Most people don’t think twice about the granting apps, games, and phone software permission to access anything and everything in their phones. Users are focused on the app, the game, the THING that they just clicked to download, and are in a hurry usually to get done with the download and install. In this article, we’ll talk about why that is a bad idea, and which of those permissions you have been granting for years you should avoid in the future.
Your private information belongs to you. There is a ton of information on your phone that shouldn’t be seen by anyone, especially dubious developers located in foreign countries who might be selling it to third parties. Furthermore, there is a good chance that foreign countries are using our phones to spy on us, or to gather information for other nefarious purposes.
Information that is gathered by apps and potentially shared with third parties includes your name, phone number, physical address, email address, date of birth, contacts, current location, photographs, and more.
And we have been giving them permission to do it.
What is a Permission?
When you select an app to download and install, most apps need to get access to information or aspects of your phone to function, such as the phone’s GPS or camera, for example.
The app must request access to that hardware or information, and it is up to you to grant that permission or not. Potentially if you refuse the grant the app permission, the app may not work for you at all.
Are app permissions dangerous?
Not necessarily. The danger of a particular requested permission depends upon the situation, the permission requested, and what the app does with that requested permission. Some permissions do not pose any danger to you at all, because they don’t pose any sort of risk to your privacy. For example, android allows apps to access the internet without requesting your permission to do so. But in general, your android phone will ask you for permission to allow apps to do anything that might fall into the category of dangerous to your privacy.
What should I be looking for?
As an initial matter, you should stop and actually look at what the app wants to get access to. Take a second to read them, and make sure that the app that you are downloading actually needs access to those things.
Did you download a photo editing app? If it is requesting access to your contacts and email, you should question this, and try denying the app permission to access your contacts. If the app won’t work without accessing your contacts, then I’d look for a different app.
The permissions should match the function and purpose of the app. If they do not, you have what is called an “over-privileged app.”
What specific Permissions should I be concerned about or watch for?
I would watch apps carefully for the following permissions:
- access to the device’s microphone (can be used to listen in whether you are using your phone or not)
- access to the device’s GPS (can be used to track your location)
- access to your phone’s motion sensors
- access to/modify/delete the phone’s storage
- access to your contacts (names, phone numbers, email addresses and more) (can be transferred to third party spammers, robocallers)
- access to your email (tons of information in there you probably don’t want people to have)
- ability to send SMS or MMS (the app can send messages without you knowing and leave you holding the bill for the charges)
- ability to “write secure settings”
- processing or monitoring of outgoing calls
- read sensitive log data
- authentication information (such as email addresses, passwords, usernames)
This is especially the case for when the permission granted does not match the functionality of the app.
Is my data safe if I delete an app that was over-permitted?
Your data going forward should be safe from that particular app, but all of the data gathered before hand could still be used by the app (or whoever they choose to share it with).
Where else should I look to see what an app is doing with my data?
Check the app’s terms of service. If the app specifically states in its terms of service that it may share any or all of your data with any third-party that it chooses, then you know that your data collected by that company could be shared with anyone around the world, for any purpose.
First of all, be very circumspect about where you get your apps from. Download your apps from trusted sources only.
Second, look carefully at the permissions requested by the app, as noted above, and deny access to the app when the permission request doesn’t make sense. If that means the app doesn’t work, then it doesn’t work and you’ll go find another one.
Third, look through the permissions granted to apps you downloaded previously, and either revoke permissions that don’t make sense for a particular app, or uninstall and delete the app.
Fourth, check out the terms of service of any app that purports to need access to information you think is sensitive, to see what they have the freedom to do with it.
Fifth, avoid keeping information on your phone that you consider to be “sensitive.” Take other standard precautions we recommend that you employ with devices you use to connect with the internet with, such as changing your passwords regularly, using strong passwords, avoiding using apps to transfer sensitive information (like usernames, passwords, banking information, other identifying details), etc.
Not every app was created to do you harm, and not every permission requested is for nefarious purposes. In most cases, you will be fine if you keep a close eye on the permissions you grant, and download apps from trust worthy sources.
Just paying attention to the permissions you grant (or not) is 90% of the battle.