Pls let someone explain! - Desire General

I wonder why some apps require access to gps/my location and phone calls although they are not supposed to be in need of them, for instance some games like toss-it etc. Internet access may be required because of ads, and system tools for using the accelerometer sensor. That's it!
Really appreciate a reasonable, concrete response to this query as I principally refuse such apps as soon as I see such irrelevant demand on access although actually want to get them.
Sent from my HTC Desire using XDA App

I doubt that anyone can give you a definitive answer on this one, because it is going to be application dependent.
The whole point is that when you install an application, you review the list of permissions that it is requesting and then make a judgement as to whether you deem these to be acceptable or not. For example, if I were to download an application a video player, I wouldn't generally expect it to require location information and/or involve services that cost me money (e.g. sending SMS's), so I would refuse permissions for that app.
Regards,
Dave

Google or we -users/customers/cunsomers or whatever you may call- should request developers/sellers to specify why the particular app requires such accesses. They must include some clarifying statements in descriptions.
Personally I think I have right to know that, so that -more or less- we can keep us away from malicious softwares.
Sent from my HTC Desire using XDA App

iLHaNroID said:
Google or we -users/customers/cunsomers or whatever you may call- should request developers/sellers to specify why the particular app requires such accesses. They must include some clarifying statements in descriptions.
Click to expand...
Click to collapse
Given that you can install applications from a non-Market source, this would be impossible to police for the most part. It could be implemented within the Market, but since you can submit apps to the Market without peer review, anyone submitting an application could post gibberish or blatant lies instead of clear statements.
Apple get around this by forcing all applications to undergo peer review, but then you only get to see the saccharin sweet Apple view of the world. Unfortunately, the threat of malware is the price you pay for an open system.
Regards,
Dave

Related

are permsissions too obtuse for the average user?

i think guy brings up a good point and perhaps a decent solution. why not allow/encourage the dev's to explain a bit more. I'm a fairly adept nerd but when i'm installing an app sometimes i'm just not sure why in the world this app needs that permission...how is my mom or sister or anyone that i advocate Android to going to figure it out? why does this app need my coarse or fine location or full network access or access to the contact list etc...
and please do not say 'if you don't like what's listed, don't install the app'. that is exactly the point of this thread. the line items in the Review Permissions window don't always make sense. how can the average end user make a educated guess with the current system...they don't, they just start doing the same thing they do on their Windows Desktops...just click right on thru it. then what happens? some jerk writes a piece of malware. user has an issue. now its all androids fault. and viola, proof that linux based devices are still too geeky for avg use.
http://tech.shantanugoel.com/2010/08/14/android-permissions-malware.html
Unfortunately, there's no denying the cold, hard facts - ignorance is not bliss. Everything has a learning curve. Time and effort must be spent to educate users as to why <this> is happening and what it is doing for them. It's sad but true. Besides, if everything that required higher learning could be easily figured out I'm sure humanity would be freed from the shackles of poverty, war and hunger by now. So, yes, permissions are too obtuse for the average user. Unless they want to educate themselves on more generalized computing skills they'll never get it.
That's just my two cents. Sorry I couldn't be of better assistance
ok. so i wish to educate myself. please provide a full and detailed example listing why which permissions may be needed/used so that i will be able to make an educated choice. where is that link again?
i'm bringing up an issue...not asking for others to chime in and tell me how stoopid the end user base is. i'm an admin for over 10yrs. trust me ... i know. in this case i am also confused as are a large numer of folks. i understand the huge development curve android has experienced over the last 18mths. my concern is that if this issue is not addressed, even the folks that would take the time to read the Review Permissions page will give up. i know i have on more than one occasion. that's a bad trend.
Wow. You bring up a good point. Didn't mean to offend you or anything. I still don't have a good answer for you but I will let you know that I only install apps that I can trust usually after researching them via Google searches and talking about them with people here. I too am an admin (been a long, long 15 years now) and if there's 2 things I learned about recommending custom Android setups they are:
- If you think the user is going to use you as Wikipedia it's probably best to leave them at stock
and
- Only recommend this kind of stuff to users who are willing to accept responsibility for their actions otherwise you'll be the fall guy every time something goes wrong.
Again, I'm sure you know this and I didn't mean to offend you so..... bye.
Users can be pretty obtuse, and I think you're completely correct about the current permission system. However, I don't think it could be made much clearer without multiplying the number of permissions. Malware can exist because users consider certain permissions to be common. Conversely, apps with a good reputation can include permissions that make them wonder, "why would they need that?" Look at keyboards and how many people freak out when they go to enable them.
One thing that would be nice for users is if you could tap on a permission and the phone would display a short explanation of that permission. They probably aren't self explanatory for everyone.
beatblaster said:
- If you think the user is going to use you as Wikipedia it's probably best to leave them at stock
and
- Only recommend this kind of stuff to users who are willing to accept responsibility for their actions otherwise you'll be the fall guy every time something goes wrong.
Again, I'm sure you know this and I didn't mean to offend you so..... bye.
Click to expand...
Click to collapse
no offense. i do understand. there was a point in time where i used to openly provide paid tech support to home systems of my coworkers....it was a short point in time. lol. but i digress ... i may have come off too strong in my reply, i was just trying to prevent the thread from wandering off.
I've tried to post on this topic in the past but have not nothing useful. in and of itself, i find that kinda sad. I've even seen some folks suggest that people "take a trusting stance because most developers do not intend harm". i wish i could. but i'm out of college.
it would be wonderful if someone (ie: a google dev or just someone with knowledge of these things) were able to create a page that could give real world examples and general rules of thumb. currently i have only found a couple pages that cover a couple settings. not nearly enough to be of much use.
Saturn2K said:
One thing that would be nice for users is if you could tap on a permission and the phone would display a short explanation of that permission. They probably aren't self explanatory for everyone.
Click to expand...
Click to collapse
I concur.....I look at the permissions that apps ask for all the time. However, if I see a battery management app is asking me for full internet access and access to my contacts, I just pass on it. A lot of times you can figure out if an app is requesting bogus permissions just by using common sense.
rugedraw said:
I concur.....I look at the permissions that apps ask for all the time. However, if I see a battery management app is asking me for full internet access and access to my contacts, I just pass on it. A lot of times you can figure out if an app is requesting bogus permissions just by using common sense.
Click to expand...
Click to collapse
if your app is paid for by advertisements then it will need Internet Access so it can retrieve ads...thus paying the developer. often that's where i see 'coarse location' used as well...for regional specific ads. so in those cases, not nefarious use but a perfect example of what I'm talking about. thank you.
the problem with the current permissions system is twofold;
1) as mentioned, there is no details WHY or WHAT FOR a particular permission is required
2) its all or nothing, ie you can't give permission for network access and restrict access to contact list, etc. You have to accept all the requested permissions or deny and not install the app.
fwiw: There is an app in the market called "permissions" that tells you not only the permissions each app requires but it gets VERY specific. Within each permission category there is a whole list of specifics.
It won't help with apps you haven't installed yet but it's good info on the ones you already have.
*edit- Just revisited this app, it's not as detailed as I remember.
just a lil bump...
bumpity bump ...
nothing? at all?

Is everyone out to steal our info?

I swear, everytime I look at an app on the market it requires more permissions than it should need. Especially games.
Am I paranoid or are they really out to get us?
Are there any apps we can trust?
Anyone with info on how we can recognize thieving apps please tell us.
This has been a paranoid telepathic transmission from the Outer Limits.
You got something to hide?
Sent from my PC36100 using Tapatalk
Games just want to track how you use it. But some things [sketchy apps and you know them when you see them] ask for ridiculous things indeed.
I know what you mean man kinda got watch out for keyloggers and some apps out there can get your phone number hint all the annoying unknown callers calling your phone. It's getting annoying.
Well, I don't want my contacts and whatnot spread around all over the place.
This has been a telepathic transmission from the Outer Limits.
ccossin said:
Well, I don't want my contacts and whatnot spread around all over the place.
This has been a telepathic transmission from the Outer Limits.
Click to expand...
Click to collapse
Gotta check the permissions, or find a different app.
teh roxxorz said:
Gotta check the permissions, or find a different app.
Click to expand...
Click to collapse
Understood. However, it's sometimes hard to tell the apps that need permission for legit reasons and those that don't.
This has been a telepathic transmission from the Outer Limits.
Is that why I've been getting a lot of unknown calls and weird numbers calling me? I don't owe money so I know it's not BC's.
Sent from my PC36100 using XDA App
novanosis85 said:
You got something to hide?
Sent from my PC36100 using Tapatalk
Click to expand...
Click to collapse
This is not an answer to privacy concerns. Yes, I do have something to hide (my #, contacts, SMS, GPS location) from shady developers releasing crap apps that ask for way too many permissions, and you should too.
I think for the vast majority of apps, they're not trying to do anything wrong. Of course, you should always check and see if they make sense. But often there's a legitimate reason that isn't immediately obvious. The Angry Birds debacle with SMS permissions a few weeks ago is a good example. It turned out to be that they wanted to implement carrier billing via SMS (they've since removed the permissions). Granted, that itself could be abused, but it's theoretically legit.
One thing that would improve the permissions system - Allow developers to (optionally) specify that a permission is to be confirmed upon use, and not just at install. I think that some people would be a lot more comfortable knowing Android will ask them for permission prior to actually doing something, rather than granting permission for an app to do it whenever it wants. Obviously some permissions do need to be full time, but a lot of the permissions (especially ones that freak people out) are only needed under specific situations, and often for rarely performed activities. Take the Angry Birds situation. Rather than them needing to ask for permission at install to send texts whenever and to whomever they want, people would be much more comfortable if Android would prompt "Angry Birds wants to send an SMS to #####. Do you wish to proceed?". There's no such mechanism, so if an app wants to do something under ANY use case, they have to ask for permission to do it whenever.
It'd also be nice if developers could enter a description in the manifest of WHY they need a permission and have Android include that when it prompts the user. Granted, this would be on the honor system, as they could make up something legitimate sounding and not disclose a nefarious use of the permission. But it would still provide more clarity.
...or you could root your phone and just hope that the ROM devs are on the up and up. Being relatively paranoid myself, some ROMs seem like they would steal credit card or paypal payments made into the market, one in particular
Not true, but just saying

[Q] Why so many apps ask to activate Location, when not necessary?

Hello,
I noticed that several apps I install require that I enable my location/position.
For several of them my location has nothing to do with the purpose of the app.
For instance: Bubble Birds.
I was wondering why??! And also, are the developers using the users' location info for some reasons?
Thank you.
This is something that irks me too, and is often a deciding point on whether I buy/install said app.
I can see it as being used for statistical purposes, but still brings out the conspiracy theorist in me.
I think it might be for ads. Maybe it is for stats though
Sent from my HD7 using XDA Windows Phone 7 App
The "ID_CAP_LOCATION" capability is included by default when creating a new project. If the location requirement is derived from this, it could mean that many developers just haven't removed it before submission, making it look like the application needs location info. This would probably be pointed out during submission, though. Maybe it's for the ads?
Thank you for all the answers.
I suppose it's not for the ads. I live in France and, luckily, all the ads are totally irrevelant and in English.
arturobandini said:
Thank you for all the answers.
I suppose it's not for the ads. I live in France and, luckily, all the ads are totally irrevelant and in English.
Click to expand...
Click to collapse
On my App, I have a trial mode that uses ads. If you pass the location information to the adControl, it enhances the selection process for the ads and will provide better focused ads, which also enhances money the developers receive.
AFAIK, WP7 doesn't support the ability to say "no" to the location and still use the app. If you decline the location, the application will not run. It would be nice to deny access to Location to the app, and still let the application run.
spokanedj said:
On my App, I have a trial mode that uses ads. If you pass the location information to the adControl, it enhances the selection process for the ads and will provide better focused ads, which also enhances money the developers receive.
AFAIK, WP7 doesn't support the ability to say "no" to the location and still use the app. If you decline the location, the application will not run. It would be nice to deny access to Location to the app, and still let the application run.
Click to expand...
Click to collapse
Well they have a very strict policy with the location service, it should be comppetely turned off from within the app if the user desires, i had an app with a button to activate and find the current location and it failed certification since the user could not bypass this button! If the user does not want to supply his location dont press te button and the location service will remain off, but this was not strict enough there should have been an extra switch to deactivate this button....
Weird policy really really weird

