Jump to content

GoApps - investigating the privacy claims

Guest PaulOBrien

By Guest PaulOBrien
in Software

 Share

Recommended Posts

Guest Paul

Guest Paul

Posted
Posted

Hi all!

I recently tweeted about how i've started using various 'Go Apps' (Go Launcher, Go Score, Go Keyboard etc.) and I received a number of replies citing possible privacy issues with the apps. These centered mostly around concern that the apps were taking a devices IMEI and spiriting it away to an unknown server somewhere. Now, when I hear such claims my approach is always to want to verify them and find out more myself... so that's what i'm doing! :rolleyes:

Firstly, i've e-mailed the Go Dev Team to ask for a response on such concerns. I only mailed them last night and haven't had a response as yet... i'll update this post if and when they reply.

Secondly, i've downloaded the various apps (specifically Launcher, SMS Pro, Contact, Score and Weather) to my machine and extracted them so I can have a snoop through the code. It's early days - i've literally just looked them over briefly - and i'll again be posting here as I find anything of interest. I've started this topic as a place to post my findings, but more importantly as a place for others to post any information if they have any (since there's a lot of people expressing some sort of opinion on this!)

Thirdly, I am approaching this with a totally open mind. I've been very disappointed (but not at all surprised, sadly) by the number of people assuming 'the apps are free, they're developed in China so they must be stealing my data'. C'mon people, really! :) I believe that the company behind the Go apps, 3G.cn, are actually VC funded.

So... to my findings so far. As I say, I am just starting to have a poke around, but here's what I'm seeing...

  • All the apps have getIMEI functions, but in fact it looks like the function is only called in the Contacts app, as part of the Ad platform (see below)
  • It looks like the Go team are using some advertising frameworks from Mobclix, which appears to read the IMEI

Stay tuned for more info, i'm just getting started. :rolleyes:

P

Link to comment
Share on other sites
Guest Paul

Guest Paul

Posted
Posted

OK, following up on the VC investment... see this news item about the investment in the parent company 3G.cn, and this response from the Go team themselves on XDA, quote:

First of all, I totally understand your concern about the application permission and thank you for your feedback!

GO Dev Team is part of the development teams from the well-known mobile Internet company, 3G Portal (aka 3G.cn). GO Dev Team is dedicated for Android based application development.

3G.cn ranks the #1 mobile portal website in China, with ~30 million daily active users and near 1 billion overall page views. They devolped quite a lot application started from Symbian/KJava/Windows mobile age since 2005, all FREE for use. Their business model comes from mobile website and its related paid service, such as online advertisement, VIP reading, mobile B2C and business solutions.

In China, 3g.cn is a very reliable source of news/sports/entertainment info and mobile applications.

As of permissions, GO Dev Team tried to remain minimized. For better user experience, we included version check and necessary notification module, which requires Internet access to our server. As of Contact access, that's what we cannot bypass for SMS and Contacts software.

We will keep our application Free (even for so-called Extra versions). If possible, upon request like some of user already did, we will think about open a donation channel, OR even make some paid extra themes, but again, monetization is not our priority.

Any question or concern , please let us know [email protected]

[Might not be able to reply everyone but we do listen]

Millions of users are using -- GO Laucher, GO SMS, GO Contacts, GO Weather, GO Touch Chinese, GO Browser Chinese and more --

P

Link to comment
Share on other sites
Guest Paul

Guest Paul

Posted
Posted

OK, I can see nothing in the apps that cause me any real concern over and above what I would call normal, justifiable use of the data. In reality, identification of device via IMEI is the ONLY way to guarantee correct unique identification of a specific device. Although the ANDROID_ID is an alternative, this CAN change on a factory reset, so is arguably not fit for purpose.

I personally plan to carry on using the Go apps!

P

Link to comment
Share on other sites
Guest goatee

Guest goatee

Posted
Posted

Thanks for the investigation Paul - I really like the Go apps, and would actually pay for them if they were not free.

OK, I can see nothing in the apps that cause me any real concern over and above what I would call normal, justifiable use of the data. In reality, identification of device via IMEI is the ONLY way to guarantee correct unique identification of a specific device. Although the ANDROID_ID is an alternative, this CAN change on a factory reset, so is arguably not fit for purpose.

I personally plan to carry on using the Go apps!

P

Link to comment
Share on other sites
Guest Paul

Guest Paul

Posted
Posted

Incidentally... I grabbed the /data/app directory from my GSII, which has 375 APKs in! :) I decompiled all of them and a whole bunch of them also read the IMEI, including apps by some very big names... food for thought... an amusing one was CoPilot, which has a GetIMEI function, except it actually gets the android_id, lol!

P

Link to comment
Share on other sites
Guest Ian-OS

Guest Ian-OS

Posted
Posted

Hi Paul,

Thanks again for looking into this. Based upon your findings I am very happy to continue use of the Go apps. I think the launcher in particular is excellent - quick, stable and not over large IMO. The weather app has some lovely vid sequences too :-) I am running on a Galaxy S, with the Samsung 2.3.3 Gingerbread.XXJVO build.

Cheers,

Ian :-)

OK, I can see nothing in the apps that cause me any real concern over and above what I would call normal, justifiable use of the data. In reality, identification of device via IMEI is the ONLY way to guarantee correct unique identification of a specific device. Although the ANDROID_ID is an alternative, this CAN change on a factory reset, so is arguably not fit for purpose.

I personally plan to carry on using the Go apps!

P

Link to comment
Share on other sites
Guest Chaz_UK

Guest Chaz_UK

Posted
Posted

Thank you for the investigation Paul. Interesting stuff. It is a shame that some people assume the worst regarding China but the mainstream media do like go paint the country in a negative light.

Link to comment
Share on other sites
Guest Alex (nedge2k)

Guest Alex (nedge2k)

Posted
Posted
Incidentally... I grabbed the /data/app directory from my GSII, which has 375 APKs in! :) I decompiled all of them and a whole bunch of them also read the IMEI, including apps by some very big names... food for thought... an amusing one was CoPilot, which has a GetIMEI function, except it actually gets the android_id, lol!

P

must still use it though as it is locked to imei, as is skyfire.

Link to comment
Share on other sites
Guest Alex (nedge2k)

Guest Alex (nedge2k)

Posted
Posted

nah was talking v8 - you have to deactivate on device then re-activate on new device. had to do it a couple times when nexus had mobo swapped.

Link to comment
Share on other sites
Guest Schwinni

Guest Schwinni

Posted
Posted
Wouldnt it be better to track the sim card number if you wanted to make sure of who was using your app?

I don't think that's a good idea.

A SIM card is changed more often than your IMEI (which normally doesn't change).

Think about paying a cheap card when you are on vacation in a foreign country...

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept