App permissions: Read email attachments?


  1. Danish Ninja

    Danish Ninja Member

    Evening, all --

    Does anyone know what this permission actually means? All the Android Marketplace says when I hit it to explain the permission is that it "Allows this application to read your Email attachments". Which could be interpreted a number of different ways, so isn't helping shed any light for me.

    I asked the developer (of Kingsoft Office, the app in question) what it meant and why that permission was required. After all, I wouldn't want a third party to be able to read my email attachments.

    He said he asked his developing team and they explained that the app, a document creation and modification program, has a built-in email program, and that the permission grants the user the ability to read email attachments sent through that aspect of the app. In other words, that no, they don't have the ability to read the user's attachments (from that app or elsewhere); it's for the user's use only, and only when using that aspect of the app (vs. my regular email).

    But this seems a bit weird: many app permissions are developer-based, right? THEY want to know your phone state. THEY want to modify your SD card. THEY want to prevent the phone from sleeping when the app is being used, etc. That the email attachment reading permission would now allow the USER to do something, rather than allowing the developer to do or control something, seems odd. It's a permission, after all. I need to grant myself permission to view my email attachments?

    Anyway, I'm not trying to be paranoid, it's just the first time I've seen this permission required, it seems really odd, it's ambiguously worded in the Market's explanation, and with a chunk of time dedicated to searching online for an answer about what this permission actually allows, I found that no one seems to explain it. And granted, the developer answered my question quickly, and is PROBABLY being truthful, but on the flipside, what would someone who's being deceitful say? The same thing, of course: that it's perfectly safe to use. I'm being asked to trust something suspicious by someone I don't know enough about to trust, as it were...

    Anyone have any insight about what this permission truly entails?

    Advertisement
  2. chanchan05

    chanchan05 The Doctor Guide

    1. You aren't granting yourself the permission to read attachments. You are granting the app permission to read attachments. If it did not have that permission, everytime you want to read an email attachment, you can't use that app to read it.

    2. THEY-the developer? No, the app wants to be able to know your phone state, prevent sleeping, or modify your SD card. For good reason. For example, if the app cannot modify SD card contents, then how can it save or edit the files you have on your SD card? The file you want to edit is an SD card content. Of course a document editor would need to edit SD card contents.

    3. You aren't giving permissions to the developer, you are giving permissions to the app.
    Crashdamage likes this.
  3. Danish Ninja

    Danish Ninja Member

    Ok, thanks for responding, but perhaps the rhetorical aspect of those items hadn't come across properly. I understand the need to modify SD card contents and that you aren't granting yourself permission to read the attachments, etc.

    Yes, I understand that the permission is granting the app to access email attachments, and that you're granting it to the app and not to the developer. At least directly. However, my concern is that could the app then deliver those same attachments to the developer?

    To put it another way:
    Everyone's always being told to note oddities and red flags in the Android Market. Like, if you notice an app that shouldn't be granted a certain permission based on what the app does, be a bit wary of it. Why would a Connect Four-type game need to access your list of contacts, for instance...
    So I'm trying to verify what this permission specifically does in order to understand if there's any chance that the developer could attain information from email attachments (whether they come through that app alone, or on the broader scale of my phone as a whole).

    As with the permission to read your contacts list: it grants that permission to the app, not the developer -- same deal as the email attachments permission -- yet it's the developer who can then receive that personal information. That's the whole concern over being leery of that particular permission. Could -- may -- this permission to read email attachments be any potential threat to email attachment security?

    Everything else aside, I'm just looking for a clear breakdown of what that permission actually grants, and if it's a security threat.

    Hope that clears up my questions.

Share This Page