12-10-2012 01:50 PM
59 123
tools
  1. Slai's Avatar
    It means that most people consider privacy questions legitimate. My questions are not out of the ordinary (as many have agreed). Who said anyone is scared of privacy? This thread is to help me and others understand what I am giving up in terms of privacy on WP8 as compared to other OS'es and why. I understand certain amounts of privacy are going to be lost, I just want to understand how much and whether I should stick with my other smartphone.
    Aye, I agree, it isnt out of the ordinary. But the mere fact that half of mobile users avoid certain apps due to privacy concerns does not mean that their concerns are valid.
    That was all I was trying to underline.

    Well you're certainly not helping anyone one this thread. Your posts mainly consist of complaining that I asked questions that you don't like. If you don't like that I asked a question you're welcome to move on to another thread where you can provide answers...instead of complaints.
    The fact here really is that you interpret my replies as being hostile, which they are not. I have not complained a single time in this entire thread. I generally dont complain. But feel free to share what you did interpret as complaining.
    I get the feeling that you got a hostile vibe from replies in the thread, and my replies then seemed to you as hostile and/or complaining, merely due to your state of mind. Or perhaps just how I write doesnt translate well to you due to cultural differences.

    I replid, for instance, theories about what certain permissions for certain apps could entail. Since youre asking on a public forum and not to developers directly, I assumed you wanted replies that you could work with, discuss with and find a reasonable outcome with in case no direct answers were found.

    You might not call that help, and thats fine. Some people eat pears and swear they are apples. But my intention was nevertheless to help.

    Uh, that's the whole point of this thread, I'm asking if WP8 is a secure way of doing this. It's called, "fact finding". Please stop crying about it.
    How in the name of rabid donkeys is this crying? Im asking wether a non-phone-based solution wouldnt be far more logical to use if the information is really super-sensitive. I wouldnt think that anything top secret was ever put on the private phone of an employee.

    This isnt called "fact finding", this is called "asking a random group of people a question and being angry that replies are made". Go to your local mall and yell "HOW DO YOU REMOVE A TUMOR FROM AN EYE?" and try to call that fact finding.

    We didnt design the OS, we certainly didnt set the permissions for the apps in question, and not all of us are developers. Fact finding has never been more ill conceived.

    What you did is ask a question in a public forum and got replies trying to enlighten/solve/help.

    Then you complain that youre not getting the answers you desired.

    In 2012 not everything is done in the office anymore. Many businesses use rely on their phones. From my understanding if someone grabbed my phone and made a run for it WP8 allows me to wipe the phone remotely (which is awesome).
    Yeah, I was only joking ;) . And yes, that is a great feature. You can also update the phones lockscreen, iirc, to display your information so that it may be returned to you. AND set up a phonelock even if you didnt have one at the time you lost it.

    #1 I have an HTC not a Nokia. Did you even read the post? #2 I have gotten great answers from many people on this thread. Almost everybody else (besides you) have been interested in actually answering my questions, instead of complaining that I've asked. Your responses pretty much boil down to, "Don't ask questions that Slai doesn't like in the forum." My response is: #1 It's not your forum. #2 That's absurd.
    Yeah I actually was tired and meant to write Microsoft.

    And again; havent complained about your questions, nor that you asked them. None of my responses boil down to that, Ill accept messages from anyone who feels the same way on my inbox thingie, Ill gladly hear you out. If Im wrong, Ill take that to heart, but I feel that you are completely wrong in your assessment here, and I dont really know where it is coming from.

    I'm insane for complimenting a developer who documents in detail how his application works? LOL. Apparently, you'd rather trust a developer who doesn't put forth the effort to provide you with the details. Which is more insane? My compliment to him stands as is, he's a good guy from what I can tell.
    No, Id say hes probably a nice guy, I believe so. But the fact is that what he writes as reasons for his app permissions can be completely false and made up, and you say that youd download his app.
    The insanity lies in the fact that you think its horrible if they dont mention why they need the permissions, but as long as someone gives you a reason that is not verified to be true in any way, and therefore is absolutely 0% safer, youd download it without even thinking about it.

    See the point?

