• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Android permissions explained, security tips, and avoiding malware

sookster54 said:
Nice guide, I had to come here to find out info about this quoted section, I saw a link to an HTC voice-to-text mod keyboard app and when I went to get it and started to install it I saw this on it and went wtf? How unusual for a keyboard app to requires that permission.
Click to expand...

hmm...maybe the keyboard offers a T9 keyboard with a phone dialer that enables you to make calls?
 
Is it possible to "fake" the permissions screen when installing an app? For example, what if an app wants access to your Contacts but this is not listed when installing the app? Reason im asking, sometimes I install apps from outside the Android Market.
 
alostpacket - you are god.

I've been looking for something like this for ages. I even posted a question about it in the lounge and it took 110 views before someone could direct me here.

Thank you so much.. I'll be posting some concerned apps and questions to see what you guys think.
 
Anyone notice any concerns with these:

Air Horne (obnoxious noises app) - Your location
Backgrounds - read contact data, write contact data
Barcode Scanner - read browser's history and bookmarks, read contact data, write contact data.
Zedge (wallpaper/ringtone app) - read contact data, write contact data
NFL Mobile - read SMS or MMS, Send SMS messages
Google Translate - read contact data, full internet access
 
jamor said:
Anyone notice any concerns with these:

Air Horne (obnoxious noises app) - Your location
Backgrounds - read contact data, write contact data
Barcode Scanner - read browser's history and bookmarks, read contact data, write contact data.
Zedge (wallpaper/ringtone app) - read contact data, write contact data
NFL Mobile - read SMS or MMS, Send SMS messages
Google Translate - read contact data, full internet access
Click to expand...

For air horn, does it ask for internet access? I find that internet access and your location permissions go hand in hand. Usually the 'your location' is to use the GPS to find where you are to give you ads that are more specific to where you live. Though I'm not sure how this permisison can be used for abuse, I find those two are very common for free apps.

I refuse to download barcode scanner for THAT reason. I see no reason whatsoever for the developer to need those indebt access to my phone. I use shopsavvy but only issue I have is that all other 3rd party apps use barcode scanners. :mad:

For zedge, I believe those permissions are needed because you can add the ringtone directly to your contact from the app.

Google translate - it's by Google...they already have all of your information to begin with xD Internet is needed because it uses its server to translate what you say. You can't use the app without internet access. Don't really know why it needs read contact data.

Don't use Background nor the NFL app.
 
What happened to alostpacket? He hasn't been around since 8-19.

That's too bad he was very helpful
 
Roze said:
For air horn, does it ask for internet access? I find that internet access and your location permissions go hand in hand. Usually the 'your location' is to use the GPS to find where you are to give you ads that are more specific to where you live. Though I'm not sure how this permisison can be used for abuse, I find those two are very common for free apps.

I refuse to download barcode scanner for THAT reason. I see no reason whatsoever for the developer to need those indebt access to my phone. I use shopsavvy but only issue I have is that all other 3rd party apps use barcode scanners. :mad:

For zedge, I believe those permissions are needed because you can add the ringtone directly to your contact from the app.

Google translate - it's by Google...they already have all of your information to begin with xD Internet is needed because it uses its server to translate what you say. You can't use the app without internet access. Don't really know why it needs read contact data.

Don't use Background nor the NFL app.
Click to expand...


Air Horn - Your location, Storage, Network communication (full internet access), Phone calls (read phone state and identity).

I think I should get rid of this app it's way too fishy for an app that is just supposed to make sounds. Would you agree?

I am going to get rid of barcode scanner too now that someone agrees with me. Very fishy. I'll switch to shopsavvy.

Zedge- ahh thanks.
 
I was curious about Barcode Scanner myself, after you pointed out all the requirements it has and access it has to my private data. So I took it upon myself to look the dev's website and found this info out. I'm going to continue to use the scanner, and not delete it. Knowledge is power.

Why does Barcode Scanner want access to ...

... my contacts?

