ARRL

Secure Site Login

Forum Home - Rules - Help - Login - Forgot Password
Members can access, post and reply to the forums below. Before you do, please first read the RULES.

ARRL QST Android app is Potentially Dangerous

Jul 9th 2016, 22:01

NS6Q

Joined: Apr 4th 1998, 00:00
Total Topics: 0
Total Posts: 0
I thought I would use the ARRL Android app to read QST. As with all Android apps I load, I did a quick review of the app's permissions.

This app has the potential to be one dangerous app!!! Look at the permissions it has (things it is allowed to do behind your back).

Below are some of the things it can do to you and ways it can steal from you. I put *** some of the more outrageous ones. Note: I an not saying the app does these things, just that it can (I would have to rip the app apart to lean more). Why ask for things it is not going to use? That is not a very trusting start of a relationship.

I would expect the ARRL to respond by saying something like "oh but we don't use all those permissions, don't worry, be happy". That wold be like saying "Can I have you credit cards, I won't use them but can I have them anyway"?

All this just to read a PDF file of a magazine on your device?

73,
Mike
NS6Q
--------------------------------

All permissions used by the QST App:


Identity

*** find accounts on the device

Contacts

find accounts on the device

Location

*** approximate location (network-based)

SMS

*** send SMS messages

Phone

read phone status and identity
*** directly call phone numbers

Photos/Media/Files

modify or delete the contents of your USB storage
read the contents of your USB storage

Storage

modify or delete the contents of your USB storage
read the contents of your USB storage

Wi-Fi connection information

*** view Wi-Fi connections

Device ID & call information

read phone status and identity

Other

receive data from Internet
full network access
*** view network connections
*** send sticky broadcast
control vibration
prevent device from sleeping



Jul 10th 2016, 12:42

AA6E

Joined: Apr 4th 1998, 00:00
Total Topics: 0
Total Posts: 0
The League uses the commercial service of nxtbook.com for Digital QST. nxtbook's clients are asking for the privs, which is (unfortunately) a common practice in the industry.

73 Martin AA6E
Jul 11th 2016, 15:50

W1VT

Joined: Apr 4th 1998, 00:00
Total Topics: 0
Total Posts: 0
The League's subscriber base is too small to justify doing this service in-house.

Zack Lau W1VT
ARRL Senior Lab Engineer
Jul 18th 2016, 00:42

N5TEV

Joined: Apr 4th 1998, 00:00
Total Topics: 0
Total Posts: 0
Why not just allow members to log in to their ARRL.org accounts and download QST as a PDF each month?

The current app is quite poor.
Jul 20th 2016, 18:51

WB1GCM

Joined: Apr 4th 1998, 00:00
Total Topics: 0
Total Posts: 0
If a member downloads a PDF of the entire magazine, he/she could then share that file with the rest of the world. At that point, they would be giving away the magazine. Membership would decline, funds would lost and the only substantial advocate for Amateur Radio (the ARRL) would be diminished. The app, however poor, is needed to protect copyrighted material.

Back to Top