The Seven Deadly Android Permissions: How to Avoid the Sin of Slothful Preparedness

Kannon Yamada 16-03-2013

android permissions explainedEveryone with an Android device should know that your private information isn’t treated as private. For example, making an app purchase may expose personal contact information, including one’s name, physical address and email address, to developers. Another major debacle occurred when Path Inc. began lifting contact information from its users’ phones. In response to these privacy breaches, some legislators announced plans for legal action: California’s Attorney General, Kamala Harris, recently announced an agreement with major technology firms to improve user privacy standards, particularly on handsets.


However, at present, few users know of the potential security and privacy concerns. Few even know the difference between Android and iOS’s security measures. For example, the Android operating system’s security differs from the iPhone OS in one major regard: Apple exercises very strict quality control guidelines for apps, whereas Android permits a broader range of software. Android apps request “permission” from users to access your sensitive data. Unfortunately, Google doesn’t fully explain the potential security risks that that some permissions present users. What we don’t know can hurt us, particularly when we install apps from the dark nether-regions of the internet.

This article explains how seven potentially deadly app permissions might hurt you and how best to avoid such calamitous installations.

android permissions explained

What is a Permission?

Chris Hoffman explained in detail what app permissions How Android App Permissions Work and Why You Should Care Android forces apps to declare the permissions they require when they install them. You can protect your privacy, security, and cell phone bill by paying attention to permissions when installing apps – although many users... Read More are — permissions allow apps to access either the hardware features of a phone, such as the camera, or a user’s personal information. The diverse nature of this system permits a great variety of amazing software. For apps like Google Now to work properly, it must access tremendous amounts of data, as well as your phone’s GPS and data components. Most apps request this data without ill intent. However, a growing number of malicious apps can use these permissions in lethal concert with one another.

For the penultimate source on Android permissions, check out user Alostpacket’s comprehensive guide. Another handy source is Matthew Pettitt’s analysis of the top-twenty Android apps and their requested permissions. Both of these works contributed greatly to this article.


The Permissions

#1 Authenticate accounts: This permits an app to “authenticate” sensitive information, such as passwords. What makes it extremely dangerous is that a rogue app with this capability can phish a user’s password through trickery. The vast majority of these kind of apps legitimately come from big developers, such as Facebook, Twitter and Google. Because of the potential for harm, however, look very carefully at the apps you grant permission to.

#2 Read sensitive log data: This permission allows an app to access your handset’s log files. For example, the CarrierIQ scandal What Is Carrier IQ And How Do I Know If I Have It? Carrier IQ has sprung into our lives several weeks ago, with a video by security researcher Trevor Eckhart who found some hidden apps running on his HTC device. Since then, speculations and panic have risen... Read More , an app used in most phones secretly mailed your phone’s log files back to its developer. However, it turned out that the app sent back logs which included keystrokes—meaning your passwords and logins were included in this file. While the company CarrierIQ maintained that these logs weren’t used maliciously (something we must take at their word), we have no idea how securely they stored this data. Essentially, log files can contain extremely sensitive information.

#3 Read contacts: Read Contacts allows an app to read all of your contacts. Often, malware-like apps will attempt to take advantage of unwary users in indirect ways. For example, after granting a rogue app this permission I received an email with attached files from a friend that I correspond frequently with. The attached files were some kind of malware. The email had been spoofed!

#4 Write secure settings: Allows an app to read and write system settings. I’ve never seen an app request this permission before, and I’m pretty sure that Google heavily polices apps using this feature. However, certainly there exist rogue software with this ability. For those with rooted phones, you should avoid apps that request this permission like they’ve got an infectious disease. It’s possible that they do have an electronic analog.


#5 Process outgoing calls: The ability to monitor the details of outgoing calls, such as phone numbers and other kinds of contact information, should belong exclusively to VOIP apps. Programs making such requests, not dealing explicitly with outgoing or incoming calls, are ‘over-permissioned’.

#6 Send SMS: You should use caution in granting apps access to send SMS or MMS. There exist a number of companies that can tack on charges to individual SMS—you of course, would receive the bill for using such services. Unless the app specifically requires access to your SMS, this permission should not be permitted.

#7 Read social stream: Since the recent boom in social media, and the obvious privacy concerns, Google incorporated a permission that allows apps to read information gleaned from your social feeds. Considering the vast amount of personal information that’s being produced through social networks, the wrong app might be able to take advantage of this. For example, many of the average user’s security questions might be picked up from their social media feed.

How to Interact with Permissions

Some simple guidelines for avoiding potential problems:

  • Make sure you’re installing apps from trusted sources. Even apps in the Play Store can potentially possess malware-like properties. In particular, read the reviews of the app and check out the developer on Google to make sure they have a clean reputation.
  • Avoid installing apps requesting excessive permissions. For example, if a game that involves shooting unhappy feathered creatures at brick walls ever attempts to gain access to your contacts list, you should question their motivation. To check the permissions of apps before they’re installed, go to the app’s Play Store page. The Permissions tab is visible just below the banner for the app. Keep in mind that your phone’s motion sensors can be a security risk, too. That’s why it’s also important to monitor hardware permissions closely.
The Seven Deadly Android Permissions: How to Avoid the Sin of Slothful Preparedness 2013 03 03 21h56 43
  • Remove apps that have no reasonable excuse for requesting certain permissions—also known as over-privileged apps. You can identify errant apps using software like Permissions Explorer, which can look at the apps on your device, filtered by permission. An alternative is to upload your apps to Stowaway, which performs an analysis as to whether or not the app requests too many freedoms with your data. However, Stowaway might present an issue to users not familiar with managing APK files, the Android executable file. Matt Smith did a great write-up on an alternative software, known as No Permissions, which illustrates what an over-privileged app looks like. Another option is aSpotCat. If you have root access, there’s the Permissions Denied app.
  • Visit Google’s account page to see what apps you’ve given account access to. Remove those that you do not recognize—however, you should utilize discretion in this area as it may cause certain apps to cease functioning. To get there, simply scroll to the bottom of the accounts page and click on Manage access. After that, you may revoke access to any app, from any platform.

