PDA

View Full Version : Are Persistent Connection Attempts By Third-Party Apps Acceptable To You?


adamlau
08-02-2006, 11:35 AM
Certain third-party application attempt persistent connections to their respective developer sites. We are specifically referring to checks outside what the end-user is allowed to set through the application options, i.e. the option to disable database sychronization by unchecking a setting checkbox. Reasons offered by developers for persistent connection attempts include software update pushes and registration checks. This practice of pushing outbound data to developers from the client side has long been frowned upon by desktop users, who often refer to such applications as spyware, or malware regardless of the data content (innocuous or otherwise). The legitimacy or usefulness of third-party applications is not in question here. Just whether you feel that these persistent connection attempts are acceptable by you and whether they are acceptable by your corporate privacy and/or security policy.

d_fisher
08-02-2006, 01:54 PM
I think the perception will be the same as it is for desktop users. Making it even worse, anyone not on an unlimited data plan is going to be paying data usage, potentially overages, for these connections.

7520VA
08-02-2006, 03:49 PM
not only do I not want data sent out without knowing what it is, where it's going, and what it's being used for, but since the blackberry is considered a secure device, it might have sensitive data on it, and thus any company with any sense of network security will specifically deny these applications from being installed on devices touching their network.
Who's to say that someone won't develop a "bbt0day" app that sends your message database to some server in china? yes it would be your fault for installing it, but when it comes to users who just want useful apps they'll install it without a second thought (remember GAIN/Gator/whatever it's called now?)

On a personal note, another "NO"
I would be much more inclined to download updated versions of the software from the developer's secure web site with an md5 hash to verify that it's the original version than pulling updates ota.

short answer no, no.

Reg Work
09-27-2006, 10:53 PM
"Certain third-party application attempt persistent connections to their respective developer sites. We are specifically referring to checks outside what the end-user is allowed to set through the application options, i.e. the option to disable database sychronization by unchecking a setting checkbox. "

Has there been a list of these suspect apps compiled? How about any setting that prevent unauthorized outgoing transmission?

p.s. what's the right way to quote previous links?

jibi
09-27-2006, 11:10 PM
Any sort of 'call home' feature, in my book, is downright intrusive. With that said, I do realize the need to add anti-piracy protection. It's a mixed bag, but if I purchase something with a 'call home' feature of piracy protection, I'll use a crack for that particular application to prevent that feature. If one is not available, I simply will find another application.

From a corporate standpoint, this is highly unacceptable. The connection is encrypted, and there is no telling what information is being passed to and from the non-trusted network.

There has been only ONE pirated application for the BlackBerry, to my knowledge - Ascendo's picture thingie. I suppose that speaks more for the lack of popularity of 3rd party applications rather than the abundance of keygenners and crackers within the BlackBerry community.

I definitely put myself down for a no and no, concerning the poll. There are some applications that would make sense, though (instant stock updates, instant messaging applications, etc.), though.

markhutchison
09-28-2006, 12:06 AM
I definitely put myself down for a no and no, concerning the poll. There are some applications that would make sense, though (instant stock updates, instant messaging applications, etc.), though.
Agreed. There is a huge difference between a peice of software that requires a persistent or recurring connection to carry out it's function (like the examples that jibi has mentioned) and an application that is accessing the network for, what I would consider to be, non-functional reasons (heartbeat, checksum, etc.). If an app is utilizing the network to bring me the information that I have asked for, then great, otherwise stay off the damn radio.

Reg Work
09-29-2006, 07:48 PM
maybe we need to compile a list of safe apps? I'm sorta stuck loading apps ota since I'm on Mac (is pocketmac as full featured as BB's PC desktop app)?

I know I've downloaded ota and loaded Minuet's browser demo, bblocal and Reverse Lookup (both seem very popular and highly recommended) from the developer's site, and a couple of free games from blackberry's WAP site (mobile.blackberry.com/mss/extras) ... at least, i hope that's blackberry's WAP site ...