Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).
Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:
What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."
From: http://appanalysis.org/index.html
How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html
How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:
http://appanalysis.org/demo/index.html
Why would you want to install this?
There can be many reasons for installint TaintDroid:
- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is
What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.
Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.
BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.
+1 for the idea
Sent from my GT-I9000 using XDA App
+1
Since we cannot expect information gatherer Google to come up with a good privacy protection mechanism soon I think we are forced to take measures ourselves.
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
It would be great if applications used a well-defined mechanism to check their validity on-line, and not have this sneaky, lingering attack from all sides to any privacy or battery consumption aware user.
I can not cook Kernels, but this is something i want to use.
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
I am sure i am not the only one.
+1
Yes please... This should be in all android phones... as a security option you could turn on!!!
Antonyjeweet said:
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
Click to expand...
Click to collapse
And do some of these applications only send stuff when you open them?
--
From a user perspective it currently is really difficult to judge applications that need to start at boot-up and deal with many facets of your computer (Launchers, tools combining lots of divers features).
Do you know some ROM where Taindroid is included?
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
exadeci said:
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
Click to expand...
Click to collapse
glad you did that
+1 support the idea. hope some of our hardworking kernel builders will add this in.
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
I have been wanting TaintDroid built into android by default since the day it was announced, but I really do not think google cares about this, so please, please ROM cookers out there (Maybe Doc?), lets add this into our galaxy S roms.
Well, this seems to work only on android 2.1
Make it so.
+1
Combined with walldroid (or other firewall) this could put back power into users hands. Would really love to see this inside hardcores kernel. Maybe as an option for the stable releases?
+1
This should be the next standard in aAndroid
idea about spoofidroid application
how about a program to spoof or make the phone send fake:
GPS location,
IMEI,
phone number,
simcard id,
etc... information to applications that ask without permission.
this way you can feed these application with information they want but without breaking your privacy. (both end sides are more than happy)
-----
nice option to have:
1) enable/disable auto generate different id every time.
2) allow list / ban list of application to have real or fake id.
3) enable/disable notify for application request.
-----
there are all ready applications that fake your simcard PLMN mobile network codes without the need of kernel rights, but you need to enable disable the flight mode to restore the default code.
===========
good luck to spoofidroid or similar applications.
Jumba said:
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
Click to expand...
Click to collapse
I hope there will be developers out there who prioritize privacy/security over speed/battery and storage usage.
I'm the project lead of the TaintDroid system. We are currently working on a few extensions of TaintDroid but unfortunately are short on engineering resources to port TaintDroid onto other systems than Nexus One that we originally developed. We'd greatly appreciate it if XDA developers would take on this effort! Many ongoing projects would hugely benefit from having easy-to-run TaintDroid ROM available for many different devices and upcoming Android systems let alone user benifit.
Thanks,
Jaeyeon
Research Scientist @ Intel Labs Seattle
Ettepetje said:
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
Click to expand...
Click to collapse
beta2 lite? i think that was malware, make sure it came from rovio otherwise it's fake and you should delete it.
It's really scary to see with the lookout app how many apps can access to your imei, telephone number "Read Identity Info", can access your contacts, track your position, and can send out all this data.
Here a HTC Desire user, asking for some privacy.
Best regards!
Hello!
I have a few questions about Google Play Store, since it is my first application published and I am kind of a newbie so ^^
Just yesterday I published the first version of a Security app, named Wifi Security Checker (https://play.google.com/store/apps/details?id=com.og.wifisecuritychecker).
Basically, it prevents network attacks by checking a few network mechanism (for the moment, 3 checks are made, 3 more will arrive soon).
So, here are my questions:
- How to promote an app efficiently (known blogs, forums etc...?)?
- How my app can get up in the Play Store listing (for now, even by taping exactly the application name, I have to go down a bit to find it)?
- I did not see any "tickets" for paid app, in order for developers to distribute their app to testers (like the iOs function). The only solution seems to send the apk to testers, and accept the licence email address in the console developer. Is that right?
Thank you in advance for your answers!
Do not hesitate to comment on the app itself, if you want to test it or else.
Best regards,
Olivier
Hi,
To start promoting your app I recommend Facebook, Twitter and Google Plus. Start first with your friends.
