I downloaded a game from Google Play. In the permission page, I noticed that it asks for my personal information.
Allow this application to:
Your personal information read sensitive log data.
Why in the world a game needs my personal information to run? so I decided not to install it. However, I really want to play this game. My question is this, is there any way to fake my personal information so developer of the game can not be able to reach my info?
My Android version : 4.0.2
Model number : GT-N7000
Baseband version : N7000XXLB2
Answer
Summing up from the comments on the question itself, so it doesn't "get lost":
As ce4 pointed out: The READ_LOGS
permission requested by the app grants it access to the system logs, which might include sensitive information logged by other apps (also system apps). However note, that this specific problem has been adressed by Google with Jelly Bean onwards (apps can only read their very own logs, and not everything in the log since then). So the READ_LOGS
permission on Android 4.1+ is safe. You can install the app without fear on Jelly Bean devices (but not ICS and below).
PDroid
If one has CyanogenMod (or a compatible ROM) installed, there's the option to use PDroid in one of its incarnations. Visit the XDA-Developers for information on...
- The OpenPDroid AutoPatcher, working on Linux, MacOSX, and meanwhile also Windows. With this tool you can patch a ROM image so it will contain the PDroid functionality.
- The OpenPDroid project. This thread gives you detailed information on what OpenPDroid is, what it does, what features it includes, and more.
- PDroid 2.0, which now also offers support for stock ROMs. Tons of screenshots there, for sure an interesting read!
Still, PDroid is nothing for Android newbies to install -- it's not like just picking an .apk
and go. All PDroid incarnations require you to patch an existing ROM image file, which you then must flash to your device. So no easy-go.
LBE
LBE Privacy Guard, on the other hand, can just be installed straight from the playstore if you run Android 4.0 or below. There are issues with JellyBean like e.g. boot-loops, so do not install the playstore version on JellyBean devices! At least not if it was not updated May 2013 or later. You have been warned!
For JellyBean users, again XDA is a good source: some busy members took care to translate the Chinese LBE安全大师 (LBE Security Master) to different languages. The thread can be found here, and this version does not boot-loop JellyBean.
XPrivacy
XPrivacy is pretty new in this area (I just discovered it recently, after I wrote this answer -- so I felt the need to update it). As with the other mentioned solutions, it requires a rooted device. In order to install the app, you also need a Custom Recovery such as e.g. clockworkmod or twrp. XPrivacy is based on the Xposed-Framework, so you will need that as well. Requiring Android 4.1 or higher, this seems a nice option for those having used LBE Privacy Guard before, and don't want to use the overloaded LBE Security Master on JellyBean.
From its behavior it's comparable to LBE: on a per-app basis, permissions can be set separately. In most cases, if you "revoke" a permission, "fake data" will be served instead -- with two exceptions, where this seems not to be possible (internet and external storage). More details can be found on the project page.
CyanogenMod, Paranoid Android, & Co. with Privacy Guard
CM 10.1 nightlies and onwards of CyanogenMod as well as Paranoid Android already ship with a Privacy Guard, which lets you define what apps should be placed into "incognito mode". While that's better than nothing, it's just an on/off switch: either the app is put into "incognito", or it is not. No selective withdrawal of permissions here.
Android 4.3+ App-Ops
With Android 4.3, Google finally introduced a kind of "permission manager". In 4.3, it's still hidden, but can easily be made available: App-Ops allow you a fine grained control over your privacy, almost similar to what PDroid, LBE, and XPrivacy provide. But just almost: not all permissions can be revoked here (e.g. network/internet access cannot).
No comments:
Post a Comment