• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help App Permissions

RonaldH

Member
Oct 26, 2013
77
13
I note that my bank app also 'requires' access to most of the 'personal' content of my Android phone and tablet so I asked them why ...

They answered ...
"Permissions are standard across all apps and this is something which has been set up as an agreement with most tablet, iPad and phone manufacturers".

Is this correct? And if so, why, given that most apps do not require much of the access that they state that they need.
 
This particular bank app is very basic allowing me to quickly check on the android device eg account balances.

But I come back to my question ... Is this correct?
"Permissions are standard across all apps and this is something which has been set up as an agreement with most tablet, iPad and phone manufacturers".
Because if it is then it raises serious doubts, at least in my mind, as to the secure usability of Android. I have no doubt that (most of?) the apps are not interested in our private data but such broad access possibilities must surely raise alarm bells among users?
 
Upvote 0
Some banks are moving towards cashing cheques by sending them a picture of the cheque.
That's how we've done it for quite some time - no more standing in line or driving around. :)

OP - I don't know how Android has serious security concerns over one app.

If you were to link the app so we could see the specific permissions, it would help a lot.
 
Upvote 0
Hi EarlyMon.
Thanks for your direct comment.
Its not just 'one app' but most apps seem to call for access to quite personal info when clearly it is difficult to see how such a 'need' is justified.

The particular bank app that I referred to asks for the following permissions ... see file. For example, it can potentially:
Modify my contacts ... without my consent??
Modify or delete USB storage ... without my consent??
Read the USB storage ... without my consent??
Take pictures ... without my consent??

Some of the other permissions I can sort of understand but my point is that apps seem to have a pattern of 'have access to potentially everything just in case we need it'. So in reality does this really mean that eg an app can access and make changes to (say) my contacts without any user permission?
 

Attachments

  • CBA App.JPG
    CBA App.JPG
    41.8 KB · Views: 65
Upvote 0
my point is that apps seem to have a pattern of 'have access to potentially everything just in case we need it'.

That's too much of a generalisation. Some apps undoubtedly do, but many don't. That's why it's always wise to check the permissions list before installing, and also watch for new ones being added (or removed) with updates.
 
Upvote 0
OK, I understand - and you're right - that's a real problem with a lot of apps.

And it's not limited to just Android. Not by a long shot.


http://www.snoopwall.com/threat-reports-10-01-2014/

http://androidforums.com/threads/android-flashlight-apps-fyi-you-be-the-judge.905141/

This is 5 years old and still one of the most important threads anywhere for Android -

http://androidforums.com/threads/an...ned-security-tips-and-avoiding-malware.36936/

Sometimes, apps will surprise you but they're ok - they do need permission XYZ whatever to give you the listed feature set.

Very, very often however, it's just far too much and it's wise to seek out alternatives.

With Android, you see the permissions up front - you have to have consumer common sense and question what you're seeing before leaping - as you're doing here.

Our Applications forum has always been a good place for this.

Find out if others know about something before acting.

For ultimate security protection, I always advise rooting and a root firewall. Never give an app network access until it's clear it needs it and you agree. You can still get fooled and let something bad in but your chances of it phoning home with your data are greatly diminished.
 
Upvote 0
Here's what my banking app has for permissions.

Everything here is needed and useful.

1430582489032.jpg


That's everything.

Your bank is being absolutely ridiculous and there's no way I'd install that, and I'd definitely complain and would switch banks if they don't listen - but that's just me.

A bank responsible for securing your money and identity telling you to shut up because they know what's best based on some fictitious negotiations with vendors is completely unacceptable and obviously baloney sausage.


PS - for NFC access they danged sure better be offering their own version of Google Wallet or else that's just proof that they threw in the kitchen sink like brain damaged monkeys.
 
Upvote 0
Seems we are on the same wavelength EarlyMon & what a great post and video ... thanks.

I am a fairly basic user but even so I have around 65 apps ... many of course pre-installed. But most if not all of these set the requirements barrier high on the take it or leave it approach. If I was to 'leave it' then I get back to very basic usage of web search and email ... ignoring the phone aspects of voice and texting. It just seems to me that Android (Google) somehow needs to have much tighter control over what they permit through the Play Store ... if you go 'outside' then of course its a case of buyer beware and all that goes with this.

I doubt that 1% 0f tablet/phone users seek help via such great forums as this and that most likely means that '0000000000's of users simply just install an app without much thought other than it looks useful. What a wonderful source of potential information to app developers including those 'official' through Play Store.

Maybe I am being just a bit paranoid ... who knows. But only recently we have been reading all about government 'spying' possibilities and they are kind of 'official'. Seems they have nothing compared to Mr app developer!

Is there some way we can get the official 'take' from Google/Android about risks and benefits of using their gear?
 
Last edited:
Upvote 0
No, it's really the same as it's always been for the old school - caveat emptor - let the buyer beware.

No vendor has found a way to solve the logistics problem for app monitoring.

Iow, there's no formula that says, under these circumstances, this app permission set is not ok.

I've looked - people asked me to write that watchdog app 5 years ago. If I could have found that formula, I'd be rich lol.

Might as well blame Apple as Google.

Apple has singlehandedly built the insane myth that just because you get things from their store, you're magically safe. That's a remarkably stupid thing to believe but a lot of intelligent people do.

I don't know what happened to common sense but people still believe that and extend it to the Play Store.

And the web from their PCs for that matter.

Do you know how easy it is to never get a Windows virus without an anti-virus software? Really easy. Yet even with anti-virus software, most PCs are infected.

The good news is that malware is on the decline and you're 5 times more likely to get malware from outside the Play Store.

But as I commented here, the malware number that you care about is 1.

You're number 1 - if you get stuck, statistics don't matter.

http://phandroid.com/2015/04/03/google-cut-android-malware-in-half/
 
Upvote 0
I meant to add ...
On my tablet & phone I have installed both Avast anti-virus and Malwarebytes ... will this help to detect any 'abuse' by apps? I am guessing 'probably not' given that in order to install the app I accepted the permission requirements.
I think that your chances are low of them catching anything.

I also think that security is everyone's business and so long as you receive and forward email attachments, having Anti-Malware is a good thing.

No Android-specific virus has ever been caught in the wild but viruses are just one form of malware - others have snuck in.

Having two security scanners isn't something I'd recommend.

Flip a coin and keep the one you trust most.

I've had Avast find things on a pc that Malwarebytes didn't and vice versa - and stuff that neither caught.

Android is inherently a harder environment, so go ahead and cut back to just one, or even none as many others advocate.
 
Upvote 0
Standard two thumps-up to everything EM always and already said! :)

Also, sign of a good app: look in the Play Store description for details about the non-obvious (and/or obvious) use of each permission (what is it used for, why needed, etc.).

If that information is missing or doesn't make sense, contact the dev for an explanation or don't install the app.

I can tell you that app devs are limited in the number of bytes we can put in the app description area (currently 4,000), so sometimes adding details of the app permissions might be taking a back seat to other info the dev wants to convey. But they could post / link to a website that details those permissions without consuming too much space.

Cheers!
 
Upvote 0
The only guidelines I use are "is this permission reasonable for the app's function?" and "am I prepared to trust this developer with it?".

I do find it interesting when checking permissions (with root and app ops in Lollipop) how many apps have never actually used most of the permissions they've requested - which means either the permissions are only used for niche use cases I've not used myself or, more plausibly, the app didn't actually need them in the first place and the developer was just plain sloppy in requesting them.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones