• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Google Play Store and dodgy Security

the problem with EULAs is that often you've already paid for and opend the software, making a refund not possible as many stores refuse to refund 'opened software' so if you declined the EULA for any reason, you just wasted $49 bucks or so.
 
They are almost as bad as boxed software never adding the system requirements, or making you use IE for every damn thing.

I've found other products that list nothing and don't send the stores any information to answer halfway reasonable questions.
 
Hadron said:
Because it makes sure you've seen the permissions before installing, giving you the option not to install if you think they are unreasonable.

Personally I'd love the option to decline individual permissions. But I can easily see the havoc that would cause, e.g.

"Why does a music player need to read phone state and identity? Decline that"

is followed by

"Damn, this stupid music player keeps playing when a call comes in. Buggy POS - uninstall and leave 1-star review!!"

So I can understand them adopting an "all or nothing" approach.
Click to expand...

I believe I have seen some apps (or seen people suggest that they should) detail why each permission is required - not in huge technical detail, but just enough explanation for the average user to see how the app interacts with that phone feature. Like you said, something along the lines of "Read phone state and identity - so we can pause or lower the volume of your music when you receive calls"

mikedt said:
I see it as a safety feature, not like accepting a EULA at all. If I see some free wallpaper or casual game and it has unreasonable permissions like GPS location, camera, personal contacts, credit card numbers, passwords, send SMS, etc. Well I think, that's not right and won't install it. You can decline it and the rogue app or wallpaper won't be able to do its nasties. And probably even more important if you're installing apps from outside of Google Play, like if they came from 1Mobile or something.

It's a reason why I've turned auto-update off. If an app's permissions have changed, and it's now doing something obnoxious like Airpush or it looks like it's spying, I can see that and refuse the update.

There was post the other week, about getting ads on the phone's home-screen. He originally thought it might have been a virus or malware. It was only some free stocks and shares app that had "create shortcuts" in the permissions. If he'd declined the permissions and not installed it, he wouldn't have had the problem.
Click to expand...

As far as I know, an app can't update itself without your explicit permission (click update, view app details, click okay) if the permissions have been changed? Or am I mistaken on that one?
 
You don't always see the changes. On my Acer A500, (running ICS) it only shows the update is available. You have to go to the actual app to find the changes. Even on the Nexus 4 you have to click on the icon to get to the changes page. Sometimes it does tell you. I think that's on the first appearance of the update.

I used to look at the apps on the computer until I got wise to finding the app's page.

I refuse to update the minute I'm notified. I get tired of the icon in the bar, and clear it. I'll go back later when I have time to check it. So I don't always see the changes and have to go to the apps page to find them.
 
Tattycakes said:
I believe I have seen some apps (or seen people suggest that they should) detail why each permission is required - not in huge technical detail, but just enough explanation for the average user to see how the app interacts with that phone feature. Like you said, something along the lines of "Read phone state and identity - so we can pause or lower the volume of your music when you receive calls"



As far as I know, an app can't update itself without your explicit permission (click update, view app details, click okay) if the permissions have been changed? Or am I mistaken on that one?
Click to expand...

I had some free racing game that came from Play. It auto-updated and I started getting those Chinese yellow star push ads for dating stuff, which are not Airpush, so I removed the game. I turned off auto-update. That was last year.

I got a new phone couple months ago, and auto-update didn't seem to be a problem, until that Google Play "download package is invalid" nonsense started happening a few weeks ago. And so I turned it off again because it was very annoying. And auto-update is still off now, just in case either because of changing permissions and the possibility of push ads or "package is invalid" stuff.
 
It certainly used to be the case that it wouldn't auto update if permissions had changed. Can't say for sure now because I don't do it. But Google used to make changes more visible, i.e. had separate sections for updates and updates with changed permissions, which has now gone, so they've already made it easier to overlook changes. And I've been nagged about whether I'd like to enable automatic updates, which didn't used to happen. So putting these things together, I don't trust them to not allow auto updates with changed permissions at some point. I think it would be bad, but don't want to assume they won't and find out months later that they have.

Hopefully push ads are in their way out (will Google purge the Play Store of apps that don't comply?), but I'm sure some apps which added airpush in updates didn't need to change permissions because they already had what was needed. And I'm sure someone will try to find a new way of making ads more intrusive in future ;)
 
every once in awhile i will see an animated 'Airpush' promotion banner up top on AF. so Airpush must still be going strong.
 
The changes are mostly listed, but they are on the main page of the app. If I click on the app's icon on the Acer, I get the main page for the app. Usually the changes are listed first thing.

Permissions seem to have disappeared entirely since Google "updated" Play.
Some apps do tell you.

This is from Mobile Observatory:
- Additional Moon events like librations, times of de/ascending nodes, maximum declination (select them from the preference menu on the Moon page)
- For Android 4 and higher: Permission to grant access to read/write personal information has been removed. For lower Android version, these permissions are still necessary to add events to the calendar.
- Several bug-fixes


Sites that have a good reputation - the Dev for Skysafari is a member of Cloudy Nights astronomy site and will help there- seem to list changes to permissions and tell you WHY.
 
Google Play is far more secure. i tested it last night. i bought two apps and updated five on my iPhone and it never once asked me for my Apple ID password (which is odd as it often does it at least once) but Play Store asked me each time (except for updates). Play even asked me for my password when i did some in-app purchases as well. the only thing i can fault Google for is adding the option to disable the password prompt. that is one level of customization that can be downright dangerous if you have kids who know how to use it.
 
nickdalzell said:
Google Play is far more secure. i tested it last night. i bought two apps and updated five on my iPhone and it never once asked me for my Apple ID password (which is odd as it often does it at least once) but Play Store asked me each time (except for updates). Play even asked me for my password when i did some in-app purchases as well. the only thing i can fault Google for is adding the option to disable the password prompt. that is one level of customization that can be downright dangerous if you have kids who know how to use it.
Click to expand...

This is remedied by Android 4.3 creating restrictive profiles that don't permit downloads of payed content.
 
You must log in or register to reply here.
Back
Top Bottom