Netflix: Not Too Terrible on Android Privacy

Background

This logo is the property of Netflix and is used here under fair use standards.

Netflix began life as a service that mailed DVDs to its customers to view and mail back, but has become a giant streaming platform that produces many of its own movies and series. It still offers DVDs and Blu-Rays via mail, but this is not the main part of their business. In 2016, Apple Insider stated that Netflix traffic was consuming 37% of North America’s download bandwidth. To command this much data volume is quite a feat.

Netflix has been adding some social media aspects to its services, but it remains largely a platform for watching TV series and movies. Their services are primarily in one direction only, so I would expect that the permissions and privacy policy would be pretty non-invasive.

I’ve been running a copy of their Android app on my Nexus 6P running Copperhead OS, but I have to admit that I hadn’t taken the time to look at what the permissions were or what Netflix’s privacy policy really says. Should I be concerned? Does the use of this service undo my efforts to have a more private smartphone? It’s about time I took a look!

Review

As usual, let’s go straight to the permissions and follow up by analyzing them. The following were pasted directly from the Google Play site:

Permissions

    • In-app purchases
      Device & app history
      • retrieve running apps
      Identity
      • find accounts on the device
      Contacts
      • find accounts on the device
      Phone
      • read phone status and identity
      Photos/Media/Files
      • read the contents of your USB storage
      • modify or delete the contents of your USB storage
      Storage
      • read the contents of your USB storage
      • modify or delete the contents of your USB storage
      Microphone
      • record audio
      Wi-Fi connection information
      • view Wi-Fi connections
      Device ID & call information
      • read phone status and identity
      Other
      • receive data from Internet
      • view network connections

Looking at the other commercial apps I’ve reviewed recently, this doesn’t seem too terrible. Let’s discuss what these permissions mean from a privacy angle.

In-app purchases. Many users will demand that they can make purchases from within the app. I didn’t set up my account using the app, but I’ve just confirmed that I can change all of my account settings, email address, credit card number, and change plans from within the app.

Device & app history & retrieve running apps. Because Netflix can see all of your running apps and knows what you’ve previously run, it knows what other activities you are using your phone for.

Find accounts on the deviceIdeally, the Android setup will ask if you will permit the app to have access to the accounts that are stored in the device. So, it shouldn’t wind up with access to your other accounts without your direct permission.

Contacts. Netflix is looking to find out what accounts you have on the device for contacts, but they aren’t asking to dig through the contents. I’m not sure why they’d want this, except to gather statistics on what services their users access.

Phone status and identity. This is digging deeper than Netflix really ought to. They can see if you are receiving calls, which probably isn’t that easy to abuse without further permissions. However, the identity information can include your phones IMEI, which could be abused. This would be a good permission to shut off.

Photos/media/files & storage. It looks like there’s a typo in the information I pasted above. It’s unusual to list the ability to read, modify, or delete USB storage twice. It’s also unusual to list the ability to do this with USB storage without listing the ability to do this with internal storage. I’m assuming that they can do both. This can be for providing images for online avatars and such, but they can certainly abuse this permission. Again, this is a good permission to shut off.

Microphone. I don’t see any reason for this service to access the device’s microphone. This is potentially invasive. It’s not quite as invasive, however, as it would be in an app that runs whenever the device is started. I’m happy to say that this is not included in Netflix’s permissions. Yet another permission to that should certainly be shut off.

View Wi-Fi connections. I don’t know why they ask for this, but it might help with troubleshooting when there are connectivity issues. Trend Micro says that this can be used to “take advantage of device bugs to steal Wi-Fi passwords and hack into the networks you use.” It would be better for the app not to have this permission.

Receive data from network. This is one of the few permissions that this app should have. If its chief function is to stream videos, it definitely needs to receive network data to be functional.

Privacy policy.

Netlix’s privacy policy is found here. Keep in mind that users interact with Netflix in a number of ways, so these policies go well beyond the scope of the Android app.

First, Netflix collects information that you provide to them in the normal course of setting up an account, including who you are, where you live, phone number, credit card information, etc. This is normal and to be expected for any paid subscription service.

Ratings, account settings, etc. are something that the user willingly gives to Netflix as a part of the service. These are matters of convenience to the users and used to recommend other shows and movies that the user might like.

Now for the data that they collect automatically. They collect information on what titles you’ve selected and watched. This is reasonable information for them to keep. For instance, it’s nice to know that you’ve already watched a movie (even if you don’t remember it), and it’s also nice when you open that series you’ve been binge-watching and it picks up right where you left off. If you want to watch some nasty smutty movies and you don’t want Netflix to know about it, then you probably shouldn’t do it through your Netflix subscription. Duh!

Netflix collects the details of your Customer Service interactions. Device and software characteristics are collected, as well, including page views, referred URLs, and your IP address. So, they have a pretty good idea of your location and your cookies may tell some tales about where you’ve been on the Web lately.

They come right out and say that they collect information via cookies, web beacons, ads, etc. This is not preferred, but a smart user will shut off cookies and use tools like Privacy Badger to limit how they are tracked online with their laptop or desktop machine. Similar plugins should be available for browsers running under Android, but I haven’t looked at this, yet.

They collect information from “other sources.” Boy, this is certainly wide open, the way it is described. They state online and offline services, which could be any service in the world that you do business with.

Netflix uses your information for the usual reasons, to “enhance and personalize” your experience using their services and to focus the marketing that they point your way. As many companies do, they are also demographics to optimize the overall content they provide. They also say that they use device information to ensure you aren’t getting a free trial for the fifteenth time.

Your information is shared within their family of companies and with service providers who support operations. They don’t authorize further dissemination of your personal information. However, each additional organization increases the opportunity for data breaches that will spread your information to criminals everywhere.

Use of promotional offers may result in further sharing of your personal information with third parties. Likewise, using social media plugins will certainly result in sharing a bunch of the information Netflix has, while giving them access to the social media information.

They come right out and say that they comply with government agencies. No US-based company really has a choice in this matter, unless they are a zero-knowledge service that doesn’t have any way to access your private information.

 Recommendations. Use of this service has become ubiquitous and the permissions that Netflix is asking for aren’t as bad as a number of other apps. However, they are collecting information that goes beyond what is required to deliver their services. Because of this, we cannot possible recommend the Netflix app as ethical software by our definitions.

Netflix Permissions
We recommend shutting off any permissions not strictly required for apps’ primary features.

If you choose to use the Netflix Android app, we recommend taking advantage of the permission controls in later versions of Android to shut off all unnecessary permissions. In this case, I was relieved to find that I had already shut off all but the necessary network permissions (as shown here). Note that leaving network permissions turned on is necessary for this app to function, but it will allow Netflix to access information about your WiFi connections.

Also, on your non-Android devices we recommend running alternative operating systems to achieve a reasonable degree of privacy. We use Ubuntu for our desktop and laptop machines.  We also recommend using and browsers that protect your privacy. For example, I’m using Vivaldi which starts with open-source Chromium and adds further features to enhance the browsing experience, such as being able to view more than one tab at a time.

At EDG, we are taking small steps to help you free yourself from the digital Panopticon.  Please provide tips using the link at the top-right of our homepage if you are aware of a topic that we should be covering or some software that we should be reviewing.

What Do We Mean by Ethical Software?

Angel Photo
Free photo sourced from Pixabay, created by  karigamb08.

We are starting our efforts with EDG in order to assist Android users in regaining their privacy. This is in the backdrop of a digital landscape that has become increasingly invasive and abusive. To accomplish this, software that respects privacy needs to be  profitable. By creating a certification system showing consumers that some apps respect privacy, we will make those pieces of software more profitable.

If we are going to certify software as being “ethical” in this sense, we need to define the term. The following is a fist draft of our criteria, and it is bound to see some modification over time. We will ensure that the current criteria are kept clear and available to the users.

