The ins and outs of scary Android App Permissions
As mentioned before in this blog, one of the key ways to avoid installing a malware application is to take a look at the permissions that it asks for. Most of us would often skip even reading a word of the permissions page before we download an app. That is entirely wrong and should be avoided if you want to be careful.
Of course, truth be told, Android permissions are not inherently bad. They are necessary for certain apps to be able to do their job properly. You see, this permission based installation is actually one of Android’s greatest protective features.
Why Android needs Permissions
Android is in essence, a Linux derivative. It is what most people refer to as a Linux Lite. It is based off the same code, as well as the same security premise. As such, Android is essentially just as secure as a Linux operating system.
Why is Linux so secure? Simply because of the way it handles applications. Linux essentially sandboxes all apps by default. Each app is separated from each other by the operating system itself. This means that your messaging app shouldn’t have any access to whatever your calendar is doing. In the same sense, no apps should have access to your personal data like your contacts unless explicitly permitted to.
That is the core of how apps work in a Linux environment. This is a system adopted by the Android operating system, which serves as a security feature when done right, and a major liability if ignored. Unless you permit an app to do something, it can’t really do anything malicious.
How to view Permissions
In Android, you can only set the permissions once – before installation. Every time you download an app though the Play Store, you are shown a list of permissions that the app would “need”. This is a declaration of the app’s functions as well as which part of your device and data you would willingly entrust to the device. If you don’t like the permissions it requests, then you don’t have to install the app. Installing the app is tantamount to agreeing.
If you forgot to check which permissions an app uses after it has been installed already, you can always check it again by viewing the app through your app manager. The app manager can be accessed from the settings menu, where you go to “Applications” followed by “Manage Applications”. In newer versions, all you need to go to is your Applications Manager app or settings.
From this page, you can force close, uninstall, clear data and at the bottom, view the permissions for the app. This is a great thing to do if after you read this post, you feel like you may have a suspicious app installed.
Which Permission is OK?
This is a very strange question. Why would you think permissions are inherently bad? Since the time people knew that giving the wrong permissions could lead to a possible malware threat, they treated permissions with such disdain. Every permission was made for a purpose, and that purpose is entirely for the benefit of the increased capability of your device.
A smartphone is not a smartphone until it acts like a digital Swiss Knife. It has to have a lot of functions, and for it to be able to do that, it has to let apps have access to certain data. Where would we be if Email apps can’t gather contact data for us to easily send mail to our loved ones and business partners? Where will we be if calendar widgets were never given access to PIM data to display on our home screens? Permissions are necessary, but used in the wrong way, it can be bad.
So what do I do?
What you should do is to always be vigilant. When installing a new app, regardless if it is new, popular, or something you already used before, it is important that you have a good long look at exactly what the app has filed permissions for.
What you are looking for are out of place permissions that you think shouldn’t be in there. When you think that a certain permission is suspicious, you can do one of two things. Either you do not install the app at all, or contact the developer for an explanation and decide from there.
Most suspicious permissions
These permissions may be good and necessary to a certain app, but certain permissions are simply riskier than others. Here are some of the permissions to always look out for:
- Make Phone Calls
- Send or Receive SMS or MMS
- Read Contacts
- Read Sensitive Logs
- Retrieve Running Applications
- Disable Keyguard
- Kill background process
- Process Outgoing Calls
- Use SIP
- Write Secure Settings
- Authenticate Accounts
- Add System Service
- Read Instant Messages
- In-App Billing
If you see the above permissions in an app, make sure they really need it and make sure that you monitor that app for any suspicious activity if you ever install it. If you doubt yourself, try running the app through some Anti-Malware app to make sure it is not in the list of known offenders.