[HN Gopher] Google to Ban Financial Lending Apps from Accessing ...
___________________________________________________________________
Google to Ban Financial Lending Apps from Accessing User Photos,
Contacts
Author : satoshiiii
Score : 172 points
Date : 2023-04-08 15:41 UTC (7 hours ago)
(HTM) web link (www.pcmag.com)
(TXT) w3m dump (www.pcmag.com)
| swframe2 wrote:
| I am curious. Why not give each app a private copy of common user
| resources? Every app has access to contacts but by default only
| the ones they create. Then android should allow sharing across
| apps based what the user wants to share. It would be a little bit
| tedious to share but an OS provided sharing tool can reduce that
| friction.
| cornholio wrote:
| How about we leave access to Contacts only to apps that, you
| know, allow you to contact other people and legitimately need
| either the email or number? Make it a global XOR: you can ask for
| Contacts OR credit card/financial data, but not both.
|
| In any case, there is never a legitimate need to know the entire
| address book to "send money to your contacts": mobile OSes could
| just offer an interface to manually pick a single contact and
| return it to the app, which could then validate it as a financial
| partner
| Ekaros wrote:
| So I take they also prevented Google Wallet from accessing that
| data?
| jpalomaki wrote:
| There's currently a lot of pressure for Apple to allow
| alternative app stores or sideloading.
|
| That means more choice, but can also weaken the protections for
| users. Alternative stores will likely have more loose policies
| for what apps/behavior they accept.
| version_five wrote:
| It's "good" in the same way that "google stops punching man in
| the face" might be good.
|
| In a sea of predatory applications, why is lending the only one
| that gets blocked here? A whitelist would be better (say approved
| photo and contact apps could access photos and contacts), and
| better still would be the app can only access what you transfer
| to it and doesn't get blanket permissions.
|
| I also agree with the other comment that this shouldn't be within
| Google's power to decide, it should be regulated - if you force a
| closed OS on users, you should be limited in what it can access
| supriyo-biswas wrote:
| > In a sea of predatory applications, why is lending the only
| one that gets blocked here?
|
| Because lending apps are the only one to engage in egregious
| behavior, see [1] as an example. The relevant sections are
| quoted below:
|
| > If a user was late to repay, the app had previously
| indiscriminately texted or called contacts in the user's phone
| as part of loan collection efforts. This process began
| immediately after a loan repayment was delayed, according to
| user reviews.
|
| > Numerous users reported that friends, family, employers, and
| other contacts were harassed and threatened through Opera's
| apps when a borrower was late.
|
| (...)
|
| > In another example, the apps threatened to place friends or
| family of a borrower on a national credit blacklist if they
| didn't convince the actual borrower to pay:
|
| [1] https://hindenburgresearch.com/opera-phantom-of-the-
| turnarou...
| AlexandrB wrote:
| > If a user was late to repay, the app had previously
| indiscriminately texted or called contacts in the user's
| phone as part of loan collection efforts.
|
| Didn't LinkedIn do something similar early on? Harvest your
| contacts and then email everyone trying to get them to join.
| hedora wrote:
| Yes. I had a phone with a "glove mode" toggle for the touch
| screen. I discovered it sometimes registered false taps
| when I pointed at that button to show a friend how terrible
| it was that the feature existed.
|
| Of course, there was no "are you sure?" after accidentally
| tapping it.
|
| It sent things to mailing lists, non-work acquaintances,
| businesses I was a customer of, etc, etc.
| simfree wrote:
| There is such a thing as going too far though. An app I'm
| familiar with had Apple rejecting the app for accessing
| contacts, even though the contacts stay on device at all times
| and the only way they are exported is if you send a debug log
| which has a warning modal about their contacts being logged and
| gives the user the chance to edit those out.
|
| There was nothing to be done that would satiate Apple besides
| disabling the contacts permission, so the user experience is
| now worsened. It's still death by a thousand cuts when working
| with these app stores.
| nerdjon wrote:
| As the other person said, what did it actually need the
| contacts for?
|
| Was it being rejected for asking or for being broken if it
| didnt get the permissions?
|
| Or was it simply not able to give a justifiable reason to
| Apple for needing the permission?
|
| You say it was staying on device but once you have access to
| those contacts it would be trivial to add the ability to send
| them to a server or have them leak via third party tools like
| the facebook sdk. That would be completely invisible to the
| user after giving past permissions.
|
| The fact that you say that the user experience is now
| worsened makes me believe that contact access was not an
| absolute requirement for the app to exist (like say... a
| contacts organizer or something) and is extra functionality.
|
| Personally with very very few exceptions I will not grant an
| app access to my contacts since anyone in my contacts don't
| have the luxury to also consent to some company having their
| data.
| simfree wrote:
| Calling, texting or emailing said contacts from inside the
| app. Having this data was for the exclusive benefit of the
| end user, and the permission was optional and did not block
| use of the app.
|
| There were no social SDKs integrated, and the app and build
| pipeline are public on GitLab.
| version_five wrote:
| What did the app need the contacts for? I'd say I side with
| apple on that (I can see how it could be abused to shut down
| competition though). There really would need to be a good
| reason to have the contacts. (I don't want to debate the
| threshold, just interested in a "benign" example of needing
| contacts)
| simfree wrote:
| Calling, texting or emailing said contacts from inside the
| app. Having this data was for the exclusive benefit of the
| end user, and the permission was optional and did not block
| use of the app.
| quitit wrote:
| Europe has the KYC (know your customer) and AML (anti-money
| laundering) regulations.
|
| To satisfy KYC/AML, providers of financial services on apps thus
| ask to see photo id and pair this with a photo taken by the app
| itself.
|
| I'm not fully across the KYC loopholes, but it seems like this
| would make fulfilling the regulations very difficult or
| potentially impossible as the required identification options
| needed to satisfy KYC each include a headshot.
|
| https://www.ecb.europa.eu/paym/groups/pdf/dimcg/ecb.dimcg210...
| iamleppert wrote:
| They need to ban that Dave app. I signed up because it offered a
| loan for $500, but when I got in the app they forced me to
| "connect" my checking account, sucked up all the data, then
| offered me only $20. With a daily notification to setup one of
| their "checking accounts".
|
| The app was advertised as a short-term loan with borrower-
| friendly terms ("give us a tip!") -- yeah right. Come to find out
| it's just a new accounts funnel. Yet this app is allowed to
| blatantly exist on the app stores, despite not doing anything
| like what it was advertised to do and tricking you into handing
| over all your transactions data from your checking account
| (probably to look at your cash flow and decide how valuable you
| are from a new accounts perspective).
| FormerBandmate wrote:
| These apps are literally just friendlier payday lenders. They
| will also go under soon because the unfriendliness of payday
| lenders is essential to the business model and it doesn't scale
| well. Dave's delinquencies are probably atrocious
| HWR_14 wrote:
| Why would the unfriendlessness of payday lenders be essential
| to the business model?
| johngladtj wrote:
| Because the type of people who have no choice but to resort
| to payday lenders are the same type of people who need men
| with guns to visit their in their house at 2 am in order to
| pay back their debts.
| HWR_14 wrote:
| You are confusing payday lenders (who use the courts and
| high interest rates to make up for defaults) and loan
| sharks (who use violence).
| hedora wrote:
| The FTC begs to differ:
|
| https://www.ftc.gov/news-events/topics/consumer-
| finance/payd...
|
| According to them, "abusive collection practices" and
| dozens of other illegal things are common in that
| industry.
| HWR_14 wrote:
| Yes, they are common. Any industry that deals with
| primarily people who cannot afford to defend themselves
| has similar issues (e.g. slumlords). I have no doubt that
| they are profitable. My question was "why are they
| necessary to the business model".
|
| Unless you assume "abusive collection practices" means
| threatening physical violence. Because I would assume it
| meant things such as chronic calling.
| SecretDreams wrote:
| There is no universe where I'm connecting my bank account to
| some ghetto ass app for a seemingly too good to be true loan.
| newZWhoDis wrote:
| Me neither, but the banks are probably selling all your data
| to the same clearinghouses anyways... we need banking secrecy
| laws like the Swiss used to have, AML be damned
| HWR_14 wrote:
| "I need numbered accounts" is a strange jump from "banks
| should be free to sell your data to anyone".
