Question about apps and security

jleebiker

New member
Dec 11, 2011
1,399
0
0
Visit site
Ok, I understand the need for a developer base creating apps to supplement the native abilities of a device. Where would we be w/o them?
My concern is for apps that are, for lack of a better word, knockoffs of something else. How do you trust that these apps aren't doing something they shouldn't be with your data? I mean its one thing for a corporation to release an app, but another for some unknown person to release an app that, let's say, can be that substitute for a NFC based wallet app. I would trust a major bank to release one and install it, but John Q. Developer? That's gonna be a stretch for me.

It's for this reason I don't install apps that are written by some unknown person that will for example, report my location. Sure Google does that, but I KNOW Google. For good or for bad, I know them. I don't know however, John Q. Developer and what he may do with the same data or data mined out of an API.

Am I being weird here?
 

RogueCode

New member
Apr 16, 2011
76
0
0
Visit site
Yes, this is a major problem.
It is for this reason that twitter (facebook etc etc) authentication is now done through their website (and sometimes with a code exchange) instead of you just handing over your username and password to the app designer.

Always be weary - but by being to cautious you could end up missing a bunch of great apps (although I would never trust a 3rd party banking app...)
 

jleebiker

New member
Dec 11, 2011
1,399
0
0
Visit site
Yes, this is a major problem.
It is for this reason that twitter (facebook etc etc) authentication is now done through their website (and sometimes with a code exchange) instead of you just handing over your username and password to the app designer.

Always be weary - but by being to cautious you could end up missing a bunch of great apps (although I would never trust a 3rd party banking app...)
Agreed. So what's the answer. Where is the dev community going on this? Is there a "registry" of known good, honest coders? Not implying that there are any here that aren't, but there should be some way to insure apps aren't doing things they shouldn't be.
 

thed

New member
Jan 6, 2011
992
3
0
Visit site
I don't really see this as a problem. At least, it's not unique to phone apps. It's the nature of any closed source software - there's no way to know what it's really doing. Sure, there are ways to track certain things like internet activity. But the bottom line is, if you don't trust it, then don't install it.
 

RogueCode

New member
Apr 16, 2011
76
0
0
Visit site
Agreed. So what's the answer. Where is the dev community going on this? Is there a "registry" of known good, honest coders? Not implying that there are any here that aren't, but there should be some way to insure apps aren't doing things they shouldn't be.
Well to start with... me :p
 

kenstone

New member
Dec 12, 2011
19
0
0
Visit site
Yeah, this is no different than going to any unknown website. A positive word is that if Microsoft finds out about something very bad being done with an app, they'll yank it from the marketplace.

For example, location. A developer can declare that they need location of a user, but declaring that puts the app under more scrutiny with many more rules to follow, privacy policies, etc. So meaning, if you have an app that says it needs location, but doesn't follow the MS rules of letting you disable location, then that would be a warning flag to you about the credibility of the developer.

And I wouldn't trust Google with my location, either. Nor would I use a 3rd party banking app. Sometimes you just need to be street smart.
 

jleebiker

New member
Dec 11, 2011
1,399
0
0
Visit site
I don't think this issue should be discounted. As Mango is poised to become more mainstream, more people are looking to come over. The gap are the apps. People like the apps they were using. Large corporations aren't willing to lock up resources developing apps for an OS that no one knows what will happen with.
Then there are the companies that don't want to port apps. So then, it comes down to the dev community to make the apps that people want to/are comfortable using. For some people, not having certain apps is a deal breaker. Whether that is rational or not, that's what they think.

So what about this line of thinking... There are more advantages to look at apps that John Q Developer makes because 1) He has more at stake 2) His app or reputation can be ruined more quickly than a large corporation 3) Large corporations can say "Yeah we have your data, you signed it over to us. We can use it anyway we want to now that you signed off on it. If you don't like it. Sue us". John Q Developer can't afford that.

So in a way, it makes more sense for John Q Developer to be MORE straightforward and honest with how his app works. He has more to lose more quickly and doesn't have the resources to ignore litigation.

Thoughts?
 

Speebs

New member
Dec 19, 2011
106
0
0
Visit site
I was just discussing this today with a coworker. I think this could be a major selling point for Microsoft ("no need to download extra IM apps! Google, AIM, Yahoo, etc. are natively supported by the Messaging app!") Especially for minor interface things like skinning, ringtone profiles, and stuff that would have ideally come with the OS out of the box. The less I have to download, the better.

When I download apps, I try to evaluate how credible the developer is (maybe I'm paranoid), but there's not really much to go on. Maybe a rating system like ebay would lend some credibility.
 

RogueCode

New member
Apr 16, 2011
76
0
0
Visit site
So what about this line of thinking... There are more advantages to look at apps that John Q Developer makes because 1) He has more at stake 2) His app or reputation can be ruined more quickly than a large corporation 3) Large corporations can say "Yeah we have your data, you signed it over to us. We can use it anyway we want to now that you signed off on it. If you don't like it. Sue us".
I do agree with point 3 here, but 1 & 2 are only true in a perfect world.
You see, John Q may have his reputation to lose, but he also may have no reputation at all. ****, he may have created a new AppHub account just to publish his "Uber not-dodgy Banking App".
And even if he did get lots of negative ratings once people found out he was stealing their accounts, he a) may already have all the accounts he wanted, and b) Reviews are country specific, so people here in S.Africa won't see the flood of "h3 st0lez min3 m0neyz!".

But then you do get some devs that have their entire livelihood built around the marketplace.

It really is impossible to tell. This is why we need guys like Rafael Rivera pulling apps apart :p
 

Duvi

New member
Jan 1, 2011
3,094
5
0
Visit site
I could care less about them... I don't have top-secret info that I worry about on my devices. Banking would be the only app I would only use if that bank was the creator of said app.
 

Members online

No members online now.

Forum statistics

Threads
322,908
Messages
2,242,875
Members
428,004
Latest member
hetb