• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Application Permissions

S

SpaceDementia

Newbie
I've noticed a couple of apps I've downloaded (Adao File Manager and FX Camera for instance) ask for permissions when they install however when I look at there permission in "Manage Applications" they are different to what they requested.

For instance, Adao File Manager only asks for Internet Access but after I installed it I noticed it actually could read my phone state and delete/modify my SD. Which is pretty obvious for a file manager to be doing.
So why didn't it state this in the market permissions?
 
I think Android needs more permission categories.

For example, Phone Calls (that can access Phone State and Phone Identity) should be divided into two separate categories, Phone State as one and Phone Identity as the other. I could understand why many apps need to know whether or not there is an incoming call type of thing (phone state), but most of those apps do not need the Phone Identity.

It would also be nice if SD Storage could be divided up as well. For example, some apps should only be permitted to access data that the same app has written to the SD card, but not given access to other files on the card that have nothing to do with the app. While it makes sense that other apps need more complete access. Maybe these could be called Limited SD Card Access versus Full SD Card Access or something like that.
 
Permissions seems to be a BIG gray area. I have read that article above by that app developer it helps to break down what all the permissions mean but it's still gray for me.

But....if you read that article it says Permissions is really important and if you did all the things it says about being careful with those permissions, you would not be downloading most of the apps today. They almost all ask for Full Internet Access and alot of the others ones as well. The article says it's not always good to allow this stuff, so it's a catch 22.

I agree though..more talk needs to be made aware of how important this stuff is or isn't. That app developer who wrote that article should do a follow-up on just about Permissions, he sorta gave us the basics and didn't elaborate enough on the permissions aspect.

I would say 90% of the people that download apps don't even know what all the permissions mean or what they can do, they just want the apps, at any cost???

How important are these permissions? Yes we need a article just on this topic that is stickied at the top so we ALL can understand. Because people don't understand it causes ALOT of the negative reviews on apps. So it affects the whole process.
 
Yes, I agree.

I think some (not all) users fall into 2 groups.

I think a lot of people assume that because it's available in the Market, it must be safe, especially if a lot of other people have already downloaded it. And they don't even worry about what permissions it asks for.

And I think some people initially start out very careful. Then they find an app they really want that seems to ask for permissions that don't make sense, but they go ahead and take the chance. And then again. And then over time they pay less and less attention to the permissions.

That's why I think the Android market should do at least 2 things. One is to provide more categories like I mentioned before. Secondly I think each developer should have a better explaination of how the permissions are actually used (some apps already do that), and a privacy policy, but that's still taking the developer at their word I guess. And then having apps that make sure personal information isn't retrieved without a permission request would be useful, basically like a firewall I guess.
 
ONJFan said:
But....if you read that article it says Permissions is really important and if you did all the things it says about being careful with those permissions, you would not be downloading most of the apps today. They almost all ask for Full Internet Access and alot of the others ones as well. The article says it's not always good to allow this stuff, so it's a catch 22.
Click to expand...

A lot of free apps depend on ads or something to be sent out to some server to derive income for the developers or companies. Because it is much easier to market a fee apps than a paid one, a lot of apps using this strategy need Full Internet Access despite some app functionality clearly does not need that.

It is good to know end users are starting to get aware of this permissions concept but still the notion of free vs paid is too strong and free apps still get many more downloads than paid.

Among the free apps, those that do not require Full Internet Access or ZERO permission are rare and possibly only take 10% of the free apps market. These apps are truly free in the sense and not those marketing as free but actually it is not (to developer).

So yes it is a Catch-22 situation I would say to an end user. I believe market will correct by itself and after sometimes end users would be willing to pay cuz those free is only free to you but not to developers. Those ads motivates them to enhance on it.

Imagine you don't have any data plan for your smartphones and a lot of free apps will most likely not play cuz Internet connectivity all shut-down but those rare 10% will still play as per normal.

You can do a simple test by asking your mobile network provider to terminate all data connectivity except only for phone call and SMS back to good old times era and see how those free apps perform :)
 
ONJFan said:
Permissions seems to be a BIG gray area. I have read that article above by that app developer it helps to break down what all the permissions mean but it's still gray for me.

But....if you read that article it says Permissions is really important and if you did all the things it says about being careful with those permissions, you would not be downloading most of the apps today. They almost all ask for Full Internet Access and alot of the others ones as well. The article says it's not always good to allow this stuff, so it's a catch 22.

I agree though..more talk needs to be made aware of how important this stuff is or isn't. That app developer who wrote that article should do a follow-up on just about Permissions, he sorta gave us the basics and didn't elaborate enough on the permissions aspect.

I would say 90% of the people that download apps don't even know what all the permissions mean or what they can do, they just want the apps, at any cost???

How important are these permissions? Yes we need a article just on this topic that is stickied at the top so we ALL can understand. Because people don't understand it causes ALOT of the negative reviews on apps. So it affects the whole process.
Click to expand...


If you want more elaboration on the permissions, feel free to donate on my website (there is a button just for that security guide -- though I'm not sure if it works, haven't yet received a donation) :)

Anyways, the main themes I was trying to point people towards were:

1) That the community is your anti-virus
2) That people need to use judgement and be dilligent themselves
3) That the context and combination of permissions is important


If you're unsure about a permission, come to AF and ask about it (and give the app name). If you're unsure about an app, come to AF (or whatever your preferred Android enthusiast forum is) and ask abou it.

There's a good number of people who are willing to try out apps first, so you don't have to be in the early adopter crowd unless you want to, and feel very comfortable that you understand Android security.

judge_droid is correct though, and I fully expect to see the Telephony permission split at some point.

The SD card probably will not however (in my guestimation), because disk access is just something nearly all apps are likely to want/request. It's also something most other computing platforms always grant for their software. (Think about Windows/Mac). I think this is partially why that permission has been made "invisibly" backwards compatible for apps that specify 1.5 as the API level.
 
I just published an app called "Andee Exposed". You can use it to peek at a ridiculous amount of information about any app on your phone, including what permissions it uses. On the flip side, I also offer a list of every permission that every app uses, then allow you to select a permission and see what apps use it.

I have a lot of screen shots in the market so you can get an idea what it offers.
 
You must log in or register to reply here.
Back
Top Bottom