You have become the new currency

I was alerted to the contents of the privacy policy for Google Payments by an episode of the BBC series – Billion Dollar Deals and How They Changed Your World – in which the presenter Jacques Peretti makes a rather astonishing (for me at least) discovery …

Take Apple Pay, there’s a small amount of money they make in each transaction. But with Android Pay, which is run by Google, they don’t take anything. So what’s going on?

The answer lies in the small print of the terms and conditions: “we may collect information about the transaction, including: Date, time and amount of the transaction, the merchant’s location and description, a description provided by the seller of the goods or services purchased, any photo you choose to associate with the transaction, the names and email addresses of the seller and buyer (or sender and recipient), the type of payment method used, your description of the reason for the transaction, and the offer associated with the transaction, if any.”

Remember that space in the transaction, the space where business makes money? Now that space is about data. You have become the new currency.

This piqued my interest as I have been using Android Pay for a few months. In doing so had I also given my consent for my personal financial transaction data to be harvested by Google?!

For the uninitiated, Apple Pay and Google Pay let you create a digital copy of your payment cards, which are held in a secure virtual wallet on your mobile phone. You can then make contactless payments using your phone instead of the physical cards.

The Apple Pay security and privacy overview states: “Apple Pay doesn’t collect any transaction information that can be tied back to you. Payment transactions are between you, the merchant (or developer for payments made within apps and on the web), and your bank“. That sounds perfectly fair and reasonable, but what about Google?

The current Terms of Service for Android Pay includes the line: “Your use of Android Pay is subject to these Android Pay Terms of Service and the Google ToS (which together, for purposes of these Android Pay Terms of Service, we refer to as the “Terms”), as well as to the Google Privacy Policy.

The Google Privacy Policy includes a link to the specific privacy practices with respect to Payments, which contains the aforementioned small print concerning Google’s collection of payment transaction information.

So yes, by virtue of using their product I did unwittingly give Google permission to ‘spy’ on my spending habits. This financial transaction data has intrinsic value and it’s obvious why Google would like to get their hands on it, but I didn’t expect the banks to be so lax as to allow it to be shared in this way.

This revelation left me wrestling with a dilemma. There is no denying that the simplicity of making small payments with a quick tap of my phone is really handy, but I value my privacy more than the convenience factor.

I just can’t abide my personal data being exploited in this way and so have reluctantly removed my payment and loyalty cards from Android Pay and I won’t be using it again. Sorry Google, but how I choose to spend my hard-earned moolah will be kept between myself, the retailer and my bank from now on.

Advertisements

What Innovation?

Apple reinvents the phone

I was having a discussion with an old friend who declared that there has been no innovation in mobile devices for years now. I immediately took exception to this claim and set my mind to disproving his assertion.

There is no disputing that Apple “reinvented the phone” in 2007 when they launched the original iPhone to an expectant world. I’ll never forget the looks of joy and amazement when I first demonstrated the iPhone’s touch screen interface and clever pinch and zoom gestures.

Let’s not forget how tired and utilitarian other ‘smart’ phones of the time were!

2007 Smartphones

Apple’s early dominance in the smartphone market has been successfully challenged by Google’s Android operating system and the countless slab clones churned out by Far Eastern manufacturers, but do any of them truly innovate?

What have we seen in mobile phone design in the last six years which could be considered innovative? We’ve had different form factors, sizes, colours and storage capacities, but the fundamental iPhone design concept has hardly changed.

Certainly display technology has improved, with more vibrant colours and pixel densities higher than the human eye can distinguish, but that’s evolution not innovation.

Processor power has increased, the latest smartphones boasting quad-core CPUs with dazzling performance, but this is standard Moore’s Law territory.

Camera technology has gradually improved, with manufacturers attempting to out-gun each other in the megapixel arms race. Fundamentally though it’s still a digital camera on a phone.

Mobile apps are the emperor’s new clothes, but this is just a trendy new name for what we used to call ‘computer programs’ or software.

A few new features have appeared like voice recognition, Near Field Communication (NFC) and wireless inductive charging, but these technologies have been around for years and are just being retro-fitted to mobile devices.

The sad truth though is that there hasn’t been any innovation since the original iPhone. Yes there have been gimmicks and incremental improvements, but the iPhone’s simple touch screen design and user interface has remained largely unchanged and unbettered.

Unless Apple regains the ability to surprise and delight with the unveiling of their 7th generation iPhone later on today, I’ll have to concede that my friend is right.

Please don’t leave us in 2007.

Macworld 2007 Teaser

Google Android power saving tips

battery

It’s a common complaint (or misconception?) that Android devices are power hungry, and some people claim not to manage a full working day from their smartphone.

By my reckoning default system settings and apps are often configured to showcase capabilities, rather than optimise usage and resources for individual needs. With a few minor tweaks you can reduce overall power consumption and in some cases gain hours extra battery life.

