Android privacy and security: Inversion of control

Android privacy: is it a joke or the punchline?

All technical Android users are aware of the problem. You want to install a simple app, such as a Torch, but you’re greeted with this:

This torch app "only" requires access to your flash, personal files, phone calls, location and identity...

This torch app “only” requires access to your personal files, phone calls, location and identity… and of course the actual camera flash itself, which seems like more of an afterthought.

Likewise, the common Facebook Messenger app is also rather greedy with permissions:

Screenshot_2015-04-07-10-22-57

Actually, there’s a little more to it than that. An update to the Google Play Store makes app permissions more “user friendly” by hiding the extent that the application wants to access your personal data. On an older version of Play Store, the permissions for Facebook and Messenger read more like this:

Everyone is on Candid Camera
Tap your communications, impersonate you to others
Full read, modify, write, delete access to your private messages

Google have actively tried to obfuscate the extent to which they allow their own and 3rd party software to violate privacy of Android users. I use the Facebook apps as an example here, but there are plenty of other widely-used invasive apps around (Google’s own in particular).

How does this extreme cyberstalking survive

This survives the same way that Apple products do, given their terms and conditions… Users either don’t notice the invasive terms that they’re agreeing to, or they don’t realise the consequences of them.

Even if you don’t install these malicious apps, your communications are insecure. If any of the people who you communicate with have a spyware-laden app, it can see both sides of the conversation between you and that person. Android/iOS privacy violation operates in a similar way as herd-immunity, but for the worse instead of for the better.

So what can be done about it

By Google? Nothing, it’s their business model after all:

  1. Mine as much personal information as possible from anyone and everyone
  2. ???
  3. PROFIT!!

* ??? = target advertisements

By free open-source mods and ROMs (e.g. Cyanogen)? Plenty.

The Xposed module “App Settings” allows one to revoke permissions from an app, often causing it to crash when it attempts to use that permission.

This is an “opt-in” security measure in the sense that one must actively revoke the permission after installing the app. As an anecdote, when revoking Facebook Messenger’s ability to monitor the screen contents, I noticed that Messenger would crash (“Forced Close”) whenever I opened a WhatsApp conversation. This was before Facebook bought WhatsApp of course.

But the problem is that security and privacy are still on an opt-in per-app basis.

Inversion of control: Power to the user

By default, our system allows malicious spyware and trojans to act as soon as we hit “install”, then we must manually disable them afterwards. Disabling them may also cause the app to crash frequently, making the part of it that’s actually useful now inaccessible. What we need is an inversion of control – instead of the permissions being “All or nothing” on installation and “Access all areas unless I stop you” afterwards, we need to give full control back to the user.

Ideally the user decides what permissions they’re happy with any app being able to use, and therefore which permissions are “private”. When an app attempts to conduct a “private” activity, then it receives mock data rather than an exception – so instead of crashing the app, it simply receives false information. If we decide that an app should be able to access some “private” area, then we manually grant it permission to get the “real” data instead of mock data – now private information is “opt-in” instead of “opt-out”, and the security is “opt-out” instead. We could take this further by allowing a timeout on the private information “opt-in”, so we could allow Facebook access to our location information for the next 30 minutes, and have it automatically disable afterwards.

So if “location” is amongst our list of “private” permissions, then when Facebook requests our location it gets mock data – we could be atop K2 for all Facebook knows (although IP geolocation would eliminate this somewhat…). When it requests access to our phone calls or SMS messages, it gets fake data. If it requires access to messages to validate our number or device, then we can grant it access to new messages only and only for the next 5 minutes, then have it automatically receive mock data again after that.

