android.permission.READ_PHONE_STATE (listed in Market as Phone calls - read phone state)
is a permission that grants the application to read your IMEI (unique cell phone serial), Phonenumber, Serial of the SIM-CARD, and many more.
(For more information or Screenshots what it can do, see app "permission.READ_PHONE_STATE" in Android market)
Now, if this can be a major privacy-breach since the Developer is able to know who is using his app in person (by looking up the phone number, e.g.), or connecting user habbits over several apps to another, one could think: okay, then i won't install apps with this permission anymore.
And here comes, what i discovered within Android market:
to name just a few recognized ones, are able to install this permission without it being listed by Android Market!
Not only this, some of them also install with WRITE_EXTERNAL_STORAGE (normaly listed as "Storage - Modify or delete SD card contents" in Market e.g.: read and write all your SD-Card data) as well!
(Please note that at least 2 of them are by Google itself! (My Tracks and Sky Map))
Now, one could think, maybe the Application needs the permission for not being properly coded; But at least Vampires Live, seems to use the secretly installed permission to recognize you, once you uninstalled and install again.
Not all of the apps have internet-access, though. But Market message says when updating:
"The application xxxx will replace the currently installed xxxx.
Existing user data will be saved."
That leaves room for interpretations. It could mean your data will be preserved - "stay saved" would be the better phrase there imo-, but it could also mean it will collect your data when updating. But i don't know. Anyone?
Of these Market fails i could name you a few dozen more, but i would be glad to hear of your experiences, and if you can second mine!
is a permission that grants the application to read your IMEI (unique cell phone serial), Phonenumber, Serial of the SIM-CARD, and many more.
(For more information or Screenshots what it can do, see app "permission.READ_PHONE_STATE" in Android market)
Now, if this can be a major privacy-breach since the Developer is able to know who is using his app in person (by looking up the phone number, e.g.), or connecting user habbits over several apps to another, one could think: okay, then i won't install apps with this permission anymore.
And here comes, what i discovered within Android market:
3G Watchdog, AndroidPIT, Ethereal Dialpad, File Explorer, Ghost Commander, Google Sky Map, GPSies, Graviturn, Gym Babes, Hypnotoad to go, Mystique, My Tracks, PDF Viewer, Robo Defense FREE, Vampires Live, WikiDroyd and Worldtour
Not only this, some of them also install with WRITE_EXTERNAL_STORAGE (normaly listed as "Storage - Modify or delete SD card contents" in Market e.g.: read and write all your SD-Card data) as well!
(Please note that at least 2 of them are by Google itself! (My Tracks and Sky Map))
Now, one could think, maybe the Application needs the permission for not being properly coded; But at least Vampires Live, seems to use the secretly installed permission to recognize you, once you uninstalled and install again.
Not all of the apps have internet-access, though. But Market message says when updating:
"The application xxxx will replace the currently installed xxxx.
Existing user data will be saved."
That leaves room for interpretations. It could mean your data will be preserved - "stay saved" would be the better phrase there imo-, but it could also mean it will collect your data when updating. But i don't know. Anyone?
Of these Market fails i could name you a few dozen more, but i would be glad to hear of your experiences, and if you can second mine!
How to view permissions within market: View installed or desired application -> press Menu-Key -> Security
When installed on phone, on Homescreen: press Menu-Key -> Settings -> Applications -> Manage applications -> select the one and scroll down