Still confused about Permissions

[justamel]

I think I understand fairly well about accepting/denying permissions, but I don't understand if apps can do these permitted actions "on their own" without any action on my part. For instance a browser app lists things like the following: add shortcuts, record audio, take pictures, prevent phone from sleeping, and more.

Can an app be doing such things if I have not opened it?? Do these things if I have opened it but have done nothing that would require such action, ex. add a shortcut, record autio, or ????? I think I have seen permissions allowing changes to contacts and files. I guess what I am really asking is: can apps be anonymously be "snooping around" "making changes"??

If this all sounds stupid maybe it's because I'm an old sod and not very savvy about today's computers and cell phones. Thanks in advance for any help you can provide.

 

[AugieTN]

My understanding is a lot of permissions are grouped. So if an app needs access to your contacts, there are other items it's going to get access to because they are in the group with contacts. At least that's the way I understood permissions.

I'm not concerned about snooping. There's nothing on my phone that anyone would be interested in. Hope that helps.

 

[Hadron]

If you've never opened it it can't do anything: an app needs to be opened at least once after installation before it can run.

Once you've granted the permission the app can use it whenever it runs, except in some cases where you have the option to grant the permission "this time only".

Some apps can run in the background (some have to do so to do their job). Others only run when you run them. Some permissions also have the option to only be available when the app is run, which I understand to be "when you are running it in the foreground".

Apps like browsers should not be doing anything in the background, and in general the sort of thing you describe should not be happening when you aren't using the app. But yes, in principle if an app is malicious and you grant it access to some data it could abuse that in the background. Of course if the app is malicious it could also abuse the permission when you are running it, e.g. if you download a flashlight app that wants access to your contacts it doesn't make a huge difference whether it uploads them somewhere else when you are sleeping or does it when you turn the flashlight on. And if you think "surely nobody would grant a flashlight access to their contacts!" that's actually why the system asks you to grant the permission: in the old days an app got all permissions it requested automatically, and many people were too uninformed, lazy or dumb to check what permissions it wanted before installing or running it (and yes, you really did get flashlight apps that wanted access to all of your sensitive data...).

By the way, the browser asks for those permissions because there are some websites for which they are needed (I never grant any of those actually: I don't want shortcuts to websites on my homescreen and have no interest in letting a website access my camera or mic). I take the attitude of "do I need this particular app to have access to these particular things?", and if the answer is "no" then I don't grant them (e.g. some people might want a weather app to show the weather in their current location, but if I don't care about that then I don't give it that access). However it's sometimes not immediately obvious why a permission is necessary, e.g. to go back to my example of the flashlight app, that probably will ask for camera access not to snoop on you but because it needs it to control the flash.

Current versions of Android now remove permissions from apps you don't use for a couple of months (so if you run them again they'll ask you to grant them again).