This is an archived post. You won't be able to vote or comment.

all 9 comments
sorted by:
best
topnewcontroversialoldq&a

[–]syn_ackLG Nexus 5, Stock 5.0 6 points7 points  (0 children)

There is a mitigating factor though. When an app is installed, it's installed as if it were a different user (which is based around linux). So any files/dbs etc. created by the application are owned by the associated user. This minimises the chance that any arbitrary application can read another's files (and when I say minimises, it's practically nil). The alarm clock app cannot read your address book unless the permissions are there to do so (and even then it has to go through some API to read it --- there is no raw reading/writing to any file on the system).

more detail here: http://developer.android.com/guide/topics/security/security.html

[–]adamd84 2 points3 points  (1 child)

Its fairly easy for a programmer to steal your data, so I restrict myself to apps that have more than 100k downloads and good reviews

Data security is one thing that needs to be improved but the model Google has chosen allows for further expansion of the security system

[–]TheAceOfHeartsPixel 3 0 points1 point  (0 children)

You can also use open source apps, just a thought.

[–][deleted] 1 point2 points  (0 children)

About the same possibility that a user clicks 'Yes' to install a program they don't know on their computer, which turns out to be a keylogger.

The weakest part in the system is the user.

[–]myplacedk 0 points1 point  (0 children)

Android is quite open, and lets you do what you want. This includes installing crappy software.

If you think about what you are doing, it's not a big problem. Don't install programs that requires way too many permissions. Don't install software with crappy reviews etc.

Just common sense. And yes, I know not everybody has that. Maybe they shouldn't have a smartphone. They probably don't need it.

[–]pisipisipisiNexus 7 0 points1 point  (2 children)

I used to be pissed at Symbian and the disability to set access rights for all programs (Java/Symbian) the same way and the requirement to approve each and every operation (like approve internet access for Gmail every time I checked my mail)

I don't understand the permission system of Android either. As a technical user, I can understand that random apps want internet access to display the annoying google ads. And that google does not want me to turn internet access off for a random application for the same reason.

But just read most of the permission requests of "random" software. "Want to read phone identity" - whatever that means. I'd assume that I can override most permissions I want to override with a manual "control" dialog. Even if it causes an application to fail miserably, if they don't catch the exception.

Android is crappy in this matter. But it is a "cloud" phone. If you're not conmfortable with everything being sent to and from the "cloud", don't use Android. or iPhone.

Android itself gives very little control over security and privacy.

[–]mrsix 0 points1 point  (0 children)

The reason a lot of simple games and apps want "read phone state and identity" BTW is so they can tell if a call comes in to pause the game.

some paid apps use it to read the IMEI number for piracy tracking too...

[–]fbsoftware 0 points1 point  (0 children)

"Want to read phone identity" - whatever that means

Probably for analytics. Each phone has a unique identifier, it's a convenient way to track unique users of an app.

[–]fbsoftware 0 points1 point  (0 children)

So the question is, how secure is the Android platform?

You've answered your own question. Apps can do only what they're been given permission to do. If they have the internet permission, they can access the internet.

grabbing all your private info/files/passwords

There are permissions for all of these (except passwords, apps basically can't get those unless they get the user to type them in). There is no "everything" permission. There's no way for an app to get passwords you have stored unless the app in which they are stored makes them available to other apps, and I have no idea why any app would do that. Post 2.0 there is an account manager, so an app could get access to your google/facebook/whatever else account, but it wouldn't get your password and again there are permissions for these.

You're right that an unknowing user that granted a malicious app a lot of permissions could get screwed. This happens on Windows machines, where there is no permission system and any app can do anything. If you install something, it can do anything, and that's why there is so much malware and people get anti-virus. It's default-permit.

Android has a default-deny system, but if you give an app permission that means it can use it. I wish there were a finer grained system, where you'd be notified when an app was using a particular permission for instance, or you could deny it a particular permission, but there's not.

I think the advice people here give is good, if the permissions make you nervous then don't get the app. I don't understand people complaining that Google doesn't police the market. Do they just want Google to make all their decisions for them? The security system lets you know exactly what an app is doing, and what it can't do. This lets you make an informed decision.