QR Codes and Data Matrix codes can encode contact information. Upon scanning such a code, you will be prompted to add the contact information to your contacts list. In addition, Barcode Scanner can encode a contact as a QR Code and present it on-screen, so that a friend can easily scan your contact information from your screen. This is why the app requests permission to write and read contacts. They are not used in any other way.
... my browser history and bookmarks?

Just like contacts, you can share a bookmark with a friend by encoding the URL as a QR Code. It is then shown on screen for him or her to scan with their phone. That's the only thing we use them for.
... my SD card?

The application can send a generated QR code, or your scan history, via email. To do this, the barcode image / history CSV file must first be written to device storage, which is why the permission is needed. As a bonus, this makes this output available for retrieval from your SD card directly. It is not used for any other purpose.
... my wi-fi settings?

QR codes can encode "WIFI" URIs which encode settings for a wi-fi network. These make it possible to configure a phone for an area's wi-fi network with one scan. To do this, the application needs to be able to change wi-fi settings.

http://code.google.com/p/zxing/wiki/FrequentlyAskedQuestions
 
jamor said:
Air Horn - Your location, Storage, Network communication (full internet access), Phone calls (read phone state and identity).

I think I should get rid of this app it's way too fishy for an app that is just supposed to make sounds. Would you agree?

I am going to get rid of barcode scanner too now that someone agrees with me. Very fishy. I'll switch to shopsavvy.

Zedge- ahh thanks.
Click to expand...

Not a big fan of phone calls permission...though alostpacket said that it just check your phone to see if it's active or not (or something like that). So if you're in a phone call...the app turns off.

Eusibius explained what the permission means for barcode scanner.

Eusibius2 said:
I was curious about Barcode Scanner myself, after you pointed out all the requirements it has and access it has to my private data. So I took it upon myself to look the dev's website and found this info out. I'm going to continue to use the scanner, and not delete it. Knowledge is power.

http://code.google.com/p/zxing/wiki/FrequentlyAskedQuestions
Why does Barcode Scanner want access to ...
... my contacts?

QR Codes and Data Matrix codes can encode contact information. Upon scanning such a code, you will be prompted to add the contact information to your contacts list. In addition, Barcode Scanner can encode a contact as a QR Code and present it on-screen, so that a friend can easily scan your contact information from your screen. This is why the app requests permission to write and read contacts. They are not used in any other way.
... my browser history and bookmarks?

Just like contacts, you can share a bookmark with a friend by encoding the URL as a QR Code. It is then shown on screen for him or her to scan with their phone. That's the only thing we use them for.
... my SD card?

The application can send a generated QR code, or your scan history, via email. To do this, the barcode image / history CSV file must first be written to device storage, which is why the permission is needed. As a bonus, this makes this output available for retrieval from your SD card directly. It is not used for any other purpose.
... my wi-fi settings?

QR codes can encode "WIFI" URIs which encode settings for a wi-fi network. These make it possible to configure a phone for an area's wi-fi network with one scan. To do this, the application needs to be able to change wi-fi settings.
Click to expand...
Interesting...your link doesn't work though.
 
Roze said:
Not a big fan of phone calls permission...though alostpacket said that it just check your phone to see if it's active or not (or something like that). So if you're in a phone call...the app turns off.

Eusibius explained what the permission means for barcode scanner.


Interesting...your link doesn't work though.
Click to expand...

I've corrected the link in my above post, as well as the link here.

Note to readers: the link that is quoted in Roze's post just has too many http:// for some reason...

This works:
FrequentlyAskedQuestions - zxing - Frequently Asked Questions about zxing - Project Hosting on Google Code
 
I don't get it - why would you add a Code as a 'Contact'? Seems like a good way to clutter your contact list. The bookmark response is also confusing to me.

Also, if you read the comments on the market - many note that the developer has full control of your phone..

I just don't fully believe the reasons so I'm going to stick with shopsavvy but I appreciate you posting the developers response.
 
jamor said:
I don't get it - why would you add a Code as a 'Contact'? Seems like a good way to clutter your contact list. The bookmark response is also confusing to me.

Also, if you read the comments on the market - many note that the developer has full control of your phone..

I just don't fully believe the reasons so I'm going to stick with shopsavvy but I appreciate you posting the developers response.
Click to expand...
Maybe to share a contact with someone else? Like a Business Card? :confused:
 
What a great post/guide - now four pages later - and after downloading many apps while blowing past all the verbage I should have been studying - is there any way to go back and reread those permissions?
 
reinbeau said:
What a great post/guide - now four pages later - and after downloading many apps while blowing past all the verbage I should have been studying - is there any way to go back and reread those permissions?
Click to expand...


Go into applications > manage applications, click on the application and scroll all the way to the bottom where they will be listed.
 
Eusibius2 said:
That's exactly what it was created for. I've not seen anyone actually share a contact or website as QR code, but I'm not THAT savvy either. I guess some ppl do.
Click to expand...

A colleague at work today just got a new Dinc and I was actually showing her this very thing with the QR code. She thought it was awesome. I could see it working but wonder if it would have to be another droid or if the iphone with barcode scanner software could actually import the contact as well. Would be nice if both platforms could.
 
Great post and thank s for starting it alostpacket. Also thanks to Roze, you have been helpful.
I have been worried too about how some apps ask for more permissions than they seem to need. I have just a few statement/questions.

1. When I did a search on “android forums” many people said that Linux can’t have viruses. This may be true but spyware seems to be very easy as many people just accept apps blindly. Many apps ask for Internet and contact data. Wouldn’t that be an easy combination for spyware that “I” gave permission to use?
2. What is the best anti spyware, virus protector programs available? Some have said not to use any of those programs but that seems risky.
3. The most annoying statement on the other posts were “stay away from un-trusted downloads”. Frankly I do not know any of these developers. That statement would tell me not to down load anything.
4. Lastly, how would an anti-spyware software work? Think about it. I gave the program/app permission.
 
Working on an update for this post to incorporate some more of what I have found as a developer and others have asked about. Should be ready hopefully by the end of the week.

Thanks all :)
 
alostpacket said:
Working on an update for this post to incorporate some more of what I have found as a developer and others have asked about. Should be ready hopefully by the end of the week.

Thanks all :)
Click to expand...

Sounds great! I'm happy that you're back, you can take care of this thread. I tried to keep the fork down while you were gone :P I don't think I did a good job as you though, lol.
 
Roze said:
Sounds great! I'm happy that you're back, you can take care of this thread. I tried to keep the fork down while you were gone :P I don't think I did a good job as you though, lol.
Click to expand...


Nah im sure you did great, it's good to be back though and hopefully can be helpful with this thread :)
 
Nevikan said:
Great post and thank s for starting it alostpacket. Also thanks to Roze, you have been helpful.
I have been worried too about how some apps ask for more permissions than they seem to need. I have just a few statement/questions.

1. When I did a search on “android forums” many people said that Linux can’t have viruses. This may be true but spyware seems to be very easy as many people just accept apps blindly. Many apps ask for Internet and contact data. Wouldn’t that be an easy combination for spyware that “I” gave permission to use?
2. What is the best anti spyware, virus protector programs available? Some have said not to use any of those programs but that seems risky.
3. The most annoying statement on the other posts were “stay away from un-trusted downloads”. Frankly I do not know any of these developers. That statement would tell me not to down load anything.
4. Lastly, how would an anti-spyware software work? Think about it. I gave the program/app permission.
Click to expand...

alostpacket said:
Nah im sure you did great, it's good to be back though and hopefully can be helpful with this thread :)
Click to expand...

You can do your first job back on this thread and reply to Nevikan's post. For some reason I missed it >_<; (Gomen-nasai Nevikan-san :() And the questions are a bit over my understanding of how Android works.
 
You must log in or register to reply here.
Back
Top Bottom