You forget the huge numbers of users who willingly provide their login data to phishing or other malicious apps.
If they don't pay attention to those, clearly more obvious sketchy things, you really expect them to make sense of opting in and out of an already confusing app permission step?
This sounds like something they should be doing. If someone used a tool or service I provided to commit fraud I would take it as a personal failing.
Privacy and security are the reasons I moved from Android to iOS four years ago. After reading the details this sounds like such a minor collection of data that it doesn't bother me.
It makes sense when you’re a slick lawyer appealing to technicalities, but in reality users don’t know how their devices work and where borders of an app are. If tiktok was a restaurant, we would talk about its restroom surveillance here. It may not collect too private information like passwords or messages, but the doubt is reasonable.
I don't think it's that people are stupid. Blindly trusting these apps to not take advantage or mishandle their access to personal data is also naive.
It's possible to do business without scanning your customer's faces, tracing their contacts, selling details of their transactions to aggregators, etc ... where does the line get drawn?
And that doesn't even address data that is "accidentally" collected.
Quite a few changes over the past few years have been reducing access to data that can be used for fingerprinting, and requiring apps to ask permission for access to user data.
This is squarely the fault of developers abusing the users trust.
Then for your sake I hope they don't find out about those apps. It is their device, after all. They don't like it when you do things they didn't approve of. Their methods grow ever more sophisticated. Hardware cryptography is only the latest innovation.
This is the main reason why I am not interested in being an app developer. Your business is in the hands of someone who can cut you off and get away with not even giving you the time of day. Not worth the risk.
(That being said: I'm not sure I would have approved an app like yours since it is designed to invade privacy)
The point is to introduce some friction into app developers using these methods, by informing users what's possible.
It's disgusting what some apps do to slurp off personal information, that they are only able to get away with because users don't understand whats at stake.
We do this for some of our legacy apps. I don’t like it and want to move away from it. I lack both time and motivation to think about security outside of the app/code itself.
My point is, I have no clue what's collecting data in an improper way, and I'm not going to hire a lawyer for a hobby app.
The amount of conflicting information about whether I do or don't need consent based on what services I use is just stupid. And I wouldn't even be showing ads.
Part of the apps function is related to location, do I need consent? Maybe.
It will use Firebase, do I need consent? Maybe.
It will collect crash data so I can debug the stupid thing, do I need consent? Maybe.
If people went to prison for making apps that collect user information with the only consent being a sentence in page 30 out of 50 in the terms of use, pretty much all big app developers would be felons.
A correct answer everyone should cite is not wanting to trust using an app made by the company that puts ads (and excessive telemetry) into the operating system. Or more generally treating the user as not the customer.
Your apartment complex decides they don’t want to be party to anything illegal. Just in case, they set up a police precinct in the lobby. They set up hidden cameras in every room of your apartment, and if their AI model detects anything suspicious, they send the video to the detective. Because you aren’t doing anything illegal, you have nothing to worry about, right?
What’s crazy about this?
Another way of expressing the concern: does your iPhone work for you, with the help of Apple’s services, or does your iPhone work for Apple? Working for me means not having software designed to report me to the police for how I use my device. The hash database for now includes CSAM hashes; there’s no reason it couldn’t be extended to include similarly heinous material, like Winnie the Pooh memes, Hong Kong freedom posters, rainbow flags, hormone therapy instructions, or anything else offensive to the regime.
People that are comfortable with their device working for a company with the assistance of the user choose Android.
You're wrong. If the app developer is actually malicious this is true, but there are some non-malicious applications i just don't trust. Look at Sony, they're not malicious (e.g. they wouldn't record my password when they're not supposed to) but i don't trust them with my passwords (for obvious reasons).
Isn't that where I said it can get silly? I don't want developers having an account on my phone. I just want to process some data on my phone.
Consider that on my phone, I am limited to accessing my data for most apps through the apps. On my computer, I typically know where the data is stored.
They constantly tell me to simply things because “these guys aren’t very smart”.
To the point that (on top of other problems) they’re creating foolishly simple logins…
I thought about finger print reading but the legal questions make me second guess it.
reply