The whole thing about permissions is really about trying to determine "Is this a malicious app?" in that an app should have a reason to request those permissions. An app to control the brightness has no reason to read your contacts or track your location. An app to allow you to browse the internet may have a reason to read your bookmarks or track your location. Whether you actually want to take advantage of its features that use that permission or not is up to you, but that has nothing to do with determining whether the app is malicious or not.
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Android Security
- Thread starter The_app_main
- Start date
The problem is that legitimate permissions can be abused for other purposes.
There's a very good reason why an email app needs permission to go online, handle your passwords, read your address book etc. But how do you know that the app uses those permissions for sending and receiving mail only and not for feeding the spambots? You can't give it "conditional internet access" so that it can only access your mail servers and nothing else. Your only choice is to give it "full internet access" and cross your fingers.
Android's way of mixing harmless and dangerous permission in an all-or-nothing package doesn't help either. "Read phone state and identity" is a dangerous permission that should be split. A media player has a good reason to know your phone state (to pause playback when you receive a call), but it doesn't need permission to read your phone number and IMEI. Unfortunately Android won't let you have one without the other.
Advertising adds even more potential for abuse. Plenty of apps demand permission to go online to download ads, get your network and GPS location to dish out region-specific ads, and read your phone identity to abuse your IMEI and phone number as an undeletable tracking cookie that you can't opt out of.
When you grant those permissions so that the banner ads can feed the hungry programmers you also open up your phone to who knows what. AdFree and DroidWall block more than banners. They also prevent undesired and possibly dangerous side effects.
Dealing with unreliable messengers has fueled cryptography for ages. We have SSL so that you can send sensitive data over a network even though you don't trust the man in the middle. Android's permission system should have a similar safety net.
There's a very good reason why an email app needs permission to go online, handle your passwords, read your address book etc. But how do you know that the app uses those permissions for sending and receiving mail only and not for feeding the spambots? You can't give it "conditional internet access" so that it can only access your mail servers and nothing else. Your only choice is to give it "full internet access" and cross your fingers.
Android's way of mixing harmless and dangerous permission in an all-or-nothing package doesn't help either. "Read phone state and identity" is a dangerous permission that should be split. A media player has a good reason to know your phone state (to pause playback when you receive a call), but it doesn't need permission to read your phone number and IMEI. Unfortunately Android won't let you have one without the other.
Advertising adds even more potential for abuse. Plenty of apps demand permission to go online to download ads, get your network and GPS location to dish out region-specific ads, and read your phone identity to abuse your IMEI and phone number as an undeletable tracking cookie that you can't opt out of.
When you grant those permissions so that the banner ads can feed the hungry programmers you also open up your phone to who knows what. AdFree and DroidWall block more than banners. They also prevent undesired and possibly dangerous side effects.
Dealing with unreliable messengers has fueled cryptography for ages. We have SSL so that you can send sensitive data over a network even though you don't trust the man in the middle. Android's permission system should have a similar safety net.
zuben el genub
Extreme Android User
I agree. You should be able to deny certain permissions. I can't GIVE anything on my tablet permission for the phone. There is no phone connection! Wifi only! It also has no GPS.
I had one AV on the computer chew away on a scan for a couple of HOURS. Couldn't do anything since it couldn't find any MS Office programs or files. I'm a WordPerfect user, so the stupid AV just hung up.
You also need an instant STOP key or button. Some things on the phone and even a tablet are so close together that you can accidently touch something you don't mean to. Even shutting down the phone is not instantaneous like pulling out a cable.
And if people like the all the goodies - that's fine. Give me the ability to switch them off.
I had one AV on the computer chew away on a scan for a couple of HOURS. Couldn't do anything since it couldn't find any MS Office programs or files. I'm a WordPerfect user, so the stupid AV just hung up.
You also need an instant STOP key or button. Some things on the phone and even a tablet are so close together that you can accidently touch something you don't mean to. Even shutting down the phone is not instantaneous like pulling out a cable.
And if people like the all the goodies - that's fine. Give me the ability to switch them off.
Of course. The app permissions consideration is not a hard-and-fast rule or fullproof way to detect malware. It's just one thing among many things to consider when trying to determine whether an app is legitimate or malware. I think you make a good case for making the permissions even more fine-grained in their definitions, but that doesn't invalidate that looking at app permissions and comparing them to an app is a good first step (not the only step, of course) in flagging potentially malicious applications.
Bob Maxey
Android Expert
A virus on the iPhone/iDevice is rare and surprisingly hard to get. I would love to know what your teacher had to say about iDevices and virus potentials.
For better or worse, iOS puts everything in what is known as a "sandbox" which does not allow errant applications to do much damage. The OS is isolated and locked down and that helps prevent issues. Not saying iDevice virus issues do not occur, just saying on an iDevice, a virus is the last thing you should worry about.
In most cases, anyone having a virus issue is probably jailbroken and has not changed their password. Unless changed, I know your iDevice User Name and Password; it is "Root" and "Alpine." Every iDevice on the planet, unless you JB and change them are Root and Alpine.
Also, there is a popular program for JB iDevice that puts much of iTunes App Market at hand for free DL and install. Cracked applications could cause problems because they are not under Apple's control.
