REPLY TO THREAD
Verizon SPYWARE on Smartphones without user Permission or Knowledge?
So I got myself an Android based smartphone from Verizon. Save yourself the trouble, I know you are much smarter than me and would never own such a device, or would at least root it. I bought it because I wanted to develop Android apps, and I have not yet rooted it because I don't want to void the warranty or introduce new problems into the device.
The firmware on the device bundles an app called VZNavigator. This is Verizon's bloatware solution for a problem which never existed. Unlike VZNavigator, Google Maps provides navigation services which can be stopped, killed, or even removed from the device. Google Maps can also be operated at no cost to the user. Chosing which navigation package to use is a no-brainer.
VZNavigator will not stop running with a simple kill signal from a task manager. The only way I have found to get it out of my CPU and RAM is to "force close" it, which is not generally a good practice. Unfortunately, this is only a temporary fix, as it gets relaunched incessantly. Everytime it gets relaunched, it establishes a 4G connection even if I am already on WiFi! What the hell is this app afraid to send across WiFi where it could easily be logged and analyzed?
Beyond the annoyance of the relaunch and unnecessary 4G connection, the app utilizes 100% of the CPU, causing all other apps on the phone to freeze for varying lengths of time. This can be quite frustrating at times, causing other time-sensitive apps to fail. I have also been unable to place phone calls for several seconds during this period, and have found the phone getting warm due to the GPS being enabled despite my configuration having it disabled. Granted, I do not believe I have noticed the GPS being enabled since the last firmware update, but the phone still becomes totally unresponsive to user interaction during periods where VZNavigator is relaunching itself.
I talked to Verizon Support, which was no help at all. Their only suggestion was to root the phone which would void my warranty and erradicate any responsibility they have for support.
Upon looking at the permissions this app posesses, I was horrified. When installing apps from the Android Market, I always review the permissions requested by each app and refuse to install apps which request permissions which I deem unwarranted. This VZNavigator app is pre-installed by Verizon, so I was never presented the permissions required list, nor was I given the opportunity to decline the permissions request.
Check out the permissions this app has given itself, without the user's agreement or even knowledge:
Here's the stinky linky: [link to market.android.com (secure)]
Check out the reviews from users, yet Verizon still persists with this forced install.
For those who do not wish to click the link, here's the permissions list:
This application has access to the following:
Services that cost you money
directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
change your audio settings
Allows application to modify global audio settings such as volume and routing.
Allows application to access the audio record path.
fine (GPS) location
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
coarse (network-based) location
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
mock location sources for testing
Create mock location sources for testing. Malicious applications can use this to override the location and/or status returned by real location sources such as GPS or Network providers.
read SMS or MMS
Allows application to read SMS messages stored on your device or SIM card. Malicious applications may read your confidential messages.
edit SMS or MMS
Allows application to write to SMS messages stored on your device or SIM card. Malicious applications may delete your messages.
Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
full Internet access
Allows an application to create network sockets.
create Bluetooth connections
Allows an application to view configuration of the local Bluetooth device, and to make and accept connections with paired devices.
Your personal information
read contact data
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
modify/delete USB storage contents modify/delete SD card contents
Allows an application to write to the USB storage. Allows an application to write to the SD card.
retrieve running applications
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Allows an application to disable the keylock and any associated password security. A legitimate example of this is the phone disabling the keylock when receiving an incoming phone call, then re-enabling the keylock when the call is finished.
prevent device from sleeping
Allows an application to prevent the device from going to sleep.
change network connectivity
Allows an application to change the state of network connectivity.
change Wi-Fi state
Allows an application to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks.
access extra location provider commands
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
view network state
Allows an application to view the state of all networks.
view Wi-Fi state
Allows an application to view the information about the state of Wi-Fi.
automatically start at boot
Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.
send sticky broadcast
Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the device slow or unstable by causing it to use too much memory.
power device on or off
Allows the application to turn the device on or off.
Did any of you agree to allow this crap on your phone? Is there an attorney out there looking for a case?
Pictures (click to insert)
| | Next Page >>|