• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Controlling permissions given to apps

C

CaptainStarbuck

Lurker
My only pet peeve with Android is that developers can ask for any permission and we really have no idea what they're doing with that permission. Access to Contacts and Internet gives any app the ability to consume my private data without limit. Write access to photos and file system gives an app the ability to read and transfer any data that isn't locked into a private repository. Why does a flashlight app need access to the camera or microphone? Why does Facebook need every possible permission? I know there are other postings on this topic and the general response is that specific apps probably have some valid application for accessing data per the requested permissions. That involves a Lot of trust - while at the same time we all know there are some malicious apps out there. How do we know which is which? We simply don't.

If I authorize an app to read my Contacts, it's all or nothing. Like millions of other business people out there, I'm contractually obligated under NDA to keep some data private. What are the ramifications for me letting random apps get access to client contact information which might be considered private data? The same goes for client documents, photos of white boards from meetings, calendar appointment items, etc.

I wish we could separate Android file systems and databases into those which we authorize for specific apps versus those which we do not authorize for anything other than personal use. For example, my full Contact list should be viewable to me only via the default apps or those which I authorize for phone, SMS, email, etc. All other apps should get access to separate databases where I can choose to save records of my choosing, linked back to the primary Contacts database for synchronization. Same for pictures and other files. And I should be able to lock and unlock camera, microphone, GPS, and other native functions so that they are only used when I authorize their use, and so that I know exactly how they're being used at the time.

While Apple has too tight a hold on the app industry for iDevices, Google has almost no control over their app industry, and that "wild west" atmosphere has been a constant source of pain for those of us who want/need something more stable and secure.

So I'm hoping Google or someone can find an answer to this problem which has been with us from day-1, which is how to ensure that specific apps only get access to data that we want them to access. With every new release of the OS and API, I'm hoping to find new rules that force developers to conform to a better standard. But the situation only seems to get worse as every developer now feels it's acceptable to ask for all permissions - and the typical consumer is all to eager to click Yes to whatever is asked to use freeware.

Thanks for your time and consideration.
 
CaptainStarbuck said:
While Apple has too tight a hold on the app industry for iDevices, Google has almost no control over their app industry, and that "wild west" atmosphere has been a constant source of pain for those of us who want/need something more stable and secure.

So I'm hoping Google or someone can find an answer to this problem which has been with us from day-1, which is how to ensure that specific apps only get access to data that we want them to access. With every new release of the OS and API, I'm hoping to find new rules that force developers to conform to a better standard. But the situation only seems to get worse as every developer now feels it's acceptable to ask for all permissions - and the typical consumer is all to eager to click Yes to whatever is asked to use freeware.

Thanks for your time and consideration.
Click to expand...

iOS apps can be a "wild west" when it comes to accessing your private information, but it's more of a "need to know". And Apple's premise is that you don't need to know and bother you about such things. You get the apps from the iTunes store, install them nice and smoothly, and no need to bother you with those pesky privacy permissions dialogues, it's all assumed to be yes, allow it.

With Android, if you are concerned about a particular app's privacy permission, like say a flashlight or wallpaper app having private information permissions. And you feel uncomfortable about it, then either don't install it, or even email the app devs about it, enquiring why they need those permissions. Occasionally devs are lazy or inexperienced and turn all permissions on, even ones they don't need.
 
Thank you for your response and info about iOS. It seems our only solutions right now are:

1) Don't load the app.
2) Contact an author directly and try to determine from the warm-fuzzies we get just how much we trust that individual.
3) Look at comments to see if anyone has raised a flag about permissions. This is unlikely as most people just Accept whatever is required.

These methods leave security to the discretion of the individual consumer, and most individuals simply won't care or are not qualified to do this.

We could also use public websites as a way to try to keep developers honest, boycotting bad apps their shaming the bad devs. But this isn't effective.

No, this situation is too precarious. I think this needs to be built into the core, so that consumers can have the ability to monitor the apps they choose, and then deny specific requests for specific apps. Once an app is proven untrustworthy, Then the user can elect to unload it.

Or, we should be allowed to give limited permissions to specific apps at install time, with apps simply limiting their functionality based on the resources available. For example, I will approve Facebook to use the network but I do not want to give them access to my camera, contacts, or GPS. And if I want them to access my file system it will be to a specific folder tree and nothing more.

This is Linux - permissions are built-in and robust. I don't understand why this has been such a neglected part of the environment for so many years.
 
There are a few devices that have complete permissions control of all user installed apps. And can do yes, no or prompt for any permission on an app by app basis, even with 4.4 Kitkat. But this is something that manufacturers like Oppo have done, and not Google.
 
This thread should be a great help in better understanding app permissions in Android:

http://androidforums.com/android-ap...explained-security-tips-avoiding-malware.html

Things are often not as clear-cut as they seem. To use one of your examples, it's normal for a torch app to require access to the camera in order to control the LED flash. There's no reason however to access the microphone, so that requirement would make me suspicious.

Full, fine-grained control of individual permissions is possible, but only if you root the device. And yes, the Android kernel is Linux-based so the same file system permissions exist. App permissions, however, are unique to Android.
 
@Slug, thanks for the link. That's a good "Security 101" for typical users, and essentially says "be informed, make wise decisions".

We still have this ecosystem where common apps like Facebook, Google Hangouts, Dropbox, and so many others do have legitimate reason to access resources. But once we give permission the app we have no idea what they're really going to do with it. This isn't paranoia or conspiracy theory - every day we're hearing about new privacy issues from large, mainstream, trusted companies.

Questions that may never really be answered:

  • Which files are they going to scrape from my file system? How can I prevent specific files from being available to apps outside of going into the file system and hiding or encrypting them?
  • Just how much of the Contact data are they going to store and forward for their own purposes?
  • Why do I need to give any of these apps Write permissions to Contacts?
  • Why can't we get a version which doesn't write Write permissions to Contacts? Or why can't I deny access to Location or phone identity? (Yes, I know this was added and then removed. I need to research that better.)
  • Why doesn't the API allow for field-level access to Contacts (name/phone only for Phone and SMS apps, name only for Facebook...)
  • Why isn't there a flag in Contacts to allow/disallow access from specific apps?
  • Why can't I substitute a different Contacts database/app to receive Intents from apps? With this I could select the records and fields that I choose to expose.
Again, we can leave judicious decisions about which apps to use to the consumer, but we know most consumers aren't that critical - they just want functionality for free so they'll Agree to anything. The problem is that we don't even have the tools to deter accidents or malicious use of the resources. That's not something for consumers to address. It's entirely up to Google to put in the tools and encourage developers to use them. THEN we can get consumers to make better choices.
 
You must log in or register to reply here.
Back
Top Bottom