Analyzing the Explanation
Other Android developers I've spoken with say that explanation makes sense in theory -- but that the same effect could have been achieved in a far better way. Ultimately, this whole fiasco may have been more about poor programming choices than attempted data theft.
"I don't think the developer is doing anything malicious," says Arron La, who created the popular Advanced Task Manager app for Android. "His feature to do application backups -- resume favorites, settings, or something to that extent -- makes sense. He [just] implemented it in a very poor way."
La says the apps could have used users' Google login IDs instead of their phone numbers and device IDs. Those values would differentiate devices and allow settings to be retained, he explains, without raising red flags over privacy. La also says the info could have been stored on the users' SD cards instead of remote servers, which would have further alleviated any concerns.
"The permission he is reading is not totally bad but can be dangerous," La says. "Users should look at why anyone would want to do things this way."
Lookout's CEO agrees. John Hering says there's nothing in the wallpaper apps' approach that immediately strikes him as being malicious. Rather, he says, it looks like the developer simply collected more user data than he needed to -- and that's something the Android community should be aware of and work to avoid.
"Some developers are writing code in a way that they think makes sense but inadvertently exposes user data," Hering tells me. "I think we need to have context and think about this in a way of how we can fix it and make it better."
[Related: Beware of sketchy Android 'agents']
Android Apps and Security: The Big Picture
Google has temporarily pulled the wallpaper apps from the Android Market while it investigates. Regardless of what the final verdict ends up being, however, the implications that this incident should have us all longing for Apple's "walled garden" approach are just plain silly.
First of all, let's face it: Apple's App Store approval process is more about protecting its own interests than protecting those of its users. Despite the fact that the company's app police routinely ban everything from political satire toswimsuit photos, plenty of shady programs have made their way through those closely guarded gates. You might be kept safe from the evils of Google Voice and MSNBC.com cartoonist Daryl Cagle's Tiger Woods cartoon viewer -- and, of course, the unthinkable atrocities of porn -- but that's about it.
Here's the thing: When you accept freedom of choice, you also accept a certain level of responsibility. Sure, you may occasionally encounter something "objectionable" within the walls of the Android Market. You also might encounter such materials when browsing the Internet. But no one's suggesting we lock down the Web.
Filtering or censoring the Web would be ridiculous, right? Well, the same notion applied to a smartphone is no less absurd. Like with the Net, it all comes down to being cautious and intelligent about what you do. Before you download something, you evaluate it carefully. You look and see what other people are saying about it. In the case of the Android Market, you even have the advantage of being able to review exactly what types of data it'll have access to (you know, that little warning screen that pops up before your download begins?). If something looks questionable, you click away.
"The Android permission architecture was created to ensure users that this type of information would not be collected if they do not want it to be," says Kevin Payne, developer of the highly rated Astro File Manager application for Android. "The final decision is still with the users to ensure they understand application permissions and use them responsibly."
Of course, if you prefer having some random panel prescreen your content and decide what's fit for you, you know where you can go. In fact, you have two very distant but eerily similar options.
This story, "Reality Check On Those 'Data-Mining' Android Apps" was originally published by Computerworld.