>The top changes include "scoped storage" to give users more control over files by only allowing Android 10 apps a filtered view of their app-specific directory and specific types of media.
A great change. I don't mind having to spend some time going over each time, making sure the right settings are in place for security and privacy.
The other changes for location and camera access by apps are good too. Just hope the update will include my old-ish device.
> Google will now require developers to use resettable identifiers to keep track of users. That way, if these digital fingerprints are ever compromised, or if you want to wipe your digital slate clean, there's a mechanism to do that.
Does this mean device fingerprinting will no longer be allowed?
It's very difficult to prevent fingerprinting. Google's had the Android advertising ID for ages (which is a unique user resettable identifier) but it's entirely possible to ignore it. I'm not sure if Admob does allow you to set your own custom IDs with your own fingerprinting, but preventing that would go a long way.
Google is really doubling down on privacy right on the heels of repeated scandals. Wonder if i will last longer than customer's memory of said scandals before they go back to the business model that brings them the money.
As long as we get to reap the benefits at least for a bit - I'm happy. Plus, I always find that a bad company/product trying to do better often spurs on superior competitors. WhatsApp has been rubbish for a while now and so better messengers like Wire, Telegram, Signal etc. have appeared. Maybe someone will use Google's new privacy-related advances to improve their service as well.
Google fixing vulnerabilities even before the release can only be good news, but one does have to be wonder why a whole class of such vulnerabilities are even allowed after so many releases?
We can still not sandbox apps access to data by default. Numerous academic projects have show how this can be implemented, e.g. by fudging data when details are not needed. Also, in order to get these security fixes I have to buy a new device from one of their partners.. Google has failed society by advancing surveillance capitalism to the extreme.
Going after a subset of low end devices seems a bit off-putting to me. A-One should be mandatory, but most manufacturers are hooked on adding bloatware to track you.
I use it every day. Regarding P1, if an app ask for permission access to e.g. images or location, and you use the app, how would you limit what the app can send home or even review it? See discussion in the other comments if you're not an Andriod developer.
Since Android v1, it offers APIs (intents) for picking items belonging to other apps or doing an action on behalf of other apps.
Applications do not need access to gallery; they can ask the gallery to let the user pick the pictures he wants to work with; the app does not need the access to camera, it can ask the default camera app to let the user make the photo and get the result. The app does not need access to telephony; it can ask dialer to dial a number on it's behalf. Etc, etc.
The developers didn't use these APIs because users were asking for iOS style integrations, where any apps does everything for itself, instead of using system components. So they got it.
The headline is misleading. These vulnerabilities are not in Android 10 but are fixed by Android 10. Which of course means they exist in versions prior to Android 10. Google provides security updates for prior versions so what is not clear from the article is whether these are only fixed by upgrading to Android 10 or whether they were identified during the Android 10 development process but fixes will also be available for prior versions.
> These vulnerabilities are not in Android 10 but are fixed by Android 10. Which of course means they exist in versions prior to Android 10.
That's not accurate. Android 10 is still in beta, so many of these vulnerabilities (just like many other bugs you'll see in a beta) are likely new to Android 10, and will be fixed before the final release.
my take on the headline is that Q fixes vulnerabilities that exist in pre-Q versions. this means that those vulnerabilities are still in effect for the vast majority of current users, and will be for some time since it will take years before Q is actually being run by the majority of android devices. the vulnerabilities are very much alive.
A revocable permission for network access on Android would be a great step towards giving users more control over which apps can transmit their personal data.
An entire class of apps could be rendered safe by disallowing network access, especially the ones that do work offline, but are keen to phone home.
This has been possible since Android 8, if not before. You could, per app, from the App Info page:
1. Disallow bg internet access.
2. Disallow fg internet access over wifi.
3. Disallow fg internet access over mobile network.
I've been building an app that exposes privacy features like bouncing permissions when apps are in bg (remember AppOps?), firewalling apps by disallowing data usage, setting DNS over TLS to servers that blackhole ads and trackers, show log of network activity, kill bg processes and activities and so on. Hopefully, would be done in a month or so.
You could do all of the above, today, but mostly, manually, by navigating through nested menus and what-not.
Android 10 would make some parts of what I'm building obsolete, and that's a good thing.
I've exercised this setting in Xiaomi, Oppo phones (Realme, Vivo, One Plus included) [0]. Unsure if it is in AOSP, but a user reported that its present in their Pixel running 8.1 [0]?
You could see if NoRoot Firewall (requires VPN) or Glasswire (may or may not require VPN) help you disallow internet access per-app.
Since I never trusted iOS setup that one cannot restrict WiFi access on apps I had a firewall on my (jailbroken iOS). Now on Android I do the same (not trust the OS or the Data/WiFi switches and again I use a firewall to block either Data or WiFi or both.
I also do this for data usage, e.g. Spotify and my podcatcher use Wi-fi while email etc use both data and WiFi.
