Saturday, April 26, 2014

Why you need to understand mobile app permissions ?

Android has been successful due to huge array of apps available and ease of download for users.  Open nature of android helps app developers do develop various kinds of apps and do magic. Installing an app shows permissions required for an app and that gives us a hint what this app can do/access from you smartphone/tablet

App permissions are access that an app is requesting before you download and install it. If you grant the access, app downloads and has all required permissions to run. No permissions are asked thereafter unless additional permissions are required to update newer version from Google play.

Android platform provide granular permission set for apps. Based on what an app does, it defines which permissions are required and does let android-platform know about those.  As a user you get to know these permissions when you opt to install the app and before you download it.

It depends on app what permissions it needs. If you are just installing a game, then it may ideally not need any permissions. However if it needs to show ads then it needs internet access.




Why you need to worry about app permissions: 

  • Android apps or mobile apps in general have much more control over your mobile and can do anything it wants. Imagine you download a game and in addition to the play, it uploads all your photos/videos from mobile and sends to third-party website ? Or track your exact location and capture all your private info and notify others about it without you knowing anything.
  • Fake apps - All top games on Google play has a copy-cat app which can unwanted stuff behind the scene
  • Pre-Installed app can have more permissions than required - Huge number of apps come pre-installed on your phone which you may never use. These apps can have all permissions and you may never notice them doing anything. Even though you don’t actively use them, they can run behind the scene and do all damage. Pre-Install apps cant be uninstalls as they are marked as system apps. You can still go ahead and disable those apps. This blog post of mine provides more details
  • Mobile malware/viruses has grown high. Here is report from Mcafee http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx
  • Its been reported that apps request for 33 % extra permission than what they need. This hints of something fishy in the app 

Here are permissions that are available for any android app to use.

Network access :
Can connect to internet to upload/download data. It can be app specific or from your mobile

Phone calls/SMS: 
Can make phone calls or send SMS. Can read/write SMS

Your Location: 
Can access your location via GPS. Apps can exactly know where you are at any point

Storage: 
Can read/write all of your data on phone and sdcard. Photos/videos/songs/

Account access: 
Can access your gmail account for email-Id, name, phone number, contacts and friends.

System access: 
Can scan files, change lock screen, change enable/disable settings on phone, start on phone restart.

Hardware controls: 
Can access camera and take photos, vibrate phone,  use NFC, accelerometer

Payment access: 
Can request for purchases within apps

Providing access to some or all of the above android-permissions to any app may be harmful in anyway. You data/identity/location and more info is available for apps to use and send to outside world. You need to revisit permission thoroughly before you install.

How to prevent surprises on mobile ?

  • Review permission of apps you install. Be careful if apps demanding too many permissions
  • Review app permissions for pre-installed apps and disable them
  • Install Mobile security Product that scans for malware and highlights you. Try McAfee Mobile Security - Award winning mobile security for FREE. This is security app and thus needs more permissions to scan and fix issues on your mobile - Go ahead and install with confidence.
  • Do not install apps from unknown sources. Prefer only Android Google Play to download apps
  • Check if you are not downloading fake version of popular apps. Check for download number and reviews around it. Do a quick check on correct version of app
  • Uninstall / Disable apps that you don’t use
  • Keep eye on data-usage,  battery-usage by apps. Navigate to  
    • Android Setting > Data Usage > List of apps showing network/data usage 
    • Android setting > Battery > List of apps that consume battery
  • Read reasons for permissions needed by app on Google Play store. Many developers do detail out this info to be transparent.


Hope this helps. Do write back or comment below.

No comments:

Post a Comment

Transform your $15 router to $200 security router for FREE

Technology is evolving faster and there are more IoT devices at home/office than a few years back. Software Security companies are movi...