WP8 Privacy Nightmare?

[hopmedic]

From a non-technical users standpoint, WP8 is no different than Android or iOS....you want to use that app....you have to agree to give access to portions of your phones data repositories. Get over it or go back to your LG flip phone! :winktongue:

But, thankfully, from a technical (as well as aesthetic) standpoint, WP8 is VERY different. On that Android, when you install the app, and you accept the little disclaimer that says the app needs access to certain services, you're giving it free reign to those services. On WP8, you're just saying that you're ok with an app that uses those services. It still can't use those services without your intervention each time, with a few exceptions. Phone dialer, text messaging, email, contacts, photos, and so forth...... It can't touch any of that without your action each and every time.

If every developer documented that in their app, user confidence would skyrocket.

It isn't so much that developers are documenting, but if they don't include the capabilities in the WMappManifest.xml file, the app won't be able to use those capabilities! They don't have a choice! :wink:

 

[stephen_az]

Hi all,

I just got my HTC 8X setup. I was eager to download some of the apps, and was shocked at what I have to give up in order to use the vast majority of WP8 Apps. I'm considering going back to my old phone simply because WP8 seems to have incredible privacy overreaches with its Apps. Thus far is appears to be the most insecure of any modern phone OS (in regards to apps). Can someone please explain a couple of things to a newbie? I'm newer to the WP8 platform, so there might be a rhyme and/or reason for these things.

1) Why does Flashlight X require video and still capture and the ability to playback media to simply turn on a rear flash?

2) Why does Flixster and Fandango need to access my photos, music, and video in order to tell me what time a movie starts?

3) Why does Amazon Mobile and NewEgg need to access my photo, music, and video libraries in order to show me what they have for sale?

4) Why does NetFlix need to access my photos, music, and videos in order to play videos

5) Why does "RapDialer" need to access my photo, music, and video libraries in order to make outgoing phone calls faster?

Why do I need to give them access to my private vacation photos, videos and music, as if the applications will not work without it. It's like going to Amazon.com via a web browser on your desktop and they say, "Oh sorry, to use Amazon, you need to let us scan your C drive first". I don't understand this.

Thanks for your time.

Here is an alternative question. Why do people ask seriously uniformed questions that convey they either know nothing about any smartphone and should do their own homework first or are just here to troll? I can't speak about IOS but you give away all of this information and more with ANY Android device, whether it be a phone or tablet (and probably the couple Android cameras). You also don't just give it to app developers, you give it to Google as well. Since you are joined at the hip with Apple, I doubt there is much difference on that front. Microsoft actually has stronger privacy policies than either and is still running afoul of Google and advertisers for the default browser setting intended to block tracking.

 

[eldnar]

Here is an alternative question. Why do people ask seriously uniformed questions that convey they either know nothing about any smartphone and should do their own homework first or are just here to troll? I can't speak about IOS but you give away all of this information and more with ANY Android device, whether it be a phone or tablet (and probably the couple Android cameras). You also don't just give it to app developers, you give it to Google as well. Since you are joined at the hip with Apple, I doubt there is much difference on that front. Microsoft actually has stronger privacy policies than either and is still running afoul of Google and advertisers for the default browser setting intended to block tracking.

Wow, as it turns out, you are the one that is seriously uniformed.

#1 I don't own and have never owned an iPhone. I come from a Palm Pre 3. You're the one that appears to be uninformed.

#2 I said I was a newbie my very first paragraph. If you actually read it, you wouldn't be busted for being uninformed again.

#3 If you ridiculously define "trolling" as asking about privacy concerns on a new OS that I'm completely unfamiliar with, then yes I'd fall into that category. Most of us don't define a troll that way.

I'm sorry if asking about privacy hurt your little feelings. If newbies asking questions upsets you that much, then you're more than welcome to move on to other "expert" threads where simple questions don't offend you.

Thanks to everybody else who have continued to provide real answers, this thread is VERY helpful.

Apps are sanboxed and cant access any data from another app without your taking some action. Even is you approve an app to access the camera functions it cant remove data from the camera unless it is linked through the cloud. There is much more information's in the PDF check it out. Just because and app needs to access the Music player functionality to operate doesn't mean it can upload music from your library for example.

David, thanks, I will read these. I think the magic word is "access" what exactly does that mean? Does it mean a dev can read and copy data? Or does "access" stop at merely looking at a directory of files and/or data? For example, does "access" mean that while an application may not actually be able to delete data from my phone, but it can copy my data to their own server?

 

[Daniel Ratcliffe]

Thanks to everybody else who have continued to provide real answers, this thread is VERY helpful.

Not a problem. After all isn't that what this is about?

David, thanks, I will read these. I think the magic word is "access" what exactly does that mean? Does it mean a dev can read and copy data? Or does "access" stop at merely looking at a directory of files and/or data? For example, does "access" mean that while an application may not actually be able to delete data from my phone, but it can copy my data to their own server?

To be honest, I think it just means read access as well as integration into the hubs (where applicable). For example the app I want to create is a radio station app. It has no use for your contacts (unless I add share with contact functionality and even then I don't think that's possible). It also has no use for your games. What it will require though is access to your music and video hub to integrate as an application in there. I will try and lock out as much access as possible but will however create a page accessed from the landing page which will explain what each of the parts does.

 

[palandri]

Eldnar, I understand what you're saying. We all expect a certain level of privacy. Nowadays if you don't send messages via pony express, don't expect a lot of privacy. It's just the way it is now.

 

[rockstarzzz]

First I thought OP was genuinely concerned and had valid points. Now I know, it's not understanding how privacy permissions work.

When you give access to your photos, vids etc - you aren't giving access like you give access to your home when you leave all yours keys with me.

With access it is more like you are not covering up your house or windows with curtains so I have access to what's in your house. Why? Because in case there is a fire which I can see through your windows, I'll call appropriate emergency services for you as we've discussed when you pressed "allow".

So if a flashlight app wants access to your vids, photo APIs is because flash that is used in this app CANNOT be engaged for something else i.e. pics and vids. It is accessing those to make sure there isn't any current temp file being dumped. If it knows that the flash light is available, it then does it's own thing and gives you a flash light.

Hopefully you will be able to think of the reasons for all other examples in your thread. I am not sure how the mods still think this thread remains a valid "Privacy nightmare" when it clearly is a user's understanding of how stuff work. But strange stuff happen at WPC Forums, this don't surprise me.

 

[Slai]

More Than Half of Mobile Users Avoid Certain Apps Due to Privacy Concerns - Pew Research Center

Sure, more than half of the world are religious too, it doesnt mean much really.

If over half the world were scared of metal, should we stop using it?

Fair enough. This was mainly for people who are concerned about privacy. If you're not concerned about your privacy, you're welcome to ignore the thread.

Sure, I could ignore loads of things. I could just NOT help anyone at all.

The fact is that the thread wasnt "hey, are you concerned about privacy!? UNCLE SAM NEEDS YOU! (nonconcerned citizens need not reply)".
What the thread was, IIRC, was questions which I tried to clear up and guide at least some semblance of a response to.

Why?

Because it is a forum where these things are considered good form, if done with good intentions.
Im sorry if this has in some absurd way offended you.

If they don't care about it, then why do they need to access it?

Asked and answered to the best of the boards ability. If you need further answers that may give you peace of mind, I suggest contacting the app developer and Nokia.

Then why do companies pay incredible amounts to obtain our data? Companies don't spend millions on something that's not important.

To give you personalized advertisement, which is a huge gain for companies. Not so Jimmy in tech can sit jerking off to your HILARIOUS picture of your labrador Snookie wearing human sunglasses. Im sure Jimmy DOES do that, but thats not the end goal.

Good for you. Some of us have business data, downloaded word documents and attachments, recorded business meetings, private business documents, etc. The flashlight developer doesn't need to access those things. If you only have pictures of your grandma's birtday party I understand your lack of concern. You're welcome to move on to a thread that is a bit more relevant to you.

Look, if you have your CIA stuff on your phone, isnt there a more safe and secure way of using this? Doesnt your office provide a secure way of transferring these sensitive things?
Having things on your phone isnt really supersafe since someone can just snatch it out of your hand at any given moment and make a run for it .

But okay, as I said you might want to contact Nokia and the app developer to get some sort of insight into the workings of these permissions.

And when you get some answers, Id love for you to share them in this thread.

The flashlight developer doesn't need advertising data for an application that is not ad supported.

Didnt the flashlight just need permissions that were relevant?

video and still capture and the ability to playback media to simply turn on a rear flash

Just a theory: if youre using your flashlight and want to take a picture and press your camera button, that could be a reason? Playback media could be because if youre listening to music in the background, the flashlight might dim its soundeffects if any.

As said: contact Nokia/App developer for answers, not the forum.

You are a diamond in the rough, most apps and developers don't do this. I would use your company's products without hesitation.

Then you, sir, are INSANE. So if a guy comes up and says "hey, Im going to take your wallet. Im going to return with the wallet AS IS in an hour, you wont even know its gone. I will not use your creditcards or anything, but I will leave a chocolate in there for you." your response would be "Why arent you an honest one! I like you. Take my wallet!".

Just because a developer lists reasons for accessing certain things doesnt mean that it automatically is true at all. No more than the app that doesnt give a reason.

You seem like an easy target for a conman .


That being said, I agree that there should be more information regarding what is accessed and WHY it is accessed, if only so people relax a little and get some sense of security.

 

[badMojo69]

OP...you don't need a smart phone.
There is no privacy that went away back in early 2K.

 

[eldnar]

First I thought OP was genuinely concerned and had valid points. Now I know, it's not understanding how privacy permissions work.

Uh, that's exactly what I said in my OP. I don't understand how privacy permission work in WP8. That's the whole reason I started the thread. I did not understand why two flashlight apps that do that exact same thing, yet one needs access to my .mp3, videos and photos, and the other only needs the camera.

Hopefully you will be able to think of the reasons for all other examples in your thread. I am not sure how the mods still think this thread remains a valid "Privacy nightmare" when it clearly is a user's understanding of how stuff work. But strange stuff happen at WPC Forums, this don't surprise me.

Probably because the mods realize that I am clearly asking a question.

I titled the post: WP8 Privacy Nightmare? <--- You'll notice that is a question mark. Question marks mean I am trying to gain knowledge. I want to understand privacy on WP8.

I did not title the post: WP8 Privacy Nightmare!! <-- Had I used exclaimation points that would have mean I was trying to freak people out and/or be a sensationalist. Possibly even trolling.

WP8 is new to me and I want to better understand how applications OS uses my data. Where else should I ask other than the WP8 forum? There is nothing wrong with that. If you don't like a newbie asking questions, you're welcome to move along.

Sure, more than half of the world are religious too, it doesnt mean much really.

If over half the world were scared of metal, should we stop using it?

It means that most people consider privacy questions legitimate. My questions are not out of the ordinary (as many have agreed). Who said anyone is scared of privacy? This thread is to help me and others understand what I am giving up in terms of privacy on WP8 as compared to other OS'es and why. I understand certain amounts of privacy are going to be lost, I just want to understand how much and whether I should stick with my other smartphone.

Sure, I could ignore loads of things. I could just NOT help anyone at all.

Well you're certainly not helping anyone one this thread. Your posts mainly consist of complaining that I asked questions that you don't like. If you don't like that I asked a question you're welcome to move on to another thread where you can provide answers...instead of complaints.

Look, if you have your CIA stuff on your phone, isnt there a more safe and secure way of using this?

Uh, that's the whole point of this thread, I'm asking if WP8 is a secure way of doing this. It's called, "fact finding". Please stop crying about it.

Doesnt your office provide a secure way of transferring these sensitive things?
Having things on your phone isnt really supersafe since someone can just snatch it out of your hand at any given moment and make a run for it .

In 2012 not everything is done in the office anymore. Many businesses use rely on their phones. From my understanding if someone grabbed my phone and made a run for it WP8 allows me to wipe the phone remotely (which is awesome).

