NB: marked [OT] in subject, I believe in conformance with an earlier discussion on Android topics on Linux-IL (that I am too lazy to dig up a link to in the archives).
On Tue, Oct 4, 2011 at 6:29 PM, sara fink <[email protected]> wrote: > Why -and when - did HTC "decide" to log user activity? Surely that's a > breach of privacy? Not in itself. It's logged locally, on your device And it is not particularly unusual. The problem is that the context is different from what we (Linux users) are used to. Any system records user activity. UNIX/Linux has logs, last(1), shell history, process audit, etc., etc. Your browser has a history. One can go on and on. We all hope that a random user level application does not collect information from those logs and send it to the internet. In some cases it is forbidden by security measures (e.g., /var/log/messages cannot be read by applications without privileges). In some cases, the only recourse is audit (by whatever means necessary) or trust. Assume you install a binary application written by John Q. Malicious (or Skype/Microsoft, just to stir things up a bit :) - as a regular user. And you run it as you. Nothing (nothing a casual user is capable of, that is) will prevent this application from reading your shell command history, browser cookies and history, your ~/.ssh/id_rsa, etc. All of those are readable by you, and by running the application you gave it your credentials. If it sends packets to the internet without you noticing it, it's your problem. if your computer is employer-provided and you are clueless then you installing random software on it is the sysadmin's headache. The problem with smartphones that some sensitive information is available to regular users. When you install Android applications, you are supposed to check what facilities it can access. E.g., a reminder application has a reasonable need to access your contacts (you want to look up a contact when making a reminder to call him) and phone state (don't interrupt phone calls, light up the display if it is dark, etc.). It probably does not need to access internet. Did it ask at installation time? Did you say yes? Have you checked that it doesn't, in fact, access the internet and send all your contacts to telemarketing providers or to Hezballah? If this is a package that provides location information to something like Waze needs to access the network and your location info. If you install and enable it it is assumed you understand the risks. The problem with (some) HTCs was that it opened the logs to everyone regardless of permissions (if I understood correctly). A related problem is that so many apps are ad-funded (which is not common on Linux) and thus request internet access - to get the ads - that they wouldn't need otherwise. And people used to installing stuff by clicking "next" repeatedly don't stop and think. Oh, and something named androidvncserver.apk and installed by default by HTC does look scary... -- Oleg Goldshmidt | [email protected] _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
