12-10-2012 01:50 PM
59 123
tools
  1. manicottiK's Avatar
    So, if you see an app that lists ALL of those capabilities (though it will be worded in a more user-friendly way), odds are it was lazy, forgetful, or uninformed programming, and not that it's actually using all of them.
    I thought that MS was now analyzing our xaps and rewriting the manifest permissions list based on which calls the app makes. Is this something that I dreamed up?
    12-07-2012 03:22 PM
  2. eldnar's Avatar
    Hmmm, it seems many of the answers boil down to some form of, "Well, I personally don't care about my privacy, you shouldn't care about yours." That's fine, I'm not sure why you're even responding to the thread. It's a fact that the majority of users do care about their privacy. More Than Half of Mobile Users Avoid Certain Apps Due to Privacy Concerns - Pew Research Center

    Just because an app needs different reqs on different OSes, doesnt mean its malicious.
    I agree. It doesn't mean it's malicious. It also doesn't mean it's not maliciious. Why not simply prevent abuse...by restricting access in the first place? What about the fact that most things that are malicious...started of as something that wasn't malicious? Why are you against nipping potential abuse it in the bud? Netflix does not need the ability to see my .mp3 collection, in order to stream videos. NewEgg does not need to see my .mp3's or photos to sell me a laptop.

    No, I just dont care if they have access to my music and videos. I dont get what POSSIBLE harm could that do me. So I dont care.
    Fair enough. This was mainly for people who are concerned about privacy. If you're not concerned about your privacy, you're welcome to ignore the thread.

    If you think there are people looking at your personal content, you're wrong.
    How do you know this? Do you have data to support it or is it your opinion? I have data to support that it does happen: GCreep: Google Engineer Stalked Teens, Spied on Chats (Updated) All it takes is a bad employee(s) at a good company.

    Your information is out there. If somebody wanted to, they could find it and use it without your permission.
    I'm not worried about my general information, it's obviously out there, but my private phone videos, business documents and meeting notes aren't out there.

    But nobody cares about your family pictures.
    If they don't care about it, then why do they need to access it?

    You're not that important.
    Then why do companies pay incredible amounts to obtain our data? Companies don't spend millions on something that's not important.

    If some software somewhere analyses my content they won't find anything of interest.
    Good for you. Some of us have business data, downloaded word documents and attachments, recorded business meetings, private business documents, etc. The flashlight developer doesn't need to access those things. If you only have pictures of your grandma's birtday party I understand your lack of concern. You're welcome to move on to a thread that is a bit more relevant to you.

    It's for advertising purposes. Advertising is a way of life. You can't get away from it. If some program wants to check my info and send advertising that actually pertains to my life, so be it. I would rather have customized advertising than just random crap sent to me that I could care less about.
    The flashlight developer doesn't need advertising data for an application that is not ad supported.

    A lot of apps require access to the media hubs to save images or interact with them at all. As the ability to save images (like wallpapers) is pretty common in WP since it encourages media-richness, this will be common. Pretty sure apps also need those permissions to integrate into those hubs, so, from the Music & Videos hub you can open the app since that movie you were watching got you thinking, that sort of thing.

    The Flashlight one is more interesting. There's no actual API to allow direct access to the flash, except through the camera. So, for the flashlight to work, it basically tells the phone it's a camera, turns the flash on, then doesn't actually capture any video stream. I remember reading about the dev end of things back when that came out. A weird but clever workaround, is what that is.
    Well, Flashlight XT requires video and still capture. It's simple, to the point, makes sense, and works as advertised. Why do the others need to access every bit of data on the phone to turn on the light? Examples:

    Flashlight X - Phone identity, owner identity, video and still capture, media playback, mircophone, data services, movement and directional sensor.
    Flashlight <insert model> - All of the above plus .mp3 collection, photos and videos,

    As a developer, I think I can speak directly to this issue. Depending on which services are being requested, it can be many things. Sometimes locations are requested because of the advertisements - to give the advertisers locations will give more directed ads, and the developers will be paid a higher rate (measured in "cents per thousand impressions"). Sometimes the media is needed for sounds in a game, the camera is needed for bar code reading, or if the app is one where you can take a picture, or even to modify a photo (Pictures Lab, etc.). Sometimes the phone identity is used in order to track statistics (I have done this, just to get how many unique users of my apps) - without phone identity, you don't know if a repeat instance of your app is the same user using the app again, or a different user. Sometimes User identity (or is it Owner Identity? - I don't remember exactly) is used for reasons of tracking purchases - say for instance you have subscription content or something, maybe you had in-app purchase, or maybe you're participating in something where your identity does matter. These are all valid reasons to use these services.
    I'm not saying there aren't legitimate uses for accessing certain data. I'm fine with that. My concern is why NewEgg needs to access my .mp3 collection to sell me a motherboard? Can you explain why Flixster needs to access my pictures to tell me what time the next movie starts? I was reading that games that have media files can be played from the applications directory without accessing the user's directory. Is that true?

