Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re:Core features of apps == "leaks"? (Score 2, Insightful) 299

Right, the paper lists some common applications used by millions of people (BBC, Evernote, Weather Channel) that appear to be using the requested APIs for exactly what you'd expect. It lumps those in with a few obscure and sketchy ones doing nefarious things with those APIs. It makes no attempt to determine which apps are actually doing anything unexpected/evil, and which are behaving in exactly the way that a user would expect.

The unfiltered list gets posted on Slashdot, showered with the obligatory snark and tinfoil.

A first pass sanity check on the apps would have been more responsible.
E.g. "The Weather Channel app sends my location to their servers ... could this have a legitimate purpose for telling me the weather?"
This would have probably pruned the list of applications down to a handful of garbage ones that no one had ever heard of.

Comment Core features of apps == "leaks"? (Score 5, Insightful) 299

The headline doesn't really match the contents of the paper as far as I can tell.
For example, "Evernote" is listed in the paper for:
1) Taking pictures with the camera
2) Recording audio with the microphone
3) Determining your location
And for transmitting this data to its servers.

These functions are, however, exactly what the application is designed for. You take notes (including snapshot notes and voice notes) and upload them to your account. When you launch the app, there are big buttons for "take a snapshot note" , "take an audio note", etc. Geo-tagging via the location APIs can be disabled from the Settings page, but this is another core advertised feature of the product.

So this is a bit like making it into Slashdot by discovering that a mail client transmits text that you type (and your email address!) to a mysterious "SMTP" server.
Headline: "Researchers discover nefarious 'e-mail' application leaking your data ... on the INTERNET!"

Use the Force, Luke.