To be considered ethical and obtain EDG certifications, software shall demonstrate compliance with the following criteria:

Customers

  • The primary source of income for any paid software and services shall be the users, as they are the customers rather than the product.
  • Software that users install on their devices should work for primarily for them rather than for other parties.

Functions

  • Permissions shall not be requested that are not required to directly support the software’s advertised functions.
  • The software shall only access data and functions needed to directly support advertised functions.
  • Unadvertised functions are strictly prohibited. It shall be clear to the user exactly what the purpose of the software is.

Passing Data

  • When personally identifiable information is passed over public networks, the information shall be passed using appropriate encryption algorithms.

Sharing Data

  • User information, including personally identifiable information that is collected shall not be shared with third parties, even in an “anonymized” form, unless strictly required to perform advertised functions.

Further Ethics

  • Software whose primary purpose is to perform the following functions cannot be considered ethical:
    • Promotion of satanism, murder, violence, terrorism, or sabotage
    • Silencing or chilling dissenting views and free speech
    • Spying or otherwise violating the privacy of others

 

Again, this is only a first draft and these criteria will certainly be updated over time.

Crossing the Panopticon

Seeking privacy is a reasonable pursuit, even if you just don’t want to be targeted for advertising or political campaigns. Perhaps you also find corporate tracking to be creepy. However, there can be more serious concerns that you should consider.

Last week I heard a radio personality mention an article in Zero Hedge “Freedom Is A Myth: We Are All Prisoners Of The Police State’s Panopticon Village.” Of course, it can be tracked it back to the original article published on The Rutherford Institute’s website. Author John Whitehead is keenly aware of the police state in the United States and has written books on the topic, including Battlefield America: The War on the American People and A Government of Wolves: The Emerging American Police State. The premise of Whitehead’s article is that we live in a situation where we can be tracked at any and all times without our knowledge from a variety of angles. He states that this information can be used to control us, but doesn’t explicitly state how in this article.

This topic may sound extreme or like a nutty conspiracy theory, but the concerns are very real. Ever since Edward Snowden released information on domestic spying programs in 2013, we should all be aware that government spying is a proven reality. We should assume that the US government will be able to access any data that these corporations harvest from our devices. When bringing up this topic I often hear people say they have nothing to hide, but they are wrong. If you were totally moral and perfect beyond reproach, you could still be exposed to action by the US government if you get the attention of those in power and make them unhappy in any way. The vast quantity of information that is collected can be used to silence any and all forms of dissension.

For example, Harvey Silvergate’s book Three Felonies a Day: How the Feds Target the Innocent makes the premise that the US Code is so immense and unknowable that the average American citizen may be committing three felonies a day that they are completely unaware of. If we aren’t in jail right now, that could be a matter of selective enforcement. So, if they have enough information on your activities and you are actively doing something that irks them, like, say, fighting for privacy, you could find yourself threatened and silenced.

Is it smart to hand these corporations and the government all of the data from every aspect of your life so that they can find something to nail you with? What could possibly go wrong?!

At EDG, we are taking small steps to help you free yourself from the Panopticon.  Please provide tips using the link at the top-right of our homepage if you are aware of a topic that we should be covering or some software that we should be reviewing.

F-Droid: Free and Open Source Apps

Background

The F-Droid logo is the trademark of F-Droid Limited and is used here in accordance with fair use standards..

Many users assume that because they are using an Android device that the Google Play store is their only source for apps. This couldn’t be further from the truth. Quite a number of alternative app stores are available, including the Amazon Appstore, SlideME, GetJar, F-Droid, and a number of others. Historically, Android devices with unapproved hardware and software combinations would have to look for alternatives when Play wasn’t available for their use. Today there are workarounds to get Play and install it manually on even the most obscure, custom ROMs. Users who avoid Google’s services or who want even wider variety are are still interested in alternatives. Honestly, we haven’t tried many of the alternatives, but we’ll certainly look into them in the future, as some solutions for privacy might be found out there. For the moment, let’s concentrate on the F-Droid catalog, which has appears to be in a class of its own.