    I just wonder if eldnar would read these articles... headlines like "close to 10% of android apps a festering pit of malware, trojans, and premium sms senders, getting worse", or "Android Trojan Records Phone Calls", and the like, if he feels any differently now?
    Thanks for these, while I had read some before, they actually provide the exact reason we should be concerned with application over reach. WP8 has been out roughly a month, it has not been put through the years of trials and attacks that Android and IOS have experienced. Do you think that handing applications access to data they don't need increases the chance for abuse or decreases it? Those other platforms are tightening security...WP8 seems to be leaving it wide open. It sounds like your philosophy is, "I haven't seen abuse yet, so it can't possibly exist". My philosophy is, "If you leave your car door open with the keys inside in a crowded area with the engine running, someone will eventually take it."

    Now that we've covered valid, let me also say this... When you create a project in Windows Phone, the WMappManifest.xml file, which is where all of the capabilities are enabled/listed, by default, has all of the capabilities enabled. So, if a developer is lazy, forgetful, or doesn't know he needs to remove the unneeded capabilities from this file, then when they submit it to the store, it will list these capabilities, whether they are used or not.
    Does it instill confidence to you that a lazy, forgetful, or uniformed developer has access to your data and media? Do you think this lazy, forgetful, or uniformed guy put proper security measures in place?

    Since I know this happens, when I look at a game or app that I know can't possibly need these capabilities, I figure that this must be the case - lazy, or forgetful, or uninformed programming. So I end up allowing the app.
    Isn't that backwards? Shouldn't you trust the lazy, forgetful, or uniformed guy...less?

    But the problem with that, is that just when we get into that habit, that's when it will bite us. That's when the note-taking app that doesn't do anything in the background will be the one that ends up running in the background, tracking our location, and sending it home to the server every step we take.
    This is part of my concern. It sounds like you largely agree with me, but we differ on the potential scope for abuse.

    As another developer, let me share with you what we did with our app to inspire user understanding and confidence in the list of seemingly broad permissions that our app uses. As background, our app access lots of personal data for students, faculty, and staff from almost a dozen university information systems. We support Android, BlackBerry, iOS, webOS and WP using native design styles and no porting. (The webOS app was pulled after HP killed the platform.)

    To assuage users, we added a privacy page to the app that described, in plain language, the permissions needed for specific functions. This seems to have helped (people stopped asking about our permissions needs). Still, there has to be a trust between the user and the developer for the user to believe that the dev is doing only what's described.
    You are a diamond in the rough, most apps and developers don't do this. I would use your company's products without hesitation.
    jodahav likes this.
    12-07-2012 03:31 PM
  3. hopmedic's Avatar
    I thought that MS was now analyzing our xaps and rewriting the manifest permissions list based on which calls the app makes. Is this something that I dreamed up?
    If they've started this, it's news to me. It's possible, though - I haven't had time to do much since this summer.


    The flashlight developer doesn't need advertising data for an application that is not ad supported.


    Well, Flashlight XT requires video and still capture. It's simple, to the point, makes sense, and works as advertised. Why do the others need to access every bit of data on the phone to turn on the light? Examples:

    Flashlight X - Phone identity, owner identity, video and still capture, media playback, mircophone, data services, movement and directional sensor.
    Flashlight <insert model> - All of the above plus .mp3 collection, photos and videos,


    I'm not saying there aren't legitimate uses for accessing certain data. I'm fine with that. My concern is why NewEgg needs to access my .mp3 collection to sell me a motherboard? Can you explain why Flixster needs to access my pictures to tell me what time the next movie starts? I was reading that games that have media files can be played from the applications directory without accessing the user's directory. Is that true?
    I wasn't answering for your instances directly - I was answering in general.

    Thanks for these, while I had read some before, they actually provide the exact reason we should be concerned with application over reach. WP8 has been out roughly a month, it has not been put through the years of trials and attacks that Android and IOS have experienced. Do you think that handing applications access to data they don't need increases the chance for abuse or decreases it? Those other platforms are tightening security...WP8 seems to be leaving it wide open. It sounds like your philosophy is, "I haven't seen abuse yet, so it can't possibly exist". My philosophy is, "If you leave your car door open with the keys inside in a crowded area with the engine running, someone will eventually take it."
    A couple of the differences between Android and Windows Phone: Our apps get tested. Thiers don't. Our apps operate in a sandbox in the phone, within a very strict set of APIs that they are allowed to use. Android's can do just about anything the developer wants to do. As a developer, I can write two apps. If I save data in the phone in one app, I cannot use the other app to access that data. They're isolated. In Android, I can write an app that can access just about anything, whether I put it there or not. If Google discovers malware, they remove it from Play. That's it. It's up to the user to determine that he's downloaded a malicious app, and remove it (assuming he can). With Windows Phone, if Microsoft discovers that a malicious app got through testing (one did - EXACTLY one), they can remove it from the store, and revoke the security certificate. The act of revoking the security certificate prevents it from running on any phone except developer unlocked phones. The next time the user runs the app, he will see a messagebox that says something to the effect of "Microsoft has revoked the security certificate and this app will be uninstalled." You can press ok or cancel. If you press ok, it will uninstall. If you press cancel, it will stay, but the next time you run it, same thing will happen. You can't run it. No action on the part of the user at all to keep the app from doing anything harmful on his phone once discovered.



    Does it instill confidence to you that a lazy, forgetful, or uniformed developer has access to your data and media? Do you think this lazy, forgetful, or uniformed guy put proper security measures in place?


    Isn't that backwards? Shouldn't you trust the lazy, forgetful, or uniformed guy...less?


    This is part of my concern. It sounds like you largely agree with me, but we differ on the potential scope for abuse.
    I don't see us disagreeing at all. No, it doesn't instill confidence that lazy programmers are out there. It disgusts me. It also makes me that much more diligent in what I do, even as inexperienced as I am, to make sure that I do it right, or at least as right as I can with what I know. No, it isn't that I trust the lazy forgetful guy more, I guess it is that I realize that they're out there, and that I realize that I'm OCD and anal, and not everyone is, and I try to accomodate that. I also realize that there are people out there that are smarter than me, who are checking for things like this (which is how the single app that was malicious was found), and that Microsoft is testing each app as well. I know that some may get through the cracks, but I also am careful about what I do, and I am also knowlegable about the operating limitations within which an app must operate within the phone, so I know that when an app is suspended it can't be doing anything malicious, since it can't be doing ANYTHING. It is BECAUSE of my programming understanding that I feel most confident in the Windows Phone of all the phones out there (other than perhaps Blackberry, which, of course, isn't near as much fun), and why I tell all of my friends that I would get rid of those Virus Phones (Androids). And while iPhone is pretty good, compared to Android, you have to wonder, with the story not long ago about even Angry Birds tracking locations in iPhones while the app was not running (how they did that, I do not know - I do know that it would NOT be possible in Windows Phone).

