Application Awareness Day

[jamor]

It's officially application awareness day!

I just wanted to get a discussion going on why certain permissions are needed for certain apps. I believe a lot of people including myself have been guilty of ignoring strange permissions..

What are they doing with these permissions? Who are these developers? What are the implications of each permission?

I've gone through all of my apps to see what they are accessing and I have to admit - I am a bit surprised. Should I have been paying attention when I first downloaded them? Sure.. but let's admit, a lot of us just think that app is so cool so we ignore them.

Some surprises/confusion:

95% of apps - full internet access (not sure of the implications of this).
Air Horne - Your location
Backgrounds - read contact data, write contact data
Barcode Scanner - read browser's history and bookmarks, read contact data, write contact data.
Zedge - read contact data, write contact data
NFL Mobile - read SMS or MMS, Send SMS messages
Google Translate - read contact data, full internet access

Some other trends I've seen in apps:
"modify system settings"
"modify/delete SD card contents"


I think a lot of us are new to Android or aren't in computer science and don't realize the implications or know exactly what a permission is capable of. We are just so excited that we have such a cool platform that can do almost anything.

Hopefully we can help each other out and prevent ourselves from being attacked, used for spam, hacked gmail accounts, logged keystrokes (banking), have information stolen or worse yet, our friends and family's contact information stolen (read/write contact data?)..

So what do you guys think? Are 99% of these developers innocent, or are we getting ourselves into trouble accepting apps with strange permissions?

What does each permission entail and what can we deem red flags? When should a rooted user never allow superuser permission? Is a rooted user at more risk than a non-rooted user? How do we know if a developer is reputable or not?

I just don't think the "just read the permissions and use your best judgment" line cuts it anymore... I think the community needs more education.

 

[CureMS]

I'm certainly no expert and I don't even know some of the apps you mention but here are a couple of thoughts:

95% of apps want full internet access for purposes of updates if nothing else
Google Translate - I expect it needs internet access to do the translating and it may want to access your contacts for potential language recognition. This is strictly a guess but many languages have varying translations based on the particular country.

Just a couple cents worth of my thoughts.

 

[OfTheDamned]

"modify/delete SD card contents"

This one is typical of an app that stores content on the SD card. Key Ring comes to mind. It has to store the barcodes and store information.

I just don't think the "just read the permissions and use your best judgment" line cuts it anymore... I think the community needs more education.

I agree with you completely. In many cases reading the comments on an app can be very informative and in other cases you can always contact the developer and ask questions about why an app needs access to a certain part of the phone. If they won't answer your question then it may be something you want to avoid.

 

[NightAngel79]

great thread idea jamor!!

bump, hehe

 

[Thefoodman52]

I think common sense plays a part in determining if an app is harmful as well. A game doesn't need to read contact data, or your MMS/SMS, it's a game. Just actually read those warnings of permissions before you hit the big gray 'install' button.

 

[jamor]

This one is typical of an app that stores content on the SD card. Key Ring comes to mind. It has to store the barcodes and store information.


I agree with you completely. In many cases reading the comments on an app can be very informative and in other cases you can always contact the developer and ask questions about why an app needs access to a certain part of the phone. If they won't answer your question then it may be something you want to avoid.

That's a good idea actually. I'll send out a couple e-mails and see what they have to say. If they don't have a good answer or don't respond, just uninstall.

great thread idea jamor!!

bump, hehe

thanks! The lack of responses kind of worries me and reaffirms that the community is still in the dark as to how much power the developers have when we use our apps.

Hopefully some smarties will catch this thread and can shed some more insight.

You guys are right that we should e-mail the developers and use common sense when reading the permissions - but it still doesn't answer the question as to how much access to our information do they really have and how far can they go with each permission, especially if you are rooted.

After all, David Barksdale of Google proved that Google employees have access to anything regarding our information. They could go into our e-mail accounts and get passwords for bank accounts if they really wanted to. I'm not saying this happens - but things like this are in the realm of possibilities. (In this case he just stalked teen girls).

 

[NightAngel79]

Best info i could find on the subject, courtesy of Roze's sig

http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html

 

[jamor]

Oh this is exactly what I was looking for!! Thanks alostpacket!! (and nmayer.. I guess )

awesssommee. I can't believe that isn't stickied.

Pretty much answers all my questions..



I guess Christmas does come early sometimes.. you shall be awarded N number of free thankses nmayer.

 

[NightAngel79]

Oh this is exactly what I was looking for!! Thanks alostpacket!! (and nmayer.. I guess )

awesssommee. I can't believe that isn't stickied.

Pretty much answers all my questions..



I guess Christmas does come early sometimes.. you shall be awarded N number of free thankses nmayer.

Don't forget Roze, if it wasn't for her sig i won't have ever saw that thread
N number of thanks huh? I like the sound of that, lol