Android apps, IMEIs and privacy

Jan. 19th, 2017 02:47 pm
[personal profile] mjg59
There's been a sudden wave of people concerned about the Meitu selfie app's use of unique phone IDs. Here's what we know: the app will transmit your phone's IMEI (a unique per-phone identifier that can't be altered under normal circumstances) to servers in China. It's able to obtain this value because it asks for a permission called READ_PHONE_STATE, which (if granted) means that the app can obtain various bits of information about your phone including those unique IDs and whether you're currently on a call.

Why would anybody want these IDs? The simple answer is that app authors mostly make money by selling advertising, and advertisers like to know who's seeing their advertisements. The more app views they can tie to a single individual, the more they can track that user's response to different kinds of adverts and the more targeted (and, they hope, more profitable) the advertising towards that user. Using the same ID between multiple apps makes this easier, and so using a device-level ID rather than an app-level one is preferred. The IMEI is the most stable ID on Android devices, persisting even across factory resets.

The downside of using a device-level ID is, well, whoever has that data knows a lot about what you're running. That lets them tailor adverts to your tastes, but there are certainly circumstances where that could be embarrassing or even compromising. Using the IMEI for this is even worse, since it's also used for fundamental telephony functions - for instance, when a phone is reported stolen, its IMEI is added to a blacklist and networks will refuse to allow it to join. A sufficiently malicious person could potentially report your phone stolen and get it blocked by providing your IMEI. And phone networks are obviously able to track devices using them, so someone with enough access could figure out who you are from your app usage and then track you via your IMEI. But realistically, anyone with that level of access to the phone network could just identify you via other means. There's no reason to believe that this is part of a nefarious Chinese plot.

Is there anything you can do about this? On Android 6 and later, yes. Go to settings, hit apps, hit the gear menu in the top right, choose "App permissions" and scroll down to phone. Under there you'll see all apps that have permission to obtain this information, and you can turn them off. Doing so may cause some apps to crash or otherwise misbehave, whereas newer apps may simply ask for you to grant the permission again and refuse to do so if you don't.

Meitu isn't especially rare in this respect. Over 50% of the Android apps I have handy request your IMEI, although I haven't tracked what they all do with it. It's certainly something to be concerned about, but Meitu isn't especially rare here - there are big-name apps that do exactly the same thing. There's a legitimate question over whether Android should be making it so easy for apps to obtain this level of identifying information without more explicit informed consent from the user, but until Google do anything to make it more difficult, apps will continue making use of this information. Let's turn this into a conversation about user privacy online rather than blaming one specific example.

Gripes with Facebook

Jan. 17th, 2017 03:20 am
[personal profile] robhansen
 So, a short list of why Facebook is no longer a place I want to spend much time:
  1. People share memes without doing any critical thought or fact-checking, and think my good opinion of their reasoning faculties should be unaffected. (No, just no: while anybody can get taken in now and again, if I'm telling you "that meme is demonstrably, provably false" more than once or twice a year, my respect for your acumen is plummeting, and that's on you.)
  2. People share clickbait. Oh God the clickbait. "I bet I won't get a single share." "Who thinks this young disabled woman is beautiful?" "Like if you X, share if you Y." No. No. Just please *no*. Stop that already.
  3. Curiously attractive women who have no friends, no posts, no history, yet have added me to their friends list. Sigh. No, please, no bait.
  4. Echo-chambering. People overwhelmingly talk to people who already agree with them. I despise echo-chambering.
  5. Trolling.
  6. Virtue-signaling.
  7. Facebook's bizarre criteria for what posts are against community standards. I've literally submitted complaints about photos of a decapitated woman lying in a pool of her own blood with her detached head lying face-up near her and had FB say "nah, not a violation", but God help you if you post a picture of a naked woman. Newsflash, FB: I, like most people, consider one of these far more inappropriate than another.
  8. FB's continued lack of support for high-quality private messaging.

... Of my big-eight gripes with Facebook, six of them are actually gripes about us. About humanity. About people. I don't expect FB to fix us, I don't think FB can fix us, I don't want FB to try to fix us.

And that's why I think FB will never get better.
zorkian: Icon full of binary ones and zeros in no pattern. (Default)
[personal profile] zorkian

It's a long weekend and it's only two-thirds over, but I suspect I won't add any more activities to the set I've already performed this weekend. I'll probably revisit some of them tomorrow, though! So without further ado... what has Mark been up to this weekend?! I'm sure you have really been wanting to know!

[personal profile] afuna and I took N171MA (my airplane) out to Petaluma for breakfast. We had some nice food and milkshakes at the Two Niner Diner and then ran into a fellow pilot and his wife and spent a while chatting. I really enjoy hanging around airports and talking airplanes and I'm pretty lucky [personal profile] afuna is always game to go.

I've tried a few times to learn to knit but I think it's finally sticking. I finished a washcloth (garter stitch) the other day and I wanted to step up to something similarly simple but a little more involved. A hat seemed to be the order of the day! [personal profile] afuna was so excited to take me to our local yarn store where I picked out this dashing color. My first self-selected yarn purchase. I've started on the process of turning it into a beanie cap based on some design claiming to be a WW2 beanie cap. It's going to be a slow project but I'll get it eventually.

This morning I cooked a Dutch Baby (a type of pancake, loosely). While it isn't precisely what the canonical one looks like, it was still pretty tasty. I believe the recipe was a bit undersized for the pan and therefore it cooked faster/grew up the sides more than a typical one would. Either way it was great and I was happy to have eaten it.

It's okay if you have no idea what those photos are. They're ribs -- airplane ribs, that is. For the past year and a half I've been slowly building an airplane in my garage. I haven't really written much about it anywhere because it's such a niche/slow project, but it's something I've been working on. When it's done it'll look something like this airplane, although the coloring/wheel setup will be different.

Today I was working on ribs #1-4 on the left wing, adding reinforcing material (lengths of so-called standard L-angle). These ribs are the ones closest to the fuselage and are designed to support the weight of the humans that have to climb on the wings to board the aircraft. (It's a small low-wing plane which means you climb aboard by stepping onto the wings.)

And finally, I'm spending my evening working on Dreamwidth. Trying to get the BlobStore system up and running and ready to land so I can push forward to deprecate MogileFS. Simpler systems are more reliable and easier to operate! Yay!


So there you have it. This weekend I've piloted an airplane for breakfast, cooked, knitted, coded, and written software. I'm feeling pretty happy about this, honestly. Most of my weekends involve fewer activities but this one has been a really solid one.

Until next time, loyal readers...

(no subject)

Jan. 14th, 2017 10:51 pm
[personal profile] robhansen
President-Elect Trump's inauguration is coming up, and boy howdy do I have mixed feelings.  The news media is treating this as if it's the Imminent Apocalypse, which it is not, and the Trump-aligned outlets like Breitbart are being cheerfully over-the-top, which is just as bad.

Look, Trump is terrible.  But the unified voice of mass media having the high vapors over him, and millions of Americans screaming "not my President!", aren't doing anyone any favors.  As unbelievable as it is to say, Trump won a fair (enough) election.  When millions of Americans scream the 60-odd million people who voted for Trump and won should have their choice ignored, discarded, delegitimized, it just feeds into the opinion those 60-odd million Trump voters have of "those coastal liberals hate us and think we shouldn't be allowed to win elections, even when we play by the rules".

And that's profoundly anti-democratic, and deeply to the detriment of the country.

I plan on opposing Trump in just about any way I can.  But to the Trump voters?  Y'all won.  I get that.  I don't like the outcome, not even a little bit, but ... I get it.

Long time no see.

Jan. 10th, 2017 02:46 pm
[personal profile] robhansen
For the last few years I've been making life updates over at Facebook (and to a slightly lesser extent Google+), mostly because of the network effects.  There are a lot of people there; it's an easy way to reach a decently large audience.

Unfortunately, most of the social networks are for the most part ruled by people who believe reason and education are against their religious convictions.  The level of discourse is so de minimis that it staggers my imagination.  My average post there is about three paragraphs, and is longer than 99% of the stuff in my feed.  I don't know how to function in that environment, much less thrive.

So, it's back here, at least as an emergency measure.  For God's sake, won't you please make me think?

Some brief updates:
  • My nephew shot himself in the foot with a shotgun in late December.  He's keeping the foot but has a long rehabilitation ahead of him.  Whether he's learned anything about the importance of proper firearms safety remains to be seen.
  • I almost died in a fire in December, when my upstairs neighbors decided to extinguish hot fireplace coals by bagging them and putting them on the balcony, thinking the winter weather would quench the coals.  Needless to say the bag was paper and the balcony made of creosote-impregnated wood.
  • My Uncle Lou died sometime in the night between January 5 and January 6.
  • I turned 42 the morning of January 6.  The celebration was short-lived.
Anyway.  Talk to me.  Make me think.  Or if you can't make me think, just speak up and let me know you're reading what I'm writing.


terriko: (Default)

December 2016

456 789 10

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 20th, 2017 01:41 am
Powered by Dreamwidth Studios