Review

F-Droid is owned by F-Droid Limited, a a non-profit organization exclusively covering free and open source software (FOSS) for Android devices. The apps they offer are all free-of-charge, meaning that you won’t pay anything for them, unless you choose to donate to the cause. From a data security perspective, open source software is inherently more secure because anybody can review the code to know that it functions properly and it is less likely to contain any sneaky features that aren’t in the advertised functions. F-Droid volunteers check software before it is posted in their catalog, but they warn that the use of any of the offered apps is strictly “AT YOUR OWN RISK.” Obviously, non-profit organizations can’t really afford to make any certifications or guarantees.

F-Droid will often observe that apps have functions that the user might not like. They do their best to share such features in the descriptions. Ultimately, because the software is open source, no functionality is completely hidden from the user.

There is little profit to be made in open source software, because the code is shared with the public. Anybody can download the code, compile it, and use it. In fact, many of the licensing arrangements allow other developers to modify and use pieces of the code when certain criteria are met, such as providing proper attribution, allowing further modification, and/or for non-commercial purposes.

Because there is little direct profit to be made, many open source developers create code as a hobby, request donations, or even get crowdfunding to support their efforts. Because hobbyists are prevalent in this domain, some software may have spotty support for some devices, will lack updates, and will often be completely abandoned when the developer gets hired to make for-profit software.

With that said, some of us who choose to avoid Google services entirely (such as two of us here at EDG who have gone as far as running Copperhead OS on our phones) have found that F-Droid offers a number of apps that are very useful and well-supported.

To name a few of the apps that I’m personally using from F-Droid (we’ll cover these in more detail in other posts):

  • Amaze, a great file-manager.
  • Boilr, which tracks bitcurrency prices and provides alarms at price thresholds that you’ve set.
  • DAVdroid, an indispensable app for syncing calendars, contacts, and tasks with DAV servers.
  • MuPDF, for viewing PDF documents.
  • SkyTube and NewPipe, alternate viewing apps for YouTube.

Terms

Pasted directly from F-Droid’s Site:

F-Droid respects your privacy. We don’t track you, or your device. We don’t track what you install. You don’t need an account to use the client, and it sends no additional identifying data when talking to our web server other than its version number. We don’t even allow you to install other applications from the repository that track you, unless you first enable ‘Tracking’ in the AntiFeatures section of preferences. Any personal data you decide to give us (e.g. your email address when registering for an account to post on the forum) goes no further than us, and will not be used for anything other than allowing you to maintain your account.
We have every reason  to believe that F-Droid is a highly ethical organization and means what they say. They are doing great work in providing FOSS to Android users without requiring everybody to execute their own code review.

 

Recommendations. At this time we recommend using F-Droid, while playing close attention to the description of each piece of app that you install to understand its functions and capabilities. As always, we also recommend checking the permissions that are granted to each app and shutting down any that are not absolutely necessary. We have not performed a code review of their installer/updater app or any of the apps in their catalog, but to our knowledge they are doing the best that any non-profit can to curate a catalog of safe (or at least reasonably well-understood) software.

Facebook: The Official App

Background

Facebook is a major player in social media.
The Facebook logo is the trademark of Facebook and is used here under fair use standards.

Facebook is a huge social media platform. Statistic Brain says that Facebook has 1.75 billion active monthly users (yes, that’s billion with a B). Every 20 minutes a million links are shared, 2 million friend requests are made, and 3 million messages are sent. With a large percentage of the world’s population connected, and vast numbers of young people checking Facebook before they even roll out of bed in the morning, a large number of people are installing the official Facebook app on their mobile devices. In fact, Google Play shows that this app has been installed on Android devices over a billion times! Indeed, it would be interesting to know what sort of information is harvested by this platform and how that data is actually used.