    So it isn't a matter of my view being all that much different than yours, on security. It's that I know the phone, how it works, what a developer can do, and what he can't do, that makes me comfortable. That's why I've been carrying a Windows Phone for over a year and a half.
    eldnar and jodahav like this.
    12-07-2012 04:05 PM
  4. manicottiK's Avatar
    I would use your company's products without hesitation.
    Thank you. Please consider acquiring one of our fine Bachelors, Masters, or Doctorate degrees. ;)
    eldnar, brmiller1976 and jodahav like this.
    12-07-2012 04:21 PM
  5. justsimpleinfo's Avatar
    The best app is the Adobe PDF app. There are no other permission request to access any other info on your device. I wish all apps were like that
    12-08-2012 10:02 AM
  6. jimski's Avatar
    A developer can correct me if I am wrong, but my understanding is that "access" is simply that, access to an area. But not uncontrolled access. For example, if you give an app access to your photos, the app can't copy or scan all your photos into its sandboxed data storage area. So the app will be allowed to open your photos hub and select a photo of your choosing. Or, it will be allowed to drop a photo into your hub. Same for accessing your contacts list, to forward a contact, or for speed dialing apps. WP has restrictions on what data can actually be transferred off of the device.
    Sent from my Lumia 900 using Board Express Pro
    12-08-2012 10:55 AM
  7. rockstarzzz's Avatar
    A developer can correct me if I am wrong, but my understanding is that "access" is simply that, access to an area. But not uncontrolled access. For example, if you give an app access to your photos, the app can't copy or scan all your photos into its sandboxed data storage area. So the app will be allowed to open your photos hub and select a photo of your choosing. Or, it will be allowed to drop a photo into your hub. Same for accessing your contacts list, to forward a contact, or for speed dialing apps. WP has restrictions on what data can actually be transferred off of the device.
    Sent from my Lumia 900 using Board Express Pro
    This was my understanding too. Now I am happy for an app developer to blow this out of my mind by creating an app with all these permissions and then like a kung-fu panda "view" all my photos on his PC while he plays with himself and then also take them off my phone and upload on his SkyDrive and email it back to me as he should also have my email address, cc in all my work mates and my mum.

    I am happy to pay 1.29 for this app if it passes MSFT store and it does all of the above without my intervention of course.
    12-08-2012 10:59 AM
  8. Daniel Ratcliffe's Avatar
    This was my understanding too. Now I am happy for an app developer to blow this out of my mind by creating an app with all these permissions and then like a kung-fu panda "view" all my photos on his PC while he plays with himself and then also take them off my phone and upload on his SkyDrive and email it back to me as he should also have my email address, cc in all my work mates and my mum.

    I am happy to pay 1.29 for this app if it passes MSFT store and it does all of the above without my intervention of course.
    *troll face* Challenge accepted!
    rockstarzzz likes this.
    12-08-2012 11:05 AM
  9. daddymanAZ's Avatar
    From a non-technical users standpoint, WP8 is no different than Android or iOS....you want to use that app....you have to agree to give access to portions of your phones data repositories. Get over it or go back to your LG flip phone!
    12-08-2012 12:24 PM
  10. brmiller1976's Avatar
    If every developer documented that in their app, user confidence would skyrocket.
    12-08-2012 12:29 PM
  11. WPenvy's Avatar
    I saw this to when I checked out some of the apps I would like to install when I finally get my lumia920.

    For example:
    Angry birds: photo, music, and video libraries. Why the **** is this necessary for a game!?

    Just a simple flashlight app which is the most downloaded in the store:

    • phone identity
    • owner identity
    • video and still capture
    • photo, music, and video libraries
    • microphone
    • data services
    • movement and directional sensor
    • camera
    • compass
    • WVGA (480x800)
    • media playback
    • HD720P (720x1280)
    • WXGA (768x1280)


    And if you say this isn't a big of a deal, Angry birds and this simple flashlight app can look at all of your pictures and videos taken. That's insane!


    These are just 2 examples, almost every top app in the market has these kind of insane permissions. I am on android now, and I can safely say that apps do not have these permissions there.
    Isn't it obvious? It's the Eagle Eye project....lol
    12-08-2012 01:38 PM
  12. Dave Blake's Avatar
    There is a lot of good information on this page about WP8 and security:

    Windows Phone Security | Windows Phone (United States)

    If you read through some of whats in this PDF about WP8 security features you will began to understand a few things.

    http://go.microsoft.com/fwlink/?LinkId=266838

    Apps are sanboxed and cant access any data from another app without your taking some action. Even is you approve an app to access the camera functions it cant remove data from the camera unless it is linked through the cloud. There is much more information's in the PDF check it out. Just because and app needs to access the Music player functionality to operate doesn't mean it can upload music from your library for example.
    hopmedic, WPenvy and eldnar like this.
    12-08-2012 04:42 PM
  13. brmiller1976's Avatar
    Frankly, I agree that privacy issues on smartphones are a concern.

    However, I know LOTS of people who are concerned about their privacy to the point where they won't use Facebook or mobile apps, but:

    1) Have a credit/debit card (and use it) -- creating a massive profile of their lives that allows data miners to determine every aspect of their lives from sexual orientation to religious background
    2) Bank with one of the 100 largest US banks -- which resell data about purchases, checks, salaries and balances to other companies
    3) Own or rent property in a public records state -- where I can look up how much they paid for their home (or in rent)
    4) Own a new car made since 2006 (with a tracking computer on board) -- where data is recorded about driving habits and can be transmitted to insurance companies
    5) Own a featurephone with built-in GPS (and the ability for government agencies to obtain location and travel data without a warrant)
    6) Fly regularly -- and provide a full, high-resolution naked photograph of themselves to government agents every time they wait in line to board.

