Would you be willing to share the name of the company?
On Wed, Nov 20, 2013 at 12:36 PM, Jeffrey Walton <[email protected]> wrote: > On Wed, Nov 20, 2013 at 10:00 AM, Richard Steventon <[email protected]> > wrote: > > I am pretty sure Google frowns on this sort of thing without a big fat > EULA. > > However the company in question provides no notes to the developers > telling > > them this. They just say "include our SDK and get paid". > > > > Data in question includes: > > list of accounts > > phone number > > lat/long > > all device info (serial, imei, etc, etc) > > mac address > > open udid > > list of all installed apps > > > > I am not sure how to approach this. On the one hand, I don't want to > > interfere with a companies business model, on the other hand, what they > are > > doing is probably illegal (in at least some parts of the world!). > > > > Thoughts/comments ? > On one hand, if the user agrees, then there's nothing you can really > do. There's lots of apps that have these invasive practices, including > crapware distributed by the handset OEMs and carriers. > > On the other hand, you could report it to Google at > [email protected]. They might be able to create a Bouncer signature > if they don't have one. Or, they might not take a position since the > handset OEMs and carriers are distributing the same crapware. > > You can also report it to the various security companies. Companies > like Lookout, Sophos, Malwareytes, Symantec, etc have them. The trick > is finding the point of contact. Try secure@ or security@ (if they are > RFC 2142 compliant). > > As for the item "all device info (serial, imei, etc, etc)", the > Android architecture encourages the leak. See '"Read Phone State and > Identity" should be two separate permissions', > http://code.google.com/p/android/issues/detail?id=17675. Add a "me > too" vote and Google might fix it one day. > > Jeff > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