We don’t have information to state all the different things that Facebook may be doing with users’ data, but we can look at the permissions and the privacy policy that they’ve made public to gain some indication of what they may be collecting and how they might be using it.

Review

Let’s dive straight into the Facebook app’s permissions and Facebook’s privacy policy to see what we find.

Permissions

Pasted directly from Google Play:

  • Device & app history
    • retrieve running apps
    Identity
    • find accounts on the device
    • add or remove accounts
    • read your own contact card
    Calendar
    • read calendar events plus confidential information
    • add or modify calendar events and send email to guests without owners’ knowledge
    Contacts
    • find accounts on the device
    • read your contacts
    • modify your contacts
    Location
    • approximate location (network-based)
    • precise location (GPS and network-based)
    SMS
    • read your text messages (SMS or MMS)
    Phone
    • directly call phone numbers
    • read call log
    • read phone status and identity
    • write call log
    Photos/Media/Files
    • read the contents of your USB storage
    • modify or delete the contents of your USB storage
    Storage
    • read the contents of your USB storage
    • modify or delete the contents of your USB storage
    Camera
    • take pictures and videos
    Microphone
    • record audio
    Wi-Fi connection information
    • view Wi-Fi connections
    Device ID & call information
    • read phone status and identity
    Other
    • download files without notification
    • adjust your wallpaper size
    • receive data from Internet
    • view network connections
    • create accounts and set passwords
    • read battery statistics
    • send sticky broadcast
    • change network connectivity
    • connect and disconnect from Wi-Fi
    • expand/collapse status bar
    • full network access
    • change your audio settings
    • read sync settings
    • run at startup
    • reorder running apps
    • set wallpaper
    • draw over other apps
    • control vibration
    • prevent device from sleeping
    • toggle sync on and off
    • install shortcuts
    • read Google service configuration

Considering the sheer number of permissions requested, Facebook beats out even YouTube’s obsessive stalker tendencies, giving it the potential to be quite a data vacuum cleaner. Especially when it’s installed on more than a billion devices!

How does it stalk thee? Let us count the ways!

Device & app history. Because Facebook retrieves all of your running apps, it knows what other activities you are using your phone for while it is active.

Scrolling down to the “other” category, we see that this app automatically runs at startup. So, by default this stinker is always active. You don’t have to be actively using the app for it to be collecting information. Let’s keep that in mind as we examine what else they can harvest with these permissions.

Identity and accounts. Ideally, the Android setup will ask if you want the app to have access to the accounts that are stored in the device, so it shouldn’t wind up with access to your other accounts without your direct permission.

Calendar.  Facebook wants to be the center of your universe, as they openly state that they read your calendar events “plus confidential information.” If it’s used for planning social events, I can see why users might want the convenience of integrating with the calendar, but why would you want it to send email to guests without your knowledge? By default, it gets permission to do so. What could possibly go wrong when a vast corporate entity can pose as you, sending email on your behalf?

Contacts. Facebook gets full access to all of your contact information. Who do you know, where they live, what their phone numbers are, their birthdays, and perhaps photos of everybody. Isn’t that sweet? Harvesting contact information is especially invasive and completely unnecessary. Nobody in their right mind should allow any app to do this. Reading your contacts is bad enough, but they also get to modify your contacts. Again, what could possibly go wrong? You’ve probably assumed that you control what’s in your contact information. Think again.

Location. So, they can track your location. Combine this with run at startup, and you can be tracked whenever your Android device is turned on. Are we used to this fact in our surveillance state, yet? Carrying a cellular phone (it doesn’t even need to be a smartphone) means that your position can be tracked by the phone company, already, but why would we insist on continuing to increase the number of entities with access to this information?

SMS. Sure, Facebook really needs to read all of your private texts, right? The default permissions allow Facebook to. How does that even provide some kind of convenience for the user? This is completely unnecessary.

