Re: [tlug] Android spyware

[Shawn Brown <big.coffee.lover@example.com>]

> I thought this might interest people with Androids phones.
> ... collects your your phone number, subscriber identification, and even
> your voicemail password ...

> http://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/

That's the problem with Android.

With MIDP/Java the phones were locked.
With iPhone apps requires approval.
With Android it's whatever developers do and users get notified of
broad categories without really knowing what the app does.

The article states:

"The wallpaper app asks for permission to access your “phone calls,”
but that isn’t necessarily a clear warning. While suspicious, Lookout
says there isn’t evidence of malicious behavior."

In anticipation of this event, I (and others) asked the Android team
on their devleoper list to:

1) allow users the option of denying specific privileges to an app.
Answer: Too hard to code and would result in only partially working
apps
2) require the developer to document what the app will do and how
information will be used - sorta a contract that the user could use
Answer: none
3) have google or other ad companied provide a background service to
serve ads so that every app doesn't need permission to do this.  A lot
of extra permissions get written into the apps just to get ads.   This
would make it safer for the user.  Answer:  Google doesn't want to do
that.

For all we know this company was storing the information for you in
case you ever lost it and needed it back.  Of course they weren't
doing that but without a contract between user and developer ... look
you gave them access to your "phone calls".  There needs to be a
requirement ...

Shawn