[Q] Mobile Security...?

I've read an article recently (forgot the link and where, my memory is horrible) stating that creators of viruses (Malware specifically if i remember correctly.) are starting to focus in on the Android OS more and more ...
Windows gets major viruses because its easy to write viruses for, and the amount of people possible to infect is outrageous.
People don't usually write for OS's like Linux/Unix because its more difficult and they don't affect as many users...
I know most responses to these types of questions are "It's a matter of opinion", so I'm looking for responses from people that know a little something about malware, how it works, and what will work best to protect my Samsung Galaxy S2 Epic 4G Touch.
I want to know what experienced programmers and developers think the best Mobile Security would be for our android devices.
I don't care about how much system resources it uses.
I've been using ESET Mobile Security as the 30 day trial and i likes its options. Plus, it has advanced heuristics, which helps catch viruses that are not in the virus definitions received when updating.
I'm looking for an antivirus that has a high detection rate, but low false-positives. I did some research and it was found that Avast! is one of the most trusted, plus its free. But i also go by the motto "You get what you pay for"...
Another thing I want is an antivirus that will protect Operah Mobile, and not just the stock browser. Avast seems to only protect the default browser.
Any information on this would be greatly appreciated.
In my opinion it's not worth it to run antivirus on our phone unless you are going to be doing alot of piracy of apps .... If you only get apps from market Google catches must stuff t really fast .... Read descriptions on apps you download and don't pirate games and such you should never need avast out such to slow down your phone ...
Sent from my SPH-D710 using xda premium
Epix4G said:
In my opinion it's not worth it to run antivirus on our phone unless you are going to be doing alot of piracy of apps .... If you only get apps from market Google catches must stuff t really fast .... Read descriptions on apps you download and don't pirate games and such you should never need avast out such to slow down your phone ...
Sent from my SPH-D710 using xda premium
Click to expand...
Click to collapse
I use my phone for both business and recreational use. If i get a movie file sent to me from a friend and i don't know where he got it from, i want some kind of protection.
I understand that an antivirus on Android phones is usually an overkill... But i will be kicking myself in the ass if a password to my email ends up being compromised.
I understand that Android phones hardly ever have apps that contain viruses, but based upon that article i ready (I really wish i'd have kept it) its becoming a problem, although not a big problem.
I just want to be protected. For all i know, i could open an excel spreadsheet that i received from a spoofed email address that contains a virus.
You see my dilemma.... So lets start talking about which anti viruses are the most effective.
Regardless,
Thanks for you response.
Anything malicious can only be in the form of an app, because of the Linux structure. Permissions have to be enabled for any R/W access. So the prior recommendation of staying away from pirated apps will suffice.
Also, news articles prey on sensationalism to encourage reading the article. Don't believe everything you read.
Sent from my SPH-D710 using Tapatalk
What the last person said!!! If you get a movie file that has a virus most likely its written for windows anyway and will not do anything to you're phone. Also no movie file, pic file, or file in general can gain permissions that the app using it does not have. So the biggest thing is making sure the apps you download are legit.
There are a few bugs and flaws like with htc sense where a malicious app can gain access to things because HTC sense logs things it should not. TW does not have those problems now that CIQ is gone.
Sent from my SPH-D710 using XDA
I don't run any kind of anti-virus. Even on my PC. If you stay away from anything shady, keep a throwaway gmail account for anything online you're not 100% sure about and pay attention to where things are coming from, you'll be all set. Unless there is some reason that somebody would want to hack into your phone specifically, then it's just random crap that will hurt you. If you don't know where the movie file your friend send you came from, don't open it.
Ok. So everything that you guys said I about apps being the main way to get infected, I completely agree on.
But what about websites? I'm sure sites, especially mobile websites, have some kind of way to get in through some type of Malware/spyware.
