06-10-2012, 06:08 AM | #46 | |
Guru
Posts: 777
Karma: 6356004
Join Date: Jan 2012
Device: Kobo Touch
|
Quote:
|
|
06-10-2012, 06:17 AM | #47 |
Wizard
Posts: 1,227
Karma: 7838248
Join Date: Dec 2009
Device: Ipad Pro/Kindle Oasis 3/iPhone 13 Pro Max
|
Its the same with cookies in your computer browser. I see ads sometimes for the exact product whose website I visited. Not a big deal to me.
What I found more alarming was facebook. I connected with an old friend from high school. We exchanged several messages via facebook. She told me about a bavarian vacation her family had taken and behold, I start getting ads in facebook for a bavarian vacation. I don't care if they use cookies and browsing history to target ads to me, but when the content of private messages is used to target ads, I get a little angry. I've since quite visiting facebook at all. |
Advert | |
|
06-10-2012, 06:57 AM | #48 |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
This particular issue may not be of concern to people handling classified information if the policy in use prohibits mobiles/own devices. However, that doesn't make the concerns any less valid for regular business, government and individuals when the issue is apps/privacy leaks in general and not just this one specific instance.
There's a lot of highly valuable information that can cause a lot of damage on an individual or even national level that isn't classified and would be found used on mobiles. The data may be confidential enough that devices are required to be encrypted to safeguard against loss/theft, but when the apps running on the device itself are pinching the data, it's a problem. You could argue that people shouldn't download/install apps they don't trust, but that's not really feasible for anyone that wants to actually use their phone. Especially when you consider the "trusted" companies can just as likely be the ones responsible due to the money gains targetted ads bring. There's nothing to say pre-installed apps arn't also up to no good (in terms of privacy leaking, rather than maliciousness) Re android and the permissions. I agree most don't care/take notice of the warnings, but that's their choice. If I downloaded an app that was only supposed to be used to read content on my device and it wants location/phone/internet access, I'd question why, google it and see if anyone knows what it wants to do. Whether that would turn up useful information is a different matter That wouldn't have helped in the case of the linked in app though, as you know it needs net access and will check contacts etc in many cases, desired behaviour, but there's no way to know that the data they're sending encompasses more than you're willing to give. Not sure how that problem can be tackled, there's not really anything that can be done on an OS level, which leaves it up to the platform holders to require a public disclosure of what info is accessed/used/transmitted and a promise to ban any developers who go beyond that that. A burden I'm sure apple don't want and there's going to be the fine line between honest mistakes where apps pull more than needed and claiming it's a mistake when it was really intended. If I know exactly what data is accessed/transmitte, it's then up to me to decide whether I care enough to look it up and decide to use that app based on that. Majority of people probably won't care, that's fine. Busiesses though could vet (legit) apps that are deemed to access too much information or details they don't want to share. It won't stop malicious apps that lie deliberatly then try to steal info, but that's not the goal, it's to stop legit apps accessing data that they deem is fine where as the users sometimes deem that as not acceptable. For example, this whole linked in mess, wouldn't have occurred had linkedin declared up front what data their apps transmit back to their servers and the reasons. People could decide to trust linkedin to delete the data as they claim to do, or decide not to use the app. They could make an _informed_ decision. Last edited by JoeD; 06-10-2012 at 07:17 AM. |
06-10-2012, 01:54 PM | #49 |
Wizard
Posts: 2,230
Karma: 7145404
Join Date: Nov 2007
Location: Southern California
Device: Kindle Voyage & iPhone 7+
|
Why you think there is nothing that can be done on an OS level?
Make the device default to anonymized browing and all-hidden device ID's. That is within the power of a non-jailbroken OS. If you want them to go the extra mile they can provide VPN service by default. Siri has to be more of a big deal (expense) to provide than a simple anonymizing VPN. Let us opt-in if we want the benefit of cookies, targeted ads, speedier VPN bypass or whatever. |
06-10-2012, 02:08 PM | #50 | |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Quote:
Sure, really really fine grained permissions could be added, but it would never cover all cases. The only feasible solution imo is that if an app needs access to any of your data, that access is made clear by the app maker along with what data and how it's used. I'm not saying it's technically impossible. I just don't think it's feasible for the OS to handle it to the extent that would be needed. High level protection can and in some cases already is provided for things like contact access, location services but the problem is when apps have a legitimate need for limited access and then go beyond what the user expected or store/use the information for reasons the user wasn't made aware of. |
|
Advert | |
|
06-12-2012, 12:48 PM | #51 |
Interested Bystander
Posts: 3,725
Karma: 19728152
Join Date: Jun 2008
Device: Note 4, Kobo One
|
Looks like Apple is adding more fine-grained access control by application to things like contacts, similar to how access to location services is already controlled:
http://appadvice.com/appnn/2012/06/a...s-app-in-ios-6 |
06-12-2012, 01:39 PM | #52 | |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Quote:
I doubt it would have helped avoid the linkedin issue though, since people would have granted contact access thinking it's only sending name/email for matching purposes whilst it was transfering everything behind the scenes. I do wonder why they didn't pre-process the contact info on the iphone and only send hashes of names/emails back to their servers. That way any email address/contact who is not a member of linked-in would not have their details exposed to linked in, yet those hashes could be compared against their current member list to find matches. Not that it's perfect nor secure by any means. If they wanted to do it properly though they'd implement some form of secure computation such as garbled circuits. Considering they didn't hash/salt their password db though, security wasn't their highest priority :P Last edited by JoeD; 06-12-2012 at 01:42 PM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Trying to get to Content Server on OS X 10.7.2 using iPad 2 iOS 5.0.1 | cdg | Apple Devices | 0 | 11-15-2011 03:25 PM |
Original iPad with iOS 4.3? | sachinwalia | Apple Devices | 59 | 06-18-2011 09:16 AM |
iOS 4.0.2 (iPhone) 3.22(iPad) updates now available | kjk | Apple Devices | 5 | 08-12-2010 10:21 PM |
iPhone iPhone 3GS upgrade to ios 4 -> No 3G Data | nikkie | Apple Devices | 11 | 06-26-2010 02:29 PM |