Skip to main content

Why you need to understand mobile app permissions ?

Android has been successful due to huge array of apps available and ease of download for users.  Open nature of android helps app developers do develop various kinds of apps and do magic. Installing an app shows permissions required for an app and that gives us a hint what this app can do/access from you smartphone/tablet

App permissions are access that an app is requesting before you download and install it. If you grant the access, app downloads and has all required permissions to run. No permissions are asked thereafter unless additional permissions are required to update newer version from Google play.

Android platform provide granular permission set for apps. Based on what an app does, it defines which permissions are required and does let android-platform know about those.  As a user you get to know these permissions when you opt to install the app and before you download it.

It depends on app what permissions it needs. If you are just installing a game, then it may ideally not need any permissions. However if it needs to show ads then it needs internet access.




Why you need to worry about app permissions: 

  • Android apps or mobile apps in general have much more control over your mobile and can do anything it wants. Imagine you download a game and in addition to the play, it uploads all your photos/videos from mobile and sends to third-party website ? Or track your exact location and capture all your private info and notify others about it without you knowing anything.
  • Fake apps - All top games on Google play has a copy-cat app which can unwanted stuff behind the scene
  • Pre-Installed app can have more permissions than required - Huge number of apps come pre-installed on your phone which you may never use. These apps can have all permissions and you may never notice them doing anything. Even though you don’t actively use them, they can run behind the scene and do all damage. Pre-Install apps cant be uninstalls as they are marked as system apps. You can still go ahead and disable those apps. This blog post of mine provides more details
  • Mobile malware/viruses has grown high. Here is report from Mcafee http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx
  • Its been reported that apps request for 33 % extra permission than what they need. This hints of something fishy in the app 

Here are permissions that are available for any android app to use.

Network access :
Can connect to internet to upload/download data. It can be app specific or from your mobile

Phone calls/SMS: 
Can make phone calls or send SMS. Can read/write SMS

Your Location: 
Can access your location via GPS. Apps can exactly know where you are at any point

Storage: 
Can read/write all of your data on phone and sdcard. Photos/videos/songs/

Account access: 
Can access your gmail account for email-Id, name, phone number, contacts and friends.

System access: 
Can scan files, change lock screen, change enable/disable settings on phone, start on phone restart.

Hardware controls: 
Can access camera and take photos, vibrate phone,  use NFC, accelerometer

Payment access: 
Can request for purchases within apps

Providing access to some or all of the above android-permissions to any app may be harmful in anyway. You data/identity/location and more info is available for apps to use and send to outside world. You need to revisit permission thoroughly before you install.

How to prevent surprises on mobile ?

  • Review permission of apps you install. Be careful if apps demanding too many permissions
  • Review app permissions for pre-installed apps and disable them
  • Install Mobile security Product that scans for malware and highlights you. Try McAfee Mobile Security - Award winning mobile security for FREE. This is security app and thus needs more permissions to scan and fix issues on your mobile - Go ahead and install with confidence.
  • Do not install apps from unknown sources. Prefer only Android Google Play to download apps
  • Check if you are not downloading fake version of popular apps. Check for download number and reviews around it. Do a quick check on correct version of app
  • Uninstall / Disable apps that you don’t use
  • Keep eye on data-usage,  battery-usage by apps. Navigate to  
    • Android Setting > Data Usage > List of apps showing network/data usage 
    • Android setting > Battery > List of apps that consume battery
  • Read reasons for permissions needed by app on Google Play store. Many developers do detail out this info to be transparent.


Hope this helps. Do write back or comment below.

Comments

Post a Comment

Popular posts from this blog

Malls track your visits by Wi-Fi tracking

How does Wi-Fi works ?  Wi-Fi is preferred wireless way of internet connectivity on mobile devices. We connect to Wi-Fi at home/office/cafe/Hotels and public places to get fast internet connectivity and do all stuff using it. Usage of Wi-Fi has spread fast with smartphones/tablets as compared to laptops couple of years back. Wi-Fi uses network name (SSID) and shared-password to connect and that makes it easy for users to get internet without much hassle. Once you connect to a network, your mobile device remembers the network and tries to auto-connect to it whenever its available. Mobile devices store all this Wi-Fi network info and use to auto-connect on periodic basis so as to provide preferred connectivity; and all that happens behind the scene. May be its your android/iphone/blackberry/windows phone/tablet all work same way. Your phone tries to connect to Wi-Fi automatically. You can see list of Wi-Fi networks connected by your device going to settings > WiFi What i
9 comments
Read more

Use Bookmarks for Bank websites!

Online banking is preferred way for bank transactions and we hardly visit bank building. Most banks do provide android/iphone apps  to take it further. Bank websites are here to stay and do provide rich set of services for customers; and here lies the security issue. You need to protect you identity while logging in and prevent using your credentials on any other fake websites. Use browser bookmarks to open bank website: Always visit your bank using a bookmark on your browser. Simple practice can save your money Never search for bank URL in google or any search engine. You may land up in fake website Never search bank website URL in emails, you might open fraudulent email with URL pointing to site that looks similar to your bank. You may end up entering credentials and give away access to hackers Do NOT bookmark 'Sign in' page as it can change, always bookmark main website of bank e.g. https://www.hsbc.co.in, you can then follow the 'Sign in' page from there. Jus
Post a Comment
Read more

10 Ways your computer can get infected by viruses and how to avoid that

Getting infected by Virus on your laptop/desktop is easy as you read below. There is no one good way to be protected against all of them and thus you need to be cautious enough to keep your data and laptop secure. On other hand you don't need to be super paranoid or require geeky skills to be protected - just be aware about your actions and apply common sense. 1. USB/Pen-Drive:  The biggest reason to get infected is using extensively using USB/Pen drives to share data across multiple machines. This is the most exploited method use by viruses to spread and autorun on machines when inserted. This is not restraned only to USB/Pen-drive, but all devices that exposes USB interface to connect to computer. E.g Camera which provides USB to copy photos/videos to your computer, or your mobile phones to copy music/files, Kindle to copy books and external hard-disk that host huge data. Any USB/Pen-drive when connected to computer auto-runs set of files and viruses gets the entry poi
Post a Comment
Read more