android permissions explained


When I was targeted by malware, the hackers knew my email address, my friends email addresses, and the frequency with which I contacted them. This greatly increased their chances of successfully phishing my account password or installing some terrible virus on my handset. My ignorance could have caused great harm.

In the wake of several user privacy and security disasters we should all focus on just exactly what terms and conditions we are agreeing to and what our phones might be doing with our private information What Is Stalkerware and How Does It Affect Android Phones? Tracking malware called stalkerware can be secretly installed on your phone. Here's what you need to look for and avoid. Read More . Given the potential for coordinated attacks from hackers utilizing information gleaned from over-privileged apps, the need for increased user vigilance has never been greater. And as it has always been throughout time, knowledge is your best protection against exploitation.

Image Credits: Parchment via; Robot via; Stop via


Related topics: Anti-Malware, Phishing, Smartphone Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Delta
    March 5, 2018 at 10:31 pm

    Here's a question...

    If we manually deny the permissions requested by an already installed app will it make any difference or are we all being tricked into a false sense of empowerment?

    I'm thinking of the LG smart TV which was found to be downloading sensitive user data and sending to an unknown third party. When the switch to stop this from happening was activated it still carried on sending data regardless.

    Are we being deceived and there's no Edward Snowden to blow the whistle.

    • Kannon Yamada
      March 6, 2018 at 1:43 am

      That's a good question. The Atlantic published an article not long ago about how multiple app developers were teaming up to share your data to compile more accurate profiles of users -- without their consent. In the study that they referenced, out of a sample of 100,000 apps, tens of thousands were sharing data with one another. Which means that even if you are careful to limit permissions, those apps could be sharing data with each other and effectively getting more permissions from you than you expect.

      I think the fewer apps you have installed, the better. And the few you do install, be very careful what permissions they are granted.

  2. Angela Cowan
    February 14, 2018 at 6:36 pm

    You stated that you had never seen An app request permission to read/write system settings. I believe I found one such app. An app that DOES ask permission to "allow write system settings". The "YouTubeMusic" app.

  3. Nicola tee
    December 19, 2017 at 1:33 pm

    Hi iv had all these permissions for 2year and a lot lot more awful others im living in fear and no privacy and not a soul will concider im correct to say im spied on everything is on my phone i see it at anytime and iv had 30 or more new devices and its still there givin me no privacy at all its worse than any other malware,spyware by far and knows my car speed when i dont take my phone with me iv got 165 critical exploits and krack i feel desperate to do somet but calls are rerouted and cant contact anyone im lost i feel helpless

  4. Alvin
    January 19, 2017 at 1:16 am

    Very well written and enlightening, thank-you for the time it took to research and write this article.

    • Kannon Yamada
      January 21, 2017 at 10:37 am

      Hi Alvin, thanks for the kind words. The information in this article is very old. Android has added a range of new permissions. The danger comes when an app requires too many permissions.

  5. Hari
    March 19, 2013 at 2:38 pm

    Can't identify the right permission for "Read sensitive log data" in permission explorer. What is the exact permission name?

    • Kannon Yamada
      March 19, 2013 at 5:37 pm

      Good question. The ability to read log files is one of the three most dangerous.

      The URI is android.permission.READ_LOGS

  6. techguyknows
    March 19, 2013 at 2:33 pm

    Becareful of the permissions allowed for each application that is going to be installed.

  7. Gary Mundy
    March 17, 2013 at 7:00 pm

    Thanks for explaining in a clear way so that even I can understand.

  8. Márcio Guerra
    March 17, 2013 at 3:31 am

    This is a really helpful article. Thank you. Because of the simplicity, we tend to over-install apps from Play and this is a great subject that we need to take very much attention.

    Thank you!


  9. Schvenn Meister
    March 16, 2013 at 8:03 pm

    LOL I feel like a broken record, but this is the MAIN reason to root your device. Then, install a permission manager like LBE Security Master. You can get the latest English translation from XDA-Developers. However, their other, less powerful apps that also control device permissions LBE Privacy Guard is available on the Google Play store. There are other apps that will also allow you to control permissions, but LBE is by far the best.

    • Kannon Yamada
      March 17, 2013 at 5:51 am

      Oh don't get me wrong, I really appreciate your suggestion to install LBE Privacy Guard, it's good software.

      Unfortunately, rooting is beyond the comfort zone of many users and so I can't suggest unlocking and rooting as a means of improving security -- because in all likelihood, they may actually destroy their phone. Those comfortable with the process, however, should definitely give it a go.

  10. macwitty
    March 16, 2013 at 11:36 am

    Thanks, promise to mer careful when download apps. Think I have been to soon to click accept.

  11. King Raju
    March 16, 2013 at 9:04 am

    thank you dear makeuseof.! I've learned a lot from this.. now onwards i'll take care before install a apk..