|
| There's a clear middle ground.
| amluto wrote:
| Your bank may well sell your personal data. The app you
| "connect" to it can _take your money_. Choose your poison.
| nr2x wrote:
| Except for Google Pay.
| morkalork wrote:
| Didn't google flat out ban pay-day loan businesses from buying
| ads on Google search? Why would they even let them in the app
| store.
| hedora wrote:
| The top google three hits for:
|
| pay day loan mountain view
|
| are labeled "sponsored" and look sketchy to me.
| xrd wrote:
| Wow, those are an entirely new category of dark patterns. Sending
| manipulated photos of relatives to get someone to pay a debt.
| Incredible. All those Meta employees that were lamenting the
| damage caused by their work at a social media company can rest
| easy when they tell themselves that at least they aren't working
| for a Kenyan scammy loan app.
| expertentipp wrote:
| > predatory loan apps
|
| Loan sharks?! We reached a point when I don't even allow chat app
| (WhatsApp) to access my contacts. Banks' apps love contacts as
| well ("send money to phone number"). With "convenience" bait they
| get birth dates, physical addresses, emails, profile photos, and
| whatnot. I see from behind my keyboard how banks salivate to
| calculate some credit worthiness from the contacts uploaded (and
| confirmed by the entry in the other person's address book).
| [deleted]
| babyshake wrote:
| I just immediately uninstall any app that requests access to
| contacts without me first indicating I'd like to use that app
| to share something with my contacts.
| toastal wrote:
| This is the correct kneejerk, but I assume it's not for the
| majority of users. It makes me hesitant to give out contact
| info knowing it'll end up building shadow profiles despite
| how useful having a easily-shareable vCard should be.
| Johnny555 wrote:
| Very few apps should have full contacts access. There should be a
| way to share a contact at a time with an app, like if I want to
| send an email payment through my banking app, it should call an
| android function to open a contact selector so I can share just
| that one contact. Or really, just the email address of that
| contact, not the rest of the data I may have associated with it.
| expertentipp wrote:
| Could be also manually allowing only selected CardDAV fields
| (e.g. only FN and mobile phone) across the address book.
| jbritton wrote:
| I think the OS should provide the ability to select items and
| then give opaque handles to applications. The app could send a
| message to the OS to display photo selector. The OS could send a
| message back with a handle to selected photo. One could then asks
| the OS to send a handle, which would forward selected item
| somewhere else.
| jeroenhd wrote:
| Both mainstream mobile operating systems have APIs for this.
| Even Linux has this at this point! Android has been restricting
| apps for at least a decade now, every time under heavy user
| protest because some weird app doesn't work anymore with the
| restrictions enabled.
|
| The backwards compatibility of Android is a problem in this
| regard, because apps targeting old versions of Android get old,
| often less private, behaviour from the system to keep them
| working. Google has been forcing developers to upgrade their
| targeted version for a while now, though, so any app that still
| receives updates should be forced to use the modern API.
|
| In the end, there will always be apps that need full media
| access. File managers, galleries image collage tools, you name
| it, you can't completely disable the generic file API. All
| other apps can use more appropriate APIs and often do, but
| those that hoover up data have little incentive to use the
| modern, privacy friendly versions. They're dragging every well-
| meaning app down with them through their terrible business
| practices.
|
| I fully blame the advertiser laden crapware for the fact I
| can't sync my phone's clipboard in the background through KDE
| Connect anymore. The fact Google restricted the APIs instead of
| kicking the borderline malware out of their store irks me to no
| end and the fact Apple has placed similar restrictions onto
| their platform tells me it's not just Android.
| 20after4 wrote:
| iOS already has this feature precisely. I can either grant
| access to all photos or only a selected subset, or even just
| one.
| ninkendo wrote:
| They really need to implement this for contacts. The main
| reason I've never bothered using WhatsApp or any other third
| party messaging service is that they all refuse to work
| unless you give them access to your entire contacts database.
| No thanks.
| isametry wrote:
| Yes, or better yet, UIimagePickerController [0].