There are some things you cannot do easily on an iDevice. Try uploading an attachment with Mail and you will find it very hard to impossible. You cannot install non-Apple applications (unless you JB) and so forth. I do not worry about virus issues and iDevices.
Odd that so many legitimate Android apps ask for so many permissions. I do not know at first glance if or why an app will or will not require permissions. I depend on this forum and others to tell me if there is a potential for disaster. I know that there are probably some legitimate reasons why an app needs certain permissions.
If I were a developer and I released a PC program that is granted the same long list of permissions some Android apps ask for, few would purchase the program because the press would tear me a new one.
Android asks us to stop considering or worrying about everything the security experts have told us to always worry about. Some lists of granted permissions are very long and it is often hard to know what is or is not a good idea.
As for market comments, I constantly encounter comments about how much an app sucks because it will not run. The problem is people do not read and they think themes for launchers are apps; they try to "run: the "app" and fail. And some comments might be from competitors, or simply stupid folks that do not understand something like reading.
I trust the Android Market. I mean, what else can we do? I do, however, think something will eventually happen and we will be hurt by the damage a crafty hacker will eventually do to us. The Android market is a growing market and it seems reasonable to just assume some moron will create something that hurts us all.
Bob Maxey
Android Expert
Which essentially means you are/will be forever tied to one market which is a common complaint against Apple and iTunes.
I do agree with you. Legitimate sources and careful attention to the who, what, when, where and why is important. I think most developers want to be on the market and therefore, most android applications will be found there.
Roze
Hiding behind a mystery
That's unfortunate for new developers like meIts a chicken and egg problem. I'm new and you won't download because nobody has downloaded the app and its just a big circle. Not saying your approach is not a good but it makes it hard for new devs like myself, not your problem though.
That's why a lot of new developers join site like AndroidForums and XDA and post their app asking members to beta test them and give feedback. Members that want to help the dev because they see potential in the app will test it out and report back any bugs. I've beta tested and I'll post a review saying, 'Dev is responsive and willing to improve app. App has some bugs atm but has a lot of potential'. I update my reviews as the app gets better.' I believe that the review will give other users an idea of the dev and the development of the app.
I hope that developers asking for members of a site, be it here or XDA, do not do such a despicable thing. Members that are willing to beta test a developer's app does it in good faith. Good faith is a fragile thing and can be broken easily. Once broken, it will affect not only that developer but other developers as well. As a beta tester, I am doing something that will HELP the developer better his/her app. I send in my error logs and post on the Forum or communicate through emails with the dev the issues I have on my phone. To find out that the dev took my Good faith in him/her and abused it will make me shy from helping other devs.
@OP, another way I get an idea of how an app is is by posting it on here or any other forums where I can get member feedbacks. This is especially helpful with apps with no reviews and rating.
PC programs have that long list of permissions by default. They don't ask for permission because they don't have to ask.
chanchan05
The Doctor
^This, Just take for example ANY browser for a PC. If you think about what you can do with them, they'd have a longer list of permissions than any Android browser I'd think
Bob Maxey
Android Expert
Very true. and people do not consider that when they use their computers. Whenever you DL an Android program, you are generally told exactly what will happen behind the scenes when the App asks you for the permissions it requires to do whatever it does.
zuben el genub
Extreme Android User
Not all people - I know of some that run browsers in Sandboxie. FF has plenty of extensions to control behavior. So does Opera. A PC also has a hosts file native. Android doesn't. You have to get an app.
chanchan05
The Doctor
All the same. People are being paranoid about Android permissions when they give MORE permissions on their PC programs by default. Its only more transparent on Android because it shows the permissions. Again as I reiterate, the majority of browser users dont even think of limiting their PC browsers capabilities, they even want more at times. Dolphin or Opera isnt going to reduce the number of permissions they need to satisfy you, when it would cause a thousand others to be dissatisfied with their product. 1000's of other users>you. I for one need those features those permissions granted to Dolphin:
1.) Network communications/full internet access: obviously
2.) Your location: sometimes facebook app acts up, and I often use the "check-in" function.
3.) Read browser history and bookmarks: You can sync desktop Chrome to default browser easily, but I want to use Dolphin, so I have to sync default browser to dolphin too.
4.) Storage: I need these for downloading widgetlocker themes, fonts for fontomizer, SkyDrive, etc.
5.) Prevent phone from sleeping: This is more than just for viewing videos. Imagine you were reading a blog or something, or a news article and the screen keep on turning off.
6.) Network communication/view network state: I have an unlimited data plan. I rarely use wifi. This is useful when I have to download an ebook from my skydrive to phone and I happen to pass through a tunnel.
7.) Control vibrator: this is harmless anyway.
8.) Install shortcuts, set wallpaper: To send bookmarks to your home screen of course
Bob Maxey
Android Expert
The problem is Windows users (for example) never think about permissions. Without various permissions, our software will not work. Android tells us up front that it will do certain things.
The_app_main
Member
Hi I tried posting my Keep Me Alert app in several app dev forums, including this one, asking for feedback and I got none. Any suggestions on how to get people to give feedback?