walled garden not so bad after all..

[scottjl]

http://mobile.venturebeat.com/2010/0...d-by-millions/

people might complain about apple's walled garden and apple having to approve every app. but i doubt apple would let something like this slip through. kind of scary that a rogue android app did the following:

Quote:

It collects a user’s browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voice mail password. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China. The app has been downloaded anywhere from 1.1 million to 4.6 million times.

ouch!

[HansTWN]

Quote:

Originally Posted by scottjl

http://mobile.venturebeat.com/2010/0...d-by-millions/

people might complain about apple's walled garden and apple having to approve every app. but i doubt apple would let something like this slip through. kind of scary that a rogue android app did the following:



ouch!

Well, given the fact that Apple let that secret WiFi tethering app from the 16-year-old kid slip through there may already be such an app in the App Store and we just don't know about it!

[scottjl]

actually, given the way apple apps work and their walled off access within the filesystem, they can't grab this kind of data nor access data outside their fenced in area. not without the user knowing about it. access to the address book, calendar, even your ipod playlists all has to go through approved apple api's.

what that app did was open a socks proxy, fairly standard port connection. all the code for the proxy was contained within the application itself.

[HarryT]

Quote:

Originally Posted by scottjl

http://mobile.venturebeat.com/2010/0...d-by-millions/

people might complain about apple's walled garden and apple having to approve every app. but i doubt apple would let something like this slip through. kind of scary that a rogue android app did the following:

This is exactly why I've always believed that the "approval" of Apps by Apple is one of the biggest strengths of the iPhone and iPad.

[Bremen Cole]

Quote:

Originally Posted by HarryT

This is exactly why I've always believed that the "approval" of Apps by Apple is one of the biggest strengths of the iPhone and iPad.

Agree... I really don't want to start another nothing new argument about it... but..... The "open" idea, is just not a big deal to me. I understand that every 14 year old can write any thing they want for an "open" system, but I just don't care...... The HUGE selection of QUALITY apps available for iDevices is for me the main selling point of the iPad. Of course there are "fart apps", and there must be a market because people buy them.... but it is good to know that I have a "firewall" between me and rogue software.....

For the person that just has to have a device that can run homebrew, great... there are plenty of devices to do that. Thank goodness we have choices, and not EVERY device has to...... I am not dissing Android, I think it is great. But, for me (and it would seem for millions of others) it is not the best choice..... (of course in a few years you may see me with one.... ..... got to keep an open mind!

EDIT: A few years ago I bought a Gamepark portable gaming device. It was a little handheld that you could play all these "homebrew" games on... and the games were FREE! After a few months I realized that there was a reason all the games were free...... The ONLY thing it did that was worth anything at all was run emulators..... but after 20+ years playing SNES games, it's time to move on.....

Just my opinion....

[Roger Parkinson]

If I understood the story correctly the app asked permission to access the information and the user gave permission. I haven't spent enough time on Android yet but Unix and Linux generally work that way. You don't run apps as root and you can protect stuff from apps that don't have access rights. I'd rather rely on a solid operating system, and I'd expect both the iPhone OS and Android to be similar.

The problem with the walled garden is that it gives Apple the chance to restrict innovation. For example, you think of an ultra cool idea for an app. Apple likes it so much they take your idea, write their own app, and won't stock yours. Not saying this has happened, just that there's nothing to stop it happening. As a developer I can't invest in that platform.

[Crowl]

The whole walled garden just gives people a false sense of security really, code that does more than expected has already slipped through not to mention this whole thing about ad-supported apps including advertss that will then dial a premium rate phone number for you without asking.

[EowynCarter]

Oh, sure; absolutely noting bad on apple store.
Don't you realize that and app could pass the control because it looks safe and useful, and do that kind of thing ? Apple removing app that wrongly passed the control, that never happened....
And iOS will eventually suffer the "windows syndrom" as far as virus goes. (aka, i'm the used, so the one most interesting to hack).
Don't worry, is someone want to mess with you phone, he will succeed. The best protection your phone can have is not apple, but yourself.

Quote:

For the person that just has to have a device that can run homebrew, great... there are plenty of devices to do that

So, the facebook app is an hombew ? Kindlle ap ? Spotify ? Google map ? Homebrew ?
http://www.androlib.com/

More seriously, games are the only things the iPhone / iPod have over android system.

And as a programmer, i appreciate the possibility to make my own app without having to asks for anyone's approval.

