A Pain in the Whatchamacallit
By Tiny Ruisch
I’ve had my Archos Android tablet for six months now and I’ve formed an opinion of android applications. There are a lot of them. I’ve got three different app stores on my device, so I can usually find a usable program for whatever I want to do. The only thing that is easier is finding applications for things that I don’t want to do.
The Google Marketplace is the iTunes store of the android world. The selection of programs grows larger every day. I can’t really say much about iTunes because Apple is one of the companies whose software I avoid installing on my machines. Probably the biggest difference between the two is the fact that Apple has real live people preview all software before it goes on the market. In theory, this will stop any malicious applications from ever being downloaded. The only problematic iTunes programs I’ve read about involve misusing their customers private data.
The Apps Library is the Archos Android store. It doesn’t have as many programs as the Marketplace, but they almost always work on my device. I’ve noticed that many of the tablet manufacturers have their own application libraries (stores). I imagine that is so they can get a cut of the sales.
The Amazon Android Store has been in operation for about a month now. Every day, they feature a free app of the day. Some of them have been useful to me. Most of the daily offerings have been games. Amazon says that all applications are previewed by employees.
Many applications can be downloaded directly from the developers website. If you download directly, I recommend that you do some research and make certain that it is a safe application.
My biggest concern with downloading Android applications is that it is extremely easy to install programs that might not be in your best interests. For example, at the June meeting when we had our first door prize drawing, I downloaded and installed a random generator app. Later on, when I more closely checked it out, I found that I had given the app permission to modify storage, check GPS location, monitor phone calls and full internet access. Does this simple program really need those functions? Maybe so, but not from me. I’ve deleted the program.
If you use Android software, I recommend that you closely check the permissions that programs request before you install them. This is especially true for new software on the market. Some of the permissions that could cost you money are:
a) Make Phone Calls. This could allow an application to call a 1-900 number and charge you money.
b) Send SMS or MMS. This could let an application send a text message on your behalf, and much like the phone call feature above, it could cost you money.
Other permissions could allow a rogue program to steal your personal data or make changes on your device that you don’t want to happen. Examples are:
a) Modify/Delete SD Card Contents will allow the application to read, write, and delete anything stored on your device’s SD card.
b) Read Contact Data is extra scary for me. Unless an app explicitly states a specific feature that it would use your contact list for, there isn’t much of a reason tor you to allow it.
c) Full Internet Access could be the most important permission you will want to pay attention to. For any malware to truly be effective it needs a means by which to transfer data off of your machine. This is one of the settings it would definitely have to ask for.
Some other Android permissions that are mostly benign are:
a) Read Calendar Data.
b) Write Calendar Data.
c) Read Phone State and Identity gives an application access to three unique numbers that can identify your phone. The numbers are the International Mobile Equipment Identity, International Mobile Subscriber Identity and a 64 bit unique ID that Google provides for the phone.
d) Fine (GPS) Location will allow an application to track where you are.
e) Modify Global System Settings allows a program to change anything you find under Android’s main ‘settings’ window.
f) Automatically Start At Boot will allow an application to tell Android to run the application every time you start your phone. g) Retrieve Running Applications will allow an application to find out what other applications are running on your system. Am I paranoid about the Android application security? I don’t think so, but I’m definitely concerned enough to write an article about it for the Club Newsletter. Like many other things on the internet, free isn’t free. We pay for programs and services by giving the developers access to our personal data. This information can be used for useful things like showing ads that you could use. It could also be used for lousy things like mining every e-mail, phone number, address, etc. in your contact list.
Right now, my only Android device is my tablet. It doesn’t have a phone or GPS. This eliminates a lot of my concerns. Will my next phone be Android? I don’t know. If Microsoft doesn’t get their mobile stuff together, I might have to make a change.
Thanks for reading.