On Sat, Sep 15, 2012 at 7:52 AM, JUF <[email protected]> wrote: > Hi, > > Apologies for being a n00b - I have done a search in the forum and a bit of > googling, but without finding a satisfactory answer. > > Why does more or less every application on the Play store seem to want "Full > Internet Access"? It seems to be such coarse grained permission and so many > apps ask for it as to be effectively useless. > > I was interested in installing a different keyboard app, but they seem to > want full internet access. Am I the only person who thinks that is > completely unreasonable, and screams spyware? > > As far as I can gather, Google does not screen the apps on the play store > for malware, although they may force an app to be pulled from the store if > issues are reported (a shut the stable door after the horse has bolted > approach). > > I did look at installing a firewall, so I can install apps that ask for Full > Internet Access and then block them with the firewall, but that seems to > require rooting the device which I understand involves the risk of (a) > bricking it and (b) further security vulnerabilities. > > Why is there not a firewall bundled into Android by default? > > Am I missing something(s) significant here? I hope so, because at the > moment it seems that Android is fundamentally insecure.
READ_PHONE_STATE is even worse: "Please split READ_PHONE_STATUS pernission, there's too much private information in that single permission," http://code.google.com/p/android/issues/detail?id=14682 and "'Read Phone State and Identity' should be two separate permissions", http://code.google.com/p/android/issues/detail?id=17675. Though the issue is listed as an enhancement, many cosider it a security defect. At least READ_PHONE_STATE is no longer being forced upon every application: "Android permissions: Phone Calls: read phone state and identity", http://stackoverflow.com/questions/1747178/android-permissions-phone-calls-read-phone-state-and-identity. The firewall is another enhancement request that has not reached critical mass (enough "mee too" via stars): "Need an interactive firewall for outbound traffic," http://code.google.com/p/android/issues/detail?id=1989. Many consider it a security defect since nearly all malware wants a network connection to egress data. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
