I had two apps that radically changed their business model (owner?) through updates with no recourse.
I had an app called gas cubby, which let me locally - on the phone - keep track of all my vehicles. I could enter detailed information about each car such as year, make, model, vin, insurance policy, gas purchases, oil changes and the like. It would tell you gas mileage and remind you of upcoming maintenance.
One day, I updated the app and all my local data was uploaded to the cloud.
Another app I updated was camscanner from tencent that basically did the same thing. Think of all the PDFs you scan going to their cloud.
I've been writing apps for a long time. They are usually free/Tier 1 apps.
A while back, I was approached by a [NATION OBFUSCATED] developer, asking to buy up one of my older apps (they are all open-source).
I ignored the request, and reported the approach to Apple, as I'm sure that this actor has been doing the same for many other apps.
This is apparently a common method for malware-slingers. They buy established, older apps, that they assume the developer has abandoned (I hadn't abandoned it, but it's a simple app that hardly ever needs tweaking. If I stop supporting an app, I remove it from the store).
They then "update" the app, with a little "extra flavoring."
> One day, I updated the app and all my local data was uploaded to the cloud
This happened to me with Chrome. It auto-updated, then automatically synced browser history, passwords, and who knows what else, to Google. They soon changed it to opt-in sync, but it was too late for me at that point; they had already hoovered up my personal data. That was when I stopped using Chrome and switched fully to Firefox.
Camscanner was a blatant bait and switch. When I first started using it, I paid for a license to get full functionality with no ads/watermarks/etc. Magically, years later I got reverted to the ad-supported/free version, and my license was nowhere to be found. This was at the same time they moved to "cloud features" and a subscription model. Their reviews are littered with people having the same issue and the developer copy-pasting some response that doesn't work.
I haven't had this issue with Camscanner, but I've had it with other apps. One outright disappeared from my library, as if I have never had it installed.
yeah this is one reason why I can't take mobile app end to end encryption, or client side only, claims seriously. a single update at any time could undermine all of that
and secondly, they or an analytics package can just read everything client side and upload it to a server anyway
doesn't matter if its whatsapp, or signal, or some protonmail client if such a thing exists
I just don't use them with that assurance in mind, I use them for other things.
>yeah this is one reason why I can't take mobile app end to end encryption, or client side only, claims seriously.
If it's a large company like Facebook that values these products like Whatsapp at billions I trust them at least on this issue. I'm pretty sure they're not going to put junk third party malware for 50k into the Whatsapp client.
This is mostly an issue for apps done by individual developers who have huge incentive to take these deals, like the barcode scanner in question.
They've been sideloading with React Native, allowing updates even for people without automatic updates enabled, and have abused enterprise/privileged developer keys which allows access to additional parts of the system. I just don't see how you can draw that conclusion.
I use the apps for other things, not for any assurance of privacy.
Are people capable of enough nuance to distinguish between issues that large tech firms are likely trustworthy on and issues that they aren't?
When they stand to make billions from breaking my trust I'm sceptical. When they stand to make a penny and ruin their entire product, then no I' not.
The problem in question here, that rogue developers sell out their product to third parties, is not an issue that Facebook, Google etc have. They have every incentive to keep their software secure.
A betrayal of trust will not "ruin their entire product", we've already seen that it won't (no matter the scale). Believing a small betrayal to be worse than a big one is your right, but that doesn't mean it isn't naive.
Your whole premise is based on a very arbitrarily low value of collecting your plain text data? From a company that is a machine built for monetizing this specific thing? And that they wont because their users care about trust too much, users of Facebook products but specifically whatsapp? And you think the rest of us arent compartmentalizing our issues with that company enough?
this is.... I’m speechless, I ran out of words for this absurdity
I get what you're saying, but it's funny because what the dodgy small players do with the data is actually sell it to facebook. You're just cutting out the middleman here.
>If it's a large company like Facebook that values these products like Whatsapp at billions I trust them at least on this issue. I'm pretty sure they're not going to put junk third party malware for 50k into the Whatsapp client.
You may not be able to trust facebook with your privacy, but you can trust them not to install a malware that swipes your bitcoins.
That being said, I despise the current state of affairs with cellphones. I don't like needing to trust any corp. I'm jumping to a Linux native phone when my current device dies.
>you can trust them not to install a malware that swipes your bitcoins
Sure, they might not take malware that swipes my crypto, but I wouldn't put it past them to take malware that uses my resources to mine for crypto. What is the downside for them?
Thank you. Unfortunately, it seems that OpenScan does not have the feature to straighten out photographed documents. Cammscanner has its own camera app, which has features specific to photographing documents.
I absolutely love Camscanner, and I have been for over a year on the old version because I refuse to update to the new version which requires network permissions. I exactly suspected this is why it needs those permissions.
To what did you switch? Camscanner is otherwise an excellent app, especially for combining multiple images and straightening them out.
Adobe has lost my trust years ago, and I see that viewpoint vilified often enough to never use Adobe software again. The only Adobe product that I still use is Magento, and only that on client sites. I would love to find a non-Adobe alternative.
Neither of the 2 scenarios you describe are even remotely what's happened here. Not sure how you got from 'malicious ad popups' to 'app added cloud feature'.
I gave Slacker Radio the big heave-ho when they decided they wanted to help themselves to my contact list. They did that just before I was about to pony up for a paid subscription. Bullet dodged.
I had two apps that radically changed their business model (owner?) through updates with no recourse.
I had an app called gas cubby, which let me locally - on the phone - keep track of all my vehicles. I could enter detailed information about each car such as year, make, model, vin, insurance policy, gas purchases, oil changes and the like. It would tell you gas mileage and remind you of upcoming maintenance. One day, I updated the app and all my local data was uploaded to the cloud.
Another app I updated was camscanner from tencent that basically did the same thing. Think of all the PDFs you scan going to their cloud.