We're spoiled in the desktop browser by being able to clear history, cookies, local storage etc, or use a private browser session. There's also the importance of the "same origin policy".
The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place. Perhaps even going as far as not providing a shared filesystem.
Mobile apps, despite platform API permission, and having some ability to protect their own data, are a lot closer to desktop programs than web apps in many regards.
> The Android platform API should simply never allow apps to obtain global system identifiers
When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen. They can't also keep it only for themselves and block for others or they'll get unfair trade practices action on their backs.
Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to do so suggests they want to keep the possibility of re-entering the advertising business (or at least portray so to their shareholders)
> Thr fact that Apple which could do this without significant adverse monetary impact but has chosen not to
They restrict access to most of the things listed above, giving randomised fakes where necessary. The advertising ID they do let apps access is unique to a publisher so they can't be tied together with behaviour from apps by other publishers, and it's trivially disabled/resettable by the end user (Settings > Privacy > Advertising > Limit Ad Tracking / Reset Advertising Identifier…). They improve things every year, e.g. Safari's intelligent tracking prevention.
I'm not really sure how you can arrive at the conclusion that Apple are holding back; they seem clearly committed to improving privacy as demonstrated by their continuous work in the area.
> The advertising ID they do let apps access is unique to a publisher so they can't be tied together with behaviour from apps by other publishers, and it's trivially disabled/resettable by the end user (Settings > Privacy > Advertising > Limit Ad Tracking / Reset Advertising Identifier…).
They still let apps give you a unique identifier through shared containers, those will only be deleted if you delete all apps that can access it. There is also some other container (I forgot the name) which will never be deleted unless you get a new device and don't restore any backups.
You can see this kind of behaviour when you delete Instagram and they automatically fill out your username the next time you install it.
With Facebook owning WhatsApp, they are already able to give each iOS device a unique identifier. What is Apple going to do about it? Remove WhatsApp from the App Store?
Shared containers are also restricted by publisher – you can't share data with another publisher using them.
I believe the other container you're talking about is the keychain. You can store small amounts of data in there (typically secure auth info) and it will persist even after app deletion. This is hardware encrypted by the Secure Enclave and can't be shared between publishers.
Apple have shown that they are willing to remove big social media apps from the App Store just a few weeks ago, with Tumblr.
Also, collecting information for use in WhatsApp and using it for a different purpose in Facebook is a DPA and GDPR violation:
Apologies, I'm conflating two slightly different things there.
There's the identifierForVendor [0] which is unique to the publisher. This is pretty safe to use however you see fit (within reason).
Then there's the advertisingIdentifier [1], which is not unique, but can easily be permanently zeroed out by the user. Apple also have some fairly stringent rules about how it can be used [2], not to mention further rules about not identifying people surreptitiously [3]:
> 5.1.2 Data Use and Sharing
> (iii) Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an “anonymized,” “aggregated,” or otherwise non-identifiable way.
They ask you to explicitly confirm that you're following the advertising identifier rules in particular every single time you submit to the App Store.
Cannot these restrictions be lifted if you write that the user agrees to sharing all of their data for any purposes somewhere between the lines of a 20-page Privacy Policy?
I imagine Apple has the final word on how to define the word surreptitiously. I would like to think Apple could interpret somewhere in 20 page privacy policy is surreptitious.
>I'm not really sure how you can arrive at the conclusion that Apple are holding back; they seem clearly committed to improving privacy as demonstrated by their continuous work in the area.
Given the Apple phone was successfully hacked in the FBI case, I'm not sure why HN seems to think they are the bastion of privacy.
Given the other anti-consumer and anti-developer practices at Apple, I wouldn't trust them to protect privacy(today, and in the future when their stock price takes a hit).
That iPhone was a 5C which doesn't have the Secure Enclave Processor and is a huge jump in hardware security. There's a reason the FBI rails against Apple even in their public speeches and I assure you it's not because they are insecure.
I was responding to somebody who is under the impression that Apple are purposefully choosing not to protect user privacy. The most powerful government in the world hacking an Apple product in their possession without Apple's consent isn't relevant to that. If anything, the fact that Apple went to court to avoid being compelled to aid them in the endeavour supports what I am saying.
I'm not saying that Apple products are 100% impenetrable against nation states; I'm pointing out that Apple are clearly putting serious effort into protecting user privacy.
I'm not sure why this is such a foreign concept to so many people. This is something Apple can do that their competitors cannot due to their business models. It's becoming more and more of a concern to customers and the law in many places. Even if you assume Apple are 100% self-serving, this is obviously a valuable differentiator for them to capitalise on.
That is illogical. Declining to hand over unwarranted data to LEO is independent of using user data for commercial purposes.
Google also has tight security and privacy from government intrusion
It's contradictory in fact, because data monetizing companies prefer to control data not leak it, to keep the data's price high.
>When the revenue stream of the creator of Android fundamentally depends on being able to tie devices to identity and behaviour, it's highly unlikely this is going to happen.
Well put. I’ve tried to explain to people that I prefer Apple’s upfrontness that they are there to sell me a device and it’s software for money. Unlike Android systems where I feel the lead is intentionally buried by telling me how “free” the software is.
iOS apps have similar issues, actually. On the Android side, you can at least use free and auditable apps from the F-Droid repository, and buy your device from an OEM vendor which will let you unlock it and install google-free LineageOS.
(More speculatively, the community is now working on replacing AOSP altogether with the usual Linux desktop stack, via PostmarketOS. Not usable right now, but it's progressing rather quickly, and may well be practically useful later in 2019.)
>On the Android side, you can at least use free and auditable apps from the F-Droid repository, and buy your device from an OEM vendor which will let you unlock it and install google-free LineageOS.
Do you go audit every line of source code in the apps and OS you install? Do you then verify that the binary blobs you're installing were built from the same source? Do you somehow audit the source for the firmware on your device and verify that that is the firmware installed on your device? What about the hardware, do you audit it?