    If you really want to see privacy, you need to tackle the systemic cancer of the surveillance society.
    rockstarzzz likes this.
    12-08-2012 04:47 PM
  14. rockstarzzz's Avatar
    Frankly, I agree that privacy issues on smartphones are a concern.

    However, I know LOTS of people who are concerned about their privacy to the point where they won't use Facebook or mobile apps, but:

    1) Have a credit/debit card (and use it) -- creating a massive profile of their lives that allows data miners to determine every aspect of their lives from sexual orientation to religious background
    2) Bank with one of the 100 largest US banks -- which resell data about purchases, checks, salaries and balances to other companies
    3) Own or rent property in a public records state -- where I can look up how much they paid for their home (or in rent)
    4) Own a new car made since 2006 (with a tracking computer on board) -- where data is recorded about driving habits and can be transmitted to insurance companies
    5) Own a featurephone with built-in GPS (and the ability for government agencies to obtain location and travel data without a warrant)
    6) Fly regularly -- and provide a full, high-resolution naked photograph of themselves to government agents every time they wait in line to board.

    If you really want to see privacy, you need to tackle the systemic cancer of the surveillance society.
    honey_boo_boo_is_philosophy_genius_07.gif
    brmiller1976 likes this.
    12-08-2012 05:20 PM
  15. hopmedic's Avatar
    The best app is the Adobe PDF app. There are no other permission request to access any other info on your device. I wish all apps were like that
    But the Adobe PDF app is garbage, and went nearly (or perhaps more than) two years between updates. Please don't use this as a "best app" example. And if you're on Windows Phone 8, the pdf app is not by Adobe... But on WP7, it is.
    12-08-2012 07:27 PM
  16. hopmedic's Avatar
    From a non-technical users standpoint, WP8 is no different than Android or iOS....you want to use that app....you have to agree to give access to portions of your phones data repositories. Get over it or go back to your LG flip phone!
    But, thankfully, from a technical (as well as aesthetic) standpoint, WP8 is VERY different. On that Android, when you install the app, and you accept the little disclaimer that says the app needs access to certain services, you're giving it free reign to those services. On WP8, you're just saying that you're ok with an app that uses those services. It still can't use those services without your intervention each time, with a few exceptions. Phone dialer, text messaging, email, contacts, photos, and so forth...... It can't touch any of that without your action each and every time.

    If every developer documented that in their app, user confidence would skyrocket.
    It isn't so much that developers are documenting, but if they don't include the capabilities in the WMappManifest.xml file, the app won't be able to use those capabilities! They don't have a choice!
    12-08-2012 08:11 PM
  17. stephen_az's Avatar
    Hi all,

    I just got my HTC 8X setup. I was eager to download some of the apps, and was shocked at what I have to give up in order to use the vast majority of WP8 Apps. I'm considering going back to my old phone simply because WP8 seems to have incredible privacy overreaches with its Apps. Thus far is appears to be the most insecure of any modern phone OS (in regards to apps). Can someone please explain a couple of things to a newbie? I'm newer to the WP8 platform, so there might be a rhyme and/or reason for these things.

    1) Why does Flashlight X require video and still capture and the ability to playback media to simply turn on a rear flash?

    2) Why does Flixster and Fandango need to access my photos, music, and video in order to tell me what time a movie starts?

    3) Why does Amazon Mobile and NewEgg need to access my photo, music, and video libraries in order to show me what they have for sale?

    4) Why does NetFlix need to access my photos, music, and videos in order to play videos

    5) Why does "RapDialer" need to access my photo, music, and video libraries in order to make outgoing phone calls faster?

    Why do I need to give them access to my private vacation photos, videos and music, as if the applications will not work without it. It's like going to Amazon.com via a web browser on your desktop and they say, "Oh sorry, to use Amazon, you need to let us scan your C drive first". I don't understand this.

