Application Read Phone State and Identity???

[droidphone]

Anyone know what providing an application access to "Phone calls: read phone state and identity" actually does?

 

[Papethova]

Bump!!

 

[alostpacket]

Edit: this is a very old post but I saw it comes up very high in Google searches.

Not long after this post was made, I began studying permissions in great detail and now have a security guide here on the forums that explains them.

I have also become an app developer since this post and have an app version of this guide with a few small added features (like permission search/show which apps use a permission)

My security guide:

How to be safe, find trusted apps, & avoid viruses

The app version of the guide:

PocketPermissions




(my original post)
[Hide]It seems a lot of apps use this, especially those with audio. If I had to guess, I would think it's related to apps that need to mute themselves when a phone call comes in. And given that, I would think it's pretty innocuous.

That's just a guess though.[/Hide]

 

[Stellartois]

It seems a lot of apps use this, especially those with audio. If I had to guess, I would think it's related to apps that need to mute themselves when a phone call comes in. And given that, I would think it's pretty innocuous.

That's just a guess though.

I'm a bit more paranoid than you. I take it that this means they can sense whether your phone is on a call or sending straight to voice-mail or whatever maybe even what your default ring-tone is (state) and at the very least your phone number (identity).

Presumably (although I'm not sure) they only have access to this when the app is actually running but if they've got your number it's going to be sold on marketing lists from here to Nigeria. I guess that's okay because I always get a kick out of 419 scam bait.

But no I'd rather not have my phone number on a bunch of marketing lists.

More worrisome is the "Read and write contact info" authority. Maybe they just want to add themselves to my contacts list but maybe they want to spam/scam everyone I've ever felt worthy of adding as a contact. Or maybe they just want to mess with you and switch everyone's phone number in my contact list so when I call person A I get person X.

Somewhere there must be good documentation on what these different security permissions actually allow them to do - not only that, but I'd like to see notifications. For instance if an app does read or write to my contacts list I'd like to see "Added so-and-so technologies to your contacts" in a log file somewhere. And if it were malware I'd like to see "Switched your wife's phone number with your girl-friend's phone number". Just as an example, I'm actually single so ladies develop an app that I will want to download and get my phone number

Actually writing to my contacts is a sure way to make me NOT download an app and I'm questioning how wise of a decision it was to download apps that could read phone state/identity. If they are harvesting information for phone lists the horses have already been let out of the barn.

I haven't been hit yet but it takes time. My work phone which has never been given to anyone outside my place of employment has been hit with scams or spams 3 times in the last 3 days (and yes it is on the no-call list).

 

[KlaymenDK]

Somewhere there must be good documentation on what these different security permissions actually allow them to do - not only that, but I'd like to see notifications.

LMGTFY

Sticky: "How to be safe, find trusted apps, & avoid viruses - A guide for those new to Android"

 

[GiantJellyBean]

Here is one vendor's explanation:
forums.dataviz.com • View topic - Access to phone state/identity

I tend to keep on the side of caution, and uninstall any non-trusted app requiring this privilege. I can't really see any justification for a vendor obtaining this information, except where it is obviously needed in order for an app to function.

BTW, here is the telephony manager API:
TelephonyManager | Android Developers