Filtering apps by license is a great filter for intent. There are many reasons people write FLOSS licensed software for, but the fewest include wanting to get your data. For economically thinking professional data collectors who e.g. put some dancing pigs game out to get your contact data, the gaining access to a small population aren't worth the effort of open sourcing. F-Droid also has the concept of antifeatures, which upfront informs users about potentially unwanted behaviour like tracking.
I trust the community (including the security community) to do a better job at this than a handful of proprietary hardware and software vendors. Yes, it would be nice to have more openness on the hardware side too (and the Librem 5 phone is a worthwhile answer to that) but let's focus on the lowest-hanging fruit first.
Being non-free and non-auditable, including proprietary SDKs that can gather tracking info/IDs, connecting to Facebook (even when the app is something other than a FB client)... Stuff that's quite comparable to what the video is talking about.
Indeed. I don't have a Facebook account and yet various apps on my iOS devices still attempt to connect to graph.facebook.com (amongst other servers I'd rather they didn't, e.g. flurry).
Not true at all..this would have significant monetary impact. If advertisers lose to ability to monitor purchases at a granular level attributed to advertiser specific initiatives they will not spend and that has a chain effect that trickles to apple since they take 30% cuts of all in app revenue. If advertisers pull the plug on in app purchases and go around...they may go the route of removing IDFA to screw over advertisers for trying to go around their App store.
While you make good points about mobile apps, don't be too spoiled by the privacy offered by destop browsers. Because of their configuration and various APIs, they're almost as easy to fingerprint as mobile devices with advertising IDs.
I know you're not disagreeing with me, but the issue you raise only distracts and lends ammo to the defenders of these prolific tracking mechanisms. It's the Nirvana fallacy.
I'm sure there's a Google rep somewhere that will tell you that their "advertising ID" is better than the status quo on the web because the user can rotate it and, because it's reliable and easy for app devs to use, they are discouraged from being more nefarious and sneaky in tracking users.
This is all a bloody distraction from the point: it should not be an acceptable norm for this tracking to happen and it should be as hard as possible to pull off without informed user consent.
The degree to which platforms are defensive against it is a different issue to whether or not they actively encourage it by design... which shouldn't even be open to debate.
That's a good point. Depending on permissions, it would be hard to keep some malicious apps from stealing your nude photos too, but we don't take it for granted that "Of course the file explorer app looks for and surreptitiously uploads nudes! How else are they supposed to make money?"
Our world is starting to looka lot like that of the Space Merchants..
So honest question, how does a legal/regulatory solution protect users against illegal bad actors, foreign actors, or malicious projects and frameworks that are either Open Source or that aren't backed by a company?
I hear this argument brought up a lot, that the only thing that can fix this is regulations. I've always come at this from the opposite direction -- regulatory solutions are nice, and I'm not against them, but they're less useful than technological solutions because my gut instinct is regulations only cover a) law-abiding entities (and usually only corporations at that), who are b) competent enough not to mess up compliance in the first place.
The perspective I lean on by default is that even if you have good regulations in place, the problem isn't really solved until there's a widespread technical solution. So for example, it might be nice to have a law banning MITM attacks, but HTTPS is the superior solution that we really want. When we pass laws criminalizing stuff like hacking or tracking children, my perspective is we're just trying to buy time and localize the damage to the slightly less frequented parts of the Android app store while we fix the crappy permissions models and sandboxing on our core platforms.
Is there a secondary aspect to the regulatory solutions that I'm missing? Something that would go much, much farther and be much stricter than laws like GDPR? I don't mean it as an argument, I'd just be curious to hear someone with the regulation>infrastructure perspective elaborate more on what they're thinking about when they say that, because it's a perspective I don't have much experience with.
I didn't disagree with your original comment by I do disagree with the follow-up. It's neither a distraction, nor a fallacy.
First, our computing devices do not protect our privacy and security sufficiently. It's a general problem, not limited or even particularly affecting Android. And you deal with general problems differently than with incidental ones. You don't tell people in an epidemic to "just go see a doctor."
Second, I do more sensitive computing in the browser on my computer than I do on my phone. It's the bigger issue.
Finally, the way we dealt with Internet worms and viruses was not by strongly stating how unacceptable infecting other people's computers is. We patched our software, kept it up to date, and even completely changed its design. Later shamed Microsoft into doing the same.
I upvoted you because while I disagree that browsers are the bigger issue (many people use mobile devices for important things, and the less tech literate, the higher the chance they do all their online stuff with them, I'll just claim that), you didn't bring browsers up, you just responded to that with a fair point... and the comment you responded to didn't mention browers to distract either, so it seems silly to me that there's now this hot potato of who distracted from what in play. Good points all around, that's what I'm seeing.
The Android advertising ID is exactly the same as the iOS IDFA. Both companies enforce policies on using those identifiers for apps published on their app stores.
This 100%. It will also make your web experience a lot better because so much of the javascript out there just does things you don't want anyway, such as loading ads and displaying popups.
If you are a web developer or are familiar with web terminology like origins, domains, frames, XHR, etc on the web, and are willing to put in some time learning how to use it (15 mins for a seasoned web dev, maybe 30-60 mins otherwise) get uMatrix (https://github.com/gorhill/uMatrix). It will change your life! If not, use ScriptBlock on Chrome or NoScript on Firefox. Block all scripts (and if using uMatrix, cookies, XHR, and frames) by default and whitelist as you go for sites you trust (or want to use bad enough to potentially open yourself up for tracking).
> so much of the javascript out there just does things you don't want
JavaScript developers should ask themselves if they want JS to become the popup of the 2010s: initially well-intentioned, shamelessly abused, universally loathed, and ultimately killed.
I think the point is not that the core domain can't fingerprint you, it is that 3rd party JavaScript is blocked by default, which makes those domains less likely to track you. Not impossible, just less likely. For example there is almost never any reason to allow Google Analytics JS.
Agreed. If you take the default uMatrix setup, change javascript to be disabled, then just whitelist as you go, you'll pass most of those tests and be pretty tracker-resistant.
My suspicion is that fingerprinting by the core domain will actually get worse since your browser behaves so differently from stock browsers (which is after all the point of uMatrix :-) ). The majority of trackers tho will be third party (such as Google analytics). Very few sites roll their own trackers because it's hard to get right, and some great ones like GA is free. For those that do, I'm not too worried anyway, but that's certainly just a personal thing.
I've been blocking JS for the last 6 months or so and I've found it to be a greatly improved experience overall. I can enable at the click of a button JS for a website that fails to load properly but the majority of sites I view are fine without this. It was refreshing to learn that not as many websites as I suspected are JS abominations!
My experience exactly. Everyone said "don't do it, most sites need js!" but it isn't true. SPAs are certainly out there, but not nearly as common as you'd think (I most thank SEO for that since only recently would Google crawl a client-side rendered page). Will it be a seamless experience? No, definitely not, but I agree, overall it's an improvement.
I do have Firefox set to noscript. When things don't display, I copy the URL to Chrome where I don't have it so locked down. But I've been dismayed to see over the last year that a lot of sites that used to be usable no longer are.
I don't. The only one I know is using Tor Browser without any customization, without even changing the windows size, because it makes you look like every other Tor Browser user.
However, it comes with a fairly long list of downsides: less secure than Chrome, less secure than even Firefox it's based on because it's not updated as often and quickly, and you MITM yourself by default, and it's slow, it doesn't block ads... The price to pay is steep.
It's fast enough to be my main browser and plays e.g. YouTube at lower resolutions fine. I chose to install ublock origin, makes me stand out more from other users but I'm on Linux which is now revealed directly in the useragent string so I decided it wasn't a concern for me as I'm already not in the larger group of Windows users.
> And HN users are probably even more vulnerable since we will have customized our software making it stand out.
On the other hand, among HN users you'll probably find a higher percentage of those who block JS by default and allow it only on selected websites. Most of these fingerprinting methods (and most web abuse in general) depends on JS being turned on.
I'm not totally convinced panopticlick is as real as they claim. Try you're on the west or east coast of the USA and own an 1 or 2 year old iphone try visiting. It will likely tell you you're identifible 1 out of 500k or so. But except for time zone all iPhones of the same model should have the same fingerprint. Pretty much any calcluation on how many iphones 1 or 2 years old in the same time zone will make it clear that 500k is several orders of magnitude off.
I'm not saying you can't finger print, and like you pointed out it's easier on desktop. I'm only pointing out that panopticlick needs some work to be more accurate.
They are removing the ability to get any device identifiers in newer Android versions - unless you ask the user for a permission. https://developer.android.com/training/articles/user-data-id...
There are advertising IDs and these can be reset.
But I am not saying it's ideal in Android - up until recently you could easily fingerprint a device and you can do it today if you ask the users for permission (which the average user doesn't read or you can trick him into accepting the permission request).
“asking users for permission” never works. You end up with Vista style UAC. What about not allowing it all? Even before iOS and Android were a thing, Windows Mobile had a way for apps to uniquely identify a device but that unique identifier was per app/per user.
You can't ask for permission for some of them anymore. MAC address queries just return a hardcoded 02:00:00:00:00:00, even if you have the appropriate premissions.
For example any kind of Bluetooth companion app, including sensor readers, watch companion apps and pretty much anything there requires access to MAC to complete pairing.
Any kind of mDNS and direct WiFi apps. Any kind of Wifi scanning and environment survey apps. Any kind of Wifi helper apps to setup other devices.
Are you seriously claiming that our portable computers should lock us out from creating these kind of new application experiences permanently and give ONLY Google and Apple the ability to create them? You want innovation in use of our portable computers to be permanently owned and controlled by Google and Apple exclusively?
Come on, think for a while about what you're asking.
For example any kind of Bluetooth companion app, including sensor readers, watch companion apps and pretty much anything there requires access to MAC to complete pairing.
Your app on the phone wouldn’t need your Bluetooth ID (which is separate from the WiFi MAC ID). It would need the ID of the connecting device.
Are you seriously claiming that our portable computers should lock us out from creating these kind of new application experiences permanently and give ONLY Google and Apple the ability to create them? You want innovation in use of our portable computers to be permanently owned and controlled by Google and Apple exclusively?
We have an existence proof with both Android and Windows - and less so with Macs but only because they aren’t as large of a target - with what happens when apps are given unfettered access to the hardware and privacy related information even with user permissions. How often have we seen yet another privacy invasion from Facebook but only against Android users?
> We have an existence proof with both Android and Windows - and less so with Macs but only because they aren’t as large of a target - with what happens when apps are given unfettered access to the hardware and privacy related information even with user permissions.
What exactly happens? A ton of innovative apps can be made? Bunch of enterpreneurs can innovate and built new products without approval from a huge american corporation?
Yes, powerful tools can be abused. But powerful use-cases require powerful tools. What you're defending is akin to saying we should cut out everyone's tongue to defend against people accidentally telling their personal information to strangers. It's NOT a proportional response. You're effectively ceding full control of EVERYTHING you do on your computing device to Google and Apple forever because you're afraid that powerful tool, drivers of innovation and progress, might hurt someone occasionally.
You can't have progress in a kindergarten - instead of demanding that large corporations babysit the public and tell them what to think, we NEED to make sure that people take responsibility for themselves. It's the only way you keep free market and freedom functioning.
The existence proof is both Windows and Android and all of the spyware, malware, ransomware, and privacy invasion apps.
Yes, powerful tools can be abused....You're effectively ceding full control of EVERYTHING you do on your computing device to Google and Apple forever because you're afraid that powerful tool, drivers of innovation and progress, might hurt someone occasionally.
You’re speaking as if this is hypothetical. Thirty plus years of PC use and 10 years of Android is proof that third party developers can’t be trusted and the platform providers have a responsibilty to keep third party providers in check. Given the trade off of inconveniencing a few geeks and not allowing third parties to read text messages, phone logs, etc. I think that’s a fair trade off.
I am a developer and have been for 20 years. But the platform providers should be catering to the users. I will install any random app on my iPhone. I don’t worry about whether the app comes from a trusted developer. I know because of the security model that the app can’t do too much damage.
we NEED to make sure that people take responsibility for themselves. It's the only way you keep free market and freedom functioning.
Again, how has that worked out so far for the vast number of PC and Android users?
It has been drilled into computer users heads not to download random apps from untrusted sources on their computers because of the potential for harm. The fact that the iOS App Store does enforce a sandbox actually gave app developers a larger market of people who would try random apps without having to trust the developer.
But most importantly, Android has been around for a decade. Where are all of the Android “entrepreneurs” that are getting rich because of their “innovative” apps that are possible because of its lax security model?
> The existence proof is both Windows and Android and all of the spyware, malware, ransomware, and privacy invasion apps.
But... the existence proof is also Windows and Android and the massive market share and staggering amount of innovation that's happened on those platforms.
You're forgetting that many of the capabilities that Apple eventually caved on and added to iOS came directly as a result of Android's "we'll let you do that" default motto. There was a period of time where you couldn't have custom keyboards on iOS. There was a period of time where 3rd party apps on iOS couldn't even multitask.
Don't get me wrong, Android's permission model needs serious work at this point. But the coin you're holding up has two sides on it. You're writing off a huge amount of innovation that has benefited everyone, Apple users included.
Platform power is a continuum -- there's no single right or wrong answer for everyone buying a device, which is why it's good to have multiple platforms with multiple philosophies.
Even if you don't care about that though, and you personally enjoy staying closer to the secure side of things, permissive platforms still benefit you as a user because they're testing grounds to find out which capabilities are beneficial enough to end-users to be worth back-porting to the more closed gardens. That's something we've seen repeatedly throughout the years with Android and iOS: both platforms feed on each other in different ways.
But... the existence proof is also Windows and Android and the massive market share and staggering amount of innovation that's happened on those platforms.
The massive market share is because of cheap phones. The average selling price of an Android phone is a 3rd of an iPhone.
And where is this “massive innovation” that is leading to profit either by app makers making apps that can only be made on Android or by device makers? As the old saying goes - “if they are so smart, why aren’t they rich?” The whole Android ecosystem is a race to the unprofitable bottom.
The same can be said about Windows PC makers - thin margins and low profits. Not exactly what I would consider a “success”.
There was a period of time where you couldn't have custom keyboards on iOS. There was a period of time where 3rd party apps on iOS couldn't even multitask.
And when Apple did it, it did it more securely. You can’t just press a confirmation button, the user has to be purposeful and go into settings, the keyboard runs out of process, and even then by default the keyboard doesn’t have network access. The user has to go out of their way to go back into settings to give the keyboard network access and they get a huge warning. Also, when you enter a password, it changes back to the system keyboard.
As far as multitasking, again Apple was more thoughtful and limited multitasking in iOS 4 to not allow a third party app to drain the battery. Even now that they have opened it up more, the user can still granularly control what apps are allowed to run in the background.
There is huge difference between the thoughtfulness of how Apple implements features and how Google implements features.
> The massive market share is because of cheap phones.
The cheap phones are because Google allows 3rd-party OEMs to install Android on their own devices, even though that carries an extra risk of having an outdated phone, or a 3rd-party back door, or just a crappy experience that degrades the overall Android brand. It's the exact same thing we're talking about -- Apple doesn't do that because they think giving random device makers that much control is insecure and hurts their brand. It doesn't mean that Apple's approach is wrong. But I'm glad that both exist.
> And when Apple did it, it did it more securely.
This isn't an iOS vs Android contest. It doesn't matter who has the better implementation.
Apple started from a perspective of "You don't need multitasking." Consumers widely said, "Yeah, we do. Those phones have it and we want it." Apple said, "fine, but we'll do it our way." Everybody won, because some people went out and did the experimental hacky thing, and Apple looked at them and said, "you know what, it has issues, but I guess that is worth supporting."
> And where is this “massive innovation” that is leading to profit either by app makers making apps that can only be made on Android or by device makers?
Innovation != profit. Otherwise, Open Source communities would be a lot richer. My metrics for user success are not primarily based on corporate profit margins, but the short answer to why people aren't getting rich on Android is because the app market as a whole on both iOS and Android is a race to the bottom. It just so happens that Android's bottom is slightly lower than Apple's is.
There certainly are apps on Android that can't exist on iOS though, if that's what you're getting at. Off the top of my head, the iOS equivalents of Tasker are way underpowered next to what's being offered on Android. 3rd-party non-Gecko web browsers still aren't supported on iOS, which actually does matter because the iOS browser engine is lagging on multiple web standards. Look backwards a little ways, and you have the swipe keyboard style, which started out as a 3rd-party app on Android and (I suspect) was a big part of Apple deciding to back-down on their 3rd-party keyboard restrictions. Go back even farther and you had 3rd-party tethering apps. On the OEM side, there are people who still swear by the Note series, and Apple seems pretty adamant that they're not interested in pursuing phone styluses. They're probably not gonna ever break on that, but I am about 65-75% sure that within 5-7 years Apple's gonna break down on touchscreen laptops; I feel like the convertible market is going to eventually be too big for them to ignore.
One big thing for me personally is that I use a file manager on Android to handle syncing -- I basically treat my phone like a USB drive. A really nice part of that is it's all web-based. I don't have anything installed on my computer, I can boot up essentially a local server from my phone and drag videos/music into or out of any app's data storage from any computer with a web browser. Even from other phones :)
Again, this doesn't mean that Android is better than iOS. It means iOS and Android serve different niches. If you like the iOS niche, that's great. Some people genuinely like the Android niche; they're not just buying Google phones because they're poor. The high-end Pixel phones sell.
This isn't an iOS vs Android contest. It doesn't matter who has the better implementation.
In a thread about how Facebook invades users’ privacy because of lax security controls on Android, it does matter that one method of allowing third party keyboards is “secure” and the other isn’t.
Innovation != profit. Otherwise, Open Source communities would be a lot richer. This is like saying, "well if newspapers have such good reporting, why aren't they making money?" Because the app market as a whole on both iOS and Android is a race to the bottom. It just so happens that Android's bottom is slightly lower than Apple's is.
One of the posts in this thread was talking about “entrepreneurship” a
Nd business opportunities that can’t exist because of Apple’s policy. If that were true, you should see a blossoming of business opportunities that exist on Android.
Go back even farther and you had 3rd-party tethering apps.
Tethering restrictions was the one thing that Apple did to cowtow to phone providers. Why would Apple care about third party tethering otherwise?
One big thing for me personally is that I use a file manager on Android to handle syncing -- I basically treat my phone like a USB drive. A really nice part of that is it's all web-based. I don't have anything installed on my computer, I can boot up essentially a local server from my phone and drag videos/music into or out of any app's data storage from any computer with a web browser. Even from other phones :
There are plenty of apps that do that with the iPhone. But, all of the cloud storage apps have web interfaces that you can copy files to and from.
The high-end Pixel phones sell.
Barely....
Estimates are that Google sells about 4 million phones in a year - the same number Apple sells in a week.
> There are plenty of apps that do that with the iPhone.
...no. iOS doesn't have a user-accessible file browser. On Android, I can use my browser to access system files from any other application. Apps in iOS are sandboxed from the file system. I'm confused -- isn't that one of the things you like about iOS?
Maybe that's changed since the last time I used an iPhone? Did Apple break and add a system-wide file access permission recently? I don't see any iOS apps advertising that feature, but maybe I'm missing something.
The point I'm getting at is not whether or not iOS is more secure than Android. It's that the open app approach, while flawed for many reasons, allows developers to pursue innovative applications like weird keyboards that let you swipe instead of tap, and background apps that let you turn parts of your phone on and off when you walk into your house, and custom stylus-oriented devices that let you scrawl notes on your home screen while your phone's locked, and firewalls that let you monitor system-wide network requests and block ads, and homescreen widgets, and, yes, even network-level privileges that allowed 3rd-party OEMs and developers to add tethering regardless of what service providers wanted.
Some of these ended up being bad ideas, and some of them ended up being good ideas. And since then, some of the good ideas have gotten copied to iOS, with tweaks.
This is good for everyone. It's especially good for Apple users.
The point I'm getting at is you can't only focus on one part of this equation. Android is less secure than Apple because it's open. But it also, objectively, has a wider array of low and high-end devices and applications than iOS does. The same is true of Windows. Windows is insecure. But they also have Surface Books, which are cool. It's a trade-off.
When you talk about going wholesale down the "we control everything" approach, you are treating a multidimensional issue like it has exactly one right answer. It is in everyone's best interest to have multiple different systems trying out multiple different approaches.
> One of the posts in this thread was talking about “entrepreneurship”
As far as file access, no app should ever need access to the entire file system - just the users’ files. Even then, a photo/video app should only need access to the photo library a music app should only need access to your music library etc.
As far as generic files again the user chooses which files the app has access to outside of the sandbox via a standard file picker.
Besides the built in iCloud, if you install Dropbox, OneDrive, Google Drive, etc. you can choose any of those as destinations when you want to save or load a file from the standard file picker. They all just “storage providers”.
But if you want a local file storage solution that is accessible by all apps, you can install a storage provider for that too.
> With iOS 8, your iPhone or iPad can now have a local file system like the one Android users have.
The evolution of file access on iOS is a perfect example of what I'm talking about. A rough feature that came out of Android's laissez faire permission model that was later tweaked and adopted by iOS after it proved useful and was demanded by users.
And I feel like this is still happening - to me the new Files app in iOS 11 is a pretty clear step towards unifying disparate storage solutions in a single interface, and opening up the Files app to third party integrations is another cautious shift towards Android's more permissive model. I would not honestly be surprised if at some point in the future Apple introduces a way to access some system files -- every desktop OS supports it, and the iPad is slowly positioning itself as a desktop replacement. But I dunno, it'll be interesting to see.
When you say, "oh, there's nothing innovative about this", you're glossing over that it took a heck of a long time to get file access at all in iOS, and that Apple is still evolving how file access works on its devices. Android served as a testing ground for that feature while Apple stood back and watched and thought about how they wanted to approach it. Which (again) is a process that's good for users on both platforms.
And I feel like this is still happening - to me the new Files app in iOS 11 is a pretty clear step towards unifying disparate storage solutions in a single interface, and opening up the Files app to third party integrations is another cautious shift towards Android's more permissive model
That’s kind of the point, the way that Apple allowed third party storage providers were done in a method that is still not “permissive”. Apps don’t have access to users files except for the files that the user chooses. If an app wants full access to their Dropbox or Google Drive storage, they still have to have a custom integration like VLC.
Apple introduces a way to access some system files -- every desktop OS supports it, and the iPad is slowly positioning itself as a desktop replacement. But I dunno, it'll be interesting to see.
And every desktop OS has the potential for viruses and ransomware because of third party apps having access to system files and to what benefit?
Much better than the privacy and security of iOS, which has had hundreds of millions of users infected with XCodeGhost. All while allowing much more useful applications to be built.
The fact that the application must request permission to see that data gets those applications extra scrutiny from not only the user but the app store and third party security researchers as well.
And we have 30+ years of user behavior of computer users and almost 10 years of mobile user behavior with Android to know that most users aren’t going to give “extra scrutiny” to those applications and are just going to click “allow”.
And even if “security researchers” do find an issue with an Android app, how does that information get disseminated to users? Even if Google decides to close the hole, Android doesn’t exactly have a great track record of getting updates to users.
> And we have 30+ years of user behavior of computer users and almost 10 years of mobile user behavior with Android to know that most users aren’t going to give “extra scrutiny” to those applications and are just going to click “allow”.
A much better example is the massive XCodeGhost infection on the app store. Apple relies entirely on users for figuring out if things are misbehaving, while Android also has automated detection and the third party security ecosystem, as I pointed out in the comment you replied to.
> And even if “security researchers” do find an issue with an Android app, how does that information get disseminated to users?
By having the app removed from the store. Which Apple is unable to do because it doesn't allow third party security researchers to scrutinize its app store. This resulted in the massive XCodeGhost infection, which Apple couldn't fully remove from their store for weeks after.
> Even if Google decides to close the hole, Android doesn’t exactly have a great track record of getting updates to users.
The whole point is that it's not a hole. It's an app abusing an API. The correct thing to do is to simply remove the app from the store, which is exactly what happens.
By having the app removed from the store. Which Apple is unable to do because it doesn't allow third party security researchers to scrutinize its app store. This resulted in the massive XCodeGhost infection, which Apple couldn't fully remove from their store for weeks after.
XCodeGhost was first found by Alibaba - a third party.
It was first found by Chinese developers who found it in their own apps. Neither they nor Ali Baba had any idea what other apps were affected. Ali Baba did some additional research to track down how the apps were infected. The malware was disclosed by Chinese iOS developers and analyzed by Alibaba researchers
Users are starting to demand that apps justify their permissions. My Roku app tried to update and then ask for location permissions claiming that the app now needed your GPS location to connect to your Roku. Their ratings tanked and the next update removed making it mandatory. I'm currently still on an older version because the update overall was a disaster and they've shown they're not trustworthy.
For the power-users out there there is a solution, install Xposed[0] on your device (root and custom recovery required of course) and then XPrivacyLua[1] which provides fine controls allowing you to hide identifiers (ad IDs etc), tracking, activity, applications installed, network info, analytics and much more for each app. Best part is it sends fake data to make sure apps don't crash or complain.
You can run the Facebook mobile site inside Firefox browser and do all those things. Or use an open source wrapper app like FaceSlim so that the mobile site can feel like an app.
> The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place. Perhaps even going as far as not providing a shared filesystem.
Well, that's a nice wish for Santa, but does anyone really expect such a policy from an advertising company like Google?
Not without public pressure. Commenting on it, reminding everyone that this is actually Google's fault in the first place, etc, is a good way to apply that pressure. Otherwise it's just on Facebook, and they do not give a fuck what people think of them.
I've used user-agent's from the facebook app against a user for example(legit work :) ). It contains the phone version,app version and so much other detail that's a unique identifier.
Using local storage/hardware to track devices is easy mode, but removing those options won't come even close to limiting per-device tracking. You can track clients using entirely serverside techniques. You can also leverage legitimate security features (like HSTS headers) to track clients.
I would say educated, not spoiled. if you so choose to not install apps (which are the same of, in the 90s, going to twocows or download.com, searching for idiot applications like "blockbuster" and installing them in your computer with full access to memory and disk) then you can buy an android phone, install firefox, install uBlock Origin, and only use those companies offerings via the browser.
granted, you will have to give up on netflix unless you want to install their DRM client, just like in the desktop.
> The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place.
Of course. On the other hand, Google's global attitude is that user tracking is fine, their core business is based on that. So it would be hypocritical on their part if they decided to block user tracking on their devices.
They have increasingly revised or clamped down on the various unique IDs and are pushing everyone to the (user-resetable) advertising ID. Things like the MAC have already been hardcoded to a single fixed value for a couple of years now.
You're just spreading unsupported fud. Actions speak louder than words and Google's actions for Android apps and APIs do not agree with your comments.
It's very kind of Google to, say, make the recent change re. Build.SERIAL/Build.getSerial() so that it requires a permission now. That's a step in the right direction, but we're still very far from being untrackable.
I seriously loathe the people hating on the web. On the web one can preview, debug, and block stuff at each application and network layer. Use Lynx, disable JS, install ad and tracking blockers, edit hosts file - you are the king. Want to see the true evil? Native Android and iOS applications, there doesn’t exist an alternative platform anymore. You think that app is free? Not even web-style in-app advertisements give you a second thought?
It's pretty frustrating. The web is infinitely better than the app-based nonsense we have. Desktops are better than mobile devices by orders of magnitude when it comes to productive tasks.
It'll shift back over time. Mobile is not going away but there will be a resurgence of desktop usage in the form of the mobile devices being hooked up to dumb terminals or something of the sort, and privacy/usability initiatives will slowly trudge on.
The web platform is complete garbage. It's extremely restrictive, outdated, and slow.
It has fantastic benefits, particularly in the brief usage long tail category, but it's not an app platform. Stop trying to use it as something it just isn't. There's plenty of room here for both native and web.
I agree completely. It's a particularly common problem on this forum.
The web is the most open and accessible platform we have. There's a powerful and fast layout engine. Scripting is open by default, and the client can at any time inspect, block, or modify those scripts to suit their needs.
Yes, it's been happening for a while. Google and Mozilla have been pushing (sometimes rushing) for more capable web browsers while Apple actively protects the exclusivity of some functionalities of it's app store, to the detriment of Safari users, making them feel an even greater gap between websites and native apps.
Originally, smartphones were to be the new way of browsing the web but it turned out to be a new way for OS manufacturers to profit over third-party software because developers had to handcraft a way of accessing their data over the internet from the device given that web browsers were not up to the task of delivering fast, snappy experiences. Developers had to create native apps for the simplest services even if they didn't need the extra functionality and APIs like notifications, background updates or movement sensors.
Today, mostly because of the increase in mobile processing power, the difference between a website and an app for trivial tasks (notekeeping, calendar, ordering a product, whatevs) is innofensive and overall imperceptible, making websites a reliable way of providing functionality once again.
