Privacy issue re permission to modify SD card

[madmonk]

Just read that one needs to be very careful in downloading apps that require permission to modify SD cards.

I can see how lots of apps would need this facility, however my concern is that the same article stated that once granted, the developer would then have permission to view the content of the SD. And change it. Literal remote access.

Given that the SD contains notes for work, financial information (eg on a budget app) personal diaries, photos, videos etc etc, can my cause for concern be understood? The apps can also read the users phone number.

Have I read this right?

 

[wayrad]

I tend to figure that reputable developers have better things to do than snoop my SD card, but just on general principles, anything highly confidential goes into an encrypted database. I use B-Folders, but there are other good ones.

P.S. If I understand the matter correctly, an app need not be written to do everything that might be allowed under a permission. Furthermore, unless there's a way to get the information out (internet access permission), there isn't much risk. The best precaution is to install apps only from trusted sources, and use an encrypted database as described above.

 

[madmonk]

Thanks, can you recommend an app, or means, for encrypting files on the SD ?

 

[wayrad]

Thanks, can you recommend an app, or means, for encrypting files on the SD ?

I'm not sure there's any third party app that will encrypt/decrypt the proprietary databases of other third party apps, on account of the way Android runs each app in its own sandbox. At the very least, an encrypted file would become unreadable to the app that created it until it was decrypted, which seems like a recipe for problems. I'm not a developer, though, so this is off the top of my head.

That said, I have seen apps mentioned that would provide secure storage for images. And a fairly good variety of contact info, notes, login credentials, etc. can be stored in B-Folders and similar apps (SplashID is the only other name that pops into my head at the moment, but I know there are more). Your best bet would probably be to check the Market and try a few out.