If you have been using Android for a length of time, one thing must be pretty much clear to you. Your private information is not always treated as private.
The open nature of Google’s mobile OS means that app developers know they can get away with a lot. Even with Android apps now required to request permission from users to access their sensitive data, developers large and small have been accused of misusing this trust.
Only way to be truly in control is to be aware just how deadly certain app permissions can be on Android, and why they are best avoided.
What are App Permissions?
Simply put, permissions are what allow applications on the Android platform to access the hardware features or personal information on a device. This could be the camera on a phone, or the photos that you have saved on your handsets.
Android forces apps to declare the permissions when you install and first run them. These range from monitoring your location to writing to your memory card. This is a way for the platform to protect your privacy, security and phone bills. Malicious apps can’t snoop on your personal information or send premium SMS messages without asking for your permission first.
The applications tell you what they require, and you have the option to take it or leave it.
The problem with Permissions
Most applications request entry without ill intent. After all, an application may need access to the GPS on your phone to find your location, or the video you recorded earlier in order to edit it. However, a growing number of malicious applications have been using these permissions in lethal concert.
It’s not only the apps that are loaded with malware that you need to be on the lookout for, but also those that require unnecessary permissions.
There are definite security and privacy risks that these naughty apps pose, are they are not hidden. Just this past October, ESET discovered 42 apps in the Google Play Store that contained adware. A month later, 10 supposed antivirus applications for Android were found to contain dangerous malware, spyware, and questionable permissions. And these apps had millions upon millions of installs each.
Fact is, the more unnecessary permissions an app requires, the more it might end up draining resources on your phone or tablet, bombard you with ads, or nag you to make in-app purchases.
It’s the very nature of the beast.
Setting the Permissions
Whenever you install an app, Android will ask you all of the permissions it needs to function. It will also ask for your confirmation when you start that app for the first time. It is important to read them carefully before allowing a specific permission.
For you can get a really good idea if the application is asking for permission to do more than it needs. If you are asked for your contact details by a coloring app, then that raises more questions than answers. While it is true that some legitimate apps often ask for more permission than they need, acts like these should at least raise an eyebrow.
Rogue apps with the wrong permission are a recipe for disaster.
It gives that application the ability to phish your password through trickery, or access the log files on your handset. There has been no shortage of cases where a most used app on Android secretly mailed back sensitive information back to the developer.
That’s the last thing you want, this privacy and security nightmare.
App Permissions to avoid on Android
We take a look at the most common permissions apps ask for on Android below. Each one is detailed with what it does, so you know what it does and how it impacts your privacy and the security of your device. Additionally, it should also give you an idea of what permissions to avoid.
Let’s get to it.
This is an extremely dangers permission to give, as it allows an app to authenticate sensitive information on your Android device, like passwords. Giving a rogue app this access is asking for your password to be phished through trickery.
What’s telling is that the apps that ask for this permission legitimately come from big developers like Facebook, Twitter, and Google itself. Granting them this permission is fine, but if a small, suspicious apps asks you for this ability, then you will have to be very careful. As the potential for harm is great here.
Read Sensitive log data
You don’t want just any application to read the sensitive log data on your Android phone or tablet. But you would be surprised just how many treacherous apps ask for this permission. It simply enables that app to access the log files in your handset.
There have been cases where these malware infested apps secretly mailed the log files of the phones they were installed in, back to its developer. These included keystrokes as well, meaning the usernames and passwords of these users were also transferred. While it’s impossible to vouch that these details were not misused, you really don’t want to mess around with apps that mess around with your log data.
As it says on the tin, this permission gives an application access to your contact, letting it read all the details of these entries. This is the first thing that malware apps will ask for. If you allow them, they will take advantage of these details in a variety of ways, including sending malicious files to your contacts via spoofed emails.
Read or Write Calendar data
Now, this permission is something that will be of moderate importance to most users. Calendar information is usually slightly less important than your contact list, even as calendar events often contain contact information. But if you know that an app is legitimately asking for access here, then there is little harm in giving it.
Save for cases where you absolutely know that an application has got nothing to do with this.
Read Browser History and Bookmarks
This one explains itself. Browsing habits can be tracked using this permission. While there are legitimate uses of this permission like social apps, or applications that sync or backup your data, still take caution when enabling it.
Write Secure Settings
This permission allows an app to read and write system settings. No doubt this is something that Google heavily polices, as very few apps are approved that ask for this access. But that’s not to say that rogue software doesn’t exist that misuses this ability.
Those of you who are using rooted phones should be extra careful when giving this permission. In most cases you want to look the other way when an app wants in with this, for this is akin to given the keys of your house to a burglar.
Process Outgoing Calls
This one is straightforward. Once granted this permission, an app will get the ability to monitor the details of outgoing calls. And you can bet the farmhouse that it will examine everything — from the phone numbers to the personal details of your contacts.
This is another powerful permission that you should not be handing out like candies on a Halloween night. As a matter of pure fact, it should belong exclusively to VoIP apps, those that you use to make voice and video calls with your friends and family. An app that wants this access without having anything to do with incoming our outgoing calls will simply be over permissioned.
Back in the wild days, when Android was very new, apps really misused this ability. Once installed, they would send premium SMS messages from your handset incurring you heavy costs. Thankfully, we have moved beyond these nightmare scenarios.
Nevertheless, you should still use caution in granting apps access to send SMS or MMS. While the number of companies that can tack on charges to individual SMS is low nowadays, you would still receive the bill for using services like these. Unless you are absolutely sure that your chosen app requires access to your SMS, this permission should not be permitted.
Read Social Stream
The boom in social media shows no signs of slowing down, and neither are the privacy concerns that these networks entail. For this reason, Google incorporated a permission that allows applications the ability to read information gleaned from your social feeds.
This is, again, something that you should be very careful of, and only hand over to apps that you trust. Most people have a vast amount of personal information in their profiles on social networks, and you really don’t want to invite a rogue app to take advantage of this.
App permissions may be one of the best things to ever happen to the Android platform. They are great in theory. But it still pays to know exactly what terms and conditions you are agreeing to, and what the applications are doing with your private data.