|
| It's a hook for the system's built-in image picker sheet --
| as such, it allows the user to browse their entire library,
| however the the app _only_ gets (one-time) access to the
| individual piece of content they pick. Nice thing is that the
| app doesn't need to ask _any_ photo permissions at all (as
| far as read access is concerned).
|
| With some exceptions like Messages, which presents a custom
| picker UI, this API gets dog-fooded by almost all Apple's
| stock apps (Safari, Notes, Mail, the "iWork" office suite
| etc...).
|
| An example of a 3rd party app implementation is MaskerAid by
| Casey Liss [1]. However, the amount of apps I've encountered
| that use this interface is suspiciously low.
|
| The realistic answer is probably that the sheet looks pretty
| barebones, and most developers seem to prefer a sleeker,
| custom-designed integrated gallery view, and/or need write
| access.
|
| But the paranoid part of me raises the question: why do so
| many apps insist on continuous access to at least a portion,
| but preferably the entirety of the user's photo library?
|
| 0 - https://developer.apple.com/documentation/uikit/uiimagepi
| cke...
|
| 1 - https://apps.apple.com/app/maskeraid/id1590163828
| nerdjon wrote:
| I feel like this was introduced within the last couple years
| and did not get a ton of attention when it did.
|
| But like many things with iOS Apple did this and apps had no
| choice but to work with it since (seemingly) as far as the
| app is concerned it is the same situation as before.
|
| I do wish though it was easier to grant more images without
| needing to go to settings. I have had one app that somehow
| gave me the ability to add more images, but I am not entirely
| sure how it did it.
| abyesilyurt wrote:
| Or none, then the all would think you have no photos, instead
| of getting permission denied error.
| HeavyFeather wrote:
| And I love it, but it has two issues:
|
| - Apps can refuse to work with that, like Google Photos (it
| used to work during the beta and it was perfect for me)
|
| - Apps still offer their awful photo picker on top of your
| already-picked photos, so selecting new ones requires _a lot_
| of taps.
|
| I wish Apple would reign in some of these apps. In-app
| browsers and custom photo pickers should be banned unless
| they have demonstrated advantages.
| the_snooze wrote:
| It's the same with location data. iOS allows you to
| restrict apps to only approximate location, but apps like
| YouTube TV and ESPN _require_ precise data just to do
| region checking. I wish iOS just wouldn 't allow apps to
| figure out if they're getting precise vs. approximate
| location.
| ezfe wrote:
| Yeah, I had Snapchat location map enabled with imprecise
| locations during iOS beta, but they disabled that...like,
| why! just show the error bar on the map if you care.
| AlexandrB wrote:
| If I had to guess, probably because some of Snapchat's
| revenue comes from selling your location data and the
| general location is far less valuable.
| hedora wrote:
| It's incredibly confusing when apps do this. Often, the
| symptom is that GPS looks broken.
|
| GrapheneOS's location services have a similar issue, but
| 100x worse. There, apps can definitely have lat/long, but
| not full Google location service, and all sorts of
| proprietary software ends up with no/wrong location dots
| on their maps.
|
| Open source apps, and Google maps competitors work well,
| so I know it isn't a hardware or radio issue.
| bt4u wrote:
| Android does provide this. Your app can send out a message on
| the system: "i need a picture" and usually the built-in camera-
| app will accept the request, and send a picture back to the
| requesting app (which then does not need camera permissions
| since it, itself, never accesses the hardware).
|
| This feature is actually quite foundational to the Android
| architecture, where the vision was a bunch of small apps
| working together in this manner.
|
| Unfortunately it's a slightly more clunky user experience than
| what users these days have gotten used to: big monolithic apps
| that handle everything themselves.
| josephcsible wrote:
| This feels like treating one particularly visible symptom of the
| problem instead of fixing the actual problem. What Google should
| do instead is prevent apps from refusing to work or disabling
| unrelated functionality just because some permissions are denied
| (e.g., if you deny your banking app permission to access your
| camera, everything but mobile check deposit should still have to
| work). They should use a two-pronged approach to do so:
|
| 1. Make that a rule in the Play Store and ban apps that violate
| it
|
| 2. Make Android present convincing fake data to apps when
| permissions are denied
| marissachan wrote:
| "2. Make Android present convincing fake data to apps when
| permissions are denied"
|
| This is actually a feature with MIUI, though I am not sure if
| this is part of the global release or only Xiaomi.eu, a
| modified version of the chinese release).
| https://xiaomi.eu/community/attachments/screenshot_2022-10-2...
| riedel wrote:
| This is cool, why is that not a wider available feature in
| custom ROMs particularly. I used XPrivacy with xposed some
| time ago to inject that functionality. It was even possible
| to only expose randomised or fixed GPS and an excerpt from
| the address book (only favourites).
| akomtu wrote:
| Isn't the entire business model of Android that it's a data
| collection platform with zillion of sensors linked to PII that
| apps and phone vendors can use for profit? If Android did what
| you're siggesting, Samsung and others would simply fork Android
| and cut ties with Google.
| supriyo-biswas wrote:
| That approach would leave users confused as they see fake
| contacts or photos being surfaced through the app that was
| denied said permissions.
| asddubs wrote:
| it should just present an empty list, like a newly installed
| phone with no pictures taken yet / no contacts added. if apps
| detect that and refuse to function, ban them from the app
| store
| waboremo wrote:
| Only if you use fake contacts and photos that look real.
| Instead whenever this is done elsewhere, there is text on the
| image and the names are obvious. Google can even add a page
| within privacy where you see the fake options before you can
| enable it system-wide/per-app.
| supriyo-biswas wrote:
| The app could also detect the fake text based on general
| testing (after all, there's gonna be only so many
| variations of "Biggus Dickus") and refuse to dispense the
| functionality in question.
| joshuaissac wrote:
| The OS could add an option to automatically generate
| realistic mock data. It could be tuned based on the
| distribution of names in the location that is revealed to
| the app (whether that is the real location or a mocked
| one).
| fbdab103 wrote:
| Hence the suggested rule that blocking functionality
| based on this access should be an app store violation.
| michaelmior wrote:
| > 2. Make Android present convincing fake data to apps when
| permissions are denied
|
| What about apps that aren't malicious? How can they tell the
| difference between a user who denied the permission to
| reasonably offer alternatives?
| amluto wrote:
| As a good rule of thumb, apps are malicious. If they are not,
| the libraries they include are. If, somehow, even the
| libraries aren't malicious, the attackers who compromise the
| app or its backend are definitely malicious.
| Eumenes wrote:
| I have almost no apps installed on my smart phone ... I
| just go to the mobile website. Way easier, way more I can
| control. I'm literally missing nothing.
| supertrope wrote:
| Do you want to install our app?
|
| [YES] [Maybe later]
| HeavyFeather wrote:
| With that logic you really shouldn't use your computer.
| fbdab103 wrote:
| We are rapidly approaching that point. Apple is/was/will
| going to enable on-device scanning for someone's
| definition of naughty. Not hard to imagine that naughty
| will soon includes images of Winnie the Pooh, union
| formation, abortion, minority group X, what have you.
| Automatic notification of the authorities to follow.
|
| Edit: To be clear, I am obviously opposed to CSAM, but
| on-device scanning is a privacy violation. Nobody knows
| what hashes trigger a flag, and they could be updated at
| anytime without the user being aware.
| wilg wrote:
| The problem is the top-level poster was also suggesting
| banning apps based on their definition of naughty (and
| "related" features).
| flangola7 wrote:
| Running arbitrary and proprietary code without being able
| to review it first was always a mistake but we crossed
| that bridge over twenty years ago.
|
| Every OS and chip manufacturer is working towards "secure
| core" architectures now. Executed code will run inside OS
| and silicon-level sandboxes. Memory spaces will not only
| be randomized, but encrypted and authenticated through
| dedicated secure enclaves. Hardened IOMMU modules will
| negotiate bus communication. System code is partitioned
| off and verified through hardware root of trust.
|
| Malware as we have known it will be extinct in a few
| years.
| fbdab103 wrote:
| Reminder the user on the screen that permissions have been
| denied?
