Android permissions explained, security tips, and avoiding malware

[twcowdery]

This should definitely be a sticky.

 

[Rico ANDROID]

This should definitely be a sticky.

I agree. It is one of the most helpful discussions on the forum

 

[alostpacket]

Thanks guys, this actually is stickied (sort of) by way of the "Applications Guide" thread, there is a link to this guide there. I probably could sticky it again but as I'm new to being an official "Guide" here on the forums I will check with some of the mods/admins first.

Anyways, just wanted to let you guys know that I updated the app version of the guide today and should have a lot of typos fixes and a new permission coming to the free guides this week.

So just wanted to let people know I certainly havent forgotten about these guides an appologize for how long it is taking to get some of these typos fixed but they are coming soon!

 

[Roze]

Thanks guys, this actually is stickied (sort of) by way of the "Applications Guide" thread, there is a link to this guide there. I probably could sticky it again but as I'm new to being an official "Guide" here on the forums I will check with some of the mods/admins first.

Congrats ALP!!!!

 

[alostpacket]

thanks rose

 

[Lare]

thanks rose

Again let me thank YOU. I've learned a lot more from this one tread than I did in days of internet searches.

 

[gymbo]

G'day alostpacket ...

Many thanks for your detailed comprehension. It is much appreciated mate

 

[alostpacket]

Updated with the latest info from the app version (PocketPermissions)

This includes:

- New permission: Install Packagages/Applications -- a very dangerous permission seen in the wild in very popular music apps.

- New section on Privacy that include WiFi, Location tracking and SD card contents

- New section on Anti virus pros and cons.

 

[ObiRon]

First, great post. As a new Android user it's exactly the information I was looking for.

I registered for the forums because I have a question based on a couple of things you wrote in the original post. You made a list of what you consider the "most trustworthy markets", and while you did not indicate a prioritized ordering, you did place the Android Market at the top, followed by the Amazon App Store, and then the other less common sources. A comment later in the post then implies, though did not explicitly state, that while the Android Market does not perform any screening, that the Amazon App Store in fact does.

And thus my question. Does Amazon in fact screen Android apps? And if so, how and to what extent? The bottom line would be: Other factors aside, is this a screening process sufficient enough that it makes the Amazon App Store a "safer" place to obtain Android Apps?

Thanks!

 

[alostpacket]

Amazon does screen apps, but it's hard to say to what extent, only they know for sure.

It's also important to keep in mind that "safe" is a relative term, and screening apps is not necessarily going to keep you safe. For instance, say all Amazon did was run each app through an automated anti virus? Then you would be no safer than someone with an anti-virus app on their phone. Or, say all they do is look at permissions? Or run an app once? Surely they dont have each app tested by multiple people over the span of a month or anything super diligent like that.

They also have a bit of a tarnished reputation dealing with publishers and manufacturers/distributors. But that's a bit off topic.

Anyways my main point is that each market has advantages and disadvantages and I didn't want to pick a favorite. (ie Google's Android Market is great for openess mostly).

Rather, the list was an example of legit markets that are at least known to care about not hosting dangerous apps, rather than 3rd party "warez" or "grey-ware" sites.

hth

 

[alostpacket]

updated, lots of typo fixes

 

[virthddman]

Thanks for posting the list Rico! - This is a good post - we don't want to give all apps all permissions - dangerous!

 

[alostpacket]

Added a bit more info about the "Make phone calls" permission

 

[Roze]

Hey ALP,

We're discussion about this app with a new (very bad) permisison:

I was trying to open the "Flixster" app, and the timing was such that the 3D Fireflies wallpaper had just finished installing, I noticed a SYSTEM pop-up in the home screen (not in the browser) - that said something about "LivingSocial coupon"... I was trying to do something else on the phone at the time, so I inadvertantly clicked on the "LivingSocial" pop-up, which then brought up a full page ad for LivingSocial. I used the "back" key to back out of it.

I reviewed the permissions for the "3D FireFlies Live wallpaper" and the permissions are:

-Network Communication: Full Internet access
-System tools: Display system-level alerts

It is VERY SUSPICOUS for a live wallpaper app to have this permission.

This seems to be a new type of push ad, different from Air Push, that I've seen. It is a huge concern.

Do you think you might know a bit more on the 'Display system-level alerts permission?

