• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Google Play Store and dodgy Security

B

beergal

Lurker
Is anyone else peeved at the lack of security when it comes to the Play store and purchases ?

My daughter is the one with the tablet, so I am the one doing the downloading. But because of Google's dodgy security, I have to delete my credit card details on the desktop computer straight after downloading apps otherwise my daughter will be able to go in and download goodness knows what.

I found a link that stated, once you authorise one purchase, you are then able to download as much paid content as you want for 30 minutes without having to enter your password again.

I much prefer how apple do it. Where you can set it so that the password is required with every single purchase.
 
i never had security issues but i wish they'd ditch the redundant 'accept permissions' crap. i mean, if i have to accept to install, what's the point? it's about like accepting a EULA. why even give us the option to choose 'disagree' or 'decline' if the only option that allows the app to even be used is 'agree'? why ask the question when you already know the answer?!
 
Actually when i had my iPhone 4 earlier this year, if you leave the App Store open after you enter your password for your current Apple ID, it never asks you if you look at other apps unless you back out to home and then back to the App Store. i only needed to enter my Apple ID password once when i downloaded or updated the first app, but could freely purchase any without having to enter it if i kept browsing the store. Google Play works the exact same way.
 
Welcome to Android Forums, beergal!:)

I can see how that would be a problem for some folks with kids (of all ages).

I believe that once you go into Google Playstore, if you bring up settings, there is an option to use a password to restrict purchases. I am not sure if you need to log out each time you leave Playstore or not, but if you need to use a password to restrict purchases, I would think not.
 
everytime i leave Play Store and come back, even if i previously entered my password, it asks again. Apple's iTunes Store does the very same thing. the password is only remembered for the session you're in and while it's in the foreground.
 
Yes, if you're worried about more stuff being bought before the timeout then surely it's easier to close the browser, or sign out of the Play Store on the computer, than to remove credit card details.

I've never looked deeply into iTunes settings, but I know that on an iPhone if I enter my password to authorise a purchase or download then I don't need to enter it again for subsequent purchases for 15 minutes or so (not sure of the exact time). So doesn't seem very different. Whereas on the rare occasions I've bought 2 paid apps close together on my phone I'm pretty sure it's asked for the password for each (of course it also has a "never ask again" button sitting above the password entry field - google do seem keen for you to remove protections!).
 
nickdalzell said:
i never had security issues but i wish they'd ditch the redundant 'accept permissions' crap. i mean, if i have to accept to install, what's the point? it's about like accepting a EULA. why even give us the option to choose 'disagree' or 'decline' if the only option that allows the app to even be used is 'agree'? why ask the question when you already know the answer?!
Click to expand...
Because it makes sure you've seen the permissions before installing, giving you the option not to install if you think they are unreasonable.

Personally I'd love the option to decline individual permissions. But I can easily see the havoc that would cause, e.g.

"Why does a music player need to read phone state and identity? Decline that"

is followed by

"Damn, this stupid music player keeps playing when a call comes in. Buggy POS - uninstall and leave 1-star review!!"

So I can understand them adopting an "all or nothing" approach.
 
I don't like having the Play store open at all times. I wish you did have to enter a password each time as on the computer. I usually buy from the computer, but I should need a password to get updates if I happen to want them.

As for permissions - if I don't like, I don't download. Some do explain why certain permissions are needed.
 
nickdalzell said:
i never had security issues but i wish they'd ditch the redundant 'accept permissions' crap. i mean, if i have to accept to install, what's the point? it's about like accepting a EULA. why even give us the option to choose 'disagree' or 'decline' if the only option that allows the app to even be used is 'agree'? why ask the question when you already know the answer?!
Click to expand...

I see it as a safety feature, not like accepting a EULA at all. If I see some free wallpaper or casual game and it has unreasonable permissions like GPS location, camera, personal contacts, credit card numbers, passwords, send SMS, etc. Well I think, that's not right and won't install it. You can decline it and the rogue app or wallpaper won't be able to do its nasties. And probably even more important if you're installing apps from outside of Google Play, like if they came from 1Mobile or something.

It's a reason why I've turned auto-update off. If an app's permissions have changed, and it's now doing something obnoxious like Airpush or it looks like it's spying, I can see that and refuse the update.

There was post the other week, about getting ads on the phone's home-screen. He originally thought it might have been a virus or malware. It was only some free stocks and shares app that had "create shortcuts" in the permissions. If he'd declined the permissions and not installed it, he wouldn't have had the problem.
 
i see accept permissions as an extra step. since it is required to accept in order to install, it is exactly the same as being required to accept a EULA to install an app. why even give the option? if i want to install it, it seems redundant to force it. TBH i feel that one should be able to install an app even if they decline the EULA as well. i mean, they give the option, right? it is just pointless to give two options and even ask if there is only one right answer. Perhaps if they decline a second window could display asking them why, that way the dev gets feedback and hopefully improves their app or software. it shouldn't automatically cancel out installing.

that is one thing i like about Amazon and 1Mobile. click and DONE! if i mess up, it's my own fault. no one should have any business trying to protect me from myself.
 
I got in a pi**ing contest with Barnes & Noble. I signed up for the forum even thought I wasn't too fond of the EULA. Got my question answered, then I asked about the 2 associates whose email and promotions you were not able to block. Most on the forum were fanboys and didn't care, but a goodly number hadn't read the EULA and were surprised and wanted to dump the associates. Deleted the account, unregistered the Nook, buggered my email addy and said to hell with the whole thing,
Spammers!