| hakre wrote:
| Additionally there should be a sandbox mode. While you give the
| app access to Photos and Contacts, it's an actual sandbox not
| containing _any_ photo nor _any_ contact. So the app gets what
| it asks for (the permission) while the user can still control
| the data.
| copper-float wrote:
| GrapheneOS supports this with a feature called Storage
| Scopes. Instead of giving an app access to your entire photo
| library and files, you can limit its scope to an individual
| folder of your choice.
|
| That way the app still gets the permissions it asked for, but
| they're specifically what you want it to see.
| charrondev wrote:
| This is how photos access on iOS works. An app can ask for
| access to photos and you can choose 3 options:
|
| - no photos - only specific photos (the system picker will
| appear to select them) - all photos
| IceWreck wrote:
| LineageOS used to patch this on top of android afew years
| ago, not sure if its still there.
| theptip wrote:
| This is the obvious solution, it's really annoying that it is
| not available for every permission. (Contacts is the big
| missing one in iOS, but you could even have a fake GPS that
| returns random positions.)
| waselighis wrote:
| > 2. Make Android present convincing fake data to apps when
| permissions are denied
|
| That reminds me, years ago I used to run a module called
| XPrivacy that does exactly this. It does require a rooted
| Android device though. I haven't used it for a long time, but
| seems it continues to live on as XPrivacyLua.
| aceazzameen wrote:
| I used to use that too. It was great! I haven't run a rooted
| device in like 8 years though. These days I don't bother
| installing most apps on my devices anymore. I mainly use the
| phone, messaging, camera, and Firefox. And I use Netguard to
| block the uninstall-able apps from internet access.
| Nuzzerino wrote:
| The actual problem is that travesties of this scale are allowed
| to happen on Google's watch for so long, despite the Orwellian
| grip it has on deciding what apps are allowed to be listed. A
| good example of why that system needs to be reformed.
|
| This particular issue didn't get addressed until at least 8
| months after TechCrunch exposed the practice. Where was Google?
|
| Control of the App Store and Play Stores should be carefully
| transferred to an independent organization, with an open
| governance model and a mission to serve consumer interests. It
| won't be perfect but it would be a big step up.
|
| If that can't be done for whatever reason, find another way to
| disrupt the App Store. I struggle to think of why not doing so
| is a net good for society.
| amelius wrote:
| I wrote almost exactly this comment more than five years ago.
| It is a shame that it is taking them so long to get security
| right. Do they even use their own software?
| [deleted]
| causality0 wrote:
| I seem to remember this worked a lot better a few years ago.
| Nowadays you can't even deny an app permission to access the
| internet.
| vitehozonage wrote:
| >2. Make Android present convincing fake data to apps when
| permissions are denied
|
| GrapheneOS can do this. I believe you can even choose to make
| only chosen photos visible to a certain app
| charrondev wrote:
| This functionality is built into iOS as well.
| eimrine wrote:
| I am so sad that I live in the society which is needed in such
| regulations. This change sounds like something good, but ability
| of vendor to do all kinds of things with a device makes me a
| smartphoneless person.
| ikiris wrote:
| Almost all regulations are written as a result of some
| entities' abuse. That's why it's always so baffling to me how
| libertarians exist. Like the entire world view requires the
| holder to not understand history.
| nerdjon wrote:
| Off topic of the lending apps but something I have long wanted to
| see is actual information about the data accessed by these apps.
|
| Maybe Android has this, but on iOS I can go into privacy and
| easily see what apps have access to what data (and easily revoke
| that permission).
|
| But I don't see any kinds of metrics that would indicate that an
| app is possibly abusing that permission.
|
| For example, it would be awesome if I could go look at photos or
| contacts and see a percent for how much that app has accessed
| that data and maybe even a graph overtime so I can see if it was
| a one time thing or its mining for data.
|
| There is the app privacy report on iOS that gives me some of this
| data, but it doesn't give me how much data it is accessing. Which
| I think is the critical part.
|
| If I give an app access to my photos I expect its going to access
| it, but without knowing what its doing its not quite as useful.
| Still useful, but not as useful.
