← Back to team overview

ubuntu-phone team mailing list archive

How do we protect the user from data-collecting apps?

 

Hi all!
I've been thinking about this for a while, but always forgot to ask others' opinion about this, till now. :-)

We do a great job in protecting privacy-sensitive resources such as camera and location, which are available only after an explicit grant by the user. However, network access is automatically granted to all applications, and the user is not notified of any online activity. That is, there is no guarantee that a photo application wouldn't upload the photos it takes to some third party service, or that one developer writes a clone of the SensorStatus app which uploads all the data somewhere.

The problem is actually present for applications that don't use camera or GPS too, but which however handle possibly sensitive data, such as a shopping list application, or a todo application.

So, the question is: shouldn't we try to be more clear to the user about whether an application he's about to install declares the "network" policy?

Or, even better, give some sort of real-time indication whenever the active application is making active use of the internet? (maybe with a led-like item in the indicators bar) Of course, the latter could be disabled by users who don't care, but I would personally love to be informed whenever an untrusted app is transferring data.

Ciao,
  Alberto


Follow ups