But okay, as I said you might want to contact Nokia and the app developer to get some sort of insight into the workings of these permissions.

As said: contact Nokia/App developer for answers, not the forum.

#1 I have an HTC not a Nokia. Did you even read the post? #2 I have gotten great answers from many people on this thread. Almost everybody else (besides you) have been interested in actually answering my questions, instead of complaining that I've asked. Your responses pretty much boil down to, "Don't ask questions that Slai doesn't like in the forum." My response is: #1 It's not your forum. #2 That's absurd.

Then you, sir, are INSANE.

I'm insane for complimenting a developer who documents in detail how his application works? LOL. Apparently, you'd rather trust a developer who doesn't put forth the effort to provide you with the details. Which is more insane? My compliment to him stands as is, he's a good guy from what I can tell.

That being said, I agree that there should be more information regarding what is accessed and WHY it is accessed, if only so people relax a little and get some sense of security.

You just called me insane for complimenting a guy who does exactly that! LOL! What is wrong with you? If you agree with me, why has every post from you been full of whining and complaining?

OP...you don't need a smart phone.
There is no privacy that went away back in early 2K.

You're acting like I want to be anonymous. I don't. I just want to understand how WP8 protects my data from abuse from applications and potentially rogue developers. Seems like a very reasonable question. Why is that a problem?

 

[rockstarzzz]

I see how you've quoted mostly stuff from my post that is irrelevantly not answering your question but have paid no attention to the answer you were looking for using those question marks. Way to learn.

 

[Slai]

It means that most people consider privacy questions legitimate. My questions are not out of the ordinary (as many have agreed). Who said anyone is scared of privacy? This thread is to help me and others understand what I am giving up in terms of privacy on WP8 as compared to other OS'es and why. I understand certain amounts of privacy are going to be lost, I just want to understand how much and whether I should stick with my other smartphone.

Aye, I agree, it isnt out of the ordinary. But the mere fact that half of mobile users avoid certain apps due to privacy concerns does not mean that their concerns are valid.
That was all I was trying to underline.

Well you're certainly not helping anyone one this thread. Your posts mainly consist of complaining that I asked questions that you don't like. If you don't like that I asked a question you're welcome to move on to another thread where you can provide answers...instead of complaints.

The fact here really is that you interpret my replies as being hostile, which they are not. I have not complained a single time in this entire thread. I generally dont complain. But feel free to share what you did interpret as complaining.
I get the feeling that you got a hostile vibe from replies in the thread, and my replies then seemed to you as hostile and/or complaining, merely due to your state of mind. Or perhaps just how I write doesnt translate well to you due to cultural differences.

I replid, for instance, theories about what certain permissions for certain apps could entail. Since youre asking on a public forum and not to developers directly, I assumed you wanted replies that you could work with, discuss with and find a reasonable outcome with in case no direct answers were found.

You might not call that help, and thats fine. Some people eat pears and swear they are apples. But my intention was nevertheless to help.

Uh, that's the whole point of this thread, I'm asking if WP8 is a secure way of doing this. It's called, "fact finding". Please stop crying about it.

How in the name of rabid donkeys is this crying? Im asking wether a non-phone-based solution wouldnt be far more logical to use if the information is really super-sensitive. I wouldnt think that anything top secret was ever put on the private phone of an employee.

This isnt called "fact finding", this is called "asking a random group of people a question and being angry that replies are made". Go to your local mall and yell "HOW DO YOU REMOVE A TUMOR FROM AN EYE?" and try to call that fact finding.

We didnt design the OS, we certainly didnt set the permissions for the apps in question, and not all of us are developers. Fact finding has never been more ill conceived.

What you did is ask a question in a public forum and got replies trying to enlighten/solve/help.

Then you complain that youre not getting the answers you desired.

In 2012 not everything is done in the office anymore. Many businesses use rely on their phones. From my understanding if someone grabbed my phone and made a run for it WP8 allows me to wipe the phone remotely (which is awesome).

Yeah, I was only joking . And yes, that is a great feature. You can also update the phones lockscreen, iirc, to display your information so that it may be returned to you. AND set up a phonelock even if you didnt have one at the time you lost it.

#1 I have an HTC not a Nokia. Did you even read the post? #2 I have gotten great answers from many people on this thread. Almost everybody else (besides you) have been interested in actually answering my questions, instead of complaining that I've asked. Your responses pretty much boil down to, "Don't ask questions that Slai doesn't like in the forum." My response is: #1 It's not your forum. #2 That's absurd.

Yeah I actually was tired and meant to write Microsoft.

And again; havent complained about your questions, nor that you asked them. None of my responses boil down to that, Ill accept messages from anyone who feels the same way on my inbox thingie, Ill gladly hear you out. If Im wrong, Ill take that to heart, but I feel that you are completely wrong in your assessment here, and I dont really know where it is coming from.

I'm insane for complimenting a developer who documents in detail how his application works? LOL. Apparently, you'd rather trust a developer who doesn't put forth the effort to provide you with the details. Which is more insane? My compliment to him stands as is, he's a good guy from what I can tell.

No, Id say hes probably a nice guy, I believe so. But the fact is that what he writes as reasons for his app permissions can be completely false and made up, and you say that youd download his app.
The insanity lies in the fact that you think its horrible if they dont mention why they need the permissions, but as long as someone gives you a reason that is not verified to be true in any way, and therefore is absolutely 0% safer, youd download it without even thinking about it.

See the point?

You just called me insane for complimenting a guy who does exactly that! LOL! What is wrong with you? If you agree with me, why has every post from you been full of whining and complaining?

None of them have been whining nor complaining at all in my opinion, and certainly never were meant to be viewed as such.

And you HAVE to be able to see the difference between "that adds 0 layers of security" and "id like them to write something, so that paranoid people can feel safer, even though it isnt", right?

I just want to understand how WP8 protects my data from abuse from applications and potentially rogue developers. Seems like a very reasonable question. Why is that a problem?

If you really wanted that information, you had to know that the best source for that information would be Microsoft, not a public forum?

 

[eldnar]

There is a lot of good information on this page about WP8 and security:

Windows Phone Security | Windows Phone (United States)

If you read through some of whats in this PDF about WP8 security features you will began to understand a few things.

http://go.microsoft.com/fwlink/?LinkId=266838

Apps are sanboxed and cant access any data from another app without your taking some action. Even is you approve an app to access the camera functions it cant remove data from the camera unless it is linked through the cloud. There is much more information's in the PDF check it out. Just because and app needs to access the Music player functionality to operate doesn't mean it can upload music from your library for example.

Hi Dave,

I just read the white paper you provided. Thank you very much! Sections 5 and 6 answered many, if not all of my questions. It's pretty much exactly what I was looking for. I appreciate your patience and I appreciate everybody else who attempted to provide answers! Thanks all...

 

[Paul May]

To the OP, did the info you found satisfy your curiosity? Will you be sticking with a WP8? I found this thread quite informative as a non developer.

 

[Daniel Ratcliffe]

I found this thread quite informative as a non developer.

And I found it informative as a to-be developer!

 

[AngryNil]

1) Why does Flashlight X require video and still capture and the ability to playback media to simply turn on a rear flash?

Flashlight apps use video capture in order to control the flash because Microsoft provided no API for it.

 

[eldnar]

Hi Paul,

My questions were answered to a certain degree. I've received some great information from this thread and I'm confident that WP8 is probably more secure than Android and/or IOS. I'll be sticking with WP8 for the time being. Although I'm still a bit unclear on why certain apps are allowed to access far more than they need. This just seems irresponsible on Microsoft's part and it is just begging to be abused. Several people provided reasonable guesses, but nothing concrete. So I'm going to take Slai's advice and present some of my questions to Microsoft directly.

Hi Angry,

Yes, that makes sense to me now. Although could you take a stab at why there's such a permissions over reach as described below:

Flashlight XT: Video and still capture.
Flashlight-X: Phone identity, owner identity, video and still capture, media playback, mircophone, data services, movement and directional sensor.
Flashlight X (no dash): All of the above plus music/photo/video libraries, and data service.

They all simply turn on the light.

