App Permissions model in Android is broken

I strongly feel that the App Permissions model on Android is seriously broken. Here is why.

Why Permissions?
Permissions are a way to allow/block apps from accessing data and phone's services upon users' discretion.

How is it broken on Android?
In Android, when you install an app, you are shown a list of privileged features that the app is allowed to use. If you are satisfied with the permissions, the app uses, you install the app or cancel it. This is where it goes wrong. No one uses the list of permissions to make a decision whether to install the app or not. It is the trust and brand recognition on the basis of which users install the app. Suppose, you want to block one particular permission for an app. You can't do that. Either you allow all the permissions, or you don't install the app. Take the example of the Facebook for Android app. I don't want it to access my contacts list. Because it is a notorious app. It automatically sends friend requests to everyone in your contacts list if they are on Facebook. Although, this hasn't happened to me but it has happened to some of my friends who are not well versed with technology. So, probably the receptionist at XYZ hotel where you stayed an year ago, or an employee at ABC company whom you met in the lobby for showing you the way to conference room and the person handling customerservice@PQRtransportCompany.com too gets a friend request from you on Facebook. Clearly, you don't want the Facebook app to access your contacts list but you want it to Access the Internet and Save data to SDCard. But Android doesn't let you only block the Contacts Access permission and allow Internet Access and SDCard Access. You either don't install Facebook or let it be notorious.

What do I want Android permissions model to be like?

• The user should be able to grant all or some of the permissions to the app, when installing.
• After installation, the user should be able to grant other permissions, or revoke existing ones.
• There should be a panic mode or something similar, which when enabled will show a prompt to the user for each privileged permission access.

qBitTorrent not starting on Arch Linux

Those of you, who use qBitTorrent as your client on Arch Linux, might be seeing this error message when trying to start qbittorrent from terminal.

qbittorrent: error while loading shared libraries: libboost_system.so.1.50.0: cannot open shared object file: No such file or directory

From the GUI menu, it won't show any error message.

The following command executed as root should fix the issue(it did for me):

ln -s /usr/lib/libboost_system.so.1.52.0 /usr/lib/libboost_system.so.1.50.0

I don't think I need to explain why this fixes this issue. It is quite obvious from the error message and the command.

Thunderbird GMail account setup issues

Google has revamped their accounts security by order of magnitudes and they have shown the world security is more than a password. The 2-step authentication is an awesome feature. But sometimes these features can cause some pain. For instance, today I was trying to configure Mozilla Thunderbird to fetch my GMail. I went to File -> New -> Existing Mail Account and put my gmail details. Thunderbird looked up the Mozilla ISP Db and found the settings.But when I tried to connect, it said username or password may be invalid. Then after lots of searching I found out this:

https://accounts.google.com/DisplayUnlockCaptcha

When you try to access your Google account from a new application, Google restricts the application for security. You can unlock this restriction by following the above link.

If you have setup 2-step authentication, you need to create an Application Specific Password(ASP) and then use the new password in thunderbird to login. For this go to:

https://www.google.com/settings/account

In the left pane, click Security. Click the Edit button beside Authorizing applications and sites and then scroll down to the bottom in the new page after verifying your password. There, under Application Specific Passwords, enter your application name and click Generate to generate a new password. Use that password in Thunderbird and it will connect to your GMail account successfully.

Not only Thunderbird but all third party non-web apps that connect to your Google account require an ASP setup if 2-step authentication is enabled in your account.

Block facebook on a proxied internet with iptables

Those who access internet by setting a proxy(insti proxy!!) in their browsers and want to block facebook on their computers can issue the following command as root on their linux box

iptables -I OUTPUT -m string --algo bm --string "facebook.com" -j DROP

I can't control myself from opening Facebook every now and then, when working in lab, just to see what's going on. Facebook is my biggest distraction. Hope this move will help me to concentrate on work.
By the way, iptables doesn't persist the firewall rules across restarts. So I have appended the above command to my /etc/profile file so I don't have to manually type the above command when I fresh boot my computer.
By the way the above command will block all packets that match the string facebook.com, so if you try to search for facebook.com in Google, you won't be able to see the results page, as the search query will never reach Google.

And yeah, if you want to unblock facebook, check the rule number by issuing

iptables -L OUTPUT

And see the line number. If the rule you created is on 1st line then line number is 1. Now issue the following command:

iptables -D OUTPUT 1