The Risky Android App's Permissions

By Author: Kelly Burby
Total Articles: 349
Comment this article

Android OS works on great security architecture and Permissions are its safeguard. While installing an app from Android Market (It is Google Play now), user is informed about some permissions that by installation allow apps to access many features of a device. But, not all permissions are safe and there are a lot of unsafe permissions that may create risk at user’s personal data.

I do not say that all apps with excessive permissions are unsafe to use but they may be chancy if their source is unreliable. Users should try to make it a habit to check what permissions they are providing to the app to access the device. In many cases, users are not aware of these permissions but by this simple example, they can understand the entire picture –

You are buying a book but the shopkeeper wants to know your phone number, your waist size, then your house address, blood group, how much money you have in your account, etc. Does it seem to be logical and don’t you think that why shopkeeper wants such information which have no connection with book. Don’t you think that the shopkeeper will have many chances to misuse ...
... your information?

Due to absence of knowledge about mobile technology, users may provide permission to a simple compass app that has authority to send text SMS to any number and this number may be the premium one that may cost significant money as well.

Many apps with excessive permissions are innocent but guilty are those android app developers who are lazy and overworked to lock down unnecessary permissions. This article discusses about some unsafe permissions that user should consider and provide to an app before installing it in his device.

Services that cost your Money – Some very simple apps want this permission. But at a risky phase, any app allowed to do so may call or SMS to premium numbers and cost user’s money. Until the source is trustworthy, avoid downloading such app.

Your Personal Information – By this permission the app can access to user’s contact and calendar data. A texting app may need this permission to access to contact information or to synchronize calendar across different platforms. A phonebook app with interactive dial system may require this permission too. But with the same permission, an app may also copy your contact information to third party server. Calendar exposed to third party may reveal that this week you have one appointment with doctor and other with banker.

Storage – This permission allows an app to read from, write to, and delete from user’s SD card and / or internal memory. But this permission can be a risk to user’s private data like documents, images, videos or other files and an app can read, delete or potentially change them.

Phone Calls – This permission allows an app to read the phone state and identity. With this, app can make-out when user is on the phone. At risky level, the app may detect whenever user is on the phone, record the conversation and send it to someone else. Identity information can also make-out where your house or office is by reading your steady GPS location.

You location – This permission allows an app to determine user’s location and suggest local coffee shops, restaurants, shopping spots, etc. But the risk is that the app knows where you are and where you are not available. By this information a criminal can break into your house in your absence.

System Tools – Permission given to System Tools control basic settings of user’s phone. Apps like media player and games use this permission to prevent device from sleeping. But this permission may also prevent user to observe a notification.

Your Messages – This permission lets an app read and write text or multimedia messages. Text message widget requires this permission. But the risk it that an app can read user’s message and can forwards or send new ones.

Hardware Controls - This permission allows an app to control phone vibration and take picture. Games use this permission to feedback game’s actions to user. Although, there is partial risk with this but an app generating too much vibration can drain battery and taking picture can fill-up device memory.

Network Communication – This permission allows app to create or change Bluetooth/Wi-Fi connection. Apps need this permission to communicate with other devices. But this also allows an app to transfer information onto other’s devices and with combination of permissions like Storage and Your Personal Information, it turns out to be one of the most risky permissions.

Your accounts – This permission allows an app to see and check if any account is activated. Though, it does not permit to go into account and no credentials are revealed but risk is that someone may know that which account is active for an attack or serious investigation.

Apart from checking permissions, user can protect his device by some very general things like reading app’s comments on the market, checking ratings attained by an app, checking developer’s website, keeping eye on each app update as developer may change permissions.

Application Development for all the major smartphones (iphone,android, blackberry etc..)
For more information visit android developer and android applications