The best way to never get a virus is to watch where you download from and be wary of any sites you go to. I know this. But i use my phone frequently, browse the internet frequently, and I know that all kinds of sites have crap on them. All of them can't JUST be for windows OS. What about websites that specialize in stuff for Android phones?
Also... Can't QR Codes from websites contain malicious things?
Call me paranoid. Call me OCD. But i like things a certain way and i'm just trying to find out what I can do to ensure nothing happens on my phone that i don't approve of.
exitprogram said:
Also... Can't QR Codes from websites contain malicious things?
Click to expand...
Click to collapse
I don't really think so, since it's basically pointing you to a webpage. If it points to an app you have to choose to install it from there.
It's very hard (if the end user pays attention) to actually give someone a virus.
If your downloading all your apps legit from the 'Play store' you're going to be fine 99% of the time.
I think the worst we have seen so far is status bar spam anyhow.
The only thing that an antivirus is gonna do is use up more memory on your phone.
So what you guys are telling me is...
#1 Antiviruses of any kind for an Android Phone are completely useless.
#2 These companies wrote Antivirus/Security Apps.... FREE, for no reason.
#3 Their is no possibility of anything getting infected when connecting your device to a PC or Mac.
Well. I guess I was being either way too paranoid, or you guys are wrong and don't even consider the fact that you could already be infected. I mean, how would you even know your phone hasn't been compromised and people are waiting for you to make a credit card purchase? If they want it, do you think they'd advertise it and TELL you or let it be KNOWN they've written something for it? No. They will keep it quiet so they can steal your information without you knowing it. I mean, We can't even get updates on unreleased ROMS! How do you think the hacker community deals with the viruses that they create? Make a forum about it and let Norton add it to its virus definitions? As I've said, i read an article about it, and where there is smoke, there is usually fire.
There are exploits on every device out there. I don't care what it is. People just don't take the time to write them all if the user base isn't big enough to justify the effort. But it doesn't mean they aren't out there.
Did you know gas pumps have been tampered with to save debit card transactions, along with PIN numbers, and then downloaded wirelessly by the criminal via laptop? This was not a small amount of numbers, either.
Sh*t, i didn't even know my gmail got hacked until i checked my sent box and saw spam messages being sent from my account.
I guess this is why people say it is a matter of opinion.
Didn't mean to start a "Politics" type of debate.
I will just keep using ESET Mobile Security since that is what I deem fit.
Thanks for all of your guys's input.
Most virus for Android will request su permissions to actually do any real. Damage considering only a small portion of. The Android users ever. Root their devices the time it takes to write a virus is almost wasted by the cracker, not hacker as hackers are actually coders crackers are the malicious form of hackers, coming from cracking the securities/passwords to steal info, and most ppl who root know what to look for and what to do if they get infected.. Mobile security companies don't write their apps for free, they get ad revenue from the ads in the free apps or you pay 1-10$ to get rid of ads so nothing is. Done for free, the worst virus ever created for Android was CiQ as it logged and sent almost everything you did on your device to who knows what 3rd party companies. So more or less your best antivirus for Android is you
________________________________
{We are legion, for we are many}
>Sent from my Anonymous DeathStar in the depths of GalaXy S2<
-Coming soon to an Evo4G near you?: [AoSP]EViL-MoD_FReEvO v0.1[Free your phone]-
They are "tampering" with credit cards at gas pumps and ATMs, by creating a separate magnetic reader and putting it over top of the reader already present. Not by any software hacking.
No one has said that PC's and Macs are immune from malicious apps.
GNu/Linux is a completely separate security suite vs a PC.
On a PC, any app that is "clicked" will immediately have access to the registry. By which you can change user permissions and application permissions. And the filesystem is immediately available to do whatever the code wants to do. And by proxy, any file accessed by the application also has no limitation to the damage it can wreak. That's how mp3's carry viruses. They are attached to files that would normally have access to the more secure registry keys. Firewalls are made to limit access to the registry. That is a necessity and why people trust security programs. Their software requires it.
