Suspicious permission: Read browser history and bookmarks

[Member 2081181]

Hello everyone,
I have created a thread regarding a permission which I think raises privacy issues.

There are many apps that can read your browser(s) history and bookmarks.

Here's one:

A launcher reading browser history and bookmarks is quite suspicious. After seeing some apps needing this permission, I am more cautious and I avoid installing such apps.

I installed some permission check apps and only one of them: "aSpotCat" displayed apps using the "read your browser(s) history and bookmarks" permission. Here's the screenshot:

Note: The red colored filled rectangle is actually an antivirus app which I guess uses the permission to scan and prevent infected webpages.

So, here are some questions:
1. Is "read your browser history and bookmarks" permission applicable for all browsers? (For eg: a browser reading all other browsers' history and bookmarks or any other non-browser app reading all browsers' history and bookmarks)
2. Is it safe to have system apps (some of them in the screenshot) read your browser history and bookmarks?
3. Any way to deny this permission for system apps as they can't be uninstalled (and some can't even be disabled - eg: Camera test app)?
4. When does any app having this permission can actually read browser history and bookmarks (when the app is running or even when a background service of the app is running)?
5. Last and the most important question: Can the apps having this permission actually "send" the browser(s) history and bookmarks back to a server?

Any help would be appreciated.

 

[chanchan05]

Not suspicious at all based on functionality. Go Launcher has a bookmarks widget function, plus the ability to put bookmark shortcuts on the homescreen. That won't work unless it has permissions to actually read the bookmarks. You can't put a shortcut to something you don't have access to.

1. Yes. That's how the import function of browser apps work. They read the bookmarks of the other browser in order to copy them. All browsers have that, including those on Windows and MacOS.
2. Yes. Otherwise they can't search for it. Obviously backup apps need to read it, otherwise they can't backup the bookmarks. The search apps also do that.
3. You can turn off that feature inside the settings of the apps. But seems counterintuitive since you lose their functionality. Especially for backups. That means if your data gets corrupted, your entire bookmark list is gone.
4. Depends entirely on what the app is. For example, a cloud-based backup system will read the bookmarks on a set interval to create backups of them in a timely manner. Browsers tend to only read other browsers when they're importing.
5. Varies. Obviously an app which can read bookmarks but has no internet permission or messaging permission isn't sending anything anywhere. Whether they do so is a different question.

 

[psionandy]

If you don't like the permissions that an app asks for... DON'T USE THE APP.

(and people really should check they are happy with the permissions)>

 

[mikedt]

5. Last and the most important question: Can the apps having this permission actually "send" the browser(s) history and bookmarks back to a server?

Any help would be appreciated.

In the case of your "GO Launcher - 3D parallax..." definitely yes, and the server is in China. Where your private data is aggregated and sold onto third-parties, to send you targeted ads based on your private data. That's basically how Guangzhou Juibang Technologies, Co. Ltd. monetize their "free" GO apps. Same with Cheetah Mobile, etc.

 

[Member 2081181]

If you don't like the permissions that an app asks for... DON'T USE THE APP.

(and people really should check they are happy with the permissions)>

The logic does work for cases when you know that the app you want to use does not need a permission (eg: A space analyzer app asking for location permission)

But when the permission is not clearly explained it becomes a problem. If apps using "read browser history and bookmarks" permission can send the data back to a server (this is different from browsers synchronizing bookmarks and history in cloud) then it is a big issue.

Hence, I thought clarifying this would be a better choice. Waiting for more opinions so that we can get a clear idea on this permission.

 

[Dannydet]

Other opinions?
They've been answered already

 

[KBU2]

What you may find really disturbing is that you may have multiple apps on your device that interact with your privacy such as that one you're not aware of that you use on a daily basis.

 

[mikedt]

The logic does work for cases when you know that the app you want to use does not need a permission (eg: A space analyzer app asking for location permission)

But when the permission is not clearly explained it becomes a problem. If apps using "read browser history and bookmarks" permission can send the data back to a server (this is different from browsers synchronizing bookmarks and history in cloud) then it is a big issue.

Hence, I thought clarifying this would be a better choice. Waiting for more opinions so that we can get a clear idea on this permission.

Well I suggest you look closely at the app provider's Privacy Policy statements and their Terms of Service. And if you can't find them or don't agree with them, then don't use that app.

 

[Deleted User]

What you may find really disturbing is that you may have multiple apps on your device that interact with your privacy such as that one you're not aware of that you use on a daily basis.

Yes good point. And quite honestly, if you use the Internet, then there are already a multitude of ways your personal data is being collected, and monetized/monitored on the web. Google has your entire search history available, and god only knows what they're doing with that. Websites routinely use your browser cookies, so they know where you've been, and what you've been looking at.
So really, we don't have that much privacy.
You can certainly be vigilant when it comes to being aware of what permissions your apps are asking for. Can this particular app send your browsing history off to some remote server. Almost certainly yes, if it has Internet permission. However, I would question why a launcher needs to collect bookmarks and browser history in the first place. Is that essential for what it does?? What do other launcher apps ask for in terms of permissions.
As has been suggested, look at the privacy policy of the app for an indication of what they're doing with your personal data.

 

[Hadron]

None of my launchers has the permission to read bookmarks. I don't know whether they support placing bookmark shortcuts on the desktop because this isn't a feature I want (I'm fairly sure I've encountered browsers putting them there before, but not for years. Some of my browsers can place bookmark widgets on the desktop, but that's different from a direct shortcut to a particular bookmark).

Go apps have had privacy problems in the past, so have been on my "don't use" list for about 6 years now. I've not bothered keeping up with their behaviour recently, but if you have major concerns about privacy I'd be a bit wary of them.

If an app has both internet access and the ability to read bookmarks then yes, it could send them off somewhere else. Whether it does you could only tell by installing some serious monitoring on the phone (and even then they could hide it by encrypting the data before sending, so all you could tell was that it was sending something). So there are 2 elements to this: would the app have the capability (i.e. the necessary access) and do you trust the developer? If the answer to the second is "no" then at least to my mind the first question doesn't matter.

Yes, permissions are broadly-defined, and there are legitimate uses that may not be obvious unless you know a lot about how they actually work. It isn't always simple to judge them, and you do need to look at what other permissions an app has to understand the potential for privacy or security violation. If the app developer has a clear privacy policy and explains what they need the permissions for that certainly helps with trust, but at the end of the day you still need to make a judgement: they may not be telling the truth, or not the whole of it. That is particularly important where the app's function requires an extensive set of permissions, such as launchers and, especially, security apps (and, obviously, keyboards, since they have the potential to record anything you enter).

 

[Member 2081181]

Thank you all for your opinions/suggestions.

I guess it is best to avoid apps requiring this permission. (again it is a personal choice)

Some apps don't even ask for this permission and still have access to it. (eg: Multi Space & Parallel APP)

I agree, privacy is a big concern seeing how much personal information a company/app/search engine etc can get even without user's consent/agreement.

 

[chanchan05]

None of my launchers has the permission to read bookmarks. I don't know whether they support placing bookmark shortcuts on the desktop because this isn't a feature I want (I'm fairly sure I've encountered browsers putting them there before, but not for years. Some of my browsers can place bookmark widgets on the desktop, but that's different from a direct shortcut to a particular bookmark)..

The difference with Go Launcher and other launchers is that the Go Widgets are integrated into the launcher. So where another launcher will not need direct access to the bookmarks, a Bookmark Widget does, and Go Launcher has an integrated Bookmark Widget instead of something separate, like using Chrome Bookmarks widget on Nova Launcher.

But anyway, case in point is, it is my opinion to not use Go Products at all.