Flow diagrams: Current privacy model vs. proposed inversion of control

Click to open enlarged in new window

Android privacy inversion of control

Knock 5 hours off Windows 7 boot time with this simple trick

Windows 7 boot time: five hours to five minutes in five steps

This is a blatant troll post, if you’re here via LinkedIn then you may wish to skip reading it 😉

The problem

I got a new laptop.  It came with Windows 7 pre-installed.  I hadn’t used Windows for a decade, with the exception of an old XP installation I keep around for running Adobe Illustrator and COD4:Modern Warfare.  I decided to give Windows 7 a try.

First two days with Windows 7

Day 1: It’s sluggish and the UX is a decade behind the times, but otherwise it seems ok.  Boot time was around a minute which is pretty poor for a clean system with no user meddling yet, but not terrible.  After a while, some dialog popped up telling me to reboot the computer.  This was annoying, but it gave me the option to postpone it for a few hours (note: postpone permanently would have been a better option).

Day 2: Turn it on in the morning to check a bus schedule, and I get this:

Windows 7 boot time hell

I hadn’t told it to update, and since I had tethered it via a 4G connection the day before, I was wondering how much of my data allowance it had burnt up downloading updates.

Linux systems* typically update when you tell them to and they install the updates in the background rather than hitting the user with this denial-of-service attach.  They don’t constantly pester you to restart the computer, nor do they also don’t forcefully restart the computer while you’re making a coffee, causing data loss.

* Excluding Ubuntu which may auto-update in the background.  Still, Ubuntu won’t hit you with DOS attacks or data loss as part of its update mechanism.

I’m a bit perplexed as to why Microsoft have decided that by design, their operating system should hit their users with denial of service attacks and potential data loss.

A few hours later when I got back home, it was still “configuring Windows”.  After quite a while, it rebooted.  Then I was greeted with this:

speedup-b

Another reboot followed, then more updating/configuring.  I don’t know how long this would have taken to finish, as I decided that I’d had enough of this proprietary crap… I powered the laptop off and removed Windows, then installed Arch and Ubuntu onto BTRFS with a shared home folder and automatic daily snapshot backups.

The solution

Use Linux instead?

Troll face

This Microsoft-originating denial of service attack also happened to another computer shortly afterwards.  The best solution for a home user is probably to just disable Windows Updates completely.  Sure you don’t receive security updates from Microsoft, but you also no longer get peroidically attacked by Microsoft either.  Accepting a low risk of being attacked in exchange for getting rid of a certain risk of being attacked.

This five-step process is quicker to do than the typical Windows 7 boot time, with or without Microsoft’s malicious updater enabled…

1. Start → Run (or Super+R hotkey)

speedup-2

2. “services.msc”

speedup-3

3. Find “Windows Updates” (or “Automatic Updates” on Windows XP)

speedup-4

Double-click to open properties (or right-click, properties)

4. Disable the service

speedup-5

One would think that we could just mark it as “manual”, that way it will run only when we manually check for updates, but not when we’re on a mobile connection or when we’re streaming/gaming…  But as expected, Microsoft software does not do as it is told.  Leave it as manual and it will still occasionally burn bandwidth and pester you to reboot – but you won’t be able to manually check for updates as it will complain that the service isn’t started.

5. Stop the service

speedup-6

Hooray, that’s the biggest security vulnerability in Windows 7 (besides the OS itself) patched up 😀 And the Windows 7 boot time drops from five hours to five minutes 😀

But I can’t / don’t want to disable Windows Updates

Then instead find a similarly-minded friend…  You can play Hacky Racers with your windows 7 boot times!  Who’s machine will boot up first?  Extra ten points if it doesn’t do any reboots in the process!

Dual-core Sandy i5 with SSD (left) vs. Quad-core Haswell i7 with spinning metal (right) Left won by ten minutes and two less reboots.

Git guide

The organisation that I currently work in is finally migrating from Microsoft’s crappy TFS2 to Git, so I put together an manual describing some aspects of Git’s design and providing a tutorial for them to follow to get used to using Git and handling certain problems (merge conflicts, rebasing, etc).

It is viewable at hackology.co.uk/git-doc/ and editable on Github.