Whereas, in Linux, the kernel is seperated from the OS and applications are kept in a sandbox completely seperate from the OS's filesystem. You have to physically allow "permissions" which dictate how far that application can reach. Files do not have any R/W access to the filesystem. The OS just reads and views them. It is not impossible to get in this way, but it is highly unlikely and no known exploits have been found in the wild.
So for anything malicious, you are allowing the corruption, and the only way to know is to only deal with trusted sources.
And to answer your question, Security companies make the software because they can. They are making ad revenue just for you loading the app. And it helps with piece of mind having a repository of known malicious apps. No one has said they aren't what they are advertised, they are. But they are also resource hogs, and unneeded if you understand what is going to be bad content.
Sent from my SPH-D710 using Tapatalk
I hear what you guys are saying. As far as security for an Android phone goes, just be careful and don't install anything from anywhere that you don't trust.
But like i said.... What about when connecting your phone to your PC? Couldn't something be laying dormant on a windows machine and infect an android device? I'll just be paying more attention to what i allow super user permissions to. (Not that i don't already)
Since the vital portion of the OS are kept separate or are "sandboxed" in a way... I will have to ALLOW these things, before they cause damage, right? Or did i already "allow" them when i installed the app and agreed to all of the things they have access to? Like when it sais "This app can read call history, access contacts, etc" ... I know that some apps i install seem to have access to things that have nothing to do with its functionality. Like why would a game need access to Contacts?
I think i ran across some kind of security app that has a firewall that will restrict outgoing and incoming connections for any app. I will probably just use something a long those lines to ensure none of my sensitive information is leaving the phone.
Thanks again! These are the responses that i was looking for.
exitprogram said:
I think i ran across some kind of security app that has a firewall that will restrict outgoing and incoming connections for any app. I will probably just use something a long those lines to ensure none of my sensitive information is leaving the phone.
Thanks again! These are the responses that i was looking for.
Click to expand...
Click to collapse
This APP is actually an antivirus w/firewall. Its Avast. Its free.
I think the "Freeze" option in Titanium Backup would have a similar effect, but you have to pay for that feature.
Even if your not concerned with getting a virus... At least you can control the data that apps send to and from your phone.
It also could be helpful if you download an app a buddy said his friend created and your a little paranoid about it. Or if the app isn't available from your carriers market and you need to download it by other means.
Anyway. This should suffice as far as the security i (was) looking for.
Now i know viruses can't just run rampant on Linux/Unix based system like Android. But JUST IN CASE, i will restrict all apps from communicating to the outside world using that firewall =)
You guys have been very helpful and very informative and even refrained from being d*cks .... Amazing! =)
Thanks guys.
security
what about security from another person hacking into the phone. I have a disgruntled ex-wife that constantly hacks into my phone, fowards my texts and email to people and displays pictures of her for me to see when I turn my phone on. How do I stop this? to me this is much more important than a virus. A phone can always be wiped clean, but a hacker can still get in.
Jerry
jjdellorusso said:
what about security from another person hacking into the phone. I have a disgruntled ex-wife that constantly hacks into my phone, fowards my texts and email to people and displays pictures of her for me to see when I turn my phone on. How do I stop this? to me this is much more important than a virus. A phone can always be wiped clean, but a hacker can still get in.
Jerry
Click to expand...
Click to collapse
Did you try calling the cops? That's more than one law she's breaking.
Take a look at this
Http://www.itworld.com/security/267484/android-apps-dont-need-permission-see-your-data
Sent from my SPH-D710 using Tapatalk 2
Also for your reviews check this one out
www.droid-life.com/2012/03/07/over-...nly-7-have-malware-detection-rate-of-over-90/
Sent from my SPH-D710 using Tapatalk 2
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Avast!™ Mobile Security in the Google® Play™ Store (formerly the Android® Market™)
Umm... did I make my point clear?
Sent from my Samsung® Galaxy™ SII Epic™ Touch 4G running CyanogenMod9™ ICS!