[scottjl]

Yes, as a programmer you could try and write an app to bypass Apple's security and run amok in the filesystem, but do you honestly think Apple doesn't check for such things? I'm sure the kid who wrote the socks proxy had the code obscured somehow, and Apple will toughen their review process each time such an app is found, why it takes 1-2 weeks to get an app approved now.

Also, if you knew anything about iOS programming you'd know Apple restricts just what APIs your applications can use and is very strict about rejecting apps that use unsupported APIs, directly or through a 3rd party library. So to write an app that is just going to go wandering through the chroot'ed filesystem isn't going to be easy, and getting root level access is going to be near impossible. At least for apps in the App Store. Cydia apps are wild game but anyone jailbreaking their iPhone should already know that (and they have had a few rogue apps and have been very good about pulling them, they don't want their reputation tarnished either).

With Android's ability to freely install any app from any source, something like this is more likely to happen. I'm not saying it's impossible on iOS, but it is far more unlikely, and the damage an app can cause is hopefully a lot smaller due to Apple's restrictions.

[scottjl]

Quote:

Originally Posted by Crowl

The whole walled garden just gives people a false sense of security really, code that does more than expected has already slipped through not to mention this whole thing about ad-supported apps including advertss that will then dial a premium rate phone number for you without asking.

Actually it is impossible to write an app that just dials a number without alerting the user on iOS at this time. Direct dialing is not possible through the supported APIs without putting up a nice dialog box to alert the user a number is going to be dialed (and approval is asked for).

[scottjl]

Quote:

Originally Posted by Roger Parkinson

If I understood the story correctly the app asked permission to access the information and the user gave permission. I haven't spent enough time on Android yet but Unix and Linux generally work that way. You don't run apps as root and you can protect stuff from apps that don't have access rights. I'd rather rely on a solid operating system, and I'd expect both the iPhone OS and Android to be similar.

that's not the understanding I had. the app installed asked to have access to install and be your wallpaper (android phones can have all sorts of powerful wallpaper apps that display various information). not to go browsing through your address book, copy your voicemail, and access your whole file system.

Quote:

The problem with the walled garden is that it gives Apple the chance to restrict innovation. For example, you think of an ultra cool idea for an app. Apple likes it so much they take your idea, write their own app, and won't stock yours. Not saying this has happened, just that there's nothing to stop it happening. As a developer I can't invest in that platform.

this makes no sense. are you saying you can't write an app for android that google, samsung, or motorola likes so much that they start including it with their phones? and we know microsoft has never done anything like that..

[EowynCarter]

Quote:

that's not the understanding I had. the app installed asked to have access to install and be your wallpaper (android phones can have all sorts of powerful wallpaper apps that display various information). not to go browsing through your address book, copy your voicemail, and access your whole file system.

On android, at install you will see a list of the permission required the the app.
So in that case you'll have a message at install like :
Permission needed :
SMS data
Internet acces
Phone identification

And the system deny the apps access to precision it didn't declared.

And the phone will ask you to approve access.
As I said, the user itself is the best security.

[=X=]

Here is Android Centeral's link on that and an excerpt

Quote:

Look for Google to pull these soon, as they potentially affect at least 1.1 million users, but for now remember to read what an app can do when you install it. That's that screen you ignore every time you install an app. The one that tells you what system permissions the app has access to. If, say, a calculator wants to see your contacts list, think twice.

It's worth reminding that Android is the only OS that gives you these sort of warnings. And before any Apple fanatics get too cocky, at least these apps aren't stealing money from your Google checkout account.. We're keeping a close eye on this one, you'll hear more as it unfolds. (more...)

I just want to know how they had such in site to know Apple fan boys would jump all over this story.

=X=

[scottjl]

that statement is pretty misleading. no iOS apps have been stealing money from itunes accounts. there was an issue with hacked itunes accounts and false charges, but an itunes account could be hacked as easily as a google checkout account.

[=X=]

Quote:

Originally Posted by scottjl

actually, given the way apple apps work and their walled off access within the filesystem, they can't grab this kind of data nor access data outside their fenced in area. not without the user knowing about it. access to the address book, calendar, even your ipod playlists all has to go through approved apple api's.

what that app did was open a socks proxy, fairly standard port connection. all the code for the proxy was contained within the application itself.

Right that is the key issue here. Anrdoid, like BlackBerries, inform the user what access the app is requiring during install. If the user chooses to grant this level of access to the app then the app may do so. There is no way to bypass this security feature, not even RIM/Android apps can.

The problem is most people DON"T read the security warning and just simply hit ignore.

I don't care what anybody says, there is no way anybody can fool proof these kind of apps. And it is up to the user to be vigilant about what they install on their devices.

=X=