A Quick Comparison of Conference Apps

The upcoming CSSE-SCÉÉ 2017 conference makes use of a conference app that appears to take significant liberties with the devices onto which it may be loaded. The following lists the software permissions required of Android-version conference apps for two privacy- and security-friendly conferences and then lists the permissions required of the Android app for CSSE-SCÉÉ, for comparison.

One should be left with at least one question: why would the CSSE-SCÉÉ conference app need so many permissions?

And, at least for this writer, this one question leads to many more other ones. For another time. In the interim, for the technically-inclined, Google provides a list of permissions it considers “dangerous:”

Dangerous permissions cover areas where the app wants data or resources that involve the user’s private information, or could potentially affect the user’s stored data or the operation of other apps. For example, the ability to read the user’s contacts is a dangerous permission.”


33C3 (Chaos Computer Club) conference app (version 1.33.12; 2016-12-28)

  • Rated 4.8/5 in the Google Play store and allows reviews (https://play.google.com/store/apps/details?id=org.ligi.fahrplan).
  • Free and open-source (https://github.com/ligi/CampFahrplan).
  • No advertisements.
  • Developed by “Ligi” and based on prior, credited work of others.

Permissions

  • Other
    • view network connections
    • full network access
    • run at startup
    • control vibration

FOSDEM 2017 software conference app (version 1.33.0;
2016-01-29)

  • Rated 3.9/5 in the Google Play store and allows reviews. (https://play.google.com/store/apps/details?id=info.metadude.android.fosdem.schedule)
  • Free and open-source (https://github.com/johnjohndoe/CampFahrplan/tree/fosdem-2017).
  • No advertisements.
  • Developed by Tobias Preuss (individual developer), based on prior, credited work of others.

Permissions

  • Other
    • view network connections
    • full network access
    • run at startup
    • control vibration

CSSE 2017 conference app (version 9.1.2.0; 2017-05-18)

  • No rating shown in the Google Play store and does not allow reviews (https://play.google.com/store/apps/details?id=com.coreapps.android.followme.csse2014).
  • Proprietary and closed source (“black box”).
    • U.S.-based company, not bound by Canadian privacy or other laws.
    • Contains advertisements.
  • Developed by Core-Apps, LLC.

Permissions

I highlighted ones that seemed particularly intrusive.
  • Identity
    • find accounts on the device
  • Calendar
    • read calendar events plus confidential information
    • add or modify calendar events and send email to guests without owners’ knowledge
  • Contacts
    • find accounts on the device
    • read your contacts
    • modify your contacts
  • Location
    • approximate location (network-based)
    • precise location (GPS and network-based)
  • Phone
    • read phone status and identity
  • Photos/Media/Files
    • read the contents of your USB storage
    • modify or delete the contents of your USB storage
  • Storage
    • read the contents of your USB storage
    • modify or delete the contents of your USB storage
  • Camera
    • take pictures and videos
    • Wi-Fi connection information
    • view Wi-Fi connections
  • Device ID & call information
    • read phone status and identity
  • Other
    • receive data from Internet
    • view network connections
    • pair with Bluetooth devices
    • access Bluetooth settings
    • connect and disconnect from Wi-Fi
    • control flashlight
    • full network access
    • run at startup
    • control vibration
    • prevent device from sleeping

 

See this page at https://kinasevych.ca/index.php