The thing a lot of the "apps are stealing your data" people never seem to explain is that modern smartphones have very granular permissions. You can block apps from accessing your GPS, camera, microphone, files. You can even give an app access to only the specific media you wish to upload with it. - ThreadSky

malwaretech.com • 39 days ago

The thing a lot of the "apps are stealing your data" people never seem to explain is that modern smartphones have very granular permissions. You can block apps from accessing your GPS, camera, microphone, files. You can even give an app access to only the specific media you wish to upload with it.

Comments

nattybowditch.bsky.social•39 days ago

There’s an app ( isn’t there always?) called Permission Slip that helps ( not 100%) you control your data

akeithclarke.bsky.social•39 days ago

In Android that is built-in under Settings > Permissions...

menschentoaster.bsky.social•39 days ago

There is still a lot of data an app might collect during your sessions that can be sensitive. It's the same with web apps. They don't have any system perms either, but they can still harvest information

But I fully agree with you that people are exaggerating a bit and that it's not that dangerous

domi.zip•39 days ago

Webapps have permission system, mostly to access some sensors. But you can gather a lot of information and fingerprint users without requiring anything additional and there's no desktop browser right now that protects against it.

menschentoaster.bsky.social•39 days ago

Yeah, but not by default like a Windows desktop app would have. That's what I meant.

And there are privacy focused browsers that do fight fingerprinting. It's just that the user experience gets incredibly bad as a result.

domi.zip•39 days ago

Yeah, they have to ask for a camera or microphone access.

But as for the fingerprinting protection, no big browser provides it. There are ways to minimize ways to fingerprint, but no protects against it.

charadeur.bsky.social•39 days ago

At least on the iphone that my company issues me it ask if you want to give permission for the app and you can decline. The problem is some apps have worked around that by not working properly if you don't give permission.

akeithclarke.bsky.social•39 days ago

But you can mitigate that with tools like Adblocker Ultimate, Malwarebytes (for browser), Mozilla Browser extension, etc. and systematically cleaning cookies on browser shutdowns (using browser configuration tools and something like CCleaner).

domi.zip•39 days ago

I haven't found any good extension that would be able to mitigate it all. There are some small ones I don't really trust, so I haven't tested them.

ublock origin, ghostery, privacy badger are not able to block all fingerprinting

akeithclarke.bsky.social•39 days ago

That said, the absolute WORST that anybody can, do regarding spyware, etc., is to be using Edge (Chrome) and/or the 'new' Outlook mail...both of which have as intent data harvesting (and ad targeting)!

domi.zip•39 days ago

With fingerprinting I was mostly referring to ways of deanonymizing users by using APIs for device parameters, installed extensions, fonts, rendering image in a specific way to highlight some unique quirks... You can check your own fingerprint here https://amiunique.org to also see if its unique

akeithclarke.bsky.social•39 days ago

There is nothing that exist that can mitigate "it all", just as there is no antivirus/malware that can mitigate "it all". The options I have previously mentioned do wonders for me, but things still 'slip by'!

diehtu.bsky.social•39 days ago

Does that even work with e.g. WhatsApp? Some years ago when I used it, it refused to start without access to the address book. It didn't even restrict me to those I've been in contact within WhatsApp, it didn't work at all. WeChat accepted the restriction and didn't needed access to my contacts.

zerky.bsky.social•39 days ago

I think the real problem is that data privacy is pushed as a responsibility of the individual.

Most people don’t care about security or think that they have “nothing to hide” or that “all their data is already known”.

The only way to address this is with data privacy laws. Reducing data gathering.

zerky.bsky.social•39 days ago

(Especially as it’s a trade off with utility, people want to have things that just work and will give Apps almost all permissions that they request)

akeithclarke.bsky.social•39 days ago

As is the case in the EU!

zerky.bsky.social•38 days ago

Yes! But even the EU doesn’t go far enough as this reporting shows:

https://netzpolitik.org/2024/data-broker-files-how-data-brokers-sell-our-location-data-and-jeopardise-national-security/

Journalists got a “free sample” from a data broker giving them over 1 billion locations for millions of smartphones in Germany.

This is not a problem you can fix with education!

akeithclarke.bsky.social•38 days ago

(Unrelated question; how does one SIMPLY read the commentary left on something posted by someone else. I seem unable to do that, clicking the post only opens the posted image and clicking the 'comment' icon only opens a dialogue for me to add a comment. Thanks.)

libbyb.bsky.social•35 days ago

Clicking the timestamp usually works for me in case like this.

akeithclarke.bsky.social•35 days ago

Thanks, that works! It's interesting that in that one line, clicking on three different 'items' produces differing results.

akeithclarke.bsky.social•38 days ago

The problem is that as long as business models are based on selling advertising, regulations can only go so far before they begin to negatively affect the services being provided. "Free and always will be" comes at a cost. Even Bluesky is going to eventually have to begin billing certain 'features'.

owenpick.bsky.social•39 days ago

Expecting individuals to manage granular data permissions is not a workable system. People need to be persuaded app data usage is really bad if we want systemic change.

mcakins.bsky.social•39 days ago

Granular control is prerogative of nerds like up. Normies don't touch their settings after the initial setup of their device unfortunately.

fullmoon6661.bsky.social•39 days ago

I once had to explain to someone less savvy that an app cannot access other apps' data on the smartphone. They were in disbelief.

akeithclarke.bsky.social•39 days ago

And see comment below from an app marketer;

"Just chiming in here as an app marketer. We are stealing your data. We ask for more permission than we need and even if you restrict it, we ask other apps to share the data with us. Tricking you into sharing as much as possible is a business model."

akeithclarke.bsky.social•39 days ago

That is not correct, some apps will not work without access to other apps' data.

fullmoon6661.bsky.social•39 days ago

Interesting, could you give an example?

akeithclarke.bsky.social•39 days ago

I have several apps which will not work without access to the File Manager app. Many 'image' apps will not work without access to the Photos app, Whatsapp will not work without access to the Contacts app, and on and on....

fullmoon6661.bsky.social•39 days ago

Unless I'm misunderstanding you, these apps are not accessing the needed apps- but the smartphone's data, through an intentional API, not directly. Permissions are needed for them: READ_CONTACTS, READ_EXTERNAL_STORAGE, and so on.

akeithclarke.bsky.social•39 days ago

Note, I did not say they access other apps, I wrote that they access other apps' "data" (your initial denial).

akeithclarke.bsky.social•39 days ago

That is merely semantics, once permissions are granted they are using content providers to access data contained in those apps. As far as the end result, is there any difference with regard to data sharing/collecting?

asura.dev•39 days ago

Huh I'm surprised you wouldn't be more paranoid.
I'm paranoid that some nitwit is going to accidentally get me in a photo added to their Instagram and then Palantir is going to use their massive data warehouse to connect me to 8 murders I didn't commit where I'll be immediately railroaded to gitmo.

psocha.co.uk•39 days ago

Also that most apps don’t need granular gps permissions by default.

marypcbuk.bsky.social•39 days ago

people are used to the badly behaved apps that refuse to work without permissions they shouldn't need. the Sonos app (which will eventually crater the entire company) refuses to work unless you give it location permissions because it wants to show you the weather with your music 🤦‍♀️

andycadley.bsky.social•39 days ago

Because nobody understands them and most people never will. You can count the number of people that actually bother to tweak (or even read) the permissions an app needs. To the average person it's just a list of incomprehensible nonsense and they've no idea what can be denied.

brasic.bsky.social•39 days ago

I disagree that it’s just a list. if you grant broad location, photo or some other types of permissions to an iPhone app (which has to be done affirmatively when the app asks, it can’t be done on app install) it will periodically remind you that it has access and give you an option to narrow it.

akeithclarke.bsky.social•39 days ago

Ditto on Android. And for many apps it can be done on install.

andycadley.bsky.social•39 days ago

Sure, then the next time you launch the app it complains and makes you assign permissions again. And the user does, because they just want to use the app. It's the classic "Dancing Bunnies" problem.

akeithclarke.bsky.social•39 days ago

True, but I prefer to have the control of granting permissions (with one click!) when and only when I want to do so! And with many apps you can grant ONLY the permissions YOU know it needs, for whatever you want to do.

nedsnow2019.bsky.social•39 days ago

In terms of permissions, I have the feeling that has been gradually becoming better, even to my annoyance. When I had to replace my Smartphone a few years ago, I was surprised to see in my new one I couldn't give my music player app full access to all folders, and had to select which ones the app

nedsnow2019.bsky.social•39 days ago

can access

gcampax.com•39 days ago

That's true in the sense that you can write an app in a way that it only gets the permissions it needs when it needs them. But in practice apps pester the user and refuse to work until you grant what they want (at least on Android, I think on iOS that would fail review but I don't know for sure)

hecki97.bsky.social•39 days ago

Google Photos is one of the apps that will refuse to work unless you give it unrestricted access to your photos. Thankfully this seems to be more exception than rule on iOS.

gingerjet.net•39 days ago

TripIt pestered you constantly if you didn’t give it full location privileges outside the app using the excuse that it must know your location so it can predict how long it would take to the airport.

I solved this problem by deleting TripIt.

akeithclarke.bsky.social•39 days ago

In Android you can grant apps the permissions they 'need' ONLY when YOU decide to use them. You can also use most apps in temporarily granting ONLY what YOU want them to have access to.

murasorazone.bsky.social•39 days ago

iirc apps have to ask for permission before they do something like that
If you claim that it can steal your data, you gave it permission to do so

zzzeremy.bsky.social•39 days ago

Depends what kind of data. Data generated in the app, such as what ads you look at, what your interests are, etc is valuable and not covered by those permissions. May not be "stealing" as such, but if an average user doesn't know it's being collected, it's pretty sneaky at the very least.

sdowney.bsky.social•39 days ago

Apps are stealing your data by the clever technique of asking you to give it to them, asking to be given all your contacts and your location.

robwiss.bsky.social•39 days ago

I appreciate Apple’s privilege bracketing approach with location (Ask Next Time Or When I Share, While Using) and photos (limited access). They should add similar privilege bracketing for the microphone, bluetooth, etc. But it’s still not a solve.

robwiss.bsky.social•39 days ago

The issue is the permissions are not granular enough to protect privacy while enabling functionality. Even if they did, it’s a lot of management burden for the user and apps would find ways to coerce users into giving up permissions. Still, there’s more that could be done.

robwiss.bsky.social•39 days ago

For example, apps can see wifi network ids and use that to track users. Why not have the OS munge those ids so they aren’t useful? Same with bluetooth, etc. Take all the unique identifiers ad tracking stuff uses and make them totally useless.

semina.bsky.social•39 days ago

Assuming they work means you haven't tried to actually manage them recently. Permissions get re-enabled by "system" apps, apps reactivated and reinstalled, hub-apps like play services muddy any distinctions and Samsung are just unrepentent evil assholes.
Because phone companies "know better"

corychea.bsky.social•39 days ago

I think the concerns come down to:
- Google tracks everything at the hardware level on Android
- fingerprinting enables user matching w/ 3rd party datasets
- people just press "allow all" out of habit and they may have you saved as a contact
- IRL beacons sniff and catalog your devices in public

ksumatt.bsky.social•39 days ago

A lot of apps embed ads and ad trackers or report all your activity to Meta. There's no granular permission for this. It's presumably in their privacy policy, but it's all of them and it sucks.

austinhaynes.bsky.social•39 days ago

I think maybe we all just have whiplash from Cambridge Analytica

But don't many apps still collect quite a lot of data regardless of permissions for things like usage analytics? I imagine it's quite difficult to find an app developed by a business that doesn't use Google analytics somehow

arrakis-surfer.bsky.social•39 days ago

Just chiming in here as an app marketer. We are stealing your data. We ask for more permission than we need and even if you restrict it, we ask other apps to share the data with us. Tricking you into sharing as much as possible is a business model.

god-of-abf.bsky.social•39 days ago

Not if you have an AI chip in your "smart"phone. The available evidence suggests that these chips have surveillance aspects to them that CAN NOT be fully disabled, no matter what the "owner" tries to do. The AI chips implement "client-side scanning" of all your content and reflect this to the cloud.

Comments

Posting Rules

Reply