Phone. Users may want the convenience of having the app call their friends quickly when they’ve seen some messages from them. However, I wouldn’t want Facebook reading my call log and I surely wouldn’t give them the ability to write to my call log. Why would anybody want them writing calls to the log that weren’t the result of calls that were made? The uses for this last function are suspect, at best.

Photos, media, files. They need access so that you can edit and upload photos, videos, or whatever. However, they could use this to upload other files from your device, too.

Storage. If you use USB devices, it’s just more data that they can harvest.

Camera and microphone. So, naturally, these would be needed if you use the app to record and upload videos. Once they have access to these, they could use them to spy on you directly, too. This information can also be used for location by listening for ultrasonic beacons. Again, keep in mind that this app wants to start whenever your device is turned on, by default. No corporate entity would ever use this for nefarious purposes, would they?

WiFi connection information. Combined with location information and view network connections, they can map which networks are where. If you shut off their access to location information, they will still know exactly where you are by the networks that are within reach.

Device ID & call information. Like identity and accounts knowing what phone you are using and how you are using it can be added to the other information above to paint a very detailed picture of your personal life and to determine exactly who you are, even if you’ve tried to obscure any information.

Other permissions. They list twenty-two more permissions for this app. A couple of these are of particular interest:

  • Change network connectivity. Did you disable WiFi or your mobile data? That’s OK, they can simply turn it back on for you!
  • Reorder running apps and draw over other apps. These allow the app to keep Facebook content in the foreground, whether you want it to or not.

Privacy policy.

Facebook’s Data Policy can be found here. As surmised above, they can and do collect a lot of information on you because you’ve allowed them to. Because it’s a social application, they use information that you share with your friends to build more information about your friends. Naturally, information fed into the system about you will also be used to build information about you. If mapping all of the connections between billions of people wasn’t enough, they also state that they collect data from third parties and heap that into your digital dossier. This really is a very impressive data collection system that people willingly dump information into. Apparently, nobody cares or even gives a second thought about keeping any of their private information private.

How do they use your information? Like Google, they want to create “customized” experiences for you, which means that they are going to target you for advertising. They are going to make suggestions based on what they’ve learned about you and your preferences.

They admit that they are tracking your location in order to give you customized services.

They claim to “promote safety and security,” by “investigating suspicious activity,” so keep in mind that they are mining your data and activities for anything you might be doing wrong. If you are violating their policies by committing thought-crimes, then they can turn you in to your country’s Gestapo.

They share information with third parties, including:

  • “Advertising measurement and analytics services” so that you can receive targeted advertising.
  • “Vendors, service providers and other partners” for more of the same.
  • I find it odd that they don’t mention that they’ll certainly share your information without a second thought when served a warrant or national security letter. However, this is true of any US-based services that aren’t using a zero-knowledge approach.

They talk about how you can delete your information from their system. My understanding of what they’ve written is that they keep everything you’ve given them or allowed them to harvest until you delete your account. Am I crazy to doubt that they delete everything then? Information shared about you by others would only be deleted if they also deleted their accounts.

Recommendations. First, if you really must use Facebook’s services to contact your old high school buddies and enemies, be very careful about how much you share. We recommend that you minimize the information you put on these networks.

We do NOT recommend that you install their incredibly invasive app on your Android devices. If you must, be sure to shut off all but the most minimal permissions.

Perhaps you could choose to access Facebook via a browser on your Android device, but even then you need to realize the invasive nature of this “service” is so complete that you may want to avoid doing even that.

Shifting to a third-party app to access Facebook could potentially make the security concerns inherent with this service even worse, but we haven’t reviewed any of those apps to look at what they might do.

 

YouTube: The Official App

Background

The YouTube logo is a trademark of YouTube, Google, and Alphabet Inc. It is used here under fair use standards.

According to their press pages, YouTube has more than a billion users. The sheer volume of video available on YouTube is astounding, containing a wealth of entertainment and informational content. It incorporates social media aspects to share, recommend, and rate videos.

Naturally, many users want to watch YouTube videos on Android devices and YouTube provides an official Android app for this on the Google Play app store.

