
    07-25-11 07:02 AM
  4. BuzzStarField's Avatar
    If I were anything resembling a serious developer, I'd state up front in my description that:

    1. I need to access your files
    2. Why I need to access your files
    3. What specifically I will and will not access and what I will and will not do with the information

    Snapple just had their little SNAFU with the secret GPS files, many studies are out indicating that application developers are harvesting information like plagues of tics and leeches to blood.

    This is an era of very severe and worsening privacy violation. Some of our pictures and information could cost us our jobs or worse if it got in the wrong place.

    The burden is not in any way, shape or form on the consumer to do anything but protect him or herself. Nowhere in the fireplace description was there mention of why the sudden shift to needing files access. No surprise whatsoever that some got confused or disoriented. The fact that some people are happy with the application is a complete red herring to the issue. We have no idea if their privacy has been compromised or not.

    P.S.

    The word is "sheer"
    You raise some very good points here. The author of the Fireplace app did not do a very good job of communicating why he need to access the file system. It would be wrong, however to assume that is entirely his fault.

    Developers are required to ask for permission to use the security-sensitive features They do this by including an entry in a config file for each requested feature. But there is no way to specify why the services are required.

    As a result the user is confronted with a scary dialog which demands access but does not explain why that access is necessary. All too many people are intimidated by this dialog and refuse access, thereby rendering the app non-functional.

    I think it would be much better there was an extra property in the config file so that the security-permissions dialog could fully communicate the security requirements in a user-friendly way.

    Note that I am in no way excusing the developer for not including important information in the app's description. But it would be sheer folly to think that every consumer will read (and understand) all of the fine print before hitting the install button. And even fewer consumers take the time to re-read the description prior to downloading an update.
    07-25-11 11:29 AM
  5. Maestrodog's Avatar
    You're correct that there's no way people will do the reading--they don't read the lowdown on their own meds half the time.

    What's more, I bet a whole lot of developers are clueless to the security holes in the application universe themselves. They create some little app with no ill will at all, without regarding the bigger concerns of the more security-conscious users, which astonishingly is a small segment of the population.

    Nevertheless, the problems are growing by leaps and bounds and only developers and manufacturers can take the lead. The one bad apple in a hundred, pun intended, can spoil your entire privacy. No one looks out for the little guy but the little guy, and you can count on some of us to gripe and provoke when there isn't a clear understanding of what's going on.

    Whatever the fallout of clueless users who don't avail themselves of clear instructions, if the information is put into the description, you avoid freaking out both power users and proper users, who will then propagate the information in places like this forum, where the word gets out even further. You create a user-friendly environment where you will increase not only respect and sales but minimize the burden on your own support and service operations.

    Seems a more than obvious move until providers create more secure environments for people to do computing.

    P.S.

    Good point about the dialog that demands access. The way it's written on the PlayBook, the only sensible answer is **** NO!

    They're not unlike a well-dressed stranger outside an airport bathroom saying "Want me to mind your luggage for you while you go inside?"

    Mobile computing is a tricky, fishy, young and unproven business at best. I count on RIM to offer a much better improvement on PlayBook application security both in operations and communications. This is essential now, but will be mission-critical when they allow the foul, privacy-gobbling offices of GOOG unto the scene.

    They would be idiots to count on the majority of users remaining naive about the risks and continuing to download away. Just like fools who used to ignore firewalls and anti-virus on their desktops in the early days--once bitten, twice shy.
    BuzzStarField likes this.
    07-25-11 12:38 PM
30 12
LINK TO POST COPIED TO CLIPBOARD