Surprising permissions for 0.9.2

This version has support for following Proclaim presentations. Proclaim is Logos' new church presentation software. The Logos app finds presentations by location, which requires the location permission. The presentation can contain contacts, which you can add from the app; this requires the contacts permission. The app does not read any contact data from your device.

I disagree with the direction you are going with. If I use Proclaim and it needs my location, than Proclaim should request these permissions, not Logos. There is too much at stake, especially if someone has no intention of using Proclaim.

Figure out another way!

I also don't see much stake in this one way or another. What do you think is at stake?

all programs are insecure.  By LOGOS own admission, since they claim they are a bible program, they have decided not to invest heavily (compared to a bank for example) in securing their software and/or servers. Personal information like contacts, not just the names, but potentially the info I store about the contacts in the note field are vulnerable. I cannot support a program that requires access to something IT does not need. Again, if PROCLAIM needs it, then design it so it has a plugin for Logos for Android, so a customer using PROCLAIM can download it then.  For the majority of users NOT using Proclaim, leave access to contacts off!!! [I]

Quite true - and more secure programs with more interesting security do bring in a better class of hackers.

your argument is moot if there is nothing to hack.  

I am not advocating for better security of Logos 4 - Android - Proclaim, I am for Logos not having contact with my address book.  Taken to its logical conclusion, would you be comfortable with Logos for Desktop accessing Outlook (both personal and business) or Exchange or whatever your contact database is on desktop? 

I think if a user desires to use Proclaim for "contacting" his contacts, it is very easy to create a "sandboxed" list of contacts with limited information.  Again, it would be the burden for the user of Proclaim.  Why open EVERYONE who uses Logos on Android for possible breaching of ALL their contacts' information (including birthdates, adresses and potentially very personal and sensitive details as part of their file)?

I assume that everything I use to access via wifi, internet, etc. is already reasonably easy to breach if there is a reason to bother.

you are correct to a degree, BUT it is this lazy design approach (that I spoke of above) of many programs, not just Logos for Android that is leading to that result. By limiting or banning irresponsible programs one can achieve a reasonable level of security.

I think Bob Pritchett needs to heed his own words from this post

We're not anti-privacy. I like it myself. But taking on privacy needs for others is a massive responsibility, and an expensive one to implement well. So we go out of our way to disclaim responsibility and to encourage you to NOT store private or confidential information in our software.

Making lots of tough privacy policy and promises just creates a higher standard that we could be legally held to. If we were a bank, I'd consider that a cost of doing business. Since we're (largely) a sermon preparation tool, and sermons are designed to be preached aloud in public, it seems like a wiser use of our resources to put money into content, user interface, and service, rather than building a fortress to protect sermon notes.

I understand the sensitivity of prayer lists. If yours are that sensitive, don't use our prayer list feature. (It was just a "freebie add-on" to our core function; it's not the heart of our software.) If we get pressed to the wall, we're more likely to remove the prayer list feature than to implement guaranteed iron-clad security.

The issue here is that their software (Logos4 for Android) is imposing on customer data, when it does not need to. If Logos wants to make a "freebie add-on" for Proclaim to access data for a limited amount of customers, then so be it. I am just holding LOGOS to a higher standard in regard of respecting their customers' data.

While there is always an ability to attack the vulnerability of an app and I DO believe it is great accountability to question it, it may be a little off.

As for access to contacts - right now it may have something to do with the Proclaim feature, however eventually to have great features like sharing a verse or quote from a resource in your library, the Logos app will need access to our contacts. Without access to our contacts, the potential for a share feature to fully operate is eliminated.

As for the location based Proclaim function, could be nice, I do see the need for a option to turn it off though. Not only for those with limited data, but also for battery consumption.

For the record the Proclaim app is pretty awesome! I have played with it a little and very good, if our church had not just invested in another program prior to the Proclaim Beta, I would have recommended it for testing and trial.

Also to comment on the location based Proclaim feature, Logos is not the only app that does this type of thing, and in all honesty is not the most intruding or data consuming with its background access to location and data. For those with limited data, keep a close eye on all your apps....

This version has support for following Proclaim presentations. Proclaim is Logos' new church presentation software. The Logos app finds presentations by location, which requires the location permission. The presentation can contain contacts, which you can add from the app; this requires the contacts permission. The app does not read any contact data from your device.

Wouldn't coarse location suffice? (rather than fine location by GPS)?

Or is there a possibility to have the proclaim presentation added as a feature to a second version of the Logos app (that doesn't require these additional permissions)? Maybe one "Basic" (that gives users access to all the books they need etc), and one "Advanced" that adds additional (advanced) features like Proclaim etc?

From the reviews that I've read on market (and my thoughts as well), a lot of people don't (yet) want/need the Proclaim presentation feature.- and are concerned about the added risks. Personally, I'm holding off on updating the logos app for now.

Thanks!

Why? It is kind of trying to engineer BBQ tasting pigs (so it would be easier to make ribs). Wouldn't it be more logical to build a plugin for Proclaim and leave Logos do its job and nothing else?

AFAIK, Apps on Android do not really support the concept of plugins (yet). If you know that it can be done, sure - that's a good idea as well (assuming that the base application doesn't need to have those permissions from the very beginning)

I'd like to add my voice to the concern.

Modern software is extremely complex and it's difficult to ensure that it doesn't have security loopholes. The trend toward agile development, with multiple releases per year, means that it is always in a state of flux and unintended loopholes can appear in previously secure software.

Given this, I think it's wise to adopt a 'least privilege' mentality - applications shouldn't have any privilege that isn't necessary for their correct operation. Access to my contacts and location isn't necessary for a Logos reading app. The functionality to integrate with Proclaim is logically a separate app and one that I don't need as I know of no church nearby that has Proclaim.

I'd prefer to see the Proclaim functionality in a separate app or plugin so that people have a choice of using the reader app without a possible security risk.

For now, it seems that my best option is to stick with 0.91.

Or go into Logos 0.9.2 Settings and elect NOT to "Follow Presentations" .

And/or use Android Settings for Location and Security so that it cannot use any of the two methods to detect your location.

 

That unfortunately doesn't change the permissions of the Logos application... (if it gets exploited)

Adding my two cents, I am not pleased about Logos app or any app having any access to my contacts. I am in the search and test mode of Android bible apps and really don't like this, and not having offline word searching are two minus for me. Please rethink both Logos.