Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code 150
New submitter Brett W (3715683) writes The security researchers that first published the 'Heartbleed' vulnerabilities in OpenSSL have spent the last few months auditing the Top 50 downloaded Android apps for vulnerabilities and have found issues with at least half of them. Many send user data to ad networks without consent, potentially without the publisher or even the app developer being aware of it. Quite a few also send private data across the network in plain text. The full study is due out later this week.
Re:What alternative could be built? (Score:3, Interesting)
How would an ecosystem be designed not to have these sorts of holes but also not to restrict what the owner of a device can use it for?
Just look at the Xprivacy extension for rooted android phones. Even iPhones let you disable app permissions. What has Google done about the issue? They reduced permissions into groups so users couldn't even know exactly what their apps have access to any more. Oh, and block apps from writing to most of the external SD card, but they can do whatever they want to the internal one. Guess Google doesn't like privacy or SD cards.
Let's see the list of spyware (Score:5, Interesting)
Let's see this list of spyware. Will Google kick them out of the Android store? Will the FBI prosecute the developers for "exceeding authorized access" under the Computer Fraud and Abuse Act? If not, why not?
Re: What alternative could be built? (Score:5, Interesting)
Internal memory and internal SD card are two separate things in Android. Internal SD card is simply a part of the internal NAND that the OS treats like a normal SD card. Many phones don't support external SD cards but have moderate amounts of storage, so they compromise.
I'm not sure I follow.
Many phones don't support external SD cards, but officially their apis still need to support external storage with internal SD memory anyway, otherwise they won't pass the Compatibility Test Suite [android.com].
The problem is that the internal SD card and external SD card are treated differently.
Android apps by default work off the internal SD card. It's actually a separate partition that's mounted at the same place as old phones used for external SD cards. You can't change the default to use an external card. You can't recover space from that internal partition.*
Here's the kicker. Now external SD cards are mounted somewhere else. (/mnt/extSD) The thing is that many apps don't work with the external SD card. Especially after the latest android release. With android KitKat apps with the, misnamed, external storage permission can read and write anywhere on the internal card. The problem is that now they can read anywhere on the external card, but can only write to a directory on it which is something like "/mnt/extSD/data/app.name" There are a few exceptions for system apps like the camera, but regular apps have to use this weird naming scheme.
It's actually a good security feature, but the fact they don't apply it to the internal SD card just seems to be Google deliberately moving people away from phones with an external SD card. Not cool.
*Without rooting, and knowing exactly what you're doing at least. No way a non expert is doing this.
Re: Not surprised (Score:1, Interesting)
You know what else? Nobody cares that you're not privacy conscious, and quit trying to turn the term into some kind of insult. It's not, but simple minds kind of annoy the rest of us.
Re:Games are underspecified (Score:5, Interesting)
I can think of a third. I had no idea fdoid existed until reading these posts. Outside of rooting my phone ans removing a bunch of garbage, i never really looked for more than a few apps and i wont update those due to expanded permisions i find too intrusive.
That being said, now that i know, i will likely use it when i change phones again in about 2 weeks.