    Thanks for your time.
    Here is an alternative question. Why do people ask seriously uniformed questions that convey they either know nothing about any smartphone and should do their own homework first or are just here to troll? I can't speak about IOS but you give away all of this information and more with ANY Android device, whether it be a phone or tablet (and probably the couple Android cameras). You also don't just give it to app developers, you give it to Google as well. Since you are joined at the hip with Apple, I doubt there is much difference on that front. Microsoft actually has stronger privacy policies than either and is still running afoul of Google and advertisers for the default browser setting intended to block tracking.
    12-08-2012 08:41 PM
  18. eldnar's Avatar
    Here is an alternative question. Why do people ask seriously uniformed questions that convey they either know nothing about any smartphone and should do their own homework first or are just here to troll? I can't speak about IOS but you give away all of this information and more with ANY Android device, whether it be a phone or tablet (and probably the couple Android cameras). You also don't just give it to app developers, you give it to Google as well. Since you are joined at the hip with Apple, I doubt there is much difference on that front. Microsoft actually has stronger privacy policies than either and is still running afoul of Google and advertisers for the default browser setting intended to block tracking.
    Wow, as it turns out, you are the one that is seriously uniformed.

    #1 I don't own and have never owned an iPhone. I come from a Palm Pre 3. You're the one that appears to be uninformed.

    #2 I said I was a newbie my very first paragraph. If you actually read it, you wouldn't be busted for being uninformed again.

    #3 If you ridiculously define "trolling" as asking about privacy concerns on a new OS that I'm completely unfamiliar with, then yes I'd fall into that category. Most of us don't define a troll that way.

    I'm sorry if asking about privacy hurt your little feelings. If newbies asking questions upsets you that much, then you're more than welcome to move on to other "expert" threads where simple questions don't offend you.

    Thanks to everybody else who have continued to provide real answers, this thread is VERY helpful.

    Apps are sanboxed and cant access any data from another app without your taking some action. Even is you approve an app to access the camera functions it cant remove data from the camera unless it is linked through the cloud. There is much more information's in the PDF check it out. Just because and app needs to access the Music player functionality to operate doesn't mean it can upload music from your library for example.
    David, thanks, I will read these. I think the magic word is "access" what exactly does that mean? Does it mean a dev can read and copy data? Or does "access" stop at merely looking at a directory of files and/or data? For example, does "access" mean that while an application may not actually be able to delete data from my phone, but it can copy my data to their own server?
    Daniel Ratcliffe likes this.
    12-09-2012 12:49 AM
  19. Daniel Ratcliffe's Avatar
    Thanks to everybody else who have continued to provide real answers, this thread is VERY helpful.
    Not a problem. After all isn't that what this is about?

    David, thanks, I will read these. I think the magic word is "access" what exactly does that mean? Does it mean a dev can read and copy data? Or does "access" stop at merely looking at a directory of files and/or data? For example, does "access" mean that while an application may not actually be able to delete data from my phone, but it can copy my data to their own server?
    To be honest, I think it just means read access as well as integration into the hubs (where applicable). For example the app I want to create is a radio station app. It has no use for your contacts (unless I add share with contact functionality and even then I don't think that's possible). It also has no use for your games. What it will require though is access to your music and video hub to integrate as an application in there. I will try and lock out as much access as possible but will however create a page accessed from the landing page which will explain what each of the parts does.
    12-09-2012 01:05 AM
  20. palandri's Avatar
    Eldnar, I understand what you're saying. We all expect a certain level of privacy. Nowadays if you don't send messages via pony express, don't expect a lot of privacy. It's just the way it is now.
    aubreyq likes this.
    12-09-2012 01:07 AM
  21. rockstarzzz's Avatar
    First I thought OP was genuinely concerned and had valid points. Now I know, it's not understanding how privacy permissions work.

    When you give access to your photos, vids etc - you aren't giving access like you give access to your home when you leave all yours keys with me.

    With access it is more like you are not covering up your house or windows with curtains so I have access to what's in your house. Why? Because in case there is a fire which I can see through your windows, I'll call appropriate emergency services for you as we've discussed when you pressed "allow".

    So if a flashlight app wants access to your vids, photo APIs is because flash that is used in this app CANNOT be engaged for something else i.e. pics and vids. It is accessing those to make sure there isn't any current temp file being dumped. If it knows that the flash light is available, it then does it's own thing and gives you a flash light.