 

[alostpacket]

Havent seen that one but will be looking into it for sure. I did however finish your feature request last night heh and new version should be out tonight for PocketPermissions.

 

[alostpacket]

copying from another thread:

OK here's the official definition from developer.Android.com

public static final String SYSTEM_ALERT_WINDOW

Since: API Level 1
Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications. Very few applications should use this permission; these windows are intended for system-level interaction with the user.

Constant Value: "android.permission.SYSTEM_ALERT_WINDOW"

public static final int TYPE_SYSTEM_ALERT

Since: API Level 1
Window type: system window, such as low power alert. These windows are always on top of application windows.

Constant Value: 2003 (0x000007d3)

I can't think of a reason off the top of my head why I'd grant this to any app. This permission is meant for the OS, not really for apps.

I guess something like SenseUI might ask for this, but even then I'm a bit unsure as to why they wouldn't just skin the regular alerts.

 

[alostpacket]

Just wanted to write a quick note:

Appologies for the delay in adding this permission.

I will also be adding "Change Network connectivity" (generally harmless permission)

Also adding "links" to make the guide easier to read next week if all goes well.

Currently working on fixing a bug in another app but this is up next

 

[mummaoma]

Thanks so much for this info. I am an Android newbie and have much to learn. Its overwhelming really, for me anyway...

 

[Roze]

Thanks so much for this info. I am an Android newbie and have much to learn. Its overwhelming really, for me anyway...

Welcome mummaoma to AndroidForums I think you have a really good start with reading ALostPacket's thread. It will help you in understanding what you should look out for when you install an app

AndroidForums is a trove of information with helpful members and staffs. If you have any questions, you can do a quick search as you questions would most likely have been asked. If not, just make a new thread and ask (in the appropriate forum of course).

 

[jopemon]

Hi. Your post is almost perfect. But i have a question. For android users who have their phone for a long time and don't want to verify all apps, i would recommend to use an anti-virus software only to scan the apps they have installed. Is it right?

regards

 

[Roze]

Hi. Your post is almost perfect. But i have a question. For android users who have their phone for a long time and don't want to verify all apps, i would recommend to use an anti-virus software only to scan the apps they have installed. Is it right?

regards

I would recommend that you continue manually verifying apps you install and also update. Remember when you update, you are reinstalling the app again.

I still question the usefulness of the antivirus apps and how they code it to see if an app is malicious or not. All of the apps I have downloaded for the past year and a half have not been flagged with Lookout. Does this mean that Lookout is working and I have never downloaded or updated a malicious app? Zero apps flagged does not mean Lookout is doing its job. It could be doing noting and thus you're not getting any app flag as well.

 

[alostpacket]

Thanks so much for this info. I am an Android newbie and have much to learn. Its overwhelming really, for me anyway...

Hang in there it's not so scary once you get the hang of it!

 

[alostpacket]

Hi. Your post is almost perfect. But i have a question. For android users who have their phone for a long time and don't want to verify all apps, i would recommend to use an anti-virus software only to scan the apps they have installed. Is it right?

regards

Thanks for the kind words! If only it was perfect and they stopped updating permissions then I could stop my compulsion to rewrite the guide every few months

As for anti-virus, as roze said, it can be hard to decide. Check out the section on anti-virus at the end of the guide. It has pros and cons and I try to give both sides. I can't however tell you to use, or not to use anti-virus.

That is a personal choice you need to decide for yourself

Good luck!

 

[Roze]

Thanks for the kind words! If only it was perfect and they stopped updating permissions then I could stop my compulsion to rewrite the guide every few months

You know you love this guide and would just update it for the point of updating it *looks at all the proof read edit and visual ones*

 

[Arual]

Thanks for all of your time and effort in sharing this info with us! I greatly appreciate it. Being a newbie, I had no idea much of that existed and surely wouldn't have known what to do about it.

Im abit scared to download stuff and to do my banking, etc on my inspire. Eek! Maybe I need to go back to the boring ol' basic cell phone, lol.

Do iphone users have these same concerns/issues? Im curious just because many apple lovers talk about how they dont have to worry about viruses and such on their Apple gadgets/comps, but is this ring true for their iphones too?

Again, thanks for the post! I located it by doing a search on permissions, I tried to download pandora app last night and was abit freaked out by the permissions it showed, so I ran here to search out info on what it all meant.... came by your post and ahhh, what a treasure it is! THANK YOU!