Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: "R.Wieser" Newsgroups: comp.mobile.android Subject: Re: Android keyboard: your choice. Date: Mon, 24 Jun 2024 09:39:18 +0200 Organization: A noiseless patient Spider Lines: 55 Message-ID: References: <20240617114559.a2970ac2923facc44a2ec355@gmail.com> Injection-Date: Mon, 24 Jun 2024 10:46:38 +0200 (CEST) Injection-Info: dont-email.me; posting-host="d1df2db1434430c13aa56a53eec16b7f"; logging-data="908600"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19Cjo0jFcVW7M5bKtdAALo2DTHNWLKw+tLEFzo1uJ5I9Q==" Cancel-Lock: sha1:qLTVwvU+scbVTbNdK8otrF/OL4k= X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5512 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 Bytes: 3677 Arno, > I did not mention the app, that was "Henry The Mole" > in his post on June 17, 2024. He was the first to suggest it. You shoved it forward several times after him. > I just tried explained how I came to the conclusion that it does not > abuse private data Thts pretty-much the problem : you're still talking about a(n specific) app, while my focus was-and-is on the permission. And although you are right that the absense of the INTERNET permission for that app seems to indicate that exfiltration isn't possible*, I do not leave my safe open because I've locked the front door. *though at least one person here seems to think that Google can exfiltrate without it. But yes, looking at the apps manifest I do not recognise any way in which it could. On the other hand, that doesn't mean much, as I'm a newbie in this (why do you think I have been asking about it?), and I could easily miss another permissions unwanted interaction. The end result ? Especially with privacy related permission I don't allow what I do not see any need for and can be done differently. Which, for this case, I explained that several days back. > I also repeatetly suggested *not* to trust me blindly but to ask someone > else > who is able to understand the source code of Heliboard I do not have anyone in my neighbourhood who could, or even wanted to do that. They just install the stuff and trust it into high-heaven. > and maybe even compile your own version based on that code to be sure what > you get! :-) I seem to remember that, in relation to you making the same claim earlier, I asked you if you also vetted the libraries that an app uses. I did not hear anything back, so I take that as a "no". And as chances will have it the website I mentioned before also posted articles about how app builders sometimes build malicious apps - not because they intended to do so, but simply because they used third-party libraries that contained the malicious code. Besides, I think also mentioned that I do not (yet?) have access to both the knowledge needed for it, or the tools to do so. Regards, Rudy Wieser