When you download an app from the Android Google Play store, it will prompt you to accept the permissions it requests from your device. Most people do not pay attention and simply download the app. This is a bad idea. Left unchecked, app permissions can open your device to possible data theft, spam and malware.
An Android app can ask for 124 different types of permissions. According to a study by the UC Berkeley Electrical Engineering and Computer Sciences department in February, 33% of Android apps request more permissions than they need. The researchers asked users if they understood what the permissions requested by an app actually were for, and 97% of those surveyed could not correctly identify what all the app permissions were used for.
For instance, when an app requests access to your device storage, what is it actually asking for? Can it modify or delete your USB storage, and why would it want to do such a thing? When it asks for access to your accounts, which accounts does it want? If it requests SMS privileges, do you know whether it could text premium pay services on your behalf? These are all serious questions, yet most people just click “download” and start using the app.
Researchers found that only 83% of Android users paid attention to permissions when installing an app and 42% did not know what permission were for. This could prove problematic for users who prefer to keep their personal information secret.
Most apps from reputable developers play by the rules when it comes to how permissions are used. But that is not always the case. The mobile social network Path was caught uploading users’ contacts from their address books to Path’s servers without permission. Path apologized and said it wiped its servers of the purloined data, but less scrupulous developers have little incentive to do so when the data gleaned from a device through broad permissions is lucrative enough.
There are a few basic rules to follow when downloading an app. First, where is it coming from? The Apple App Store can generally be trusted, as it pre-screens all apps before publishing them. A few apps have been discovered behaving badly (Path, for instance), but Apple cracks down quickly on apps found to violate its terms of service. Yet Apple does not explicitly show the permissions an app has been granted upon download the way Android does. Google Play is a different matter. Publishers are not subjected to the same type of pre-screening that iOS apps are, and even though permissions are listed upon download, what you think an app is doing may be different from what the app actually does.
Downloading an app is like making any other type of purchase. Instead of opening your wallet willy-nilly and downloading whatever seems interesting, do some research. Read reviews and check comments about the app. Does developer have a good reputation? Do the permissions make sense for what the app is supposed to do? An RSS reader, for instance, probably does not need access to your smartphone’s camera. If it does ask for that permission, even though there is no plausible reason for it, do not download that app.
[Infographic courtesy of McAfee.]