Dont install the javelin browser – permissions abuse

42 points by skynetv2 ↗ HN
A few weeks ago, the developer of javelin browser, Steven Goh, posted on this site about the new browser he was developing.

https://news.ycombinator.com/item?id=8368199 nubela

I wanted to show support for his work, and installed the browser and tried it out.

Today I received an email from the developer on my WORK email promoting his IndieGoGo campaign.

The app discovered all the email addresses on my device (which includes my work email) and sent it back for later use.

And there is no unsubscribe option in the email.

first he steals my email address and uses it for marketing purposes without even asking me permission and then he doesnt even provide me with an option to unsubscribe.

This is why I am always hesitant to try new apps or apps that I feel are asking too many permissions. They abuse your trust.

14 comments

[ 4.4 ms ] story [ 52.1 ms ] thread
that guy have poor ethics if he does that...
Reminded me of how LinkedIn would scan your contacts and invite them all...
i had couple of embarrassing situations like that, the latest one seems to be researchgate.

now i wonder if this javelin guy took my address book too sending emails to others saying I recommended it

Found an email in my spam folder for this shady dude. Glad I've moved on to another browser.
This morning I found the mail in my spam folder of my WORK email as well. Uninstalled it yesterday after reading this post.
"I wanted to show support for his work, and installed the browser and tried it out.

Today I received an email from the developer on my WORK email promoting his IndieGoGo campaign."

How can you be sure that this isn't a coincidence? Of course it's possible that the browser app could have stolen your contact information, but maybe they got your work address from another source a long time ago (which still doesn't make the spam acceptable). But just because one event precedes another doesn't imply that there's any causal relationship.[1]

[1] https://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc

ummm ... heres what the email says

"Hi, I am Steven Goh the developer of Javelin Browser and you are receiving this email because you have tried Javelin before."

I thinks its pretty clear why I got this email.

Developer of javelin is definitely a scumbag, mining contact information off of users devices and sending emails to peoples work accounts without any warning advertising his "private" browser. The browser is actually based off of an open source android browser called Lightning which he never credited at all until people found out and started calling him out on it. With such shady practices I would not trust my privacy with that app.

Personally I have been using Frost https://play.google.com/store/apps/details?id=com.crowbar.be... as a private browser for the last 3 years and have been very happy with it.

Hard to have sympathy for people who install closed-source applications with inappropriate permissions and get burned by it. Still, the developer is an idiot for doing it and should not be trusted.