Android Security: The Use And Abuse Of Permissions

Android Security

Android may not be the securest platform out there, but its market share speaks volumes of its colossal popularity around the globe. One of the many factors contributing its strong appeal is the millions of apps that are available for it on Google Play Store or third-party app stores.

While it is easy to give in to the temptation and start filling up the phone with these apps, it is important to carefully review them and the permissions they need before continuing with the installation process. You wouldn’t be too thrilled about installing a camera app on your Android that captures more than just pictures and videos, would you?

Separating Paranoia From The Real Danger

There are many Android apps that ask for permission to access the Internet. This request is hardly alarming or unusual, as the apps or some of their features may require Internet connectivity for functionality. Social networking, music and gaming apps typically ask for such permission and that too for understandable reasons.

There are also many apps that apparently don’t have a need for an Internet access, yet they still it still shows up in the list of required permissions. This too is not unusual, as the app may be making such a request to fetch ads on the device, or interact with the cloud storage.

While the permission to access the Internet alone is hardly anything to worry about, it can become a threat if and when combined with other permissions.

The Many Misuses Of Permissions

Some apps may list the permission to read or send text messages as a requirement to function. This is fine for trusted social networking and email apps, but if an app that clearly has no business with text messages is seeking such a permission, then it may behave like an SMS spy app.

The app may be spying on text messages and relaying them to a third party, who may or may not be selling the sensitive or private information contained in them to other parties. Even if the third party has no intentions of selling the gathered data, it may not be saving it on a secure server, thus leaving it completely vulnerable to snoopers.

An app may abuse the permission to write text messages by sending premium rate messages without the cell phone owner’s knowledge. It may also use the phone to send illegal or inappropriate messages, thus pushing the person towards legal or social trouble.

Aside from abusing the permission to read or send text messages, an app may ask for permission to read contacts. Once again, social networking and email apps have a valid reason for needing such an access, but other apps may simply be looking to fish for information such as contact name, phone number or email and transmit it to a third party, who may or may not use it for some revenue or malicious purpose.

Apps can similarly misuse permission to calendar events, browser history and storage.

Vigilance Can Save The Day

The misuse of permissions and its severe implications is precisely what makes it so important to go through the list of them thoroughly before installing an app on the phone. In order to do that, you need to first understand what each permission type means and does.

Once you are clear about that, you should review the list of permissions that an app requires and determine how well it fits the functionality of that app. If the list of permissions seem suspicious, it is best to avoid installing that app, as it may be designed to carry out more than just the obvious function.

The Need For Strong Scrutiny Mechanism

When a developer uploads an app on the Google Play Store, they are required to give its details, including the permission that it requires for functionality. In some cases, the developer may simply share the link of their website, which the user can visit in order to get the details of the app.

Unfortunately, Google’s scrutiny mechanism for verification of apps being uploaded on its Play Store is not as strong and stringent as Apple’s. Developers can and have exploited this leniency by not revealing everything that there is to know about the app and its permissions.

The Android platform is already attracting plenty of negative attention for the massive amount of malware activity associated with it and the last thing it needs is apps that are abusing their permissions. A bit of vigilance on part of the user and a stricter scrutiny mechanism by Google can indeed curb the vulnerability to a great extent.

Jessica Carol

Jessica Carol follows the developing trends in the tech world. She further researches to the extent of dissecting them and provides her readers with expert opinion and reviews.

  • Brooke Bundrick

    I agree that Google should be enforcing the need to disclose all of the permissions the app will be using. However, it seems to me that most people (including myself at times) simply press the accept button without reading one word of a privacy policy, list of permissions, or anything else of seriousness. Educating the users on the importance of reading what they are agreeing to, would be most helpful at this point!