Note that YouTube is cracking down on users who have views that stray from what Tom Woods would call “the index card of allowable opinion.” Unapproved opinions are being demonetized, blocked, and removed. This is its own ethical issue, but we will refrain from discussing it further here. Ethical Developer Group’s focus is on how apps collect and use your information, rather than the behavior of the organizations that create the apps.

That said, YouTube is owned by Google (as is Android) and the parent company Alphabet Inc. Google’s business model is very much about harvesting data to target consumers for advertising. In 2013 it was revealed that they had been providing data to the NSA via direct server access since 2009. Once a company has violated users’ trust, it’s tough to win it back. Especially in an environment where the United States federal government likely pressures service providers of many types to provide backdoor access to users’ data.

We don’t have information to state all the different things that YouTube and/or Google may be doing with users’ data, but we can look at the permissions and the privacy policy that they’ve made public to gain some indication of what they may be collecting and how they might be using it.

Review

When looking at this app in the store, Google Play shares that this app contains ads. Nobody who has used YouTube on any platform will find this surprising, as advertising revenue is the main source of income for YouTube and many of the content providers who contribute videos to the platform.

Permissions

Pasted directly from Google Play:

This app has access to:
Identity
  • find accounts on the device
  • add or remove accounts
Contacts
  • find accounts on the device
  • read your contacts
Location
  • approximate location (network-based)
  • precise location (GPS and network-based)
SMS
  • receive text messages (SMS)
  • send SMS messages
Phone
  • read phone status and identity
Photos/Media/Files
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Camera
  • take pictures and videos
Microphone
  • record audio
Wi-Fi connection information
  • view Wi-Fi connections
Device ID & call information
  • read phone status and identity
Other
  • manage document storage
  • receive data from Internet
  • view configured accounts
  • YouTube usernames
  • YouTube
  • view network connections
  • change network connectivity
  • measure app storage space
  • full network access
  • control Near Field Communication
  • read sync settings
  • run at startup
  • draw over other apps
  • use accounts on the device
  • control vibration
  • prevent device from sleeping
  • toggle sync on and off
  • read Google service configuration

Seriously, did they forget anything, like my mother’s maiden name, perhaps? Let’s break down the issues with what they are asking for:

Identity and accounts. The chief identity that YouTube will be interested in will be the user’s Google credentials. However, the ability to access all of the identities on the phone and the ability to add and delete them sound like they could be abused. Even making connections between identities that the user has purposely left separate could provide interesting connections for Google to mine.

Contacts. If the full access to identities wasn’t enough, now YouTube gets access to all of your contact information. Who do you know, where they live, what their phone numbers are, their birthdays, and perhaps photos of everybody. Nice. Say your friend was carefully keeping their contact information private, you get to be the one who leaks their information to the Google Goons! You should win awards for being such a thoughtful friend! (It should be noted that the default settings on an Android phone will generally upload all of your contacts to Google Contacts, anyways, meaning that Google will already have all of this information.)

Location. So, they can track your location. Combine this with run at startup, and you can be tracked whenever your Android device is turned on.

SMS. Do people want this app to send and receive texts? Beyond the ability to run up the user’s costs, if they don’t have unlimited data, this gives Google access to your private communications.

Phone status and identity.  Combine this with device ID, and we’ll ensure that YouTube/Google know exactly who you are, even if you tried to hide any of that information from them. Combine this with call information, and you are giving them access to who you’ve been talking to. This could be one hell of a tool for antiterrorism, marketing, and hunting down dissidents.

Photos, media, files. They need access so that you can edit and upload videos. However, they could use this to upload other files on your phone, too.

Camera and microphone. So, naturally, these would be needed if you use the app to record and upload videos. Once they have access to these, they could use them to spy on you directly, too. This information can also be used for location by listening for ultrasonic beacons.

WiFi connection information. Combined with location information and view network connections, they can map which networks are where. If you shut off their access to location information, they will still know exactly where you are by the networks that are within reach.

