What privacy?

Feeling naked in front of ad providers?

If I owned very evil malware company, I would make ​​an application that needs access to both contacts and Internet for some legitimate purpose. I will suck all the data that I can. If the user revokes the rights, he will lose functionality, and if he grants them back, application will continue sending his private data to me for my evil plans.

That's what I wrote couple of days ago as preparation for one article. And then the reality caught me.

British Sunday Times published, as some say, typical tabloid article about Android Facebook application with excessive rights; it can read your text messages and snap a snapshot of your surroundings whenever it likes (article is not free, so check this). Facebook opposed these claims fiercely. Not going into discussion what they really did or didn't do with the data, this scenario is perfectly plausible. Be it Android or iOS, once you allow certain permission, application can use it at its own discretion until you uninstall it (Android) or revoke the permission (iOS).

Permissions Scientific Way

If we put together everybody's 2 cents about improvement of iOS permissions from both visual and logical perspective, it would be huge pile of money. My 2 cents included. However, some people actually did some hard work to figure out how good is the current approach and what could be done to improve it.

University of California, Berkeley has Securtiy Research Lab, and that lab runs Smartphone Security project. These gals and guys took problem very seriously and made very interesting publication titled "The Effectiveness of Application Permissions" (don't be repelled by its dull scientific formatting). Key part is analysis of permissions of almost thousand Android applications and thousand Chrome plugins, trying to discover how permissions are used in the real world. I'll stick to the Android part.

To GetJar or Not To GetJar

The original purpose of this story was to show how app markets and vendors try to introduce hidden cost in apps, but in the end it turned into story about their poor communication skills causing distrust between them and their customers. Anyway, it will show you have to avoid some dirty tricks while buying applications.

I consider myself price conscious person so I wanted to spare couple of bucks on smartphone apps. After some research, I decided to try famous GetJar site. They claimed that they provide some of the top payed applications for free. They were even declared one of the best start-ups of 2011 in Finance and E-commerce category by The Telegraph.

Disinfected for Your Convenience

Social application Path took contacts data impolitely, without asking first.

We know that because somebody snooped unencrypted data, but it was almost OK because it is social application. There are some others applications that did the same. What we don't know is how many application with totally unsocial purpose passed App Store's manual checks and sent data somewhere encrypted without being detected.