Though the article amounts to an advertisement for this particular program, I think in a larger sense it highlights that the mobile device ecosystem has hit the point where not only are mobile devices actually full-on computers, they're being exploited as full-on computers, for similar reasons.wired.com wrote:Do you know what do your phone’s apps do when you’re not using them?
Sure, each time you install an app, your phone tells you what the app can potentially do. But it’s hard to know much about what those apps are actually doing with those permissions. How often do they transmit your location? Are they tracking you even when you’re not using the app? Are they blowing through your data cap by uploading and downloading data behind your back?
A new Android tool called SpyAware aims to shed some light on the situation. It gives you a better idea of what your phone is doing when you’re not looking. No, it doesn’t give you a way of changing an app’s permissions. But unlike XPrivacy and other tools that do, it can run on potentially any Android phone, not just “rooted” phones that give you complete access to a phone’s operating system.
Developed by a Vancouver, Washington based company called Location Sentry, the tool is an effort to increase awareness of what data mobile apps are collecting and how that data is being used. “I think most people would say it’s OK for an app to take some information while they’re using it,” says company co-founder Craig Spiegelberg. “But what they’re discovering is that apps are mining data constantly in the background.”
‘Take Action’
After you install SpyAware, the app gives your phone an overall score based on how at risk the app thinks your device is overall. It also tells you how much data it has been using while you were idle, and which apps were active.
For $3, you can can upgrade to the full version, which is where things get really interesting. You can then see how dangerous SpyAware thinks each app on your phone could be based on “risky” permissions such as the ability to read your text messages, take pictures or record audio. You can also see how much data each app uses, how often it collects your location information, and where it sends data. Importantly, it lets you know what the apps that came preloaded on your phone—the ones that you never gave any permissions to at all—are doing.
If you find an app that you think is particularly suspicious, the “Take Action” screen includes options for uninstalling an app, reporting it to the FCC, leaving a review in Google’s Play Store, or sharing your findings on social media.
Meanwhile, the company has some work to do on making sure that users can trust SpyAware itself. It requires some pretty generous permissions in order to monitor what other apps are doing, and because it’s not open source, you’ve got to just take the company’s word that it’s not going to do anything malicious itself. Spiegelberg says that although the company doesn’t have plans to open source the app at the moment, users will eventually be able to export their usage data, so that they can analyze it on their own. But he does emphasize that Location Sentry never collects or sells its user info.
A Nudge for Apple and Google
The main issue, however, is that if you have an app that’s useful to you but requires excessive permissions, there’s not much you can do other than uninstall it. “If you want an app you’re presented with binary choice,” Spiegelberg says. “I want the app and I accept that they can take more info and use it however they want, or I don’t want the app.”
That’s something Spiegelberg hopes to change in the future. In fact, Location Sentry’s original product was app designed to stop unwanted tracking. But the app required elevated permissions to run correctly, and enabling those permissions—known as rooting—can be a complex process.
Spiegelberg realized that in order to make an app that would appeal to everyone, not just power users, rooting was out of the question. So he and his team conceived of SpyAware as a way to boost awareness of this lack of control. He hopes that eventually Apple, Google and other mobile technology companies will give users more granular control over what permissions they give their apps.
I honestly hope that issues such as this begin to raise the question of where we want mobile devices to go from here.
Do we want them to be full computers in their own right first and foremost? If so, we need to rethink how applications and services are managed with them.
Do we want them to be companion devices to full-on computers we have at home first and foremost? If so, then how it connects and how it's managed will have to be examined.
In either case, most of the development of the mobile device infrastructure we now have has been reactionary; capacity gets added here as phones can now do X, support for Y is added because phones can now do that, etc. However, most people don't fully realize that smartphones of today very much are fully capable computers, despite how the metaphor of interface used for them makes them appear more as simple appliances, unless you begin digging.
Now, to a certain point, ease of use and conciseness of interface go a long way. However, if the interface for such a device suggests simpler use, then most people will use only those simpler things, and only branch out from that understanding in small ways; usually by adding specific apps, in the case of this example.
TL;DR: Check your mobile phones for spyware and weird app permissions. They can mess with you without you knowing about it.