Browser updates and new APIs will increase the amount of possible trivial services you will be able to access from anything with a browser and up-to-date processing power.
Apps are doing this when you first open them (and constantly afterwards), this has nothing to do with bots and account login.
Apps are calling out to FB regardless of you having a [FB] account.
If you have root, using Xprivacy will annoy you by revealing the amount of data-mining that's happening across all apps.
I've seen this happening all the time using NetGuard (firewall which requires no root, made by the same dev behind Xprivacy). Most of the default apps on Samsung phones are constantly trying to call Facebook servers also.
> Just speculating, but they might just need this information to combat bots actually.
That would be actually quite useful for fighting bots, but I doubt that is the reason.
My guess would be just gathering telemetry to how how API is used, and what type of android devices are there (you know, like to know what you should support and test on).
My guess would be just gathering telemetry to how how API is used, and what type of android devices are there (you know, like to know what you should support and test on).
In the video it is shown that the information sent to Facebook is far more intrusive than that.
This is not unique to Facebook and is true for almost all SDKs, which can track the same events (which this talks mentions), that the app has. Google tracks exactly the same events which FB does as well.
Also, the same thing happens on iOS too - not sure why the talk avoided it. Once the app has the SDK for a third party (regardless of OS), tracking all events within the app is fair game.
What is your motivation posting this? Because it sounds like a great example of "whataboutism". Just because an evil is done a lot, and in different contexts doesn't make it not evil.
Every other comment here boils down to "get an iPhone". If the claim that this is also happening on iOS is true then it's highly relevant to the discussion.
Don't worry, I bash Windows 10 and Office too (yes, including Excel), and I'm someone who actively dislikes them. OTOH, the best thing I could say about Apple these days is that iOS is genuinely better built than it's obvious alternatives (Android and ChromeOS) and that they do a tolerable job of supporting their mobile hardware, but that's kinda damning with faint praise.
My reading of it was that product50 was providing additional relevant information and context, which I personally found interesting and useful. I didn't at all get the impression that product50 was trying to make an argument like "since everyone's doing it, that makes it ok" (or any argument at all, for that matter).
I don't have a FB app on my phone, I have a FB account that has no posts. I look at it occasionally to track my "likes". Last week I was a conference in downtown Boston. I have no connection to the conference, I was there to meet my friend's daughter who lives oversees. While standing in line, people watching, I couldn't help but notice an extravagant fellow, I later discovered he was a an out of town PHD student there for the conference. Imagine my shock when my next web login to FB offered me this very man as a suggested friend!
You probably were in proximity long enough to have triggered something. You never know — your friends daughter may have been in the same line somewhere at the airport or a lounge as well.
I used to get this a lot as I’m 1-2 degrees of separation from some highish profile people. FB seems to adapt and move on to a different strategy over time.
You might have another app using the FB SDK (as described in the app).
Or .. they have a database from mobile IP to rough location - or even, without knowing your exact location, perhaps both of you were using the same convention free WiFi, or the same Verizon proxy (or whatever), which would indicate close proximity even without giving the location directly.
Is there a definitive answer on how these suggestions happen? (Other example: talk about X with someone; start seeing internet ads for X afterwards). Is it coincidence?
For every ad or suggestion that elicits that kind of response, how many are completely unremarkable and immediately forgotten? It’s largely explained by the survivorship bias.
Anyway, There are more paid tracking SDKs in the wild and probably more invasive than Facebook's.
For example, in Poland there is a service called Cluify which supposedly tracks millions of phones to then target ads at them. Although they're Google ads. In fact, they're a "proud partner of Google."
On the website https://cluify.com/ they mention using wifi but in sales pitches they boast inclusion in many popular apps. As their client you can geofence an area and buy ads directed at devices which frequent them.
I purged and fumigated most of these parasites from my phone. Going even as far as replacing the OS because LG thought the Facebook app should be an integral part of their distribution and not removable. Hopefully they at least charged Facebook dearly for it.
You can use adb commands to "disable" system apps FWIW, all you need is the "developer options" menu, to temporarily enable adb access from USB. This lets you use all the features of a "locked", stock "ROM" (payment services, DRM apps, better camera), and also works on "locked down" devices where you can't unlock the bootloader and install a different OS. Of course, it's only worthwhile if you trust the "ROM" vendor (LG in your case) and can isolate the problem to some specific app(s).
This type of control is still possible on android devices?!
I had given up on buying new devices because of how restrictive and abusive phone manufacturers have become towards their customers. If adb can really do what you say it can, maybe I can finally upgrade my phone after all these years. Can you recommend an online article that goes over using `adb` like this? (especially for disabling locked apps)
See e.g. https://github.com/jaredsburrows/android-bloatware/blob/mast... the "non-root" section. Some tutorials suggest slightly different commands, viz. `pm hide` rather than `pm disable`, and that in order to 'uninstall' apps without root the command `pm uninstall -k --user 0 com.bloatware.app` should be used. Either way, do backup your data before doing any of this stuff (if stuff gets screwed up, you might need to perform a factory reset from recovery mode in order to revert to a sensible state), and do not expect this to always work; it might not, depending on the specific "rom" you're running.
I found NoRoot Firewall to be a much more powerful app. It allows you to add global domain filters too. And for some reason the logging of apps which request internet access appears to be much more detailed.
Android also had an issue where an app could deceive a user by requesting the permission to manage WiFi (CHANGE_WIFI_STATE) which is considered non-dangerous ("normal") [1] and is granted automatically without any prompts [2]:
> If your app lists normal permissions in its manifest (that is, permissions that don't pose much risk to the user's privacy or the device's operation), the system automatically grants those permissions to your app.
But the app could use it to determine user's location (by scanning for WiFI access points identifiers) without any notification. So the user wouldn't realise that the app now knows their location.