I've declined some free apps on Play as I didn't like the TOS.
 
i try to buy apps on Play (the myth about android users not paying for apps like Apple is just that) as most of the free ones, i agree, are dodgy. they don't always make it clear what type of 'in-app ads' they include. only a skim of user reviews will reveal it. i prefer paying as i get a far more polished result. it's just a safety net i got for myself.

FYI, Amazon Apps does remember your password for the duration it's in the foreground a well, so it's no different than Play or Apple's App Store. i still like one-click installs.

The whole accept permissions thing should just be moot as if Play used the Android package manager it would tell you permissions anyway before letting you install. so with Play it's an extra step and everyone knows their built-in installer crashes or gives errors 9 times out of ten.
 
nickdalzell said:
The whole accept permissions thing should just be moot
Click to expand...

The whole accept permissions thing is an important part of allowing users to keep their devices secure..

if Play used the Android package manager it would tell you permissions anyway before letting you install.
Click to expand...

It doesn't, therefore this 'extra step' is pretty important.

everyone knows their built-in installer crashes or gives errors 9 times out of ten.
Click to expand...

The Play Store? I can't remember the last time I saw a crash or error. I don't doubt your experience, but please don't extrapolate that to include everyone.
 
Slug said:
The whole accept permissions thing is an important part of allowing users to keep their devices secure..
Click to expand...

So is UAC in Windows. but eventually people just dismiss it by hitting 'confirm' because they intend to install it and don't even read them over time. This does away with any form of security intended.

It doesn't, therefore this 'extra step' is pretty important.
Click to expand...
It should, making it an unnecessary step since it's already part of Android anyway

The Play Store? I can't remember the last time I saw a crash or error. I don't doubt your experience, but please don't extrapolate that to include everyone.
Click to expand...

You must have been absent during the whole 'Package File Invalid' mess, or never encountered the myriad of 'Could not be installed/downloaded due to an error [xxxx]' Play does it all the time. if they used the Android package manager, that has existed since its inception, a lot of those problems might cease. there are at least three users in this thread who can confirm that.
 
nickdalzell said:
eventually people just dismiss it by hitting 'confirm' because they intend to install it and don't even read them over time. This does away with any form of security intended.
Click to expand...

So user complacency/stupidity should be allowed to affect those who actually take care and pay attention to what they install? Perhaps it could be improved, but right now it's all we, and the OP who started the topic, have got.

You must have been absent during the whole 'Package File Invalid' mess, or never encountered the myriad of 'Could not be installed/downloaded due to an error [xxxx]' Play does it all the time.
Click to expand...
You are correct with your second assumption; four handsets, running four different versions of Android from 2.3.7 to 4.2.2, none of which have experienced this issue. As I clearly stated, I don't doubt your experiences, but do challenge your assertion of how how common the issue is.
 
nickdalzell said:
i see accept permissions as an extra step. since it is required to accept in order to install, it is exactly the same as being required to accept a EULA to install an app.
Click to expand...

Forcing users to accept the EULA is to protect the publisher. Forcing users to read the permissions is for the protection of the users...though it does also prevent users from having legitimate complaints about permissions too.

It's more like a dialog saying "Are you sure you want to exit? Exiting will close the program so it's no longer running." There's a message like that when you try to close a MS Remote Desktop Connection window. If I actually read the message I feel like it's being condescending, treating me like a child...but the dialog isn't really there to tell me that message, it's just there to confirm that my click on the 'X' wasn't accidental and I wasn't really trying to click something else. Since they had a dialog to display anyway, they figured they might as well drop a little message in there for first-time users.

no one should have any business trying to protect me from myself.
Click to expand...

That sounds like an ideal world, my friend. We shall never have it.
 
if the EULA is there to protect the publisher, why does it bother asking the question? why is there even a 'decline' button if the 'allow' button is the only one that really works? why not just present the thing with one singular 'OK' button and be done with it? asking the user to choose between decline and accept is a rhetorical question if only one option allows the install.

it's a lot like asking someone 'what's the sound of one handed clapping' or 'what came first, the chicken or the egg'.
 
Because it's only useful to the publisher if they can claim you agreed, which means you need the option to decline (and hence not install).

The only good thing about EULAs is that if you challenge them they are often so absurd that there's a good chance that a court will accept that the terms are unreasonable and indeed that they are designed to discourage you from reading them and rule them invalid. It's happened, and others have settled rather than have that happen.
 
Hadron said:
Because it's only useful to the publisher if they can claim you agreed, which means you need the option to decline (and hence not install).

The only good thing about EULAs is that if you challenge them they are often so absurd that there's a good chance that a court will accept that the terms are unreasonable and indeed that they are designed to discourage you from reading them and rule them invalid. It's happened, and others have settled rather than have that happen.
Click to expand...


I take it that includes agreeing not to use Apple iTunes to make an atomic bomb....paragraph 'g' of the iTunes EULA.
 
divinebovine said:
I had to look it up...I totally forgot that an Apple EULA was involved.
https://en.wikipedia.org/wiki/HumancentiPad
Click to expand...

I'd not actually seen that episode, just watched it this morning. I was just cracking up and my sides are still hurting. :D ...one of the funniest things I seen for a while. Apple can't make it read...ROFL. I know what I'm probably going to do for rest of day now, catch up on missed South Park episodes.
 
You must log in or register to reply here.
Back
Top Bottom