We’ve just published version 2.2. of the Locale Media Scanner Plugin. This version implements the security improvements discussed earlier, and brings some general performance improvements to the application.
Author Archives: Skylar
We’ve just published an update to the Locale Call Filter Plugin which resolves issues some of you were having (calls not being blocked).
When we removed the “Phone State” permission it also removed our ability to inspect the caller id on some versions of Android OS. As such, we’ve had to add the “Phone State” permission back in for this plugin. That said, we continue to respect your privacy and do not access any of the other data available to us (like serial number, your phone number, etc.).
Sorry for the headaches!
“They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”
– Benjamin Franklin, 1775
We take user data and privacy very seriously. We also have to protect our own assets and intellectual property. As a consumer myself, I strive to ensure SuttCo maximizes user privacy… which is why I am pleased to announce a radical change to the licensing model we use.
Some background information
When you open a purchased app for the first time, the Android Market generates and stores a license for the specific device (assuming it’s not a pirated copy). Unless we tell the Market something unique about the device (e.g. a serial number) all of the licenses would be identical! If the licenses are identical, there would be nothing stopping someone from pirating the app. So we scrambled your device’s serial number and used it to generate the license.
This troubled us, as the permission that gave us access to your serial number also granted us access to very sensitive information like your cellular carrier’s Subscriber ID, your phone number, and your SIM Card ID! Please be assured, we never used or viewed any of that sensitive information. But we did have access, and that’s a risk neither of us wants.
A Eureka Moment
While reading through the comments on a reddit thread, I had an epiphany. I went back to the drawing board this week and engineered a solution that allows me to satisfy the Android Market requirements, without using a single bit of your personal information. I no longer need to know your serial number, and have removed that permission from all apps that were using it.
I will be releasing the updates throughout the week as I complete my regression testing. The first update is already live in the Locale Call Filter Plugin.
As always, if you experience any problems or have any suggestions – please write us.