Senator Demands FTC Probe Over iOS, Android Picture Issue

Status
Not open for further replies.

wiyosaya

Distinguished
Apr 12, 2006
396
0
18,930
IMHO, the title of this article is very misleading. I support a privacy probe as the article states, however, I would not support a "misuse of picture" probe.
 

descendency

Distinguished
Jul 20, 2008
255
0
18,930
lol. I hope he doesn't find out that Windows, OS X, and other OSs can view anything, at any time, and upload it - with or without permission.
 

blazorthon

Distinguished
Sep 24, 2010
761
0
18,960
[citation][nom]COLGeek[/nom]Another case where people with little, or no, understanding of how technology works (or doesn't) getting involved.[/citation]

He doesn't need to understand it, he is calling for others to investigate it. At least he is having people investigate it instead of claiming he knows everything. Way I see it, this is the best possible thing for him to do, within reason, on this subject.

[citation][nom]wiyosaya[/nom]IMHO, the title of this article is very misleading. I support a privacy probe as the article states, however, I would not support a "misuse of picture" probe.[/citation]
An app on the phone decides to take screen shots of your private info (contacts, etc.) when you look at it, maybe when you are calling someone from the contacts list. How would you like the phone to treat said screen shots? Do you mind them being uploaded strait to who knows where? How about the phone taking screen shots when you are browsing the web, or texting someone? So long as Android knows what application is being used and there is a way for other programs to check this, such screen shooting programs could theoretically know what you are doing and take screen shots accordingly. If you have emails listed in your contacts, they could gather targets for email soliciting.

Then there is when these programs decide to upload pictures, possibly including screen shots as I mentioned, possibly pictures that you yourself took. I know for sure that I don't like any of this any more than any person who values their privacy should. In fact, I hate this crap.



If we wanted the SD card to be open so it can be removed, put into a computer, and the computer have access, then they could have simply black listed all applications on the phone from any part of the card that they don't NEED access to. That way, the card gets removed then it is usable from the computer, but the phone programs can't steal data from it unless you let them. Seems to be a simple enough solution.

For the black listing, there could be a management program (maybe make it a part of android) that automatically blocks programs from accessing parts of the SD card unless you let them. For example, your web browser isn't going to have access to your pictures and your camera app will. The programs would be managed by the management program/feature so any programs you install will not have access to anything that you don't tell them they can. That way you can let them only access data that they need instead of giving them access to the whole card. The programs are part of a black list with a white list of what they can access. If it's not in the white list, they are blocked. If the program isn't in the black list at all, it can be blocked from everything unti you let it do something.

The management program/feature could assign appropriate permissions for common applications, others you can just do your self. If you can't figure that out... Well, you were already happy to let it have access to the entire card anyway, you let it do that if you don't mind it.

The idea could use a little work, but I bet a working model could be built around it for application security and privacy control. At least it's a start. That seems to be better than what the companies are willing to do, but they profit from stealing our data so they probably don't care too much unless you throw them into the spotlight.
 

azgard

Distinguished
Dec 20, 2002
52
0
18,580
[citation][nom]caedenv[/nom]I would like an FTC probe into the government's use of my personal data... but that is never going to happen[/citation]

Don't worry, I'm sure they got a probe planned for you now.
 

jaybus

Distinguished
Oct 20, 2006
31
0
18,580
An investigation is needed. If there is any question that "copying or distributing personal information from smartphones, without a user’s consent, constitutes an unfair or deceptive trade practice", then Mr. Schumer and his fellow lawmakers have not done their jobs very well. In addition to the FTC, a federal court should be asked "whether copying or distributing personal information from smartphones, without a user's consent" constitutes theft, espionage, and/or other criminal offenses, as opposed to civil offenses. I think the threat of jail time would better get their FULL attention.
 

back_by_demand

Distinguished
Jul 16, 2009
1,599
0
19,730
iOS and Android, from Apple and Google, who's motto's are:-

bisonbison_cc-by-nc-sa.jpg
 
G

Guest

Guest
Any software installed on a computer can access whatever the user account under which the software is running has permission to access. Your PC at home is at more of a risk than your phone. This is why we have to agree to lengthy EULAs when we install software, and it's why software security professionals exist.

Ultimately what's going to happen is all the security tools we're familiar with on PCs are going to migrate to mobile devices as well. If you don't want a program accessing your files, encrypt them. If you don't want a program to access the Internet, block it with a firewall. If you think you might have a malicious app installed, scan your device using the latest anti-malware definitions.

It's just too impractical for a mobile operating system to have a permission for every feasible action an app might perform. It also doesn't do any good when people just grant permissions without even thinking. The average consumer needs tools that will take care of these things automatically.
 

wiyosaya

Distinguished
Apr 12, 2006
396
0
18,930
[citation][nom]blazorthon[/nom]An app on the phone decides to take screen shots of your private info (contacts, etc.) when you look at it, maybe when you are calling someone from the contacts list.[/citation]
I appreciate your diatribe, and even though you do not think we are, we are on the same page.

