In continuation to my previous post “You don’t need Permission to be Happy, but a Mobile App has to!“, let’s have a look at some other App permissions.
View Network Stat
It allows apps to check for cellular network connections, including Wi-Fi. Apps require network connectivity to download updates or connect to a server or site. The application can control Bluetooth which includes sending and receiving data from nearby devices. E.g. Location apps, Check-in apps, Social media apps.
Malicious apps use it to spot available network connections so they can perform other routines, like downloading other malware or sending text messages. Malicious apps can switch on these connections without your knowledge, draining your battery and adding to data charges.
Modify/Delete SD Card Contents
This lets apps write on external storage, like SD cards. E.g. Camera apps, Audio and video apps and Document apps. Cyber criminals use this to store copies of stolen information or save files onto your SD card before sending them to a command center. Malicious apps can also delete photos and other personal files on your SD card.
If an app asks for this permission, it can access your entire memory, and read, edit and delete your data. You should be very wary of apps asking for this permission.
Full Internet Access
This allows apps to connect to the Internet. E.g. Browser apps, Gaming apps, Communication apps and Productivity apps. With this privilege, you have to be extra careful! As the name suggests, the app receives full access to the Internet. Data can be uploaded without your knowledge. In combination with other permissions, this app can quickly cause widespread damage. Malicious apps use the Internet to communicate with their command centers or download updates and additional malware.
Bookmark web pages and read web history
Allows an application to read (but not write) the user’s browsing history and bookmarks. Alternative browsers, back-up tools and possibly some social networking apps need these permissions. But if a game is asking for them, it should set off alarm bells since the app may want to spy on your browsing behavior.
View Wi-Fi State
It gives apps to access Wi-Fi network information, such as the list of configured networks and the current active Wi-Fi network. Cyber criminals take advantage of device bugs to steal Wi-Fi passwords and hack into the networks you use. E.g. Browser apps, Communication apps.
Personal information – Read Calendar events
Few apps outside of PIM or task management apps need this one. If you come across it, carefully consider why the app would need to read (let alone write) to your calendar. Most don’t.
Retrieve Running Apps
Lets apps identify currently or recently running tasks and the processes running for each one. E.g. Task killer apps, Battery monitoring apps and Security apps. Cyber criminals use this to steal information from other running apps. They can also check for and “kill” security apps.
Device ID & call information
An app can access the device ID, phone number, whether the device is making a call, and the number connected on the other end of the call.
Automatically Start at Boot
Apps use this to tell the OS to run the application every time you start your device. E.g. Task killer apps, Battery monitoring apps and Security apps. Malicious apps use this to automatically run at every boot.
This gives apps access to your device’s vibrator function. E.g. Communication apps and Gaming apps. Malicious apps use it to stop vibrations, which can alert you of premium service notifications or verification text messages before the malicious app can intercept them.
Read sensitive log data
This permission is very important! It allows apps to read log data from other apps. Sometimes this log data is very sensitive and apps shouldn’t need that permission. There are some exceptions, like the Twitter app Plume which needs the permission to submit detailed bug reports to developers. But watch out for other apps.
The application offers ways to purchase content inside the app itself. For example, an in-game currency.
Camera / Microphone
The app has the ability to take pictures and video. The app can use the device’s microphone, this may include recording audio. This may happen with or without the user’s permission.
Wearable sensors/activity data
The device is able to access information from a wearable device. For example, getting heart rate information from an Wear device.
There are many other, less suspicious permissions for things like keeping the phone awake, controlling hardware, or accessing system settings. Use a bit of common sense with these. An app that takes pictures needs to control your hardware. Netflix needs to keep your screen awake for the 90 minutes you’re not touching the screen. A ringer mode widget needs access to your settings.
Most of the permissions are harmless, while some can access quite a bit of information. When you come across something you don’t understand, usually a bit of deductive reasoning can figure out why an app needs to do something. There are a few things you can do to stay on top of app security.
- Use reasoning to figure out whether the app really requires these permissions
- Send an email to the developer asking about the permissions
- Read reviews on the Play Store / App Store and check forums and news sites to see if there have been any complaints about the app recently.
Did I miss on some important permission? Do let me know in the comments…
Looking for a Job Change in QA/Testing technology? Get Regular Job notifications @ WhatsApp!