Jump to content

Wikipedia:Reference desk/Archives/Computing/2012 March 1

Add links
From Wikipedia, the free encyclopedia
Computing desk
< February 29 << Feb | March | Apr >> March 2 >
Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


March 1

[edit]

Android app paranoia

[edit]

How do I determine whether an Android app is trustworthy or not? The app I'm considering installing is Android Lost

How do I know

  • who is writing the software?
  • what personal information could the app access from the phone and store in its own servers?
  • that the app won't start spamming me (or popping up commercial messages or whatever)?
  • what happens to my data if the company goes bankcrupt, can the data be acquired by a less trustworthy company?

From the webpage, I get the impression that Android Lost is written by just one person, whose name I didn't find on the page (maybe I didn't look hard enough, or was tired, its late here.). Installing the app means putting a lot of trust in the developer (whose name I don't know), who doubtlessly is working hard to produce an app that appears to be in high regard, and who lives by donations. What if this good guy gets tired of his low-income situation, and turns info a bad guy who discovers new ways of making money from the resources he controls by having his app installed in many phones; ways of making money that are not beneficial to the phone owners (annoying popups, fraud, identity theft, or phone-botnets (if such beasts exist)).

  • What guarantees to I have against something bad happening?
  • How ugly could it get?
  • Am I being paranoid, or do my questions represent common sense caution?
  • A final question - what is the status of open-source, quality Android apps?

Thanks, --NorwegianBlue talk 00:42, 1 March 2012 (UTC)[reply]

Often the app's permissions can help determine if the app is going to do something it shouldn't. Permissions are enforced by the system, so if the developer doesn't declare a permission they can't use it. But this particular one looks like it actually does need a lot of potentially dangerous permissions. Unfortunately, if the source code isn't available, it can be very difficult to determine what the app is actually doing. It seems to be trustworthy currently; if you're concerned that it may change in the future, disable automatic updates and then check the reviews before manually updating. If permissions change, a manual update will be required regardless of your preference, so use that opportunity to research the change. Reach Out to the Truth 02:18, 1 March 2012 (UTC)[reply]
Ok, let's try and get some answers.
  1. To discover the author, I searched for the app in the Android Market. It seems to be made by a guy called Theis Borg. A little further Googling leads me to believe that that's this guy.
  2. At the app's page on the Android Market you can click permissions and see all the features on your phone that this app will be able to access. Basically it's everything, but that's not too surprising since this is an app that allows you to control your phone remotely. It does mean, though, that the app could (as in, will have permission to) access information on your phone, including your IMEI number, your location, details of your SMS messages and more.
  3. Given the permissions you have to allow for this app, the answer to this is, 'you don't'.
  4. This might get a little close to 'legal advice', so I'll reserve the right not to answer this one right now...
  5. You might want to read the section about security on the developer's website - particularly the section saying "Trust: Basically all of the above is just text. You _will_ have to trust me that I am a nice guy and all that I say is true. If you do not trust me that is quite OK - then you should not install this app. No hard feelings from my part."
  6. Worst case scenario? Someone else can take control of your phone and all the information therein, and deny you access to it. Although you would have the phone in your hand, it would be as useful to you as if it was stolen. As I say, worst case.
  7. Paranoid? Yes, you are. However, that's not necessarily a bad thing. This app feels legit to me, and the developer has got his contact details, including home address, freely available on the net. That's generally not something that you do when you're out to rip people off. Also the reviews seem quite positive. On the minus side, I don't see any reviews of the app from 'big media' - I'm thinking Engadget, Gizmodo, Lifehacker, those sorts of things. That doesn't mean it's not good, just that it hasn't broken into the mainstream. Final point is that the app has over 100,000 downloads in the last month alone. Google is normally pretty quick at dealing with issues in the Marketplace, and if any of those 100,000+ people had reported something fishy with the app it wouldn't still be around for download. My advice would be to check out alternatives to this app (I like Prey personally) and have a think about the permissions, weigh up the consequences with the benefits of the software and then make a decision.
  8. Sorry, but I'm not quite sure what you meant by this question. And I'm not sure I'm the right person to ask.