If the article were saying that apps were screenshoting user's screens, I would agree with the privacy issues you state. However, the article does not say that. Summed up, the article says personal data is being misused. I support a probe into that.

However, the article title, as I stated, says "Senator Demands FTC Probe Over iOS, Android Picture Issue"

IMHO, it should read

"Senator Demands FTC Probe Over iOS / Android Privacy Issue,"

and that is why Tom's posted notice of looking for an editor who understands the English language as the person who wrote the articles title clearly goofed for one reason or another.

Perhaps until Tom's finds their technical English grammar knowing editor, they should employ a grammar checker.
 

lurkily

Honorable
Mar 6, 2012
1
0
10,510
[citation][nom]blazorthon[/nomThe programs are part of a black list with a white list of what they can access. If it's not in the white list, they are blocked. If the program isn't in the black list at all, it can be blocked from everything unti you let it do something.[/citation]You're suggesting that users of the internet generation push more than "Install" to start uploading their photos to facebook? I see you grew up in an era where attention span and focus were assets.

The problem here isn't that apps are taking permissions without asking for them. The issue is that users are installing apps without thoroughly checking what permissions they are granted. By installing apps that require access to "storage" and "Network communication (full internet access)" you've already agreed to provide those permissions.

This may or may not be the best way of doing things - perhaps a popup asking for those permissions to be granted on the first access of those permissions would be more secure. But I don't think it constitutes abusive negligence on the part of the OS developer, as people seem to be trying to imply. Rather, granting contact list access to an app that should not need it it shows a lack of awareness on the consumer's part.
 

blazorthon

Distinguished
Sep 24, 2010
761
0
18,960
[citation][nom]lurkily[/nom][citation][nom]blazorthon[/nomThe programs are part of a black list with a white list of what they can access. If it's not in the white list, they are blocked. If the program isn't in the black list at all, it can be blocked from everything unti you let it do something.[/citation]You're suggesting that users of the internet generation push more than "Install" to start uploading their photos to facebook? I see you grew up in an era where attention span and focus were assets.The problem here isn't that apps are taking permissions without asking for them. The issue is that users are installing apps without thoroughly checking what permissions they are granted. By installing apps that require access to "storage" and "Network communication (full internet access)" you've already agreed to provide those permissions.This may or may not be the best way of doing things - perhaps a popup asking for those permissions to be granted on the first access of those permissions would be more secure. But I don't think it constitutes abusive negligence on the part of the OS developer, as people seem to be trying to imply. Rather, granting contact list access to an app that should not need it it shows a lack of awareness on the consumer's part.[/citation]

I think that the problem lies with all parties in this case. Yes, users should be more aware of what they are doing instead of just giving complete access to everything, but a program shouldn't ask for access to something that it really shouldn't have access to in the first place and Google shouldn't allow this to be done either. Considering all of this, I think we can probably blame the developers the most (they are, after all, the ones making the privacy invading software), then the users, (they allowed it on the phones), then the makers of the phones/OS on the phones (they allowed the developers to make such software).

If I need a program that let's me tether my Android's 3G connection to my laptop through my Android's WiFi, then it needs access to all of the above parts of the phone. If that program misuses them in any way, how am I supposed to know? What could I do to prevent it if the program is supposed to have access to those things? This may be a point where the user has no choice, they may need to get an internet connection and may have no other way.

Of course, this is an exception, but it's a possibility nonetheless. Most cases are more of the user simply being stupid just because instead of out of necessity. However, the problem still lies in all parties here, not just the user and not just the OS creators and not just the application developers.

Also, let me explain my other comment a little better as it was poorly worded. The programs are in a black list and they are given individual white lists of what parts of the SD card and such they can access. All programs that don't need complete access to the SD card are in the black list so they only get access to the white list of directories they are allowed in. The list manager can auto black list any program you install. It would need to know what most directories in the SD card are used for so it can know what the program needs acces to or it can have preset spots (IE it can have a preset for camera apps that has access to all directories related to the camera. Even if it can't recognize an app as a camera app, you can so you just tell the program permissions manager that it's a camera app and it then has access to the camera and the necessary directories).

My solution wouldn't do anything to stop a program from misusing something it needs to have access to, but it's a start. That is something that Google could do for their Androids, or maybe a third party developer could do it and/or has done it already and I'm not aware of it. Sure, it could take a lot of work, but it's doable. Then we would need the developers to not make apps that misuse stuff the apps are supposed to have access to. The user would often need to tell the program what preset permissions it can have (such as giving camera apps the camera preset permissions I listed and anything else a camera app may need).

There could be preset permissions for internet browsers, internet/network tethering program (they probably don't need access to your pictures directory), etc.

I think it's a long shot, but it seems worth it.
 
Status
Not open for further replies.