| I really know nothing about how android works so excuse me if this is a stupid/impossible idea, but I wonder if someone could make an app-vetting app. The issue seems to be that you have to give these applications their permissions so they can function, but you really have no way of knowing how those permissions are being used. So you end up just allowing everything and being at the mercy of developers or you act completely suspicious, don't install any app asking for strange permissions and may even fall into these wild accusations that giving Facebook permission to view your SMS messages is like signing over your soul to the devil. So again, I'm really out of my game here, but I wonder if you could create an app-vetting app for android that monitors and logs internal requests for data (assuming android uses some sort of internal api to handle this) so you could see what apps are making what requests and how much data they're grabbing. And then monitor outbound network traffic to see what put and post requests are coming from the app, how much data is being transferred and where they're being delivered. Then you would know how much of your data is actually being used by an app and how much of that data is being sent to Facebook. Granted, I'm sure apps like Facebook's are constantly sending themselves data from your phone but the things to look for are the data being sent when the app isn't active or when the request varies an objectively significant amount from the baseline requests. If this can be figured out, you could then create a database of the results for every app logged and have a security ratings guide for the android marketplace. If this is impossible, impractical or just plain stupid, I apologize, but it seems like something that SHOULD be possible, so I just figured I'd throw it out there. |