Android forces apps to declare the permissions they require when they install them. You can protect your privacy, security, and cell phone bill by paying attention to Android app permissions when installing those apps – although many users don’t.
Malicious apps can't send premium-rate SMS messages or snoop on your personal information without asking permission - unless there's a security vulnerability, of course. Often, people that install malicious apps could have noticed the problem by staying vigilant over Android app permissions.
Permissions Explained
Every app declares its permissions when you install it. It doesn't request permissions -- you can't actually control these permissions. The app tells you what it requires, and you can take it or leave it. Android apps must declare permissions for nearly everything, from Internet access and writing to the SD card to monitoring your location and sending SMS messages.
You’ll see a list of these permissions when installing apps from Google Play. You can tap each type of permissions to get more detailed information. A similar screen appears when you sideload apps or install them from a third-party app store.
Here we see that Path requests access to your Contacts data. Path was recently in the hot seat for secretly uploading contacts data from Android and iOS devices. Android users had some warning that Path could do this by virtue of its permissions, while iOS users had no idea.
Apple’s iOS lets apps read contacts without requesting any sort of permission and investigations found that a large amount of iOS apps upload users’ address books. Users may have assumed Apple’s app store review process would protect them, but this incident shows the advantage of using Android app permissions instead of relying on a review process.
The Problem With Permissions
Permissions are great - in theory. The problem is that most Android users had no idea Path was doing this either. For many users, permissions have unfortunately become like a EULA – something to quickly tap through when installing apps. This isn’t helped by the way permissions are presented, placing everything from accessing the Internet to sending premium-rate SMS messages in the same list.
Every app ask seems to ask for permissions. Even installing Angry Birds requires allowing access to your device's ID and location. Angry Birds requests these to target ads, but this trains users to agree to permissions requests and makes permissions seem less serious, with problematic permissions blending in.
Automatic Updates vs. Manual Updates
Android can automatically update your apps, saving you time. Every now and then, however, you’ll see that an app can't automatically update.
Whenever you see an app that requires manual updates, it’s because the app requires additional permissions. Usually, the app’s developers added a new feature that requires a new permission.
Theoretically, this is supposed to protect you from an app’s developers “going rogue” and updating a harmless app with malicious features. However, most users probably tap through the message without examining the new permission. You'll see a “New” indicator next to each new permission.
Viewing App Permissions
Android also allows you to view the permissions of your installed apps. To do so, tap the Menu button, tap Settings, tap Applications, and tap Manage Applications. Tap an installed app in the list and scroll down to the view the permissions it requires.
Scanning App Permissions
The built-in way to view Android app permissions is a bit slow and tedious if you're reviewing a lot of apps. To make this faster, install an app like aSpotCat. aSpotCat scans your installed apps and categorizes them by the permissions they require.
Avast! Mobile Security, a well-reviewed Android antivirus app, also includes its own permissions scanner, named the Privacy Advisor.
Restricting App Permissions
There’s no way to restrict app permissions by default. However, if you’ve rooted your Android device, you can install an app like Permissions Denied. This app allows you to revoke permissions from an installed app. Many apps will continue working if you revoke a permission, although some may force close (crash) when they attempt to use the permission.
There are other cool things you can do with a rooted Android, too.
How much attention do you pay to Android app permissions? Do you ignore them, or do you hunt for apps requiring the least permissions? Leave a comment and let us know.