Android apps share data between them without your permission

Discussion in 'mobile device security' started by Rasheed187, Apr 14, 2017.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
  2. guest

    guest Guest

    at least with my WinPhone, i knew it from the start :p
     
  3. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,853
    Nothing new here.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
    The problem is that I don't trust them either, because of the Win 10 privacy fiasco on the desktop.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
  7. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,546
    I´ve noticed a much reduced activity in Android 6.01 when the phone is idle (the battery discharge curve is almost flat).

    I think this is because recent updates of many apps are reducing their activity when the phone is not being actively used, and/or Android is preventing them from sharing data.

    The newer Android versions, Nougat (v. 7.x) and "O", are supposed to be much better in this regard.
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,722
    Location:
    U.S.A. (South)
    Hello Robin A.

    I can attest that Android 6.01 has improved cutting down on too loose transparency such as activity etc. and it is still been an ongoing work in progress on my end searching out and making modifications to further help in that effort locally.

    But yes the energy discharge curve as you put it is minimized more at least on my Huawei Honor 5X KiWi-L24 Marshmallow.

    This particular model experienced a severe drain early on due to too many cores Always On instead of (1) at idle which necessitated a manual root hack into the sys/devices/system/cpu/cpu0/core_ctl/min_cpus which was most inconvenient but was Finally! resolved by a recent update.

    As it was before the fix there was no possibility to measure the Apps one by one to see if they were doing their share of activity so I mothballed a brand new device until only recently when discovering the update resolved that issue completely.

    And yes it takes a long time it seems before they jump on and correct issues but that's par for the course as we all learned.
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,901
    As discussed in this thread newer Android versions (and preferably LineageOS) have a permission manager which can stop this. Moreover, with Afwall+ I block network access for all apps which are not expected to require it. Granted, Afwall+ requires root, but there are other firewalls available which don't as they work as a VPN. So does Adguard which doesn't only block all ads/trackers but also offers to block network access for specific apps. This can also be done in Settings-> Apps->Data Usage (at least in LineageOS, I'm not sure about stock ROM).

    So as a matter of fact a lot can be done to mitigate this problem.
     
    Last edited: May 22, 2017
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
    I don't think I feel comfortable with any OS that is modified by a third party.
     
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,794
    Most manufacturers do not use stock Android. They usually modify the ROM with their own UI and apps to differentiate themselves from one another.

    LineageOS is the successor to CyanogenMod which was one of the more popular and trustworthy ROMS developed by the community.
     
  12. guest

    guest Guest

    People buy Android (google) phones and expect privacy...ultimate paradox :D
     
  13. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,794
    To be fair, most people who buy ANY smartphone, be it Android, iPhone, or Windows Phone do not actually expect anything. They only see it as tools for communication and storage of data. It's only geeks and nerds who care about this kind of stuff.
     
  14. guest

    guest Guest

    I agree, and the trend among them is even higher than before. As if they were person of interest...if they were , they would be hacked & spied 10 times without knowing it.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,722
    Location:
    U.S.A. (South)
    Thank You summerheat for sharing that tidbit on Afwall+

    I root all mine to make the most of deep into the branches/cores etc. for high durable performance and of course convenience with some customizations however permissions are paramount and to be honest before this post I didn't consider much in the way of a firewall because it's not an always on device.

    That might change should this help out. I could go LineageOS ROM anytime and read lots of happy campers with it but am content for the time being with Marshmallow 6.01 and Free AdBlocker Browser by RocketShield.

    Google is outside trying to get in but so far I prefer to keep them at bay and go around them. To heck with all that sync data nonsense.

    PS: Just installed Afwall+ onto Mate2 Lollipop version, granted superuser and I must say it looks great!

    Can't wait to configure it later and see how it performs.
     
    Last edited: May 23, 2017
  16. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,901
    Yes, AFwall+ is very flexible, you can even enhance it with custom scripts. Very interesting is this.
     
  17. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,901
    Well, indeed, most people don't care. However, it's worth mentioning that many Google services can be deactivated in the Android settings. And if you want to get rid of Google completely you can install a custom ROM like LineageOS which comes without any Google apps which can be installed separately, though. Without GApps you can't use the Play Store, of course, but you can find many open source apps in f-droid.org although their number is much smaller compared to the Play Store. However, F-Droid contains an app called YalpStore which lets you download apps from the Play Store even without a gmail account. I haven't tried it myself but read that it works well.

    In any case, I'm planning to buy the Galaxy S7 which has become rather cheap these days, and I will install LineageOS without GApps and see how it goes.
     
  18. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,901
    Adding to what @safeguy already said: The tragedy of Android is that it is an actually good smartphone OS but for most devices you won't get any updates after 2 years at the longest. Here's where custom ROMs come into play, and LineageOS is certainly the most trustworthy. The list of supported devices is rather long.

    And quite frankly: From the other thread I saw that you are still running Android 5 which is affected by countless security flaws. I rather use "modified by a third party" one which contains the newest security patches.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,722
    Location:
    U.S.A. (South)
    While it is unfortunately true on such long delays I like to respectfully disagree that it does not become so much a "tragedy" , at least when you take handset security serious enough to "study" even some good basics and apply them.

    A typical Android can be made almost to customer/consumer custom specification with a little access to open developer forums (XDA one of my favorites) before that I started out with visiting Howard's Forums.

    It's well worth the extra effort not to just blindly depend on any handset device, tablet/smartphone etc. but to take that responsibility into your own hands.

    Of course it doesn't help that long stalled out and delayed security updates like we see time and again continue the way it has. But there is a lot to be said for Android if enough attention is put to learning even just the basics (settings etc.) and what ever else is available during the in-between time waiting.
     
  20. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,901
    I like to respectfully here, too ;) There are not only "long delays" but many devices do not get updates at all after 2 years or so. And there have been very serious vulnerabilities in the past (partially in the Linux kernel) which got fixes shortly after becoming known - but those fixes never arrive for many devices. And it's not always possible to mitigate these vulnerabilities by other counter measures.

    In the upcoming Android O Google is trying to improve the situation with Treble. It makes it easier for manufacturers to apply updates - if they want so! Unfortunately, Treble will not solve problems in the Linux kernel and drivers. And this remains a big problem: Many hardware drivers are written only for a specific kernel version and are not at all a part of the common kernel of the Android Open Source Project (AOSP). Thus, the difference between the mainline kernel and the kernel for a specific device often amounts to several millions of lines in the source code. Not to mention proprietary code for the userspace. This explains why, e.g., Samsung is having trouble to fix several serious vulnerabilities in the Broadcom chips and drivers.

    Hence, I doubt if the need for always up-to-date custom ROMs will get smaller.
     
    Last edited: May 24, 2017
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
    I didn't know about all of this. But what I basically meant is that a third party OS does not come from the manufacturer, so to me it sounds a bit risky. But I guess it's the same as with all of the Linux variants.
     
  22. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,901
    Well, as said, LineageOS (previously CyanogenMod) is trustworthy. They have been active for many years, and every change/modification is documented. On the other hand I see no compelling reason to give more trust in ROMs modified by a manufacturer. There have been many examples that they added spyware to their devices. Not to mention the security updates they fail to offer.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,569
    Location:
    The Netherlands
    So you are saying it's not any different than replacing a Windows OS with Linux right? But it just feels a bit weird to me. At the end of the the day, I have more trust in let's say Samsung than some small company I don't know. I do have to look into the security updates problem, I assumed it was Google that provided them. I will soon update Android, let's see what happens.
     
  24. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,901
    Sort of.

    They do but many manufacturers don't apply them. For the reasons outlined above and because they want people buy a new device after 2 years.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.