First of all I hope it goes without saying that you should switch off connectivity features that you’re not actively using. You wouldn’t leave a light on at home all day, and in the same way being conscientious about managing Wi-Fi and Bluetooth connections can make a big difference to the power consumption of your device.

I don’t generally use Wi-Fi when I’m away from home, so I use an event driven task manager (Locale) to automatically switch Wi-Fi off for me when I leave my home geo-fence.

For when you do use Wi-Fi, check that you’re using these settings:

Settings > Wi-Fi > Advanced > Network notification > OFF

Settings > Wi-Fi > Advanced > Wi-Fi optimisation > ON

Most people rarely (if ever) use the NFC or Android Beam feature, so don’t leave it switched on permanently:

Settings > Wireless & Networks > More > NFC > OFF

If like me you travel on public transport then your device will frequently leave cellular network coverage. When this happens it will scan frequency ranges for available operators and consume significant battery resources in doing so. Below are some tricks that help to minimise this.

Unless I travel abroad I spend all my time on my home cellular network, so I manually select my mobile operator to prevent unnecessary registration attempts:

Settings > More > Mobile networks > Network operators > Search networks > manually select your mobile network operator

I also lock my device to use WCDMA (3G) only so it doesn’t try scanning the GSM (2G) bands. This is a bit extreme, but if you want to do this use the Android Field Test menu:

Go into the Phone app and tap in this code: *#*#4636#*#*

You will be presented with a ‘Testing’ screen. Tap on ‘Phone information’, scroll down to ‘Set preferred network type:’ and select WCDMA only.

This network settings change will remain until you next power-cycle your device.

Sound and display settings can also make an appreciable difference if you spend a lot of time tapping away on your device. Since haptic feedback uses a tiny vibration motor, switching it off altogether can save precious battery power. Using a static image for your background instead of a fancy ‘live’ wallpaper also saves CPU cycles.

Settings > Sound > System > Dial-pad touch tones > OFF

Settings > Sound > System > Touch sounds > OFF

Settings > Sound > System > Screen lock sounds > OFF

Settings > Sound > System > Vibrate on touch > OFF

Settings > Display > Brightness > Automatic

Settings > Display > Wallpaper > choose a static wallpaper

GPS and location lookups are a big cause of battery drain. If you only want to know your location when you actually need it, switch off Google’s location tracking and the location feature of any other apps you have installed:

Apps > Google Settings > Location > Location History > OFF

Apps > Twitter > Settings > Location > OFF

Popular apps like Play Store and Twitter usually default to synchronising data in the background. If you’re only interested in checking for updates when you open an app, switch off notifications and background usage:

Apps > Play Store > Settings > Notifications > OFF

Apps > Play Store > Settings > Auto-update apps > OFF

Settings > Accounts > Google > disable any data synchronisation that you don’t use

Apps > Twitter > Settings > (account) > Sync data > OFF

Apps > Twitter > Settings > (account) > Notifications > OFF

Finally review your widgets and remove those that you don’t need. Often replacing a widget with a shortcut to the app is just as effective and much more power efficient.

By using all these optimised settings I easily manage 24 hours from my device, with no compromise in functionality of performance.

Google Play Music: Saving to SD card

Having switched from Amazon MP3 to Google Play Music, the most annoying omission in Google’s offering is the inability to save music tracks to SD card instead of internal storage.

Since version 5.1 of Play Music the capability is actually there, although the feature has not yet been exposed via the user interface. Here’s a neat trick you can use to switch it on manually.

First you’ll need to make sure you have the latest version of Google Play Music, then download and install the free Apex Launcher app from Google Play.

After Apex Launcher has been installed, fire it up and you’ll see a new and hopefully fairly empty home screen (don’t worry, your existing home screen has not been lost!). Tap and hold on the home screen, select Shortcuts and then Activities.

Scroll down until you come to Google Play Music, then tap on it to expand to a list of activities. Scroll down until you come to .ui.SDCardSelectorActivity, tap on it and you should find a new Google Play icon appear on the Apex home screen.

Tap on this new Google Play icon and you’ll be presented with a ‘Download Storage Location’ dialogue box. Simply tap on ‘SD card’ and you’re done!

You can now uninstall Apex Launcher if you wish.

Although the switch has been made, it only applies to music that you ‘Keep on device’ from now on, so you’ll need to unpin and pin all your previously downloaded albums again to move them to SD card.

I’m guessing Google will expose this new capability in a future update, but for the time being this is a very welcome workaround.

In case you’re interested, the saved files are stored on your SD card in the Android/data/com.google.android.music/files/music folder.

Corrupted SMS on Android

For a couple of weeks I have been receiving strangely composed SMS from a friend. It was as if two totally separate conversations were being mixed together into one long message.

At first I thought my friend might have been inebriated when he sent them (not unusual for him!) but as the messages continued to come through in this strange fashion I wondered if perhaps he was suffering from a split-personality.

