Android apps harvest data even after you deny permissions!

Hi all,
Looks like /e/'s mission just got harder: https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/
I feel sick.
Google will only address this in Android Q, can /e/ find a way to fix this on P, O and N?
Cheers :slight_smile:

u can use an app like AFWall+

I don’t think AFWall+ is going to cure this issue. To me it just further confirms my thoughts that the real data mining risk is not Android or iOS, but the apps. What we ideally need is a better app scan to give a true security rating in the app store. At the moment there is no adjustment to the security rating for apps which data mine directly, so Google apps get a better security rating than competing apps. Similarly the security rating should consider apps like those mentioned which circumvent the Android permissions system.

1 Like

I use it and I have apps that shouldn’t go online but after installing AFWall+ I found out that they go (connect to Facebook, for example but they don’t declare it)… you can see it because AFWall+ blocks them… so, do something (AFWall +, Blokada, etc…) it’s better than nothing, it’s a significant improvement.
If you only scan your apps but don’t block the network connection you can only uninstall it. Maybe this app is useful and unique for you but you can’t use it. Instead you could keep that app, use it but block/control it with AFWall+. You choose, but as you can see, AFWall+ is useful and better than scan only, it’s like a multiapp patching system…

Otherwise don’t connect to the network, use a 2G (until 2G BTS will exists) mobile phone without GPS, bluetooth, wifi, etc… if someone decides, you will still be traced, approximately, through BTS triangulation and will always remain the possibility of being intercepted (fake BTS, imsi-catcher). For me this, at the moment, isn’t a big problem but I definitely don’t like it.
In Europe we have one of the best regulations (and principles) on privacy (which not everyone respects, of course). But imagine in other countries what is permissible to do…

An OS without a firewall? unthinkable for me. So the problem is also the OS, not just the apps (think about big G apps and big G tracking/logging: how can you write that the problem is not the OS?). Because I, the owner of my device, have to be able to have full control, OS and apps.
If you design an OS without Firewall and other security systems it’s because you want to let the apps manufacturers work quite freely. They use you to give you their free app. And we know it, if it’s free, but commercial, the company earns, you are the product. For me it’s clear.

3 Likes

I agree that some type of firewall is essential these days. However it does not help with the example they provided in the article, shutterfly. To use the app it must have access to the shutterfly server, but that same connection is used to push “denied” data.

As for the OS no denying the OS is uploading all sorts of data, but I feel that apps are more invasive. Also Google and Apple while not entirely honest must at least maintain an air of “plausible deniability” or “ability to justify why required” as to what data they harvest, while apps have no such limits, as quoted in the article some apps scan the storage space looking for data to harvest. Further Google data mining goes to Google. Apple data mining goes to Apple, app data gets sprayed across hundreds of unknown and generally undesirable places.

The only real solution to this problem is for us to move to decentralised data and web structures using things like SAFE Net and Solid. I know that @gael has shown some interest in Solid, but it’s far from ready to roll out to even the technically minded community of /e/.

My vision is for everyone to be able to store and control all of their data from their mobile phone - no need for another computer, no need for a centralised cloud service. Solid running on a smartphone and using SAFE Net for the distribution and backup (that’s a very simple view of this tech!) would be awesome.

When will these technologies be ready to use with /e/? When will /e/ be ready to accept these technologies? Who knows, but as far as I’m concerned the sooner the better.

Cheers :slight_smile:

What about Serval? That’s an interesting concept.

What’s this?

thank you

Mesh network. Network without internet and anything else (towers, wires, etc.). You can call, send sms, share files.

Mesh networking doesn’t overcome the problem explained in that CNet article.

Serval’s a nice project though.

Cheers :slight_smile: