Startseite > Uncategorized > Privacy on Android and ICS

Privacy on Android and ICS

I’m a big fan of keeping private data private. This entails not having my cell phone send out information about my location, email address, contacts or usage patterns to third parties.

These days, privacy is not highly valued by Google and app developers. Thus, I choose not to run Google Play on my phone. In addition, I try to use FLOSS apps from the F-Droid repository at www.f-droid.org as much as possible, but I have the occasional closed source app on my phone. By the way, if you’re looking for a nice third-party market, go look at www.androidpit.de.

Some of these closed source apps still want to send my IMEI or whatever to their developers. Some might even include ads – nothing wrong with showing me some advertisements, but you don’t need my location for that. How do I deal with these apps?

I have a multi-tier approach to deal with privacy-violating closed source apps.

For one, I use the adaway app to block most ad-serving hosts via the /etc/hosts file. This has the nice side effect of effectively disabling ads in the browser.
Additionally, I use DroidWall to block net access for apps which don’t need it. I have bought (with money, you know) a camera app and I don’t see why it should phone home, so it goes on the blacklist.

CyanogenMod 7.1 provides a nice feature for the privacy-loving hippie: permission management. Once enabled, you can simple revoke permissions such as „Internet Access“ or „Read phone state“ and the app will receice an exception indicating permission denied if it tries to phone home or read my IMEI. Unfortunately, these exceptions can break apps, so this is not the best way to go about this. Additionally, not all information leaks require permissions to be acquired, such as http://developer.android.com/reference/android/provider/Settings.Secure.html#ANDROID_ID.

A better approach would be provide bogus or random data via the API calls. I had this idea some weeks ago, but I was too lazy to download the CyanogenMod source and implement it myself. But of course, someone at XDA has beat me to it and there’s an app called PDroid: http://forum.xda-developers.com/showthread.php?t=1554960. As a downside, this requires a patched ROM and
the management app is not open source, but it should do the job very nicely.

The conspiracy theorists out there will find this thread interesting:
„Originally, the functionality for CM mirrored that of PDroid, including ’spoofing‘ the data calls. It was decided that our footprint in the Android ecosystem was too large to ship such functionality out of the box“

Now I only need to find time to clone the AOKP repositories, apply the patch, make the whole thing build, reflash my device.. I’d love to have some 30h days. I could train twice as much and still get fun work done!

 
As a closing note: if you’re concerned about privacy on Android, also check out the encryption features both found in stock ICS and in patches provided by third parties, such as the EFF. In the end, there is no absolute security and privacy as we will never get the source code for the radio software and other proprietary bits – but keeping stuff like CarrierIQ out of userspace is good enough sometimes.
 
Advertisements
Kategorien:Uncategorized
  1. Es gibt noch keine Kommentare.
  1. No trackbacks yet.

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s

%d Bloggern gefällt das: