It's officially application awareness day!
I just wanted to get a discussion going on why certain permissions are needed for certain apps. I believe a lot of people including myself have been guilty of ignoring strange permissions..
What are they doing with these permissions? Who are these developers? What are the implications of each permission?
I've gone through all of my apps to see what they are accessing and I have to admit - I am a bit surprised. Should I have been paying attention when I first downloaded them? Sure.. but let's admit, a lot of us just think that app is so cool so we ignore them.
Some surprises/confusion:
95% of apps - full internet access (not sure of the implications of this).
Air Horne - Your location
Backgrounds - read contact data, write contact data
Barcode Scanner - read browser's history and bookmarks, read contact data, write contact data.
Zedge - read contact data, write contact data
NFL Mobile - read SMS or MMS, Send SMS messages
Google Translate - read contact data, full internet access
Some other trends I've seen in apps:
"modify system settings"
"modify/delete SD card contents"
I think a lot of us are new to Android or aren't in computer science and don't realize the implications or know exactly what a permission is capable of. We are just so excited that we have such a cool platform that can do almost anything.
Hopefully we can help each other out and prevent ourselves from being attacked, used for spam, hacked gmail accounts, logged keystrokes (banking), have information stolen or worse yet, our friends and family's contact information stolen (read/write contact data?)..
So what do you guys think? Are 99% of these developers innocent, or are we getting ourselves into trouble accepting apps with strange permissions?
What does each permission entail and what can we deem red flags? When should a rooted user never allow superuser permission? Is a rooted user at more risk than a non-rooted user? How do we know if a developer is reputable or not?
I just don't think the "just read the permissions and use your best judgment" line cuts it anymore... I think the community needs more education.
I just wanted to get a discussion going on why certain permissions are needed for certain apps. I believe a lot of people including myself have been guilty of ignoring strange permissions..
What are they doing with these permissions? Who are these developers? What are the implications of each permission?
I've gone through all of my apps to see what they are accessing and I have to admit - I am a bit surprised. Should I have been paying attention when I first downloaded them? Sure.. but let's admit, a lot of us just think that app is so cool so we ignore them.
Some surprises/confusion:
95% of apps - full internet access (not sure of the implications of this).
Air Horne - Your location
Backgrounds - read contact data, write contact data
Barcode Scanner - read browser's history and bookmarks, read contact data, write contact data.
Zedge - read contact data, write contact data
NFL Mobile - read SMS or MMS, Send SMS messages
Google Translate - read contact data, full internet access
Some other trends I've seen in apps:
"modify system settings"
"modify/delete SD card contents"
I think a lot of us are new to Android or aren't in computer science and don't realize the implications or know exactly what a permission is capable of. We are just so excited that we have such a cool platform that can do almost anything.
Hopefully we can help each other out and prevent ourselves from being attacked, used for spam, hacked gmail accounts, logged keystrokes (banking), have information stolen or worse yet, our friends and family's contact information stolen (read/write contact data?)..
So what do you guys think? Are 99% of these developers innocent, or are we getting ourselves into trouble accepting apps with strange permissions?
What does each permission entail and what can we deem red flags? When should a rooted user never allow superuser permission? Is a rooted user at more risk than a non-rooted user? How do we know if a developer is reputable or not?
I just don't think the "just read the permissions and use your best judgment" line cuts it anymore... I think the community needs more education.