Android permissions explained, security tips, and avoiding malware

[Richdhill]

I did not see anything about software like anti virus. Is there any for the android?

 

[Roze]

I did not see anything about software like anti virus. Is there any for the android?

I use Lookout, it's a 3 in 1 app with antivirus, missing device and data backups.

https://www.mylookout.com/features

 

[queueman]

Great Post. I have wondered about security, but tend to just skim the permissions and comments. This post gives me a lot more information to consider before downloading a new app. Because there are so many apps in the Android market, I am pretty picky and only pick those with 4 or more stars, so at least I've been doing that part right.
Thanks for the post.

 

[silvrsurfr]

What i find so odd is:

Why do game require full internet access? Outside of listing high scores etc.

I am new Android user-

The app 'layar' scared me off with all the permissions it required.

Even if it is legit.

Thanks for the Post - excellent

 

[Roze]

What i find so odd is:

Why do game require full internet access? Outside of listing high scores etc.

I am new Android user-

The app 'layar' scared me off with all the permissions it required.

Even if it is legit.

Thanks for the Post - excellent

If the game is free, then it's for the ads.

 

[idea-catalyst]

Having just purchased an HTC EVO, I am new to Android. I'm moderately familiar with Windows (hope this admission doesn't get me booted off the site) and have found that some of the security apps give you three options for a running application when it requests a service: allow, deny, or ask.

Like many of the earlier posts, I thought this root post was VERY HELPFUL and appreciate all of the subsequent comments that have helped contribute.

I suspect most applications' requests for services/access could be easily resolved into allow or deny. But it would seem very helpful for new or suspicious applications if the capability existed to request user approval for specific service requests when they are made. Then you could figure out whether what you are doing at the moment is likely to require access to that service or not.

Just my $0.02 worth.

And where's the Android icon with the puzzled face that indicates HTFI? (As in, Haven't the Foggiest Idea...) Insert that icon here:::

 

[walcellularllc]

All apps should be filtered coporately before users are allowed to download them to the phones. Apple has a good gateway that many other companies should mimic.

 

[lolbug]

Great info thanks! He this guy at .:Apple's iPhone 4 Solution (7/16/10):. turned me on to this site. He's a big Android fan and I want to support him as much as I can. Check out his articles and such if you have the time, thanks!

 

[SherryS87]

Hi there, most helpful folks. I got my Moto Droid back in November, but this is my very first posting, and a sort of really strange app question......

I did not download AppMonster or AppBrain Applications Market, but they have now very mysteriously materialized in my apps....

AppBrain is even on my left home screen...!
I saw that someone asked about these earlier in this thread, but I cannot,
for the life of me, find any answer to that question (or mine, for that matter)

Can anyone help??

 

[mersinstyle]

Thank you

 

[Velobici]

Thank you very much for putting together this guide. Great material.

Is there a way to see which permissions an app requires after its been installed? I see the list of permissions requested at install time, but haven't written it down so I don't remember which permissions each app has.

Thanks in advance!

 

[Roze]

Thank you very much for putting together this guide. Great material.

Is there a way to see which permissions an app requires after its been installed? I see the list of permissions requested at install time, but haven't written it down so I don't remember which permissions each app has.

Thanks in advance!

Go into settings ->applications ->manage applications and select the app you want to view, scroll down to the bottom and you'll see all of the permissions listed. You can go here to uninstall an app as well as view/clear the cache memory being used by the app.

 

[Chromag]

What are you thoughts on services like AppBrain and AppAware when it comes to helping users find safe apps?

Great question - I was wondering the same thing. I just installed AppBrain and I do like it - but I'm worried about having some non-standard app installer on my phone.

 

[pacman10]

Hi all,

Your personal information
read contact data
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. The one exception to that rule includes typing or note taking applications and/or quick-dial type applications. Those might require your contact information to help make suggestions to you as you type. Typical application that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
.

Thanks for this useful checklist.

My additional suggestion: if you are new to the smartphone world with its tendency to share everything beyond your control, before syncing your Contacts and opening them up to the world go through them and delete any information which you don't want the wide world to see. It's up to you to decide what that info might be but examples are bank account numbers, passwords, usernames, anything that might allow access to intellectual property.

 

[Chef_uk]

one of the best forum posts ever. thanks a lot. Opened my eyes.

 

[idea-catalyst]

You were looking for an example of an app that requires Bluetooth. I recently installed Torque. It is an application that requires a Bluetooth OBD-II interface (about $30 online) and turns your phone into an automotive diagnostic tool. It also uses GPS and the accelerometer in your phone to give you detailed movement information about your car. (All cars made for the US market since about 1996 have been required to have an OBD-II interface; many states use them for their diagnostic testing.) It will also give you any error codes that your engine control module is reporting, e.g., for a "check engine light". It may save you from having to pay a diagnostic fee to a shop just to find out what is wrong.

In any case, this is an example of an application that will require Bluetooth. In my opinion, it is an excellent application and is free (ad supported) or a few dollars for a non-ad upgrade.

 

[shutterbug22]

Thank you so much for this. This is so very useful. I am a newbie on Android, an Apple convert that got sick of Steve Jobs making decisions for me.

I have been very cautious of what apps to download because of the permissions, and it seems that a lot ask for things that don't make any sense (like your checkers example). You really helped clarify what a lot of the permissions mean. One of the permissions I hadn't worried about was internet access, I guess I should watch out for that one.

So, another thing that concerns me is that frequently I'll find an app and think that the permissions seem reasonable and download it. I always check in my settings afterward to see what permissions an app actually has and have found in numerous occasions that an app lists things it has permission to that I did not agree to -- this very frequently is access to SD card and/or contacts, though it's also been things that cost you money among others). This really concerns me because it seems very shady and dishonest. When I find that an app does this I immediately uninstall it.

Can you shed any light on this practice at all and how/why Google would allow developers to do this?

I am still in my 30 window and have considered returning my phone if the app store is not safe because it takes away a lot of the features and reason for owning a phone like this.

 

[dgreaves]

Wow cool glad to know people are using it.

Great job. Thanks especially for the information on how to review already-installed applications. After adding/deleting apps freely for 30+ days I'm a little nervous. Now I can go back and check them out.

 

[Roze]

I always check in my settings afterward to see what permissions an app actually has and have found in numerous occasions that an app lists things it has permission to that I did not agree to -- this very frequently is access to SD card and/or contacts, though it's also been things that cost you money among others). This really concerns me because it seems very shady and dishonest. When I find that an app does this I immediately uninstall it.

access to SD card <- For most phones, the internal memory is pretty small so saving lest say all your notes/tasks on it will cause you to run out of memory pretty quickly, so the dev saves them to the SD Card...and needs both read and write permission to your SD card.

contacts <--if the app is an SMS type app that needs to access your contact list so that you can use the app to send SMS (ex. SMS popup). If you don't have an unlimited SMS plan ...this feature MIGHT cost you money (sending SMS)

things that cost you money <--dialer apps that allows you make calls and if you don't have unlimited minutes then using the app might cost you money.

If you don't understand why the dev has certain kind of permisisons, contact him/her about their reasoning for them.

 

[shutterbug22]

Thanks Roze, that helps clarify things.

 

[blinky260]

Thanks for the info but it seems to me that if we were to heed these warnings, we couldn't download 99% of apps. Just saying.

 

[Michaelj1981]

Ok why is it some apps require certain permission that have nothing to do with the app. Example why does a app that just downloads wallpapers need access to everything in your phone. I think google needs to stop and put a end to some of these permissions. Maybe would help if Google had them do a explanation of why each permission is needed for there app to were we can read why these permissions are needed. With a Flag or report so we the people can help google monitor and if a app gets flagged or something they can investigate the app.

 

[themobileman]

Ok why is it some apps require certain permission that have nothing to do with the app. Example why does a app that just downloads wallpapers need access to everything in your phone. I think google needs to stop and put a end to some of these permissions. Maybe would help if Google had them do a explanation of why each permission is needed for there app to were we can read why these permissions are needed. With a Flag or report so we the people can help google monitor and if a app gets flagged or something they can investigate the app.

Like a certain nameless game on the marketplace that wants access to your GPS when it has no location based functionality whatsoever.

 

[Nickelking]

All apps should be filtered coporately before users are allowed to download them to the phones. Apple has a good gateway that many other companies should mimic.

Ew, no, worst idea ever. One of the main reasons I love the android route is the lack of censorship. support open source projects and say "Ew, no, worst idea ever to blohards that say stuff like this."

 

[sookster54]

Services that cost you money
make phone calls
This permission is of moderate to high importance. This could let an application call a 1-900 number and charge you money. However this is not as common of a way to cheat people in today's world. Legitimate applications that use this include: Google voice and... (suggestions needed here).

Nice guide, I had to come here to find out info about this quoted section, I saw a link to an HTC voice-to-text mod keyboard app and when I went to get it and started to install it I saw this on it and went wtf? How unusual for a keyboard app to requires that permission.