Skip to main content

Why you need to understand mobile app permissions ?

Android has been successful due to huge array of apps available and ease of download for users.  Open nature of android helps app developers do develop various kinds of apps and do magic. Installing an app shows permissions required for an app and that gives us a hint what this app can do/access from you smartphone/tablet

App permissions are access that an app is requesting before you download and install it. If you grant the access, app downloads and has all required permissions to run. No permissions are asked thereafter unless additional permissions are required to update newer version from Google play.

Android platform provide granular permission set for apps. Based on what an app does, it defines which permissions are required and does let android-platform know about those.  As a user you get to know these permissions when you opt to install the app and before you download it.

It depends on app what permissions it needs. If you are just installing a game, then it may ideally not need any permissions. However if it needs to show ads then it needs internet access.




Why you need to worry about app permissions: 

  • Android apps or mobile apps in general have much more control over your mobile and can do anything it wants. Imagine you download a game and in addition to the play, it uploads all your photos/videos from mobile and sends to third-party website ? Or track your exact location and capture all your private info and notify others about it without you knowing anything.
  • Fake apps - All top games on Google play has a copy-cat app which can unwanted stuff behind the scene
  • Pre-Installed app can have more permissions than required - Huge number of apps come pre-installed on your phone which you may never use. These apps can have all permissions and you may never notice them doing anything. Even though you don’t actively use them, they can run behind the scene and do all damage. Pre-Install apps cant be uninstalls as they are marked as system apps. You can still go ahead and disable those apps. This blog post of mine provides more details
  • Mobile malware/viruses has grown high. Here is report from Mcafee http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx
  • Its been reported that apps request for 33 % extra permission than what they need. This hints of something fishy in the app 

Here are permissions that are available for any android app to use.

Network access :
Can connect to internet to upload/download data. It can be app specific or from your mobile

Phone calls/SMS: 
Can make phone calls or send SMS. Can read/write SMS

Your Location: 
Can access your location via GPS. Apps can exactly know where you are at any point

Storage: 
Can read/write all of your data on phone and sdcard. Photos/videos/songs/

Account access: 
Can access your gmail account for email-Id, name, phone number, contacts and friends.

System access: 
Can scan files, change lock screen, change enable/disable settings on phone, start on phone restart.

Hardware controls: 
Can access camera and take photos, vibrate phone,  use NFC, accelerometer

Payment access: 
Can request for purchases within apps

Providing access to some or all of the above android-permissions to any app may be harmful in anyway. You data/identity/location and more info is available for apps to use and send to outside world. You need to revisit permission thoroughly before you install.

How to prevent surprises on mobile ?

  • Review permission of apps you install. Be careful if apps demanding too many permissions
  • Review app permissions for pre-installed apps and disable them
  • Install Mobile security Product that scans for malware and highlights you. Try McAfee Mobile Security - Award winning mobile security for FREE. This is security app and thus needs more permissions to scan and fix issues on your mobile - Go ahead and install with confidence.
  • Do not install apps from unknown sources. Prefer only Android Google Play to download apps
  • Check if you are not downloading fake version of popular apps. Check for download number and reviews around it. Do a quick check on correct version of app
  • Uninstall / Disable apps that you don’t use
  • Keep eye on data-usage,  battery-usage by apps. Navigate to  
    • Android Setting > Data Usage > List of apps showing network/data usage 
    • Android setting > Battery > List of apps that consume battery
  • Read reasons for permissions needed by app on Google Play store. Many developers do detail out this info to be transparent.


Hope this helps. Do write back or comment below.

Comments

Popular posts from this blog

Malls track your visits by Wi-Fi tracking

How does Wi-Fi works ? 
Wi-Fi is preferred wireless way of internet connectivity on mobile devices. We connect to Wi-Fi at home/office/cafe/Hotels and public places to get fast internet connectivity and do all stuff using it. Usage of Wi-Fi has spread fast with smartphones/tablets as compared to laptops couple of years back.

Wi-Fi uses network name (SSID) and shared-password to connect and that makes it easy for users to get internet without much hassle. Once you connect to a network, your mobile device remembers the network and tries to auto-connect to it whenever its available.

Mobile devices store all this Wi-Fi network info and use to auto-connect on periodic basis so as to provide preferred connectivity; and all that happens behind the scene. May be its your android/iphone/blackberry/windows phone/tablet all work same way. Your phone tries to connect to Wi-Fi automatically.

You can see list of Wi-Fi networks connected by your device going to settings > WiFi




What is Wi-Fi track…

Your Privacy is Fuxxked up!

What is Online Privacy and why anyone should care about it  online? 

Online Privacy is about you and personal privacy concerning your data the way its stored and used by third-parties, and displaying that via internet.

With internet age, your data is captured every moment with what you do online and is available for companies to use and share with others without you noticing it and that's the reason why you should care. Your identity and data is not only yours anymore.




Google the web king:  
Every google search you do after login to google is stored. Google exactly know what kind of info you are looking for and what was your search history which it can relate and then show new results. Search done on webpage/tablet will also show up on phone and vice-versa.

If you have android then you can also see that "Google Now" will show related blogs/articles around your search. E.g. if you search for a name of place then few minutes later you will see a short map with time to trav…

Encrypt personal data with TrueCrypt

WARNING - TrueCrypt has stopped development and issued security warning. Please don't use TrueCrpt. Maintaining this blog for historical purposes. Updated 29th May 2014. 
-----------------------------------------------------------------------------------------------------------

You got personal data or photos that you don't want anyone to see ? Got confidential files in your external-HDD/Pendrive and want to share it with your friends?  Or want to create a secure vault to store sensitive data ?  Answer is TrueCrypt

TrueCrypt is Open-Source, free disk encryption software available for Windows/Mac & Linux. http://www.truecrypt.org/



Main features -

Create virtual disk within the real hard drive - You can create a vault and lock it using a password. You can then see all files within it with passwordEncrypts entire hard-disk or pen-drive. If your laptop is stolen or you lose pendrive with data then no one can read the content and see your files
Encryption is automatic and thus you…