A variety of fuss is being made concerning the Aviate launcher the past couple days, with things hitting a fever pitch today. Besides the endless requests for invite codes on every social media site known to modern man, it’s come to light that the launcher is sharing the data it collects on you with the world. Sort of.
Let’s back up a tad. Aviate is a launcher that reconfigures itself — the apps it thinks you need to see right this second — depending on where you are. It’s been in private beta for a while, and opened up to more users this week.
The to-do is that your location and list of installed apps are available via a publicly accessible API — but only if you know your unique device identifier. That’s not good, but it’s not necessarily the end of the world, either.
The good news is that Aviate has said this is something they are fixing, and have made it a top priority. In the meantime, here’s what you need to know if you’re going to use the app.
You read the permissions when you installed Aviate, right?
First, let’s tackle the data collection. The main points of contention seem to be that the folks at Aviate track which apps you have installed and use — kind of an important thing for a launcher to know — and your precise location via longitude and latitude coordinates. I’m not sure why this surprises (or outrages) everyone, because it needs both these things to do what the app does. And both of these things are declared in the app’s list of permissions. In fact, let’s have a look at the long list of permissions. As you can see, Aviate asks to do everything except borrow your car.
- Your accounts
- create accounts and set passwords
- read Google service configuration
- find accounts on the device
- Your location
- precise location (GPS and network-based)
- Network communication
- full network access
- view Wi-Fi connections
- view network connections
- receive data from Internet
- connect and disconnect from Wi-Fi
- Your personal information
- read calendar events plus confidential information
- Phone calls
- read phone status and identity
- modify or delete the contents of your USB storage
- System tools
- mock location sources for testing
- read Home settings and shortcuts
- write Home settings and shortcuts
- send sticky broadcast
- modify system settings
- test access to protected storage
- Your applications information
- retrieve running apps
- pair with Bluetooth devices
- access Bluetooth settings
- Affects Battery
- prevent device from sleeping
- control vibration
- set an alarm
- Sync Settings
- read sync settings
- toggle sync on and off
- set wallpaper
- adjust your wallpaper size
Aviate sorts your apps into categories and pages based on time of day, or where you are. When you’re at work, you have a work screen with productivity apps. When you’re at home, you have entertainment-based apps like Netflix on your screen. Aviate needs to know what apps you have installed — and where you are — to do this. Aviate also makes it very clear in the permissions that the app will be collecting this, and more. If we want an application that shows us apps based on where we are and what we’re doing, the app needs to know where we are and what apps we have installed.
If the location and installed apps list wasn’t in plain text, we wouldn’t be having this conversation.
This isn’t “spying,” because you asked Aviate to do it when you installed the app.
The way Aviate stores and transmit this data, on the other hand, is worth questioning.
If you visit a URL at Aviate’s site using your device ID, you get a plain-text listing of your location and installed apps. The URL, for those who want to check, is http://www.getaviate.com/search/api/v3/devices/DEVICEID. You can find your device ID in the system’s logcat file, or find it by clicking on the “Help” button in the app. Click here for an example if this is all over your head. The problem is 2-fold:
- Any individual with an online browser can see your knowledge in the event that they comprehend your distinctive ID
- Any person sniffing site visitors can see your information as a result of it can be in undeniable textual content
There is not any affordable excuse for Aviate to do issues this manner. Whereas your software ID is not precisely simple to bet, any other utility developer can get get admission to to it with only a few strains of code. Do you wish to have anyone to have the precise area the place you — or your children — sleep each evening? I do not.
The Aviate app is not my cup of tea, and I attempted and quick uninstalled it anyway. However there may be various traction at the back of it, and for lots of people it does the issues they need. The builders need to get this mess straightened out, and shortly. They is probably not spying on you, however they’re sharing the tips you gave them with everybody else.