Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It might be "secure", but almost every app is exfiltrating my personal information by using crashlytics, facebook and co.

Who needs security when the apps do it by design.

Check your firewall logs, or use a root/no-root firewall, it's frightening.

Edit: click the screenshots at https://play.google.com/store/apps/details?id=eu.faircode.ne... to see an example. Fourth picture "Access attempts"



Amen. My guess would be that 90% of Hacker News readers use a desktop browser ad blocker, but <10% have a tool like Blockada installed on their phone.


10% seems low. On Android Firefox supports extension so a lot of people are having exact same extension on desktop and mobile.


I even got uMatrix.


On iOS I use AdGuard Pro, which offers DNS and safari protection, but I normally use chrome. On my home network, i have a pi-hole as well. Is Blockada just DNS blocking or is there more to it?


Looks like just DNS blocking using VPN API. I use a different method for system-level adblocking on ios. I temporarily jailbreak, supervise the device, and install easylist's pac to block connections without an external server. Jailbreak is removed after it is set in place. Guide: https://www.reddit.com/r/jailbreak/comments/dbdb8x/tutorial_...

The only downsides I have seen to this method are it's slightly annoying to initially install and if github goes down (where the pac is hosted), phone network connectivity goes down until it comes back up.


Many of us don't have any app that contains ads (maybe except twitter/instagram/reddit etc.. but I don't find them much disruptive).


Netguard is such a wonderful tool. Highly recommend either the free or paid versions.

It's a shame Android doesn't allow vpn chaining though, because netguard creates a local vpn connection you can't use it with an actual vpn simultaneously.


I would like to see Netguard add global blacklisting, e.g. to blacklist fb for all applications, not per-application.


Yeah, I would love to see that.

I think the author could take the same engine and create a new so that just blocks trackers and Facebook and people would gladly pay for it.


This is the main issue I have with app security. It would be great if one could deny network access to apps. I would be much more willing to install many apps if I knew they would keep the data local and not be able to send my data to some insecure cloud service for sale to the highest bidder behind my back.

It would be cool if app stores showed which apps require network access and which don't.


Googles decision to give all apps full network access to "improve user experience" was the worst thing that happened to security and privacy.


On Android you can do exactly that with an app like NoRoot firewall:

https://play.google.com/store/apps/details?id=app.greyshirts...

For example it helped me find a trustworthy e-mail client (K-mail) by only allowing network access to my email server.


That is cool but now you're relying on some random third-party app developer for your security/privacy. Even if they're good people, there's nothing to stop them from selling it to some jerk that will enable their own apps to bypass it and/or enable other shady developers to bypass it for money.

This kind of software can also be difficult to get right. There may be ways to easily bypass it.

If Google did this, I'd seriously consider going back to Android.


There appear to be at least one open source thing that does the same: netguard


AdAway and AFWall+ solve that. As long as I can root my device, I'm good.


But, no verified boot?


Crashlytics is necessary unless you want shite software.


There's a rather large selection of good-to-extraordinary software that doesn't use any sort of analytics/auto-reporting. Off the top of my head, GNU coreutils, and BSD flavor, sqlite, qmail, (neo)vim, emacs, GIMP...



> Apport will notify you about the crash and offer to file it. Do that.

I wouldn't call it auto-reporting when the user has to agree first; consent is the sticking point. (Same for abrt) (granted, I should have been more precise and I suppose that is automated in a sense; I took "automatic" to mean "without asking")


It's almost like you can ask your users to help with automated one-touch bug report submissions, instead of taking the data without asking.


Those are all CLI/desktop apps and stable as they've been around for decades. They also had supportive communities to file bug reports, changelists, etc..

You can hardly compare coreutils to smartphone apps.

As someone who deals with Android fragmentation daily, you wouldn't believe how hard it is to support the whole ecosystem. Disliking analytics I can understand, but crash reporting adds measurable improvement in the quality of software.


Yeah, I realized halfway through my list that I was mostly listing infrastructure; that's why I tacked on editors and GIMP. The original claim was that analytics were required to avoid software being terrible, and I mostly wanted to point out that this is obviously false; kind of software and community support make an impact, but they're not a hard requirement, and at any rate I think we're moving the goalposts here.

> You can hardly compare coreutils to smartphone apps.

Indeed; coreutils works on an absurd variety of unix-family systems, is copyleft, respects privacy, and is high-quality. If smartphone apps were more like coreutils, we'd all be better off.

> As someone who deals with Android fragmentation daily, you wouldn't believe how hard it is to support the whole ecosystem. Disliking analytics I can understand, but crash reporting adds measurable improvement in the quality of software.

I do understand where you're coming from; while I don't have skin in that game, I'm passingly aware of the remarkable ways that vendors break their systems. And honestly, if you get user consent, I don't actually have a problem with having the app report problems to you. It's just the "send information about the user's system without asking" thing that I object to.


Right now we have shitty software _and_ a crashlytics that phones home constantly for no apparent reason.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: