Most people don't yet know that many Android software leak all sorts of information to the internet with only scant user acknowledgement (basically what you accept when you install the app).
Due to this and the fact that there are already privacy information harvesting apps for Android on the marketplace - a team of security experts have created TaintDroid:
What is TaintDroid?
From the project's web page: "A realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones."
From: http://appanalysis.org/index.html
How can I install TaintDroid?
As TaintDroid is currently compiled into the kernel, you cannot easily install it, but you have to cook your own kernel. Instructions (for Nexus 1) are available at the project web site: http://appanalysis.org/download.html
How does TaintDroid work?
Here's a video demonstrating how TaintDroid works once it is installed and configured:
http://appanalysis.org/demo/index.html
Why would you want to install this?
There can be many reasons for installint TaintDroid:
- You want to learn about privacy features and play with Android kernel
- As it is currently impossible to differentiate between innocent and sneaky Android apps based only on what access rights they request, you may want to dig in deeper
- You are worried about what apps are doing behind your back and you want to know which apps to uninstall
- You want to help create Android a more secure and privacy-protected platform, instead of the swiss cheese it currently is
What can you do?
As compiling kernels is mostly beyond the reach of mere mortals currently, consider cooking TaintDroid into your kernel, if you are cooking one yourself and offering it available for others to try and use.
Hopefully increased awareness and usage will bring this program eventually into other modders and perhaps even Google's attention and something more easily accessible is offered for the public at large.
BTW, I'm just a user, interested in getting TaintDroid on my own Galaxy S. I'm not affiliated with the research program, but I like what they are doing. This information is purely FYI.
+1 for the idea
Sent from my GT-I9000 using XDA App
+1
Since we cannot expect information gatherer Google to come up with a good privacy protection mechanism soon I think we are forced to take measures ourselves.
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
It would be great if applications used a well-defined mechanism to check their validity on-line, and not have this sneaky, lingering attack from all sides to any privacy or battery consumption aware user.
I can not cook Kernels, but this is something i want to use.
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
I am sure i am not the only one.
+1
Yes please... This should be in all android phones... as a security option you could turn on!!!
Antonyjeweet said:
Not that i am worried, but i dont know what apps are sending when you open them. Thats something i want to know!
Click to expand...
Click to collapse
And do some of these applications only send stuff when you open them?
--
From a user perspective it currently is really difficult to judge applications that need to start at boot-up and deal with many facets of your computer (Launchers, tools combining lots of divers features).
Do you know some ROM where Taindroid is included?
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
exadeci said:
I've posted in hardcore and laststufo kernel threads to ask if they could add it.
We just need more people wanting it so they think about adding it
Click to expand...
Click to collapse
glad you did that
+1 support the idea. hope some of our hardworking kernel builders will add this in.
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
I have been wanting TaintDroid built into android by default since the day it was announced, but I really do not think google cares about this, so please, please ROM cookers out there (Maybe Doc?), lets add this into our galaxy S roms.
Well, this seems to work only on android 2.1
Make it so.
+1
Combined with walldroid (or other firewall) this could put back power into users hands. Would really love to see this inside hardcores kernel. Maybe as an option for the stable releases?
+1
This should be the next standard in aAndroid
idea about spoofidroid application
how about a program to spoof or make the phone send fake:
GPS location,
IMEI,
phone number,
simcard id,
etc... information to applications that ask without permission.
this way you can feed these application with information they want but without breaking your privacy. (both end sides are more than happy)
-----
nice option to have:
1) enable/disable auto generate different id every time.
2) allow list / ban list of application to have real or fake id.
3) enable/disable notify for application request.
-----
there are all ready applications that fake your simcard PLMN mobile network codes without the need of kernel rights, but you need to enable disable the flight mode to restore the default code.
===========
good luck to spoofidroid or similar applications.
Jumba said:
My concern is how much another real time service will affect battery life. For people trying to make the leanest, fastest kernel I'm not sure it's viable.
Click to expand...
Click to collapse
I hope there will be developers out there who prioritize privacy/security over speed/battery and storage usage.
I'm the project lead of the TaintDroid system. We are currently working on a few extensions of TaintDroid but unfortunately are short on engineering resources to port TaintDroid onto other systems than Nexus One that we originally developed. We'd greatly appreciate it if XDA developers would take on this effort! Many ongoing projects would hugely benefit from having easy-to-run TaintDroid ROM available for many different devices and upcoming Android systems let alone user benifit.
Thanks,
Jaeyeon
Research Scientist @ Intel Labs Seattle
Ettepetje said:
I also learned that several of my bought applications are constantly forcing me to enable synchronisation and/or 3G internet. They either randomly uninstall (Asphalt 5), their icons disappear (for example: Mini-squadron) or won't start, with (Schredder Chess) or without a message. Angry Birds Beta2 lite (free game) and Hungry Shark are 2 more examples. So much for an incentive to buy games...
Click to expand...
Click to collapse
beta2 lite? i think that was malware, make sure it came from rovio otherwise it's fake and you should delete it.