I was somewhat comforted a bit by "hopmedic" when he said,

When you create a project in Windows Phone, the WMappManifest.xml file, which is where all of the capabilities are enabled/listed, by default, has all of the capabilities enabled. So, if a developer is lazy, forgetful, or doesn't know he needs to remove the unneeded capabilities from this file, then when they submit it to the store, it will list these capabilities, whether they are used or not.

My question is, how do I know whether an application has those permissions because a developer is lazy, forgetful, or uniformed or if a developer figured out what Shantanu Gawde figured out with his WP8 malware? I haven't heard anything since his presentation at Malcon which leads me to believe what is found are legitimate loopholes in WP8. Had his claims been bogus, Microsoft would have been dancing in the streets and announcing all over the place about the rock solid security of WP8. The fact that MS has been absolutely silent about it leads me to believe they were busted. Simply restricting access to programs that truly need access would go a long way to solving a lot of problems. Prototype malware for Windows Phone 8 OS allegedly created | Windows Phone Central

"The malware uses legitimate WP8 functionality without resorting to other methods such as 'homebrew apps' and interop capabilities," Gawde said. "The idea behind the app was to code it in such a way that it would be accepted into the marketplace [Windows Phone Store], whilst having hidden functionality. [...] it can be used to steal private data files stored on a Windows Phone 8 handset, copy contact lists, upload images to it, and view all text messages. Gawde?s prototype does not require a jailbreak. His app only uses allowed Windows Phone 8 functionality and he believes it passes Microsoft app store certification. "

 

[Orange_Tang]

I am far from worried about an app using my phones features, after all I am not doing anything bad on it. I have nothing to hide.

 

[hopmedic]

Eldnar, you bring very good questions to the table, and I'm glad you're learning from it, and also doing your own research as well.

Shantanu - now there's one bright kid, and I'm glad he's an ethical hacker and not the other kind! Last I heard, and I may not have heard the latest, because I haven't seen anything recently on it, but to my knowledge Microsoft has not yet been given the details so they are not in a position to dance in the streets or fix it. Personally, I have no reason to either doubt the kid, or throw my phone away. None of us is perfect, and it is the ethical hackers that find the flaws so that they can be fixed, that help to keep the rest of us safe from the unethical. If there is a flaw, I'm glad someone found it who can keep his mouth shut rather than someone who will exploit it and tell all his little pansy exploiter buddies.

I would not compare Shantanu's find to anything that exploits you by using the capabilities that we're discussing so far. I'd consider his find to be more akin to finding a security hole in either Windows or IE on the desktop. Something that your virus or Trojan writers look for. This kid is too smart to be playing the kindergarten stuff like AVG did last year.

Yes, AVG, the antivirus company, put a so-called antivirus app in the Windows Phone Marketplace (as it used to be called) last year. Well, being that we know our phone and how it works, some developers wanted to know what it was really doing, so they did some digging, and found that it was tracking geolocation and more, and it was therefore removed from the marketplace (the one malicious app) and it uninstalled itself from all Windows Phones... ;-)
http://news.cnet.com/8301-10805_3-20103894-75/windows-phone-marketplace-boots-avg-app/

No, that's childish stuff, and this kid is above that.

@Orange_Tang You don't have to be doing anything wrong to be concerned about what apps are up to in your phone. Is there anything you do with your phone, that you wouldn't want the world to know? Like check your bank balance? (passwords, balance). Make purchases? (credit card numbers) Send email? (ever say anything extremely personal?) Talk? (there was one Android Trojan that recorded phone calls and sent audio recordings back to the server of the author of the Trojan.)

 

[WPenvy]

@Orange_Tang You don't have to be doing anything wrong to be concerned about what apps are up to in your phone. Is there anything you do with your phone, that you wouldn't want the world to know? Like check your bank balance? (passwords, balance). Make purchases? (credit card numbers) Send email? (ever say anything extremely personal?) Talk? (there was one Android Trojan that recorded phone calls and sent audio recordings back to the server of the author of the Trojan.)

Basically give someone and inch, and they'll run the whole 9 yards to see how far they can get.