Why on earth would an app want a permission acccess to my personal data on my phone to begin with?

Why on earth would an app want a permission acccess to my personal data on my phone to begin with?

WHATS UP

WHATS UP

I was actually referring to the technique one can use to sniff into frameworks calls at runtime to discover where 3rd party apps store passwords. You can’t do this by simply utilizing publicly documented runtime APIs that are found in the KB articles and javadocs. I think the technique was brushed over quickly at one of the soapbox discussions at devcon this year by one of the attendees. Hopefully no one was listening

I think the important message to developers is to make use of RIMs private signing capabilities to wrap ControlledAccess objects around persistent data. If you’re going to be storing passwords, ControlledAccess is your new best friend.

I was actually referring to the technique one can use to sniff into frameworks calls at runtime to discover where 3rd party apps store passwords. You can’t do this by simply utilizing publicly documented runtime APIs that are found in the KB articles and javadocs. I think the technique was brushed over quickly at one of the soapbox discussions at devcon this year by one of the attendees. Hopefully no one was listening

I think the important message to developers is to make use of RIMs private signing capabilities to wrap ControlledAccess objects around persistent data. If you’re going to be storing passwords, ControlledAccess is your new best friend.

great article!

There was an interesting article the other day about an iPhone developer who “stole” the users’ phone numbers which ended up in a lawsuit, read it at http://www.readwriteweb.com/archives/iphone_game_maker_apologizes_for_stealing_phone_numbers_calls_lawsuit_meritless.php

We are a BlackBerry app developer and we do handle user personal information because it’s necessary to offer our call tagging service, however;
a) we make the user aware and they know why we do it
b) we have a strictly enforced publicly available privacy policy
c) it goes without saying that we would never ever abuse that privilege

I think all developers need to consider;
- what personal information they really need in order to run the app (don’t grab anything you don’t absolutely need)
- how they handle it and store it
- how they notify the user
… then most people are cool with it. It’s about credibility.

However, “downloader beware” is the motto here. Would you let someone in your house if you didn’t know anything about them?

Another example of “naughty naughty” in the iPhone world is this one http://www.ilounge.com/index.php/news/comments/itunes-app-used-to-grab-users-phone-numbers/

Terry

great article!

There was an interesting article the other day about an iPhone developer who “stole” the users’ phone numbers which ended up in a lawsuit, read it at http://www.readwriteweb.com/archives/iphone_game_maker_apologizes_for_stealing_phone_numbers_calls_lawsuit_meritless.php

We are a BlackBerry app developer and we do handle user personal information because it’s necessary to offer our call tagging service, however;
a) we make the user aware and they know why we do it
b) we have a strictly enforced publicly available privacy policy
c) it goes without saying that we would never ever abuse that privilege

I think all developers need to consider;
- what personal information they really need in order to run the app (don’t grab anything you don’t absolutely need)
- how they handle it and store it
- how they notify the user
… then most people are cool with it. It’s about credibility.

However, “downloader beware” is the motto here. Would you let someone in your house if you didn’t know anything about them?

Another example of “naughty naughty” in the iPhone world is this one http://www.ilounge.com/index.php/news/comments/itunes-app-used-to-grab-users-phone-numbers/

Terry

great article!

There was an interesting article the other day about an iPhone developer who “stole” the users’ phone numbers which ended up in a lawsuit, read it at http://www.readwriteweb.com/archives/iphone_game_maker_apologizes_for_stealing_phone_numbers_calls_lawsuit_meritless.php

We are a BlackBerry app developer and we do handle user personal information because it’s necessary to offer our call tagging service, however;
a) we make the user aware and they know why we do it
b) we have a strictly enforced publicly available privacy policy
c) it goes without saying that we would never ever abuse that privilege

I think all developers need to consider;
- what personal information they really need in order to run the app (don’t grab anything you don’t absolutely need)
- how they handle it and store it
- how they notify the user
… then most people are cool with it. It’s about credibility.

However, “downloader beware” is the motto here. Would you let someone in your house if you didn’t know anything about them?

Another example of “naughty naughty” in the iPhone world is this one http://www.ilounge.com/index.php/news/comments/itunes-app-used-to-grab-users-phone-numbers/

Terry