    Hopefully you will be able to think of the reasons for all other examples in your thread. I am not sure how the mods still think this thread remains a valid "Privacy nightmare" when it clearly is a user's understanding of how stuff work. But strange stuff happen at WPC Forums, this don't surprise me.
    12-09-2012 04:35 AM
  22. Slai's Avatar
    More Than Half of Mobile Users Avoid Certain Apps Due to Privacy Concerns - Pew Research Center
    Sure, more than half of the world are religious too, it doesnt mean much really.

    If over half the world were scared of metal, should we stop using it?

    Fair enough. This was mainly for people who are concerned about privacy. If you're not concerned about your privacy, you're welcome to ignore the thread.
    Sure, I could ignore loads of things. I could just NOT help anyone at all.

    The fact is that the thread wasnt "hey, are you concerned about privacy!? UNCLE SAM NEEDS YOU! (nonconcerned citizens need not reply)".
    What the thread was, IIRC, was questions which I tried to clear up and guide at least some semblance of a response to.

    Why?

    Because it is a forum where these things are considered good form, if done with good intentions.
    Im sorry if this has in some absurd way offended you.

    If they don't care about it, then why do they need to access it?
    Asked and answered to the best of the boards ability. If you need further answers that may give you peace of mind, I suggest contacting the app developer and Nokia.

    Then why do companies pay incredible amounts to obtain our data? Companies don't spend millions on something that's not important.
    To give you personalized advertisement, which is a huge gain for companies. Not so Jimmy in tech can sit jerking off to your HILARIOUS picture of your labrador Snookie wearing human sunglasses. Im sure Jimmy DOES do that, but thats not the end goal.

    Good for you. Some of us have business data, downloaded word documents and attachments, recorded business meetings, private business documents, etc. The flashlight developer doesn't need to access those things. If you only have pictures of your grandma's birtday party I understand your lack of concern. You're welcome to move on to a thread that is a bit more relevant to you.
    Look, if you have your CIA stuff on your phone, isnt there a more safe and secure way of using this? Doesnt your office provide a secure way of transferring these sensitive things?
    Having things on your phone isnt really supersafe since someone can just snatch it out of your hand at any given moment and make a run for it :P .

    But okay, as I said you might want to contact Nokia and the app developer to get some sort of insight into the workings of these permissions.

    And when you get some answers, Id love for you to share them in this thread.

    The flashlight developer doesn't need advertising data for an application that is not ad supported.
    Didnt the flashlight just need permissions that were relevant?

    video and still capture and the ability to playback media to simply turn on a rear flash

    Just a theory: if youre using your flashlight and want to take a picture and press your camera button, that could be a reason? Playback media could be because if youre listening to music in the background, the flashlight might dim its soundeffects if any.

    As said: contact Nokia/App developer for answers, not the forum.

    You are a diamond in the rough, most apps and developers don't do this. I would use your company's products without hesitation.
    Then you, sir, are INSANE. So if a guy comes up and says "hey, Im going to take your wallet. Im going to return with the wallet AS IS in an hour, you wont even know its gone. I will not use your creditcards or anything, but I will leave a chocolate in there for you." your response would be "Why arent you an honest one! I like you. Take my wallet!".

    Just because a developer lists reasons for accessing certain things doesnt mean that it automatically is true at all. No more than the app that doesnt give a reason.

    You seem like an easy target for a conman ;) .


    That being said, I agree that there should be more information regarding what is accessed and WHY it is accessed, if only so people relax a little and get some sense of security.
    12-09-2012 05:35 AM
  23. badMojo69's Avatar
    OP...you don't need a smart phone.
    There is no privacy that went away back in early 2K.
    12-09-2012 08:10 AM
  24. eldnar's Avatar
    First I thought OP was genuinely concerned and had valid points. Now I know, it's not understanding how privacy permissions work.
    Uh, that's exactly what I said in my OP. I don't understand how privacy permission work in WP8. That's the whole reason I started the thread. I did not understand why two flashlight apps that do that exact same thing, yet one needs access to my .mp3, videos and photos, and the other only needs the camera.

    Hopefully you will be able to think of the reasons for all other examples in your thread. I am not sure how the mods still think this thread remains a valid "Privacy nightmare" when it clearly is a user's understanding of how stuff work. But strange stuff happen at WPC Forums, this don't surprise me.
    Probably because the mods realize that I am clearly asking a question.