Hope all this helps! - Cucumber Mike (talk) 11:49, 1 March 2012 (UTC)[reply]

Worst case scenario: You have your emails, passwords, bank info, phone numbers on your phone. They use your phone to call their own premium rate numbers, as a relay for their terrorist/drug activity, to WikiLeak your secrets, to plant incriminating information, to harass your family and friends, to access your bank accounts, to steal your identity (if anyone would want it after all the previous steps). Rich Farmbrough, 16:27, 1 March 2012 (UTC).[reply]
If it's open source, then you can read the code and compile it yourself... Rich Farmbrough, 16:28, 1 March 2012 (UTC).[reply]
Thanks everyone for your responses! Special thanks to Cucumber Mike for a very thorough and useful answer. Sorry about being unclear in the last question. I meant to ask about the availability of open source, high quality apps for Android, because my impression is that just about everything is closed source. But I think I'll research the question a bit more myself, and come back with a separate question about this if necessary. --NorwegianBlue talk 18:15, 1 March 2012 (UTC)[reply]
FDroid's repository includes only free and open source applications. That's what I use. I just found AOpensource.com as well, which I haven't taken a look at yet. You can probably also find others that aren't included in those resources by searching the Android Market for terms such as "free software", "open source", and "GPL". Reach Out to the Truth 18:56, 1 March 2012 (UTC)[reply]
Thanks! I just browsed both sites superficially now, and saw lots of stuff that looks interesting. Excellent! --NorwegianBlue talk 21:49, 1 March 2012 (UTC)[reply]

Browser appearance off, can't remember changing settings

[edit]

Never mind: I've moved this to the "Color doesn't change for links when I visit them; is this an update-related problem?" section at WP:VP/T. Nyttend (talk) 14:12, 1 March 2012 (UTC)[reply]

Motorola RAZR V3i - Voicemail Problems

[edit]

I have two questions about a second-hand Motorola RAZR V3i that I've got that I would like help with please.

Q.1 - When ever I get a voice message & try to listen to it again, the recording says "Press option 4 to listen again" but when I do press option 4 to listen the recording asks me to select an option & lists all the options again. It doesn't matter how many times I press option 4, I can't listen to my messages again & the recording just keeps repeating the options. Am I doing something wrong ?

Q.2 - When I've gone to various phone shops & asked them about this they keep teling me that I,ve got to go into the phones settings or options & "Set them properly". And some have even asked me why the No. 1 Key doesn't have the Voicemail symbol on it (the one that looks like to circles joined by a line either on their top or bottom), as they say "Should be as it's on all phones". Scotius (talk) 13:57, 1 March 2012 (UTC)[reply]

My first reaction would be that this sounds more like an issue with your carrier (your phone company) than the phone, presuming, of course, that the '4' key actually works. What carrier do you use, and in which country? (e.g. Verizon, USA; O2, UK; Telstra, Australia) - Cucumber Mike (talk) 15:12, 1 March 2012 (UTC)[reply]

I'm on T-Mobile in the UK. Also I should of said that's it's not just the '4' key but all the keys when selecting an option. They don't make a tone noise like when they do when you are dailing a phone number. But when I do want to make a call the keys do make a tone. Scotius (talk) 12:07, 2 March 2012 (UTC)[reply]

On your phone, enter the Settings Menu, then Initial Setup, then DTMF. Change the setting from off to on (or whatever - I'm not sure of the exact wording). It should now work. DTMF signals are the 'touch tones' you hear when you "Press 1 for the robotic voice department, Press 2 to be put on hold, Press 3 to go round in a circle until you hang up", and it seems the previous owner of your phone turned them off for some reason. - Cucumber Mike (talk) 12:45, 2 March 2012 (UTC)[reply]

In the DTMF menu, it has three options: off, short & long i've set it to long. Is that okay ? Scotius (talk) 11:53, 3 March 2012 (UTC)[reply]

Dunno, does it work? :-) (I'm at a bit of a disadvantage here, since I don't have the phone here, and I can't reproduce your problem with anything I do have to hand. But if you try long and it works, great, if not try short, and if it still doesn't work let me know and I'll have another think) - Cucumber Mike (talk) 12:05, 3 March 2012 (UTC)[reply]

I've just tried by phoning my voicemail & was able to listen to an old voice message. So I'm taking that as it now works. Thanks for the help. :D Scotius (talk) 13:38, 3 March 2012 (UTC)[reply]

DEP and CometBird

[edit]

Data Execution Prevention is killing my Comet Bird every few minutes or so. I am running Grease Monkey and Shockwave Flash - all other add-ins are disabled. Anyone familiar with this problem? Rich Farmbrough, 16:34, 1 March 2012 (UTC).[reply]

Not this in particular, but you can turn off DEP for selected programs. In my opinion programs that are stopped by DEP are either buggy or poorly designed, or perhaps they are suffering from malware. 09:44, 2 March 2012 (UTC)
I resolved it by changing the scripts I was running under Grease Monkey. Since the 486 there have been hardware facilities to protect memory segments, and on a software level, a Greasemonkey script should not be able to behave too badly in this respect, however I am chalking it up to a script bug for the moment. I had suspected malware infecting the browser executable, but reinstalling the browser did nothing, changing the scripts cured it. Not conclusive, but indicative. Thanks for your reply. Rich Farmbrough, 16:12, 2 March 2012 (UTC).[reply]

Windows compression?

[edit]

What is this? When I click on a folder and click on properties on windows, I apparently compress it? And it doesn't even make it a file like zip, 7z, rar, gz. etc. Now it displays the names with blue letters, what this actually do? 190.158.184.192 (talk) 21:49, 1 March 2012 (UTC)[reply]

It is NTFS compression. Shadowjams (talk) 22:18, 1 March 2012 (UTC)[reply]
So the processor uncompress it everytime I open the file? — Preceding unsigned comment added by 190.158.184.192 (talk) 22:28, 1 March 2012 (UTC)[reply]
Yes. The process is mostly transparent to the user, but I think there is very little benefit to using it with the size of hard drives today, and there are drawbacks. Bubba73 You talkin' to me? 04:21, 2 March 2012 (UTC)[reply]
The value in disk compression is mainly speed rather than space, it takes less time to read a compressed file (even allowing for de-compression). On the other hand most disk-intensive file formats have compression built in, certainly consumer formats. The majority of other big files are generally stored in an extrinsic compression such as bz2. A good example of a file where transparent compression is useful is a Wikipedia dump, the 4 January 2012 "pages articles" dump is 33.1G but only takes 19.1 G on my drive thanks to NTFS compression. Rich Farmbrough, 16:20, 2 March 2012 (UTC).[reply]

Official looking Yahoo email

[edit]

I am a BT Yahoo customer and have just received the following email purporting to be from them. The sender has a bt address, but I am wondering if it is genuine. Email reads as follows:

"Thanks for using Yahoo mail, This message is from yahoo messaging center to all yahoo free account owners and premium account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused yahoo account to create more space for new accounts.

To prevent your account from closure Click here for a quick update."

I'm inclined to believe it's a hoax, but I suppose there's always a chance it could be genuine. Can anyone advise me? Have anyone else received this or similar emails? 86.162.52.212 (talk) 21:53, 1 March 2012 (UTC)[reply]

The poor grammar and spelling is a definite sign for me that that's a hoax. Further, I believe Yahoo simply closes accounts that have not been logged into for some time (it must have been about six years ago now, but my previous one was closed for inactivity along these lines) and would not need you to specifically click on a link to see that your account's being used. sonia21:58, 1 March 2012 (UTC)[reply]
Very fishy. If you are worried about Yahoo closing your account because of inactivity, the obvious thing to do would be to use your account for what it's intended for, send an email or whatever. No need to click on a link in a suspicious email. See also here. --NorwegianBlue talk 22:15, 1 March 2012 (UTC)[reply]
You do need to regularly (once every 6 months or so) log into most email services to keep them active... however do that by going directly to the site yourself... don't click on the link in an email like this. Shadowjams (talk) 22:16, 1 March 2012 (UTC)[reply]
See this blog post from Sophos. Although it refers to Hotmail in this case, the principle is the same. For the avoidance of doubt, every email which says it is from your email provider, your bank, Facebook etc, which says that 'in order to confirm your details' you just need to click a link is a hoax. No exceptions. - Cucumber Mike (talk) 23:18, 1 March 2012 (UTC)[reply]
Thanks for the heads up everyone, BT Yahoo is actually my main account so there shouldn't be a problem, but the thing that threw me was the email came from an @btinternet.com address. 86.162.52.212 (talk) 23:42, 1 March 2012 (UTC)[reply]
Email addresses can be easily forged. If you are somewhat computer-savy, you can save the original email (which is almost certainly HTML) and inspect the source. This will usually reveal the actual address the link would take you to. I tend to do that occasionally out of curiosity, and in 95% of all cases, it's a link to a Windows ".exe" file on some server in Elswhereistan. --Stephan Schulz (talk) 01:09, 2 March 2012 (UTC)[reply]
Just for reference, the process is called email spoofing. Vespine (talk) 05:14, 2 March 2012 (UTC)[reply]

One thing to do when you get these kinds of e-mail is to hover your mouse (not click) on the link, so that the address shows up. If the domain name is anything other than yahoo.com, or whoever the mail claims to come from, it's a hoax. JIP | Talk 05:26, 2 March 2012 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Reference_desk/Archives/Computing/2012_March_1&oldid=1138588929"