Regarding your second questions, be sure to have the correct keywords on your description and app title
Later
Hello,
Thank you for your answer!
Unfortunately, it is a security related app, which means that people who does not have a few knowledge in computer science will not get it (at least a very few). Is not it better to promote it on more specialized boards? (If yes, do you know a few of them?)
By the way, the network discovery functionnality is coming soon (less than a week I would say). After that, there will be a traceroute functionnality and a port discovery functionnality.
Do not hesitate to comment the idea itself and the technical mechanism too!
Best regards,
Olivier
I have a free application published on Google Play. I want to add some new features and ask users to 'pay' for them with Facebook shares or tweets.
Scenario:
1. User updates application
2. New features are available in settings but they are not active
3. To activate feature user has to share information about my application on FB or on Tweeter
4. Only if sharing was successful feature will be available to the user.
For me it seems like a good idea to spread information about application in social media... however I can't find any 'out of the box' solution (library or code). Is there any?
Has anybody tried this approach and was it successful?
Also I'm trying to find out if this method is compliant with Google Play policy. I've read play.google.com/about/developer-content-policy.html with great care but I didn't find any clues. Has anyone got any policy violations emails from Google after implementing this method?
Maybe you can find something in the Facebook API.
have ebinks
What do you use to code? There's tons of assets for Unity that'd do what you're trying to do.
Clem_Superhippo said:
What do you use to code? There's tons of assets for Unity that'd do what you're trying to do.
Click to expand...
Click to collapse
I'm not using Unity but develop my app in 'pure' Android SDK.
Just found this library: http://www.codeproject.com/Tips/457153/How-to-integrate-Facebook-Twitter-Linkedin-in-Andr
It looks promising so I'll give it a try.
You mean reward users for posting on Facebook or any social share, sure I dont think its that hard,
just everytime a user presses on the Share button add some coins to him ingame, you can also make
alot of money if you reward useres for watching a video ad in your game like a Vungle ad.
Hello guys, we are close to release a a new free Android App. How ever, we dont want to put ads, we would hate that.
We have one question:
If we put in-app billing for receiving donations on a free App, is it against Google Policies? or ilegal?
will our app be in danger of being removed?
Anybody knows?
Thanks a lot!
In-app isn't illegal.
Better integrate an donate version instead of use in-app or a pro key.
Why in danger or removed? If your app isn't against any copyright just go for it and release it, just remember if you use external libs or code, don't forget to give proper credits where it should belongs to and of course it should be noted somewhere in the app and in google play. The benefit to not integrate inapp is that it does not need internet permissions, you can host it in F-droid if you maybe gonna release the source and of course people like me are thankful to use as less as possible google things in your app.
Hello there!
Let's say I'm developing a web app targeting a specific group of people. I know their goals, their interests and their needs. I want to upsell them relevant services, products and apps, with entire experience natively integrated in my app interface.
So I need reliable mobile ad networks providing JavaScript or some kind of REST API, so I could just request product image, advertising text and referral link, and then mind my own business at displaying them inside the app correctly, without any need to install jar plugins and registering mediators. And then be payed by CPI/CPA.
Any idea what networks are the best in that regard?
(I'm using Intel XDK btw)
Vincent Pride said:
Hello there!
Let's say I'm developing a web app targeting a specific group of people. I know their goals, their interests and their needs. I want to upsell them relevant services, products and apps, with entire experience natively integrated in my app interface.
So I need reliable mobile ad networks providing JavaScript or some kind of REST API, so I could just request product image, advertising text and referral link, and then mind my own business at displaying them inside the app correctly, without any need to install jar plugins and registering mediators. And then be payed by CPI/CPA.
Any idea what networks are the best in that regard?
(I'm using Intel XDK btw)
Click to expand...
Click to collapse
can you just put google adsense ads? i've been wondering what is wrong with doing that?
Curious to see what the answer for this as well, have definitely seen this question pop up a few times.
Adxmi use API integration
global ads network Adxmi use API integration.
API integration available
I got API integration as I wanted from Adcash. Guess API is most common choice, at least in my comm. circle
Please take a look at Hyper native ads API for app developers.
Our solution will cover your needs for sure.