World of Warcraft

Misinformation and the latest BlizzCon controversy

wow4 - Misinformation and the latest BlizzCon controversy
Loading...

Disclaimer: This only relates to Android systems.

In the latest among a series of controversies, we now have Blizzard forcing us to use an app in order to access our tickets. This controversy, however, has a distinct and foul stink of misinformation surrounding it.

I saw a mod say that it's important to understand what you're giving an application access to. I agree, so I'm here to do just that. I'm also here to tell you what you're not giving it access to. It's fine to be worried about permissions that applications request, but the criticism should be based in reality.


Application permissions

The list of application permissions

There is a list of application permissions floating around that comes from the play store page. The list is as follows.

>Contacts read your contacts >Location approximate location (network-based) precise location (GPS and network-based) >Camera take pictures and videos >Wi-Fi connection information view Wi-Fi connections >Other receive data from Internet view network connections pair with Bluetooth devices full network access prevent device from sleeping view network connections read battery statistics pair with Bluetooth devices access Bluetooth settings full network access run at startup control vibration prevent device from sleeping modify system settings 

The problem with this list is that it's wrong. It's only ever present on the web version of the play store and doesn't reflect the permissions of the application once it's been downloaded, nor does it reflect the permissions listed on the app version of the play store or the permissions listed in the application manifest. I still don't know why the web version displays different permissions.

The full list of permissions as specified in the application manifest are as follows.

android.permission.INTERNET android.permission.ACCESS_COARSE_LOCATION android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_NETWORK_STATE android.permission.READ_CONTACTS android.permission.BLUETOOTH android.permission.WAKE_LOCK com.google.android.c2dm.permission.RECEIVE com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE 

This reflects the permissions listed in the play store which are as follows.

>Contacts read your contacts >Location access precise location (GPS and network-based) access approximate location (network-based) >Other full network access view network connections prevent phone from sleeping Play Install Referrer API pair with bluetooth devices receive data from internet 

The permissions system does not work how you think it does.

The second misconception regarding permissions is that people seem to think that applications can preemptively request application permissions and directly access the resources related to them. This is completely false.

Under Android, permissions are divided into different categories because Google correctly realized that some permissions can indeed be abused to obtain a user's personal information. The permissions that can be used to obtain sensitive information have been labeled as dangerous by Google. Dangerous permissions work using an explicit request system, which means that the user must explicitly grant access to them when the app wants to utilize it. Key here is that the application will only ask for the permissions when it actually needs to use it. As soon as the app wants to access resources that require dangerous permissions you as a user will know about it.

Read:  World of Warcraft: Tides of Darkness
Загрузка...

In practice for the AXS app, this means that when you download the application and open it for the first time it will ask you for permission to use Location services. If you decline location permissions the application will continue to work without using your GPS. You will notice that it does not request access to your contacts, and indeed this is reflected in the phone settings under 'App Permissions'. The only time the application will request access to contacts is when you want to transfer your tickets to someone else.

The application continues to work without granting access to Contacts or Location services. It is only a ticket app if you want it to work like that.


The article

There is currently an article linked on the front page of this subreddit. The privacy policy is presented rather dishonestly in it. The author gives us a long list of personal data which are as follows.

first and last name, precise location (as determined by GPS, WiFi, and other means), how often the app is used, what content is viewed using the app, which ads are clicked, what purchases are made (and not made), a user’s personal advertising identifier, IP address, operating system, device make and model, billing address, credit card number, security code, mailing address, phone number, and email address, among many others.

The problem here is that without context this information isn't very useful. What this list tells us is what information the application can process. It does not tell us what the application does with the information, nor does it tell you when the information is processed.

I don't think it's very useful for me to post the entire privacy policy here, but unlike the article, I'll link the policy so you can read it for yourself. It's a really dry read, but it looks pretty much like every other privacy policy you can think of. As a side note if you use any social media then you already have bigger problems than the privacy policy of AXS.

Read:  Desmephisto's charity stream for Autism Awareness Month

I will not claim to have the expertise required to parse exactly how personal data is processed, but I will also not throw out accusations of spyware without solid evidence to support it. Truth is, the list of personal data they provide is really common among most services you already use. Sharing information with advertisers is something practically every website already does, including Reddit.

It's fine to be worried about how companies handle your personal data, but be reasonable. The list in the article does not represent the data they will send out to third parties. It's a list of personal data that can be processed in the application. A subset of that list is what will be sent out to advertisers and event organizers.

I saw someone claim that they will share credit card information including CC number and security code with third parties. If you have evidence of this then you can probably get their ability to process payments revoked by major credit card companies. They take things like this very seriously.

Source: Original link


Loading...
© Post "Misinformation and the latest BlizzCon controversy" for game World of Warcraft.


Top-10 Best Video Games of 2018 So Far

2018 has been a stellar year for video game fans, and there's still more to come. The list for the Best Games of So Far!

Top-10 Most Anticipated Video Games of 2019

With 2018 bringing such incredible titles to gaming, it's no wonder everyone's already looking forward to 2019's offerings. All the best new games slated for a 2019 release, fans all over the world want to dive into these anticipated games!

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *