> (Chris) > Keep it in perspective: All Mac OS X/Linux/Windows apps can access all your > information all the time.
True enough, but my Linux doesn't automatically connect to the Internet whenever it wants to, keeps my computer from sleeping, or automatically has ANYONE to send my contact information to. App developers do (or might). > (Disconnect) > It would make it entirely too easy to cut into ad revenue though, which means > it is not in line with google's goals for the platform. Going forward, it seems the carriers themselves will force developers to develop apps differently. E.G., AT&T recently announced no more "unlimited data plans." Apps that require full internet access may find themselves with no users, or worse, overwhelmed with complaints about data charges. > (William) > As someone who researches Android security, I know that the manual update is > a result of a permission change, so I take note of the permissions, and then > I go > back to Android's application manager to see what the old permissions were. > For example, Shazam recently added location permissions. I've never gotten "update successful" and always have to manually download updates. I have the Market notifications set to notify me. Like you, I've been keeping a log too, but it's too time-consuming and if I don't routinely use the app, I end up just uninstalling it. All the current information on the Internet keeps saying "don't download the app if you don't trust the developer." That is not an answer to me. How are we supposed to know if we trust them or not considering how new the Market and the developers are? Seems to me an easier way to get around all this is to go ahead and let the apps list their requested permissions before install, and as I use the app, before they actually need access to my contacts (for example), they need to let me choose yes or no based on what I'm requesting the app to do. I doubt needing access to my contacts would make or break an app's functionality--unless I specifically tell the app to "do this using my contact data." Otherwise, stay out of my private information. Period. When a barcode app requires full internet access and read/write access to calendars and contacts, for example, how can I trust that you're not collecting all my data and instantly sending it to storage on some server? I've even had to stop using and uninstall Google's "voice input" feature, unfortunately. In its Privacy Policy and Terms of Use, it clearly states that the audio recording is sent back to Google's server and stored there. Now, for the most part, I wouldn't be concerned about Google having audio copies of my text messages or "call John" inputs. But I like to use an app called CipherLog... kind of an online journal/diary, and it's much faster to input my thoughts using Google's voice input. But I surely don't want Google to have and store audio copies of my private thoughts and entries! William, I'd like to read some of your work on Android security if you wouldn't mind. Jim