You can see it in the docs [3]:
> Android 8.0 and Android 8.1:
> A successful call to WifiManager.getScanResults() requires any one of the following permissions:
> CHANGE_WIFI_STATE
So this issue was fixed only on Android 9, and had been working for years. Any application could secretly determine your location. That's the state of privacy protection on Android. It is difficult to believe that Google developers who are very smart people couldn't foresee it for years.
I googled a little and found a confirmation that this method was working: [4]
That's the state of privacy protection on Android. It is difficult to believe that Google developers who are very smart people couldn't foresee it for years.
“It’s difficult to get a man to understand something when his salary depends on him not understanding it”.
Wrangling 3rd party application access to platform providers' suite (ios, android, browser extensions).
Cookies seem to be the majority of the aggregate identity/behavior data, which you can use various rules in the protocol to limit tracking to some extent.
I've found that opting out on a regular basis of the large adverts for a little extra peace of mind.
uBlock/uMatrix Origin, ghostery, duck.com, dns encryption, vpn, ip6.
removing old wireless access points from history/cache and disabling nfc, blutooth advertisement.
removing duplicate/shared passwords from your various authentication providers and using keypass or a secure password scheme that is easy to remember.
Log out manually of various applications such as facebook, google, microsoft, etc.
Contacts list. Clean em' up.
Keep your phone and hands sanitary at all times :)
Or just learn how to craft search queries on DDG (instead of google assuming it for you). Nothing wrong with DDG. Lot of people like it. Why shouldn't anyone suggest it to others?
The only way to surf/search without Google identifying you is to use a cloudbrowser. Because you are using a VM and a disposable browser, any search engine is getting incorrect info about you and your searches. It makes Google a private search engine. www.tracefree.com
DDG is unusable from keyboard alone. Whenever battery in my mouse runs out, I have to switch to something else. It's one of those web apps where designers disabled focus outlines, because they don't find them pretty.
They have their own shortcuts for the basics: j/k or arrows for jumping between entries, (ctrl+)enter to open (in background tab). Doesn't excuse hiding focus outlines though.
I've been using DuckDuckGo exclusively for almost 2 years now. Never had a problem. There were a couple times early on when I was like "these results are bad, lemme check Google", only to find out Google's results were pretty much the same. DDG just buys results from other providers, so their results are pretty much always going to be acceptable.
Edit: Just wanted to say I'm not try to discount your experience, I just don't want to dissuade future people from trying out other search engines, when I think switching search engines is one of the biggest and easiest privacy wins a lot of people can do.
With regards to the the findings, I think that'd be the wrong part of the GDPR. The issue is that applications are immediately sending user data to FB without authorization through the FB SDK - it's possible that many of the application developers don't actually have anymore information on you than indicated in the application and/or agreements.
You'll need to ask about their data processors I think.
I have a more technical question, It was my understanding that Android apps no longer trusted user added certificates by default starting Android 7 (https://android-developers.googleblog.com/2016/07/changes-to...), but on the talk, they were able MITM Android 8.1, are they modifying the apps to trust their CA certs or is there something I am missing?
To block this on android without root, install dns66 from f-droid (an adblocker that emulates a VPN and works with hosts files) and add https://a.uchi.moe/jwmkqn.txt as a host file.
I think when first installing there still is a 'bug' where you have to edit the url of included Peter Lowe's list from http to https before you can update the lists.
I am surprised that on opting out of ad tracking in Android, they found that the opt-out flag was set to true, but the size of the tracking payload shot up i.e. more attributes being tracked. Not sure what to make of it?
Is it possible its a legal thing that once you opt-out of ads, it enables less risk for the company and therefore more tracking, perhaps?
That would need to be reproduced. I suppose the app itself could also have been put in a different state / with different settings between the two events.
The article focuses on FB, but identifies Google as a bigger tracker:
> “Previous research has shown how 42.55 percent of free apps on the Google Play store could share data with Facebook, making Facebook the second most prevalent third-party tracker after Google’s parent company Alphabet."
Is anyone grounded enough in the tech/law here to explain why the app vendor doesn't funnel user data to FB from their backend? Connecting directly to FB seems like an unnecessary giveaway.
Is it just about ease of implementation or are there legal implications? People have quoted the wiretap act to me but the argument doesn't make sense.
I'd like to have an app that creates virtual android environments that I can run my apps in. And the possibility to spoof the sensor data for the environment with configurable profiles. Like "rich geek in Silicon Valley traveling occasionally to Caribbean" or maybe "suburban middleclass housewife in Florida".
If you watch the talk, that's not good enough. Any app you've installed that includes the FB SDK is leaking your data back to FB. And, according to the talk, that's a majority of popular apps.
Tracking may be reduced, but being in F-Droid doesn't really mean anything. Take this on a per-case basis. You would need to check the traffic of each app that you use.
Being on official f-droid categorically means no proprietary sdks. The app could still make calls to random servers, but that would be in the open since the app needs to be open source.
F-droid doesn't have non-free software. F-droid flags some apps with anti-features for various reasons like non-free network services (https://f-droid.org/wiki/page/Category:Apps_with_NonFreeNet_...), which is quite useless honestly since it makes no difference even if a remote service is free since you don't control that end. Perhaps historically f-droid allowed non-free dependencies (https://f-droid.org/wiki/page/AntiFeatures), but I don't think that's a thing any more. I don't see any major apps in that category.
I decided to try to replicate this on my iPhone and looks like Acrobat Reader and the Readdle PDF viewer both use Facebook SDK and send data automatically.
I have heard people use pihole linked with a VPN to act as a way of minimising tracking whilst on 3G/4G. It acts as a DNS server, so you could tweak your VPN config to run all queries through your pihole instance.
The Android platform API should simply never allow apps to obtain global system identifiers (serial numbers, "advertising IDs", MACs, Wifi network info, EMEIs etc) in the first place. Perhaps even going as far as not providing a shared filesystem.
Mobile apps, despite platform API permission, and having some ability to protect their own data, are a lot closer to desktop programs than web apps in many regards.