    You just called me insane for complimenting a guy who does exactly that! LOL! What is wrong with you? If you agree with me, why has every post from you been full of whining and complaining?
    None of them have been whining nor complaining at all in my opinion, and certainly never were meant to be viewed as such.

    And you HAVE to be able to see the difference between "that adds 0 layers of security" and "id like them to write something, so that paranoid people can feel safer, even though it isnt", right?

    I just want to understand how WP8 protects my data from abuse from applications and potentially rogue developers. Seems like a very reasonable question. Why is that a problem?
    If you really wanted that information, you had to know that the best source for that information would be Microsoft, not a public forum?
    12-09-2012 05:57 PM
  2. eldnar's Avatar
    There is a lot of good information on this page about WP8 and security:

    Windows Phone Security | Windows Phone (United States)

    If you read through some of whats in this PDF about WP8 security features you will began to understand a few things.

    http://go.microsoft.com/fwlink/?LinkId=266838

    Apps are sanboxed and cant access any data from another app without your taking some action. Even is you approve an app to access the camera functions it cant remove data from the camera unless it is linked through the cloud. There is much more information's in the PDF check it out. Just because and app needs to access the Music player functionality to operate doesn't mean it can upload music from your library for example.
    Hi Dave,

    I just read the white paper you provided. Thank you very much! Sections 5 and 6 answered many, if not all of my questions. It's pretty much exactly what I was looking for. I appreciate your patience and I appreciate everybody else who attempted to provide answers! Thanks all...
    Slai likes this.
    12-09-2012 05:58 PM
  3. Paul May's Avatar
    To the OP, did the info you found satisfy your curiosity? Will you be sticking with a WP8? I found this thread quite informative as a non developer.
    12-09-2012 08:02 PM
  4. Daniel Ratcliffe's Avatar
    I found this thread quite informative as a non developer.
    And I found it informative as a to-be developer!
    12-09-2012 11:08 PM
  5. AngryNil's Avatar
    1) Why does Flashlight X require video and still capture and the ability to playback media to simply turn on a rear flash?
    Flashlight apps use video capture in order to control the flash because Microsoft provided no API for it.
    WPenvy likes this.
    12-09-2012 11:13 PM
  6. eldnar's Avatar
    Hi Paul,

    My questions were answered to a certain degree. I've received some great information from this thread and I'm confident that WP8 is probably more secure than Android and/or IOS. I'll be sticking with WP8 for the time being. Although I'm still a bit unclear on why certain apps are allowed to access far more than they need. This just seems irresponsible on Microsoft's part and it is just begging to be abused. Several people provided reasonable guesses, but nothing concrete. So I'm going to take Slai's advice and present some of my questions to Microsoft directly.

    Hi Angry,

    Yes, that makes sense to me now. Although could you take a stab at why there's such a permissions over reach as described below:

    Flashlight XT: Video and still capture.
    Flashlight-X: Phone identity, owner identity, video and still capture, media playback, mircophone, data services, movement and directional sensor.
    Flashlight X (no dash): All of the above plus music/photo/video libraries, and data service.

    They all simply turn on the light.

    I was somewhat comforted a bit by "hopmedic" when he said,

    When you create a project in Windows Phone, the WMappManifest.xml file, which is where all of the capabilities are enabled/listed, by default, has all of the capabilities enabled. So, if a developer is lazy, forgetful, or doesn't know he needs to remove the unneeded capabilities from this file, then when they submit it to the store, it will list these capabilities, whether they are used or not.
    My question is, how do I know whether an application has those permissions because a developer is lazy, forgetful, or uniformed or if a developer figured out what Shantanu Gawde figured out with his WP8 malware? I haven't heard anything since his presentation at Malcon which leads me to believe what is found are legitimate loopholes in WP8. Had his claims been bogus, Microsoft would have been dancing in the streets and announcing all over the place about the rock solid security of WP8. The fact that MS has been absolutely silent about it leads me to believe they were busted. Simply restricting access to programs that truly need access would go a long way to solving a lot of problems. Prototype malware for Windows Phone 8 OS allegedly created | Windows Phone Central