    I titled the post: WP8 Privacy Nightmare? <--- You'll notice that is a question mark. Question marks mean I am trying to gain knowledge. I want to understand privacy on WP8.

    I did not title the post: WP8 Privacy Nightmare!! <-- Had I used exclaimation points that would have mean I was trying to freak people out and/or be a sensationalist. Possibly even trolling.

    WP8 is new to me and I want to better understand how applications OS uses my data. Where else should I ask other than the WP8 forum? There is nothing wrong with that. If you don't like a newbie asking questions, you're welcome to move along.

    Sure, more than half of the world are religious too, it doesnt mean much really.

    If over half the world were scared of metal, should we stop using it?
    It means that most people consider privacy questions legitimate. My questions are not out of the ordinary (as many have agreed). Who said anyone is scared of privacy? This thread is to help me and others understand what I am giving up in terms of privacy on WP8 as compared to other OS'es and why. I understand certain amounts of privacy are going to be lost, I just want to understand how much and whether I should stick with my other smartphone.

    Sure, I could ignore loads of things. I could just NOT help anyone at all.
    Well you're certainly not helping anyone one this thread. Your posts mainly consist of complaining that I asked questions that you don't like. If you don't like that I asked a question you're welcome to move on to another thread where you can provide answers...instead of complaints.

    Look, if you have your CIA stuff on your phone, isnt there a more safe and secure way of using this?
    Uh, that's the whole point of this thread, I'm asking if WP8 is a secure way of doing this. It's called, "fact finding". Please stop crying about it.

    Doesnt your office provide a secure way of transferring these sensitive things?
    Having things on your phone isnt really supersafe since someone can just snatch it out of your hand at any given moment and make a run for it :P .
    In 2012 not everything is done in the office anymore. Many businesses use rely on their phones. From my understanding if someone grabbed my phone and made a run for it WP8 allows me to wipe the phone remotely (which is awesome).

    But okay, as I said you might want to contact Nokia and the app developer to get some sort of insight into the workings of these permissions.

    As said: contact Nokia/App developer for answers, not the forum.
    #1 I have an HTC not a Nokia. Did you even read the post? #2 I have gotten great answers from many people on this thread. Almost everybody else (besides you) have been interested in actually answering my questions, instead of complaining that I've asked. Your responses pretty much boil down to, "Don't ask questions that Slai doesn't like in the forum." My response is: #1 It's not your forum. #2 That's absurd.

    Then you, sir, are INSANE.
    I'm insane for complimenting a developer who documents in detail how his application works? LOL. Apparently, you'd rather trust a developer who doesn't put forth the effort to provide you with the details. Which is more insane? My compliment to him stands as is, he's a good guy from what I can tell.

    That being said, I agree that there should be more information regarding what is accessed and WHY it is accessed, if only so people relax a little and get some sense of security.
    You just called me insane for complimenting a guy who does exactly that! LOL! What is wrong with you? If you agree with me, why has every post from you been full of whining and complaining?

    OP...you don't need a smart phone.
    There is no privacy that went away back in early 2K.
    You're acting like I want to be anonymous. I don't. I just want to understand how WP8 protects my data from abuse from applications and potentially rogue developers. Seems like a very reasonable question. Why is that a problem?
    12-09-2012 05:21 PM
  25. rockstarzzz's Avatar
    I see how you've quoted mostly stuff from my post that is irrelevantly not answering your question but have paid no attention to the answer you were looking for using those question marks. Way to learn.
    12-09-2012 05:27 PM
59 123

Similar Threads

  1. Replies: 2
    Last Post: 05-03-2012, 10:00 PM
  2. O2 (UK) Mobile Web Privacy Breach
    By TheWeeBear in forum The "Off Topic" Lounge
    Replies: 0
    Last Post: 01-25-2012, 06:28 AM
  3. WP7-Xbox Live Nightmare
    By 44zippo44 in forum Other Operating Systems
    Replies: 9
    Last Post: 12-04-2011, 02:27 PM
  4. Should they make another surround for wp8?
    By CamiKitti in forum HTC Surround
    Replies: 1
    Last Post: 11-21-2011, 12:00 PM
  5. How important is RAM for WP8 update
    By danygandhi in forum HTC TITAN
    Replies: 8
    Last Post: 11-15-2011, 03:05 PM
LINK TO POST COPIED TO CLIPBOARD