It's really scary to see with the lookout app how many apps can access to your imei, telephone number "Read Identity Info", can access your contacts, track your position, and can send out all this data.
Here a HTC Desire user, asking for some privacy.
Best regards!
Basically for my final project were working with an external company that want stuff done for free or very close, this includes an android app.
The app I'm going to try to make will be private for the company to give out locations using google maps and gps/geolocation.
The app will be distributed through the site we are developing to certain users and not featured on the marketplace due to privacy issues.
Problem is I've never developed for android or any mobile platforms and have an extremely basic knowledge of Java but i mainly develop for web and windows using c# so naturally I have a few questions for people with experience in android development.
And it will be compatible from android 2.0 onwards
1. Is it possible to have the app powered by google maps?
2. Any suggestions of how one user will be able to upload gps coordinates to this app?
3. Rough idea of how long it would take e.g. few hours, few days, few months?
4. Overall is it possible, any problems I might run into?
5 Any Advice, tips,or better suggestions?
Thanks a lot for reading this far, any answers or help would be greatly appreciated.
This is some hobby project i want to accomplish with, i have decent experience in programming java. But after quite a lot searching around and asking professors and anyone with experience in android development i got no clear vision of how this is accomplishable. The thing is, i want to develop an application that runs for a given amount of time(there´s a timer the user sets), during this given time certain applications will be blocked(or rather killed, or intents changed so they won´t even start to run). This selection will be done from a list given of third party applications installed.
As mentioned, ive searched everywhere i can, and the only leads i could ever find was the following:
1. Have continous check which kills the given application if it detects the specific applications running and will kill it. Downfall of this will be cpu-usage, optimalization and battery use. And also the device has to be rooted.
2. Have an alternative launcher, somehow this should help me a bit on the way to accomplish my goal. But here i sit thinking: Will i need to develop my own launcher to be able to succeed?
Nothing pointed me in any direction whether there are some native methods or similar in the android that perform similar tasks and how to implement it at all. Those who are saying there are plenty of applications our there similarly: No, they give you choices like block apps with a password and similar which is not what i´m after. I need some application that blocks it for the given time it´s set to(even though it is possible to go on your own in task manager and kill this application i want to develop, but that is out of the scope for now). This is to increase productivity without reaching for your cellphone all the time(yes, it might sound silly, but i´m quite sure it will help.
Any help is greatly appreciated as i´ve researched for over a month without any success.
Bring up your activity no matter which app starts. Make it a transparent activity and kill it as soon as it starts.
i already set up my environment and know all the basics eg am ok with hello world apps but now i want to write a messaging app like whatsapp.....am using jdk+eclipse+sdk+adt...
Congratulations, so?
Start with basic android apps first to get an overview of your possibilities before go for a big app.
Whatsapp might look simple but it's pretty huge, not a beginner job.
Start from basics, brush up your java,
Get a nice ebook like:
Begining android development
Learning android development
Sent from my GT-P3100 using XDA Free mobile app
learn using the whole android APIs (notifications , listeners, list views, data bases...etc), make some little apps and think of a big one then
Only client, No server?
Maybe make it your goal to develop something smaller than Whatsapp for the start ... maybe a very simple app, which requires some sort of client / server communication, and consists of an Android client, and a server application running on a server, which can be reached over the network (of course the server application won't be an android app). Have a look at this:
http://www.compiletimeerror.com/2013/01/login-application-for-android.html#.U_z-uvmSzYx
After getting acquainted with that you will have to learn about some protocols like for instance Jabber (en.wikipedia.org/wiki/XMPP, for icq or skype the specs are closed making things difficult). And providing such services on the server side can become even more complex. To handle potentially thousands of requests simultaneously, for instance the shared nothing architecture can be deployed, which handles requests in a decentralized way using multiple servers.
But for a simple chat program, which you'd like to implement just for fun, the above tutorial might be enough.
Well i guess you should choice your architecture, Client/Server or phone to phone and so on.
Then you should choice how to exchange data, WS? It could be!
It isnt enought setup the enviroment!
First learn java good. Than start with android examples.
Hi, .
I am trying to figure out the best approach for an upcoming big project. Except doing small projects for Android (no web backend), most of my experience is with java, C++, and drupal programming.
The app I am looking at involves storing location for each user and a bunch of user data.
The app then needs to visualise/sort based on the nearby users on the map.
I've been reading up on current mobile technologies, which brought me to phonegap and drupalgap, although I am slightly afraid of being overly complex, and the delay of js rendering.
So I am also considering using a simpler restful service for login and user data storage (any recommendations? Do I build this myself?) and just building 2 native apps that communicate with this.
Drupalgap seems overly complicated to me and doesn't offer a good UI (would I use intelliJ and then just build a simple site in Drupal that is being rendered?). Or using the rest full services by hand (without phonegap) to do it native, as described at varunity.github.io/Drupal-Services-Android-App. Maybe there are libraries for this?
Sorry for the many questions, I just want to save myself time and do it right from the beginning. I am still very much in the process of reading up on existing libraries.
Thanks,
Do