Edit: in the same spirit I block all free apps that don't require network connectivity such as health/workout apps. I kill all ads, and keep my data within.
Edit2: android firewall is called "NoRoot Firewall"
I have a Pixel 3 with the latest retail release (Android 9/August 1, 2019). I cannot do any of the things you described for any apps via the App Info page.
I have permissions sliders for Camera, Contacts, Location, Microphone, Phone, and Storage. None at all for internet access or any specific network.
The permissions you list don't appear to be part of Android (8 or otherwise) and are likely after-market extensions in your phone's ROM.
I have two options on android 9 on a Motorola g7 background data usage and unrestricted data usage. On allows or disallows background data usage, the other allows full access to data when data saver mode is on. When I go to show all permissions it shows me which apps have full network access but does not allow me the option to toggle it.
Early versions of android did have a network permission. It was not able to be revoked but at least you knew apps that had no reason to require network access, like early flashlight apps, were not exfiltrating data.
The permission may still exist (it has been a long time since I last wrote an android app) but it is no longer user visible.
but at some point Google decided it should always be allowed
Not at all surprising, if you consider Google's motives; they both want to appear like they care about privacy and give you an illusion of control, but at the same time they are ultimately an ad company who profits from the lack thereof. A lot of the decisions they make about their products make a lot of sense from this perspective.
- apps can use other ad networks than Google, and blocking network access would bring them more profit (higher app cost / more push for in-app spend)
- they can create separate categories for ad traffic and general network traffic
- having ads as a system element and limiting network access would allow them to cut off other ad networks to some extent, bringing more profit (although that's opening the doors to more talks about monopoly)
That fine-grained permission isn't handled by the user. You as a user don't employ CSP.
Rather, when requesting the permission from the OS, the developer has to supply a list of approved scopes and domains, and anything outside of that gets automatically blocked.
The problem is when an app finds a bullshit excuse to refuse to work unless they're provided all wanted permissions. even if they don't hard block their content that way, in practice, people are just going to flip the switch that makes the app work or make a dialog go away without reading.
I just don't think pushing the choice of permissions to the end user is a good idea, not by itself. UX teaches us that people are lazy and will go through the easiest path.
Indeed. On the desktop, this is also known as a firewall. All apps practically think they have "network permissions", but if they actually try to make a connection, it will either time out or return errors.
Depends what you mean by built-in. On Linux you can easily start something either in a namespace with no network, or filter out network calls by syscalls. Selinux/apparmor/tomoyo give you more fine grained control over what can be done over the network.
Linux generally comes with iptables which can be used for it, but more efficiently most distributions have some system for access control like SELinux or apparmor which can also do it. Sorry not familiar if this is a thing on Windows/Mac/BSD's. In fact I think Android has SELinux built in, but not user accessible without root.
FreeBSD ipfw can firewall by userid, and Android runs each app under a different user (and would probably run apps in jails on FreeBSD, jail IDs are also available for firewalling)
Having moved from Windows to Linux partially because Windows was about as secure as a flyscreen door, I've recently switched back to Windows.
Whenever a version of an app wants to provide a network service, Windows first asks if this specific app can provide network services on this class of network (public connection or private connection). So it is not just builtin, but for a particular class of restriction even easy to use. Blocking consumption of resources is an advanced feature though.
I used to use a program called "firestarter" on Linux, which provided a way to block specific apps. Long time since I've done that though, since most of the untrusted apps on Linux are Chrome and the ones you run in Firefox.
It's still an action the user has to perform, which most people won't bother doing (or know how to do it).
I don't think the user of an app should be left to its own devices to ensure its own privacy by outmanoeuvring developers, and giving them tools to do it it's just not good enough.
There should me a method of taking this further. Like having the real radio, sensor, etc information but also having a mocked version of these interfaces. The user can toggle mocked or real interface and the app has no idea which it is receiving. Each one can be faked in its own specific way (spoofed GPS looks different than spoofed accelerometer, etc).
Edit: Disclaimer I have almost 0 knowledge of Android development.
Another crap Forbes contributor article. The fix is to ban these posts. These articles have basically zero credibility because they are written by ordinary dopes who pay to have their blogs published on forbes.com. There is no fact checking, no verification of the author’s background and expertise, nothing. You pay and get published and people get the impression it’s “news” because of the Forbes name.
The writing is extremely clumsy, I had to go to the linked post from Google to find out that the author meant that Android releases will no longer be named after desserts.
The move to a joyless, bland release naming scheme in order to appease a perceived mass of illiterate rubes who somehow care about their Android version but can't read past the name of a dessert...
To me it is another signal of the erasure of cultural flavour at the company; the pivot to a base, power-chasing, stifling corporatist death march toward nowhere of interest.
Google refuses to do something about arbitrary network connections, most likely due to their ads business model. Their ads require network connections to work!
69 comments
[ 2.7 ms ] story [ 119 ms ] threadA great change. I don't mind having to spend some time going over each time, making sure the right settings are in place for security and privacy.