    "The malware uses legitimate WP8 functionality without resorting to other methods such as 'homebrew apps' and interop capabilities," Gawde said. "The idea behind the app was to code it in such a way that it would be accepted into the marketplace [Windows Phone Store], whilst having hidden functionality. [...] it can be used to steal private data files stored on a Windows Phone 8 handset, copy contact lists, upload images to it, and view all text messages. Gawdes prototype does not require a jailbreak. His app only uses allowed Windows Phone 8 functionality and he believes it passes Microsoft app store certification. "
    12-10-2012 02:18 AM
  7. Orange_Tang's Avatar
    I am far from worried about an app using my phones features, after all I am not doing anything bad on it. I have nothing to hide.
    12-10-2012 03:04 AM
  8. hopmedic's Avatar
    Eldnar, you bring very good questions to the table, and I'm glad you're learning from it, and also doing your own research as well.

    Shantanu - now there's one bright kid, and I'm glad he's an ethical hacker and not the other kind! Last I heard, and I may not have heard the latest, because I haven't seen anything recently on it, but to my knowledge Microsoft has not yet been given the details so they are not in a position to dance in the streets or fix it. Personally, I have no reason to either doubt the kid, or throw my phone away. None of us is perfect, and it is the ethical hackers that find the flaws so that they can be fixed, that help to keep the rest of us safe from the unethical. If there is a flaw, I'm glad someone found it who can keep his mouth shut rather than someone who will exploit it and tell all his little pansy exploiter buddies. ;)

    I would not compare Shantanu's find to anything that exploits you by using the capabilities that we're discussing so far. I'd consider his find to be more akin to finding a security hole in either Windows or IE on the desktop. Something that your virus or Trojan writers look for. This kid is too smart to be playing the kindergarten stuff like AVG did last year.

    Yes, AVG, the antivirus company, put a so-called antivirus app in the Windows Phone Marketplace (as it used to be called) last year. Well, being that we know our phone and how it works, some developers wanted to know what it was really doing, so they did some digging, and found that it was tracking geolocation and more, and it was therefore removed from the marketplace (the one malicious app) and it uninstalled itself from all Windows Phones... ;-)
    http://news.cnet.com/8301-10805_3-20...boots-avg-app/

    No, that's childish stuff, and this kid is above that.

    @Orange_Tang You don't have to be doing anything wrong to be concerned about what apps are up to in your phone. Is there anything you do with your phone, that you wouldn't want the world to know? Like check your bank balance? (passwords, balance). Make purchases? (credit card numbers) Send email? (ever say anything extremely personal?) Talk? (there was one Android Trojan that recorded phone calls and sent audio recordings back to the server of the author of the Trojan.)
    12-10-2012 11:57 AM
  9. WPenvy's Avatar
    @Orange_Tang You don't have to be doing anything wrong to be concerned about what apps are up to in your phone. Is there anything you do with your phone, that you wouldn't want the world to know? Like check your bank balance? (passwords, balance). Make purchases? (credit card numbers) Send email? (ever say anything extremely personal?) Talk? (there was one Android Trojan that recorded phone calls and sent audio recordings back to the server of the author of the Trojan.)
    Basically give someone and inch, and they'll run the whole 9 yards to see how far they can get.
    12-10-2012 01:50 PM
59 123

Similar Threads

  1. Replies: 2
    Last Post: 05-03-2012, 10:00 PM
  2. O2 (UK) Mobile Web Privacy Breach
    By TheWeeBear in forum The "Off Topic" Lounge
    Replies: 0
    Last Post: 01-25-2012, 06:28 AM
  3. WP7-Xbox Live Nightmare
    By 44zippo44 in forum Windows Phone 7
    Replies: 9
    Last Post: 12-04-2011, 02:27 PM
  4. Should they make another surround for wp8?
    By CamiKitti in forum HTC Surround
    Replies: 1
    Last Post: 11-21-2011, 12:00 PM
  5. How important is RAM for WP8 update
    By danygandhi in forum HTC TITAN
    Replies: 8
    Last Post: 11-15-2011, 03:05 PM
LINK TO POST COPIED TO CLIPBOARD