Eventually I called him up and we compared messages. It turned out that the messages I was receiving on my Android device bore little resemblance to the messages he was sending. At first I thought this could be due to a corrupt SMS database on his iPhone, but after some searching I came across an Android bug report which perfectly described the issue I was experiencing:

» Issue 17769: Multipart SMS getting mixed up with old messages

The first post on this thread is dated June 2011, so the problem has been around for quite a while! I was pleased that I wasn’t alone in experiencing the issue, but what was the cause and how could I fix it?

Another Android bug report – Issue 28697 – had the answers:

Under certain circumstances, SMSDispatcher can incorrectly construct multi-part SMS messages, resulting in a corrupted message being dispatched to the applications. The corrupted message contains parts from previously received multi-part SMS messages instead of the corresponding parts from the newly received message.

In this more recent report, the author Ian Payton has identified the problem to be partly due to the way in which multi-part SMS is implemented, and partly to how Android processes multi-part messages.

If you want all the details then head on over to Ian’s detailed explanation, but the quick version is that an Android device can sometimes end up with orphaned SMS which it doesn’t know what to do with. These are usually the result of a message being retransmitted by the network because it did not receive a delivery acknowledgement from your device. This can occur if you are in patchy cellular coverage for example.

The SMS protocol uses an internal reference number to help reassemble a concatenated message, but this reference is not unique and if you have one or more of these orphaned messages on your device then in some circumstances the message parts can get mixed up to erroneously construct a new Frankenmessage!

This has the effect of your being presented with a message which is made up of some of the new message and some of an old message which has been hanging around in limbo on your device.

That’s all very well, but how can you fix this situation?

Ian has kindly written SMS Multi-Part Cleaner, a small Android application which finds all the orphaned SMS on your device and allows you to review and delete them manually. Alternatively you can download the very similar Orphaned Texts app from Google Play.

If you are prone to patchy cellular coverage and frequently receive long SMS then you be advised to run this application every few weeks to check for orphaned messages.

Gmail attachments not working?

I’m assuming you’ve found your way here because you too are having difficulty viewing image attachments in the Gmail app for Android?

I found that thumbnail previews of images were displaying fine, but when I tapped to view the full image the progress bar would scroll around indefinitely.

In my case the problem was caused by Android’s Download Manager, and the solution was relatively simple.

Go into your Android Settings screen, select Apps, swipe to the ALL tab and scroll down to Download Manager.

Tap on Download Manager and then Clear data.

Download Manager

Exit the settings, go back into Gmail and hopefully you should now find that attachments are working again.

Apps Publishing Security Policy

BSkyB has become the latest high-profile victim of a security blunder which has caused them to suspend all their Sky Android applications from the Google Play app store.

The hackers would appear to have used a combination of phishing and social engineering techniques to compromise a trusted computer and steal corporate login details for third-party sites such as Google and Twitter.

The storefront for Sky’s Android mobile apps was defaced, with the app descriptions changed and screenshots replaced.

Sky Go defaced

To make a bad situation even worse for Sky, one of their official Twitter accounts was also compromised and the hackers used it to draw more attention to their handywork.

skyhelpteam

Fuelled by the ‘official’ Twitter misinformation, customers were led to believe that the apps had also been tampered with, although this has been subsequently denied by Sky on their Help Forum:

We have temporarily removed our Apps from the Google Play store following a security alert.

All Sky Apps were unaffected and any Sky Android apps previously downloaded by customers are safe to use. There is no need to remove them from your android device.

As soon as we have restored the apps on Google Play we will post up an update.

In a related security breach, Twitter has locked access to @SkyHelpTeam, which is why we are currently unable to tweet from this account. However, help and info is available via @SkyHelpTeam1Facebook and here on the Sky Help Forum.

The tweet that was made from the @SkyHelpTeam twitter, in the early hours of Sunday morning, advising customers to unistall their apps was NOT an official tweet from Sky. Twitter security immediately detected this vogue messaging and locked account as part of agreed standard security process.

Sky have suffered this humiliation as a result of sloppy security practices. With a robust security policy the damage from this attack could have be limited or prevented entirely.

My recommendations for an apps publishing security policy:

  • Use a dedicated Google account for the Google Play Developer Console, not an account used for other Google services. Do not divulge the email address of this account.
  • Enable 2-Step Verification on your Google account and use Google Authenticator to login. Make sure that you properly sign out of your Google account when you have finished each session.
  • Only use a bookmarked https link to access the Developer Console. Never click on links contained in emails or on other web sites.
  • Tightly limit access to the Developer account. Only permit access to those directly involved with apps publishing, usually just the Apps Manager and their deputy.
  • Wherever possible use discrete private keys to sign each application – see the Signing Strategies section of Android Developer Tools. This limits the damage should the private key for an individual app be compromised.
  • Store your signing keys securely, preferably using a hardware-encrypted USB flash drive (such as an IronKey). Physically store the keys in a locked safe.
  • Use a standalone computer for code signing and never connect it to a network. Treat all networks as untrusted, even your corporate LAN.
  • Have a well rehearsed contingency plan to ensure business continuity if the worst does happen.