The other changes for location and camera access by apps are good too. Just hope the update will include my old-ish device.
Does this mean device fingerprinting will no longer be allowed?
1. Google has added API to access resources without getting full unconditional access
2. They are enforcing use of correct APIs on their store
3. Most of the system is now updated from the store. This is significantly faster than any of their competitors
4. Most vendors are now providing timely security updates. Some even have an Enterprise program with 4-5 years of updates.
Applications do not need access to gallery; they can ask the gallery to let the user pick the pictures he wants to work with; the app does not need the access to camera, it can ask the default camera app to let the user make the photo and get the result. The app does not need access to telephony; it can ask dialer to dial a number on it's behalf. Etc, etc.
The developers didn't use these APIs because users were asking for iOS style integrations, where any apps does everything for itself, instead of using system components. So they got it.
That's not accurate. Android 10 is still in beta, so many of these vulnerabilities (just like many other bugs you'll see in a beta) are likely new to Android 10, and will be fixed before the final release.
An entire class of apps could be rendered safe by disallowing network access, especially the ones that do work offline, but are keen to phone home.
It seems super simple to provide that basic level of control to the end user.
I also want shadow/fake address books and location information as a feature.
And this is how I have learned that Google's Calc app apparently wants network access. No thanks!
1. Disallow bg internet access.
2. Disallow fg internet access over wifi.
3. Disallow fg internet access over mobile network.
I've been building an app that exposes privacy features like bouncing permissions when apps are in bg (remember AppOps?), firewalling apps by disallowing data usage, setting DNS over TLS to servers that blackhole ads and trackers, show log of network activity, kill bg processes and activities and so on. Hopefully, would be done in a month or so.
You could do all of the above, today, but mostly, manually, by navigating through nested menus and what-not.
Android 10 would make some parts of what I'm building obsolete, and that's a good thing.
The ones I've seen had a setting only for restricting background data usage.
You could see if NoRoot Firewall (requires VPN) or Glasswire (may or may not require VPN) help you disallow internet access per-app.
[0] https://old.reddit.com/r/oneplus/comments/79g0ue/til_oxygeno...
I also do this for data usage, e.g. Spotify and my podcatcher use Wi-fi while email etc use both data and WiFi.
Edit: in the same spirit I block all free apps that don't require network connectivity such as health/workout apps. I kill all ads, and keep my data within.
Edit2: android firewall is called "NoRoot Firewall"
I have permissions sliders for Camera, Contacts, Location, Microphone, Phone, and Storage. None at all for internet access or any specific network.
The permissions you list don't appear to be part of Android (8 or otherwise) and are likely after-market extensions in your phone's ROM.
The permission may still exist (it has been a long time since I last wrote an android app) but it is no longer user visible.
It is called "have full network access".
(Android DOES have a network permission, but at some point Google decided it should always be allowed)
Not at all surprising, if you consider Google's motives; they both want to appear like they care about privacy and give you an illusion of control, but at the same time they are ultimately an ad company who profits from the lack thereof. A lot of the decisions they make about their products make a lot of sense from this perspective.
- apps can use other ad networks than Google, and blocking network access would bring them more profit (higher app cost / more push for in-app spend)
- they can create separate categories for ad traffic and general network traffic
- having ads as a system element and limiting network access would allow them to cut off other ad networks to some extent, bringing more profit (although that's opening the doors to more talks about monopoly)
Rather, when requesting the permission from the OS, the developer has to supply a list of approved scopes and domains, and anything outside of that gets automatically blocked.
No involvement from the user.
I just don't think pushing the choice of permissions to the end user is a good idea, not by itself. UX teaches us that people are lazy and will go through the easiest path.
FreeBSD ipfw can firewall by userid, and Android runs each app under a different user (and would probably run apps in jails on FreeBSD, jail IDs are also available for firewalling)
Whenever a version of an app wants to provide a network service, Windows first asks if this specific app can provide network services on this class of network (public connection or private connection). So it is not just builtin, but for a particular class of restriction even easy to use. Blocking consumption of resources is an advanced feature though.
I used to use a program called "firestarter" on Linux, which provided a way to block specific apps. Long time since I've done that though, since most of the untrusted apps on Linux are Chrome and the ones you run in Firefox.
I don't think the user of an app should be left to its own devices to ensure its own privacy by outmanoeuvring developers, and giving them tools to do it it's just not good enough.
Edit: Disclaimer I have almost 0 knowledge of Android development.
This kind of content is usually never worded like this for other products, can the moderators fix it?
Microsoft issues update warning to 10 gorillion PCs (some super minor problem in the last patch cycle)
10 bazillion Android phones have spyware (some malware app was removed from the play store)
Android 10 is still being worked on, if it was ready it would have been released.
To me it is another signal of the erasure of cultural flavour at the company; the pivot to a base, power-chasing, stifling corporatist death march toward nowhere of interest.