| mattzito wrote:
| Android has it:
|
| https://techcrunch.com/2022/04/26/google-play-launches-its-o...
| nerdjon wrote:
| Unless I am missing something, that is all on the play store
| side before you download an app?
|
| I am talking after you have the app installed to actually see
| what it is doing. Specifically what it is doing.
|
| On iOS I can see that an app is accessing photos and I can
| see when, but I can't see what or how much.
|
| The feature you mentioned is similar to the labels that iOS
| has. It even says that in the header.
| AlexandrB wrote:
| Yeah, something like Little Snitch but for any access to
| "sensitive" areas of a phone (location, contacts, camera,
| microphone, photos) in addition to network access would be
| cool.
| hadrien01 wrote:
| I have that feature on my tablet (Android 12L or 13), but
| like you I can only see _when_ ( "last 24h"), nothing else.
|
| Edit: I just checked because the screen design felt weird
| compared to the rest of the settings, it's controlled by
| Google: com.google.android.permissioncontroller (and it
| hides Google permission usage by default...)
| nerdjon wrote:
| Does it at least show Google's apps? When I check the App
| Privacy Report on iOS I see the built in Mail, Messages,
| Safari and others.
|
| As well as seeing iCloud at the top of my "most contacted
| domains".
|
| But under app network activity I don't see system level
| processes (at least I don't think I do). Unless it still
| falls under an app... like iCloud domain lists safari and
| find my for the related apps.
|
| Honestly I just want an audit log. I'm glad both are
| putting steps in catch bad apps but it's missing the data
| to really see if it's misbehaving.
| charcircuit wrote:
| Yes it shows Google apps. On my phone it lets you switch
| between last 24 hours and last 7 days. And lets you
| toggle whether or not system apps are included.
| Tycho wrote:
| Do we really need apps? Usually when I want to use one, I've got
| to update it first. Better to just use websites.
| charcircuit wrote:
| Apps do not require updating to launch and they autoupdate in
| the background. If an app is forcing you to manually upgrade
| either they have poor backwards support oh your computer for
| some reason isn't downloading the updates.
| Tycho wrote:
| What if i don't want it automatically downloading updates?
| ranting-moth wrote:
| I reality, very few apps should have access to that data in the
| first place.
| Volker_W wrote:
| I never understood why Program permissions is such a big deal on
| Android and IOS, but not on Desktop Windows/Linux, where _any_
| application can to _everything_.
| cj wrote:
| That's sort of like saying seatbelts shouldn't be required in
| cars because you don't need one on a motorcycle.
| omoikane wrote:
| Depending on the scope of "everything", Windows may pop up a
| dialog box asking for permission, and Linux will return error
| to the application.
|
| I believe most modern operating systems will not just grant
| blanket permissions to every application, except maybe single
| user systems like BeOS.
| autoexec wrote:
| I'd love permissions for desktop apps too, but it's not as big
| a deal because on a desktop I have root access and can monitor
| what applications are doing myself. I can see which files or
| hardware is being accessed and when. I can see what network
| traffic is being sent and to where. I have full control over
| what applications are installed and what they are allowed to
| do. I can even fully sandbox apps or run them in VMs.
|
| The phone in my pocket isn't mine, I paid for it, but it
| belongs to Google, and they make changes to it all the time
| without my permission and without giving any indication to me
| that something was changed on my device. Google prevents me
| from being able to see what the apps on it are doing, and
| prevents me from changing how they run, or from monitoring all
| in/outbound communication.
|
| Google's shitty permissions system is such a big deal for
| mobile because it's literally all we have "protecting" us, and
| that isn't much. Naturally that leaves us with zero protection
| from Google itself. but that's the price we pay for having a
| mobile device that gives us more freedom than Apple ever would.
| tap-snap-or-nap wrote:
| What programs do you use for this ?
| thomasahle wrote:
| It's just that innovation on the desktop side died years ago.
| AlexandrB wrote:
| You say that, but Microsoft is only a few years away from
| integrating Bonzi Buddy into Windows 11 and Edge. For the
| benefit of the user, of course! /s
___________________________________________________________________
(page generated 2023-04-08 23:01 UTC)