App permissions are access that an app is requesting before you download and install it. If you grant the access, app downloads and has all required permissions to run. No permissions are asked thereafter unless additional permissions are required to update newer version from Google play.
Android platform provide granular permission set for apps. Based on what an app does, it defines which permissions are required and does let android-platform know about those. As a user you get to know these permissions when you opt to install the app and before you download it.
It depends on app what permissions it needs. If you are just installing a game, then it may ideally not need any permissions. However if it needs to show ads then it needs internet access.
Why you need to worry about app permissions:
- Android apps or mobile apps in general have much more control over your mobile and can do anything it wants. Imagine you download a game and in addition to the play, it uploads all your photos/videos from mobile and sends to third-party website ? Or track your exact location and capture all your private info and notify others about it without you knowing anything.
- Fake apps - All top games on Google play has a copy-cat app which can unwanted stuff behind the scene
- Pre-Installed app can have more permissions than required - Huge number of apps come pre-installed on your phone which you may never use. These apps can have all permissions and you may never notice them doing anything. Even though you don’t actively use them, they can run behind the scene and do all damage. Pre-Install apps cant be uninstalls as they are marked as system apps. You can still go ahead and disable those apps. This blog post of mine provides more details
- Mobile malware/viruses has grown high. Here is report from Mcafee http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx
- Its been reported that apps request for 33 % extra permission than what they need. This hints of something fishy in the app
Here are permissions that are available for any android app to use.
Network access :
Can connect to internet to upload/download data. It can be app specific or from your mobile
Can make phone calls or send SMS. Can read/write SMS
Can access your location via GPS. Apps can exactly know where you are at any point
Can read/write all of your data on phone and sdcard. Photos/videos/songs/
Can access your gmail account for email-Id, name, phone number, contacts and friends.
Can scan files, change lock screen, change enable/disable settings on phone, start on phone restart.
Can access camera and take photos, vibrate phone, use NFC, accelerometer
Can request for purchases within apps
Providing access to some or all of the above android-permissions to any app may be harmful in anyway. You data/identity/location and more info is available for apps to use and send to outside world. You need to revisit permission thoroughly before you install.
How to prevent surprises on mobile ?
- Review permission of apps you install. Be careful if apps demanding too many permissions
- Review app permissions for pre-installed apps and disable them
- Install Mobile security Product that scans for malware and highlights you. Try McAfee Mobile Security - Award winning mobile security for FREE. This is security app and thus needs more permissions to scan and fix issues on your mobile - Go ahead and install with confidence.
- Do not install apps from unknown sources. Prefer only Android Google Play to download apps
- Check if you are not downloading fake version of popular apps. Check for download number and reviews around it. Do a quick check on correct version of app
- Uninstall / Disable apps that you don’t use
- Keep eye on data-usage, battery-usage by apps. Navigate to
- Android Setting > Data Usage > List of apps showing network/data usage
- Android setting > Battery > List of apps that consume battery
- Read reasons for permissions needed by app on Google Play store. Many developers do detail out this info to be transparent.
Hope this helps. Do write back or comment below.