Android app "Privacy" permissions - level of access

[sunnydude959]

Hi Guys.

I'm fairly new to Android in general. I came over from my iPhone 5, to my shiny new Sony Xperia Z2. Needless to say, it was quite a step up - in size, quality and function.

I had accidentally deleted a photo on my phone, so I was trying to recover it. So still wearing my Apple App Store cap on, I decided to search Google Play for an app and just accepted the "Privacy" permissions pop up without thinking about it twice. I opened the app and it momentarily said "Syncing 8/8". Once opened, the app turned out to be a load of rubbish as it was really just an article on how to do it on a computer, rather than the app doing anything itself. It then made me doubt what that sync'ing pop up as about, and then made me wonder why it actually needed privacy permissions in the first place.

Therefore, I immediately uninstalled the app and then went back to the google play store to see what it meant exactly. It said:

Identity:
+ find accounts on the device

Other:
+ view network connections
+ full network access

I then immediately changed all my passwords as a precautionary measure. I just wonder, does an app with privacy permissions have the ability to extract passwords from apps/accounts on the phone itself? Is it likely that it would have sent my email addresses off to a spam server?

I've definitely learnt my lesson in being more careful from now on, I was just wondering how much damage it would have done. My phone is not rooted.

I look forward to hearing from you guys.

Sunny.

 

[ndex477]

Welcome sunnydude959. Since you are not rooted, it was a good move to uninstall any app that you are not sure of. Android is based on Linux which is a UNIX like operating system(you'll have to do your homework on this one). Back in the "good ole days"- Lol, programmers worked in different groups on projects so different users had to have different levels of access to certain files on the system. When an app states its permissions it is doing just that. It is asking what level of permission it wants to have(as non-administrator) on your system. If your device is rooted then you are the administrator, which is why you have to be very careful on a rooted device because you could very easily delete a file or folder that is critical to system functions.

That being said, the permissions that you stated will pop up quite often when using Android.
-finding accounts on device is one that should be looked into more carefully because some apps if given permission over accounts can remove accounts and delete passwords.

-view network connections allows the app to see what access points(routers) you are connected to and in the case of the Full Network Access permission allows a view of the network socket connections.

Google uses a criteria for allowing apps on the Play Store and if an app appears to be questionable they won't allow it on. Keep in mind though, no system is fool-proof and some do slip through the cracks. You're off to a good start with Android if you are concerned about permissions because some users just download apps without any regard to permissions. Having a rooted device will help you learn much much more about the Android file hierarchy and other system components. Again, welcome and best of luck.

 

[Davdi]

Hi sunnydude959, It's not often that new Android users are as on the ball as you about security. You did exactly the right things there. And just remember to stop and think before you tap/click that link.