Techloging – Tech Software/Hardware, How-tos, Reviews and Guides Feel the magic of tech
Related Articles
APPLICATION PERMISSIONS: WHAT TO CHECK BEFORE ACCEPTING REQUESTS?
Every time you install a new Android app, you give apps lots of permissions without necessarily paying attention to them. In today’s post, we will take stock of the importance of these permissions and why they should be checked.
Android is often blamed for being the target of many malicious applications. This is also often the case with extremely popular OSes such as Windows. Some applications pretend to offer you new ringtones for your phone but take advantage of it to make you call overcharged numbers, for example.
These issues are often thought to be related to Android security vulnerabilities, but it’s actually you, the user, who gives permissions to these rogue apps when you install them. Hence the importance of paying attention to permissions.
WHAT IS AN APPLICATION PERMISSION?
These are requests that grant software to access your phone hardware and software features like GPS, camera, media files, etc. They are permissions that an application asks you for before being installed. A window will then appear when you click the install button. You probably tend to accept them without looking at the authorization, which sometimes abuses and requests access that is far from essential for their proper functioning.
WHAT ARE THEY FOR?
Android does this for your safety. This permission system is designed to partition the different data access rights for each user. For this, a UserID is created on the phone each time a new application is installed, as on Linux, of which Android is the kernel.
All the processes and the accesses necessary for the application will use this userID so that this one has exclusive access to its own files and that no other application can come to dig into it… Unless you permit it. This is precisely the important topic we are talking about today.
MANAGING PERMISSIONS: THEORY AND PRACTICE
Android is a secure OS that partitions user data for each application. It is then up to you to relax certain constraints by giving permission or not. But do you have a choice?
If you choose not to allow permissions, the application will then refuse to install. One of the few ways to manage permissions on a case-by-case basis and to root your Android phone or tablet is to have full control and manage each of them on a case-by-case basis.
We will see below the applications available to do this. A practice reserved for advanced users insofar as blocking some of them could affect certain application functionalities.
ARE APPS ASKING FOR TOO MANY PERMISSIONS?
Many of them require a lot of permissions, and they are often the most used applications, such as social networks. That doesn’t mean you’re taking big risks by taking them. A small unknown app or a suspicious APK file installed on your phone may ask for the same permissions as Facebook, but it will be much more dangerous.
THE DIFFERENT GROUPS OF PERMISSIONS
Each permission belongs to a permission group. Each authorization requests access to information and/or functionalities. It is important to look at them carefully before installing an application because the latter will never ask you twice unless there are changes in the permissions following an update.
– Purchases via an application: This may ask you to make purchases within the application itself. This is often the case in free games with this famous internal purchase system to buy weapon upgrades, for example, or even virtual currency with real money.
Please note: in-app purchases cannot be refunded within 15 minutes, as is the case when purchasing an app from Google Play. For internal purchases, you will have to rely on the developers of the application, who are then the only ones to decide.
– Camera/Microphone: Once authorized, the application will then be able to:
- Take photos and make videos
- Record video or audio file
This is typically what applications like Instagram or Snapchat may ask you, to name only the most popular.
– Other devices: This is a group that should not be overlooked insofar as applications may be required to exploit specific permissions that appear in this “Other” group, such as:
- View and write on your social media feeds
- Access feeds you subscribe to
This group is, therefore, not to be neglected. So pay attention to them, particularly the most “suspicious” applications.
– Contacts/Calendar: This allows you to use information from your calendar and contacts. To do so, the following actions are then possible:
- View and edit your contacts
- Consult the agenda and confidential data
- Add or modify events in the calendar and send emails to guests without your knowledge.
– Device and app history: If you accept it, an application will then be able to use certain information such as:
- Internet history and favorites
- Running apps
- Confidential log data
- The internal state of the system
– Device ID and call information: If you validate it, this permission gives the application the right to see the state and identity of your phone. Concretely, it can access your phone number and your mobile identifier and see if you are making a call to obtain the number called. Another permission not to be taken lightly.
– Identity: Your account and/or profile can be exploited thanks to this authorization. This includes :
- Finding, adding, and deleting different accounts on the device
- Reading and modifying your contact form
- WiFi connection information. The application can then display the WiFi connections to know which ones are active and display the names of the devices connected to them.
– Location: This is one of the best known but is sometimes abused by some applications. It ensures that access to your GPS and your geographical position is enabled when using the application, which will then be able to:
- Access to GPS and your precise or approximate position (including via the network)
- Another access to additional location commands offered by the provider
– Cellular data settings: Behind this hides very simple access, that of the control parameters of your mobile Internet connection and, therefore, potentially to the data that you receive by this network.
– Photos/Media/Files: The data you store on your device can also be exploited. Here is what you can do once the permission has been validated:
- Read, modify or delete the contents of storage memory, whether it is storage memory or an SD card.
- Install, uninstall and format storage memory
– SMS and MMS: While most plans now offer unlimited SMS and MMS, you still have to be careful (depending on your plan) with those sent without your knowledge, which may incur additional costs. The application will here be able to receive, read, modify and send SMS, MMS, and WAP messages.
– Telephone: Just like text and video messages, some calls can lead to overcharges.
- Call phone numbers directly and make calls without your intervention
- Read and write to call log (history)
- Redirect outgoing calls
- Change phone status
THE RIGHT THINGS TO DO BEFORE INSTALLING AN APPLICATION
Several precautions should be taken before installing any application on your Android device. If some seem obvious, not everyone pays attention, and it can sometimes end badly.
VIEW RATINGS AND REVIEWS
The first is to look at the app’s rating on Google Play and user reviews. If some people complain about the app not working or not finding what was originally sold, that might be a sign of a scam app.
Low ratings for an app are also indicators, although bad apps aren’t always dangerous. Once this first sorting is done, you can move on to the next step.
CHECK THE REQUESTED PERMISSIONS
Before Installing
If you want to know these permissions before installing, you should know that a link is usually available further down on the application in the “additional information” section, then “Show details.”
Once you click on it, you access the screen below, which displays the permissions requested by the application. There are different groups, such as “Identity,” to connect to your different user accounts or “Photos / Multimedia content / Files,” which will give the application the right to add or delete content on your Android phone or tablet, provided that you gave the permission.
A small note at the bottom of this screen specifies that future application updates can automatically add functionalities within each group without asking you again, hence the importance of taking notice. If a new group is created, however, you will have to give your consent again.
If They Are Already Installed
If you have already installed the application and want to see its permissions, go to “Settings>Applications>Permissions.”
Ask yourself if the permissions requested really correspond to the functionality of the application. Why does a photo editing application need to read your SMS or call certain numbers directly, for example?
If you want answers to his questions, you can go to the app developers’ websites to get the answer. If it is not on the site, you can use the contact form to ask them the question directly.
SENSITIVE PERMISSIONS TO MONITOR
If you have to pay attention to all permissions, some are more sensitive than others. We think in particular of those in the “Identity” section, which can, for example, access the various accounts on the device but also add or delete them. This is the kind of permission most popular apps like Facebook access, but other, more obscure apps can also use it in a really bad way.
The permissions of the “Phone” section must also be closely monitored. Some allow you to redirect outgoing calls or make calls without your intervention. Enough to make calls on premium lines without your knowledge.
Finally, SMS-related permissions are just as sensitive with reading, receiving, modifying, and sending its latest that you can accept without realizing it. Again, all permissions are to be monitored as far as possible. At the same time, bigger app publishers won’t misuse these permissions but watch out for lesser-known apps.
APPS TO CHECK PERMISSIONS
If you want to check app permissions on Android clearly, you will have to go through apps. The only way that currently exists is to go to settings and check app permissions one by one, which is not the most convenient.
Several applications give you an overview of the permissions the applications installed on your Android device request. One of them is called Clueful.
Its interface is well thought out, as it displays both a Global “Privacy Score” of your applications, but also the possibility of displaying the level of risk to your privacy via a color code. You can also quickly sort by authorization type.
Permission Friendly Apps offers the same type of service with the possibility of directly deleting applications that it deems not respectful of your privacy.
Note the good taste of this application not to ask for any particular authorization during its installation.
Finally, AppOps is a somewhat special application, allowing access to a hidden Android menu. It will enable you to have an overview of permissions but also deactivate them without having to root your device.
Its field of action is still quite limited. Warning: the application no longer works with Android 4.4.2 KitKat, but only in earlier versions.
CONCLUSION
We have seen that application permissions are not to be neglected and that they can sometimes be abusive. Fortunately, the vast majority of them are justified and only there to exploit the potential of your phone. It is, therefore, not a question of falling into paranoia, but an informed user will fall less easily into bad traps. So be careful in the future, and don’t let this prevent you from discovering the wealth of applications on Google Play!