Received a bunch of Lookout Detected Threats

I'm running MOAR v6.0 MD4 (Android 4.1.2) on Sprint GS3. I never received any alerts from Lookout before but today it report 15 riskware alerts:
com.android.phone
com.mythtrandyr.inkeffectsettings
com.lidroid.settings
com.sonyericsson.lockscreen.uxpnxt
com.jy.iconchanger.ad
de.robv.android.xposed.mods.appsettings
com.asushi.livewallpaper.mytree
com.monotype.android.font.XDAFONTS
com.android.launcher
de.robv.android.xposed.installer
com.android.flashblink
com.sec.android.mimage.photoretouching
com.koo.lightmanager
com.android.lmt
com.lidroid.sgs.secretcode
All have a classification of: Riskware.Android.CompromisedKey.a.
Should I alarmed or this is likely a problem with definition update from Lookout?
Great support from the Lookout guys as I emailed them and they replied right away, here's what they said. I should be okay:
The reason we have flagged this app is as 'Riskware' is due to a special key that this particular developer used when publishing the app. The key is normally a private piece of information that we use to determine if an app is authentic, and to identify the developer. In this particular situation, the developer chose to use a key that has been widely distributed on the internet or has been compromised.
This makes it impossible for us to validate the app and its authenticity. Therefore, we are not calling these apps malware, but we recommend that users not install apps like this because it is inherently more risky (hence the "Riskware" assessment).
If you as a user understands the risk and still decide to trust the app, feel free to ignore the warning.
We have also been seeing some device manufacturer, preinstalled apps also being flagged as 'Riskware' for the same reason. These apps are unable to be uninstalled and we please ask that you ignore the warning if it is an app that came preinstalled on the device. We have reached out to these developers to make the proper changes.
Thanks for using Lookout!
David,
The Lookout Team
mindfulness said:
Great support from the Lookout guys as I emailed them and they replied right away, here's what they said. I should be okay:
The reason we have flagged this app is as 'Riskware' is due to a special key that this particular developer used when publishing the app. The key is normally a private piece of information that we use to determine if an app is authentic, and to identify the developer. In this particular situation, the developer chose to use a key that has been widely distributed on the internet or has been compromised.
This makes it impossible for us to validate the app and its authenticity. Therefore, we are not calling these apps malware, but we recommend that users not install apps like this because it is inherently more risky (hence the "Riskware" assessment).
If you as a user understands the risk and still decide to trust the app, feel free to ignore the warning.
We have also been seeing some device manufacturer, preinstalled apps also being flagged as 'Riskware' for the same reason. These apps are unable to be uninstalled and we please ask that you ignore the warning if it is an app that came preinstalled on the device. We have reached out to these developers to make the proper changes.
Thanks for using Lookout!
David,
The Lookout Team
Click to expand...
Click to collapse
What effect will this have on CM builds because they are using public available keys (https://github.com/CyanogenMod/android_build/tree/gingerbread/target/product/security) to sign ?

Categories

Resources