Android or Spydroid - Page 3 - maemo.org

danramos | # 21 | 2010-10-01, 21:20 | Report

Originally Posted by wmarone View Post

Yes yes, that's been pointed out twice now.

But I suppose that reinforces my point that being locked down doesn't help you in the slightest.

Yes, being much more open is a good way to prevent surreptitious behavior. This is why Maemo fails just as much as Android. They're both just as lamed up in that particular way. I really.. really hope MeeGo isn't ruined by device-locked firmware images (ala Tivo)--because I really am hoping to finally have a good open OS on a portable that I can trust. In the meantime, the Android vs Maemo pissing contests just seem silly and I take them for the silly conversations that they are.

The Following 4 Users Say Thank You to danramos For This Useful Post:
fatalsaint, jukzh, linuxeventually

ysss | # 22 | 2010-10-01, 21:23 | Report

Originally Posted by wmarone View Post

Yes yes, that's been pointed out twice now.

But I suppose that reinforces my point that being locked down doesn't help you in the slightest.

How much of code review is going on in our current repositories?
Even if the number is close to 100%, do you think it's scalable when the amount of code is as high as what Apple's AppStore is stocking right now? (250,000 apps)

I think the solution to this particular problem still has to exist on a more sane OS permission control (something more granular than what Android has, but they're already on the right track) AND an active filtering system (firewall).

The Following 2 Users Say Thank You to ysss For This Useful Post:
danramos

horus | # 23 | 2010-10-01, 22:12 | Report

Microsoft's solution to this in Windows Phone 7 is sandboxing the application and only allowing a certain amount of API calls which the user must confirm. For example if an application wishes to send an sms, it invokes the SMS Api populating the phone number and message and then gives the user the option to confirm or deny.

The downside to this is that application customisation deep within the system is not possible however user security is quite high.

j.s | # 24 | 2010-10-01, 22:55 | Report

Originally Posted by horus View Post

Microsoft's solution to this in Windows Phone 7 is sandboxing the application and only allowing a certain amount of API calls which the user must confirm. For example if an application wishes to send an sms, it invokes the SMS Api populating the phone number and message and then gives the user the option to confirm or deny.

The downside to this is that application customisation deep within the system is not possible however user security is quite high.

But application sandboxing does not address any phoning home done by microsoft, the handset manufacturer, or the telephone company.

The Following User Says Thank You to j.s For This Useful Post:
danramos

wmarone | # 25 | 2010-10-01, 23:11 | Report

Originally Posted by horus View Post

The downside to this is that application customisation deep within the system is not possible however user security is quite high.

Indeed, security is high both for and against the user

horus | # 26 | 2010-10-02, 05:38 | Report

Originally Posted by j.s View Post

But application sandboxing does not address any phoning home done by microsoft, the handset manufacturer, or the telephone company.

Except in the case where the handset manufacturer and telephone company only have access to the same API invokes.

As for MS on the other hand, true, you cannot be sure.

YoDude | # 27 | 2010-10-02, 07:18 | Report

Yeeesh, the minute your phone connects to a tower you are giving up personal information.

BTW, what do people think is the reason Google got into cell phone operating systems for in the first place?

It's not because they wanted to just make our lives easier. There is a quid for that quo and most of us agree to this "something" that they harvest, every time we click that "accept terms" button at the bottom of that annoying page that seems to pop up right before we check out that coolest new web app or suttin'.

Services like Last.fm, Instinctiv, and Pandora aren't "free" to use because someone wants to teach the world to sing in perfect harmony.

It's because companies like Coka-Cola want you to buy more of their product and the providers of these "free" services are selling these companies on the idea that some of the information that they gather will help them do just that.

The Following 2 Users Say Thank You to YoDude For This Useful Post:
danramos, ysss

windows7 | # 28 | 2010-10-02, 09:51 | Report

Originally Posted by windows7 View Post

I have to say for a few weeks i seen this topic coming sooner or later...

Recently i purchased a cheap android device for my wife, and as she is on pay as you go contract i also delete the access point to prevent the phone from going online via the phone access point, but she can still get to the web via our wifi, the problem i notice straight away with the android phone is that most applications try to retrieve your wifi information for position and location and the gps information build into the phone alone doesn't seem to be enough...

the problem with google and other companies gathering this kind of information is that google then recognises your router details and with the rest of information collected they basically get your physical location and make this info available for anyone to cross reference for example to view your location via street view, as it has been demostrate recently by some hackers, in think in particular firefox allows web sites to anonymous gather your router information... which not only google most likely already gathered when they were going around the streets to capture the street view images but also from the actually applications anonymously gathering collecting this kind of information... basically as it has been demonstrate a dodgy script running on a site can gather this info.

and here is an article about the geolocation hack

http://www.theregister.co.uk/2010/08...eet_view_hack/

The Following User Says Thank You to windows7 For This Useful Post:
longcat

kureyon | # 29 | 2010-10-02, 15:46 | Report

Originally Posted by ysss View Post

I think the solution to this particular problem still has to exist on a more sane OS permission control ...

you're thinking of Symbian?

Last edited by kureyon; 2010-10-02 at 15:52.

kureyon | # 30 | 2010-10-02, 15:51 | Report

Originally Posted by horus View Post

Microsoft's solution to this in Windows Phone 7 is sandboxing the application and only allowing a certain amount of API calls which the user must confirm.

So as well as bringing all the famous bugs and instabilities from desktop Windows onto the phone, it will also be bringing the dreaded UAC? Vista lovers will sure feel at home