Skip to main content

Why you need to understand mobile app permissions ?

Android has been successful due to huge array of apps available and ease of download for users.  Open nature of android helps app developers do develop various kinds of apps and do magic. Installing an app shows permissions required for an app and that gives us a hint what this app can do/access from you smartphone/tablet

App permissions are access that an app is requesting before you download and install it. If you grant the access, app downloads and has all required permissions to run. No permissions are asked thereafter unless additional permissions are required to update newer version from Google play.

Android platform provide granular permission set for apps. Based on what an app does, it defines which permissions are required and does let android-platform know about those.  As a user you get to know these permissions when you opt to install the app and before you download it.

It depends on app what permissions it needs. If you are just installing a game, then it may ideally not need any permissions. However if it needs to show ads then it needs internet access.




Why you need to worry about app permissions: 

  • Android apps or mobile apps in general have much more control over your mobile and can do anything it wants. Imagine you download a game and in addition to the play, it uploads all your photos/videos from mobile and sends to third-party website ? Or track your exact location and capture all your private info and notify others about it without you knowing anything.
  • Fake apps - All top games on Google play has a copy-cat app which can unwanted stuff behind the scene
  • Pre-Installed app can have more permissions than required - Huge number of apps come pre-installed on your phone which you may never use. These apps can have all permissions and you may never notice them doing anything. Even though you don’t actively use them, they can run behind the scene and do all damage. Pre-Install apps cant be uninstalls as they are marked as system apps. You can still go ahead and disable those apps. This blog post of mine provides more details
  • Mobile malware/viruses has grown high. Here is report from Mcafee http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx
  • Its been reported that apps request for 33 % extra permission than what they need. This hints of something fishy in the app 

Here are permissions that are available for any android app to use.

Network access :
Can connect to internet to upload/download data. It can be app specific or from your mobile

Phone calls/SMS: 
Can make phone calls or send SMS. Can read/write SMS

Your Location: 
Can access your location via GPS. Apps can exactly know where you are at any point

Storage: 
Can read/write all of your data on phone and sdcard. Photos/videos/songs/

Account access: 
Can access your gmail account for email-Id, name, phone number, contacts and friends.

System access: 
Can scan files, change lock screen, change enable/disable settings on phone, start on phone restart.

Hardware controls: 
Can access camera and take photos, vibrate phone,  use NFC, accelerometer

Payment access: 
Can request for purchases within apps

Providing access to some or all of the above android-permissions to any app may be harmful in anyway. You data/identity/location and more info is available for apps to use and send to outside world. You need to revisit permission thoroughly before you install.

How to prevent surprises on mobile ?

  • Review permission of apps you install. Be careful if apps demanding too many permissions
  • Review app permissions for pre-installed apps and disable them
  • Install Mobile security Product that scans for malware and highlights you. Try McAfee Mobile Security - Award winning mobile security for FREE. This is security app and thus needs more permissions to scan and fix issues on your mobile - Go ahead and install with confidence.
  • Do not install apps from unknown sources. Prefer only Android Google Play to download apps
  • Check if you are not downloading fake version of popular apps. Check for download number and reviews around it. Do a quick check on correct version of app
  • Uninstall / Disable apps that you don’t use
  • Keep eye on data-usage,  battery-usage by apps. Navigate to  
    • Android Setting > Data Usage > List of apps showing network/data usage 
    • Android setting > Battery > List of apps that consume battery
  • Read reasons for permissions needed by app on Google Play store. Many developers do detail out this info to be transparent.


Hope this helps. Do write back or comment below.

Comments

Post a Comment

Popular posts from this blog

Password - The weakest factor online

Passwords has been a proven way to protect your account and keep your info secure and private.    Passwords are common and we do use it everyday. Access emails, your system,  Facebook, unlocking your phone, access bank online,  and many more. An average of 10 passwords are used by any individual (like you) everyday as per reports.    With internet and the number of things you can do online, password has been a common practice. To play a game or post review, you need an account and thus the password. Concept of an account has been strongly developed in internet so that you can log back in anytime and continue to access the information back where you left. An account maps your work, activity on that website which can be saved and later referred back. Now that there is data associated with you account, websites wants to protect users data and thus the password which forms the easies way to authenticate a user.    Hackers and mal...
1 comment
Read more

Transform your $15 router to $200 security router for FREE

Technology is evolving faster and there are more IoT devices at home/office than a few years back. Software Security companies are moving towards securing every connected device at your home/office and not just protecting laptops/smartphones. Traditional Security companies have launched a Wi-Fi router based security product to secure every connected device. Please check  McAfee ,   Norton  &  F-Secure . There are few more new players like  NetSequre ,  eBlocker ,  Cujo  &  Gryphon  centered around secured home protection via Wi-Fi router. Protecting every connected device makes sense and router based security technology solve it perfectly. Most of these above Security companies are offering a Hardware/Router device costing around $200-$300 as the premium price for a security solution. Sounds perfect as it brings in huge value to customers. NetSequre has taken a different approach and we are happy about we...
1 comment
Read more

Use Bookmarks for Bank websites!

Online banking is preferred way for bank transactions and we hardly visit bank building. Most banks do provide android/iphone apps  to take it further. Bank websites are here to stay and do provide rich set of services for customers; and here lies the security issue. You need to protect you identity while logging in and prevent using your credentials on any other fake websites. Use browser bookmarks to open bank website: Always visit your bank using a bookmark on your browser. Simple practice can save your money Never search for bank URL in google or any search engine. You may land up in fake website Never search bank website URL in emails, you might open fraudulent email with URL pointing to site that looks similar to your bank. You may end up entering credentials and give away access to hackers Do NOT bookmark 'Sign in' page as it can change, always bookmark main website of bank e.g. https://www.hsbc.co.in, you can then follow the 'Sign in' page from there. Jus...
Post a Comment
Read more