Privacy policy.

YouTube uses the standard Google Privacy Policy. Read through it carefully, and you’ll see that every Google app and service you use actively collects your information, including even the content of your emails, and they have pretty free reign on what they do with it. They spell out some limitations on what they share, but those things that they don’t share, they still have for their own purposesKeep in mind that any time you use any of Googles services, you’ve inherently given them information to track all of your actions.

Recommendations. When I saw the an update to the YouTube permissions a few months back, I chose not to update the app. When I recently switched to a new personal phone, I chose not to load the YouTube app. Instead, I’m quite happy using a combination of SkyTube and NewPipe to access YouTube content without logging into my Google account. I will write another article on this later.

In fact, I’m running a heavily modified, open source version of Android 7.1.2, which doesn’t incorporate any Google services whatsoever. We will talk about Copperhead OS in further articles, as it offers an excellent solution for getting the benefits of Android without the privacy issues.

Why Start Ethical Developer Group?

Keyboard GraphicLike the rest of the computing world, the Android environment has some very real issues with privacy. Companies are harvesting users’ data and using it for their own purposes. Unless you’ve been careful to review permissions and privacy policies for every app you’ve installed, chances are good that your apps are delivering private information to third parties without your knowledge. We believe that this is unethical, even when it is perfectly legal. Ethical Development Group is here to identify these issues, share solutions, and provide advice so that Android users can make intelligent decisions about the apps they install on their devices and maintain their privacy.

For the past several years the media has been full of reports, like this one from the BBC, showing that many smartphone apps are harvesting your information and sharing it with third parties. Apparently, grabbing the data on your phone isn’t enough, as further innovations continue to emerge for collecting data and tracking users. There’s even a recent study showing that many apps utilize ultrasonic beacons to track users’ TV-watching activities and the stores that they visit.

Permissions and Privacy Policies. When you install an app, you give an app permission to access your data and inherently “agree” to the terms of the privacy policy for that software. In many cases, app users don’t even get a Terms and Conditions screen asking them to review and agree. By installing, agreeing to the permissions, and using the software, it is assumed that you agree to the developer’s privacy policy. Often you’ve waived your right to keep your data private and the software developer can now collect your data and sell it to third parties.

In some cases, it is beneficial to share data needed for the app and related services to operate. For instance, navigation apps need to know where you are so that they can provide directions, traffic loading, road conditions, and other information.

When that same app collects and uploads personal data to their server that isn’t required for the software to perform its advertised functions, even if you’ve agreed and the action is perfectly legal, we believe that the behavior is unethical.

It’s well known that very few people read Terms and Conditions. In some cases, T&Cs have included Rumpelstiltskin clauses where users are required to hand over their first-born child as payment. In repeated studies like the one reported here, the vast majority of users simply clicked “I agree” and proceeded to use the software. Likewise, very few users take the time to review permissions or privacy policies.

What have you signed up for? Was there a Faustian clause that you’ve missed, surrendering your immortal soul for access to video games or vegan recipes? You might never know. EDG is here to change that!

Please join us. We are beginning a journey to create a more informed Android community where people can make fully-informed choices about the app choices they make. We believe that this will allow ethical app developers to differentiate themselves and be more profitable, while making it tougher for less-ethical app developers to get their hands on your private information.

Our Roadmap. Our approach is multifaceted, as we will build up our approach starting with a basic service and evolving into complex analyses:

  • First, we will pursue understanding what we have already signed up for, reviewing the permissions and privacy policies of many common apps.
  • We will develop testing procedures to track the behavior of apps, enabling a basic, limited level of certification.
  • We will develop a deluxe certification program where full code reviews will be used to certify ethical apps.

Again, please join us! Join our email list using the dialog on the right side of the screen. Please also contribute to the comments on this and other articles. We want your tips on Android apps with bad permissions and privacy policies that are either stupendously good or horrific. We are also interested in solutions for protecting privacy on Android platforms.