Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: "R.Wieser"
Newsgroups: comp.mobile.android
Subject: Re: Android keyboard: your choice.
Date: Mon, 24 Jun 2024 09:39:18 +0200
Organization: A noiseless patient Spider
Lines: 55
Message-ID:
References: <20240617114559.a2970ac2923facc44a2ec355@gmail.com>
Injection-Date: Mon, 24 Jun 2024 10:46:38 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d1df2db1434430c13aa56a53eec16b7f";
logging-data="908600"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19Cjo0jFcVW7M5bKtdAALo2DTHNWLKw+tLEFzo1uJ5I9Q=="
Cancel-Lock: sha1:qLTVwvU+scbVTbNdK8otrF/OL4k=
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
Bytes: 3677
Arno,
> I did not mention the app, that was "Henry The Mole"
> in his post on June 17, 2024.
He was the first to suggest it. You shoved it forward several times after
him.
> I just tried explained how I came to the conclusion that it does not
> abuse private data
Thts pretty-much the problem : you're still talking about a(n specific) app,
while my focus was-and-is on the permission.
And although you are right that the absense of the INTERNET permission for
that app seems to indicate that exfiltration isn't possible*, I do not leave
my safe open because I've locked the front door.
*though at least one person here seems to think that Google can exfiltrate
without it.
But yes, looking at the apps manifest I do not recognise any way in which it
could. On the other hand, that doesn't mean much, as I'm a newbie in this
(why do you think I have been asking about it?), and I could easily miss
another permissions unwanted interaction.
The end result ? Especially with privacy related permission I don't allow
what I do not see any need for and can be done differently. Which, for this
case, I explained that several days back.
> I also repeatetly suggested *not* to trust me blindly but to ask someone
> else
> who is able to understand the source code of Heliboard
I do not have anyone in my neighbourhood who could, or even wanted to do
that. They just install the stuff and trust it into high-heaven.
> and maybe even compile your own version based on that code to be sure what
> you get!
:-) I seem to remember that, in relation to you making the same claim
earlier, I asked you if you also vetted the libraries that an app uses. I
did not hear anything back, so I take that as a "no". And as chances will
have it the website I mentioned before also posted articles about how app
builders sometimes build malicious apps - not because they intended to do
so, but simply because they used third-party libraries that contained the
malicious code.
Besides, I think also mentioned that I do not (yet?) have access to both the
knowledge needed for it, or the tools to do so.
Regards,
Rudy Wieser