[HN Gopher] Oops: Google admits failing to wipe all Android apps...
___________________________________________________________________
Oops: Google admits failing to wipe all Android apps with location-
tracking X-Mo
Author : based2
Score : 68 points
Date : 2021-02-06 19:29 UTC (3 hours ago)
(HTM) web link (www.theregister.com)
(TXT) w3m dump (www.theregister.com)
| swiley wrote:
| App stores protect the products built by OS vendors, they do
| nothing for users.
| qwertox wrote:
| One question: On Android, when I disable access to location for a
| specific app, does the library have a way to access the location
| anyway? My belief is that no, that it can't do that, but I may be
| wrong.
|
| What if library "A" is included in a background app with access
| to location services, it then locally broadcasts via UDP or
| listens on a TCP port for incoming local connections, so that a
| library "B" can either listen to those UDP broadcasts or connects
| to the local TCP port of library "A" to receive the location
| data. Is this a possible scenario? Is Android monitoring such a
| behavior?
| sp332 wrote:
| Sure it's possible, and I don't think that's part of the
| security model. If you're letting app/library "A" access your
| location, you're trusting it. If you're worried that it might
| send that data to your worst enemy, you should disable access
| for library A.
| acct776 wrote:
| And run that application in a different Android profile -
| very valuable step.
| ficklepickle wrote:
| This is whack-a-mole at best. Another lib will replace this one.
|
| The real problem is corporations trying the destroy the open web,
| again. We had AOL and CompuServe, now we have app stores.
| Consumers have been conditioned to install apps for basic things,
| just so they can slurp up their data.
|
| Unfortunately this round of internet-killers are much better
| funded. The open web won in the past, but there is no guarantee
| it will win this time.
| sneak wrote:
| The same companies that gave us the App Stores gave us a switch
| that lets us disable all location functionality on our device.
| Groxx wrote:
| After literally years of ignoring obvious abuse. But yeah, we
| finally have it.
| toyg wrote:
| _> Consumers have been conditioned to install apps for basic
| things_
|
| It's an unfortunate development, but I wouldn't call it
| "conditioning", it didn't really look like a coordinated plan -
| just a textbook case of people with good intentions paving a
| shiny road to hell. Native apps _are_ intrinsically superior to
| the web experience; this is true on mobile and desktop alike.
| The push to native apps came before tracking was so widespread,
| developers just wanted people to have a great experience.
|
| Unfortunately, the amount of private data exposed by mobile
| platforms (and one of the two platforms being owned by an
| advertiser interested in such data) is so much more valuable
| than what was ever exposed on desktop... when this fact became
| common knowledge, consumers were screwed.
| amelius wrote:
| Google has nothing to gain from people being conditioned to use
| apps. Google makes most of its money from people using the real
| web.
| qwertay wrote:
| They get 30% of sales made on all apps
| markdown wrote:
| Which is a minuscule fraction of what they make from ads on
| the web.
| sneak wrote:
| It is becoming increasingly evident to me that having location
| APIs enabled on smartphones is an accident waiting to happen. As
| of about a year ago, location services are disabled at the OS
| level on all of my mobile devices.
| colejohnson66 wrote:
| There's situations where it makes sense. Third party mapping
| software for one. Imagine the uproar (and possible lawsuit) if
| Apple allowed their Maps app access to the location, but not
| third party apps like Google's.
|
| The solution isn't to turn off location services, but to use
| permissions so that only apps I approve can have access to it.
| Both iOS and Android have that feature.
| qwertay wrote:
| The problem is people just hit accept without understanding
| what is happening. The problem requires a legal solution. It
| should just be plain illegal to collect the users location
| for anything other than providing the features the user
| expects and any extra use of that data should not be
| permitted.
| rhamzeh wrote:
| There is no way or permission on (standard) Android to grant
| a trusted app access to your location, without granting it to
| Google first.
| jimmaswell wrote:
| Personally I wasn't losing any sleep before knowing apps
| might be sending location data to advertisers. Why should I
| even care? But now what I find obnoxious is being nagged
| about explicitly approving every little permission to every
| app, even having to wait until the app wants to use it to
| approve it which was an especially stupid change. And now I
| don't even get to let apps use location data all the time
| from most menus, and when I do I get nagging reminders from
| Samsung trying to scare me into turning it back to "only when
| in use." The model on Windows where a program can do things a
| program should be able to do without asking was completely
| fine and discrete permissions for apps are an obnoxious waste
| of time in my opinion.
___________________________________________________________________
(page generated 2021-02-06 23:01 UTC)