Android permissions

Knowing when to be concerned over application permissions — and when not to be — is tricky and important

Android Central University — Security

We've all heard about bad apps that steal your valuable data and ship it off overseas, and those discussions always end with one thing -- someone says you need to read an app's permissions before you install it.  Well that's fine, but there is a small problem -- what the heck do those permissions mean?  System tools  automatically start at boot is easy enough to decipher and understand why it's needed, but what about Your personal information —​ read contact data?  Hit the break, and we'll try to figure some of these out together.

Remember, this list isn't 100 percent complete.  For a complete in-depth list we're going to need a guest writer from Google to write it.  The permissions system is micro-managed, with nuances only Google will ever fully understand, so I won't try.  We can talk about a few of them that we do understand to give you an idea why they aren't always as scary as they sound, and why some apps need some of them. 

 

Phone callsServices that cost you money —​ directly call phone numbers

Warn me that something is going to cost me money, and you have my attention.  But some apps need to make phone calls.  Dialer replacements, Google Voice, anything tied to your phone dialer -- these types of apps have to have this permission.  On the other hand, a ringtone app doesn't.  You will want to look for this one, and if the app in question has no business setting up a phone call, be suspicious.

SMSServices that cost you money —​receive and send SMS or MMS

Again with the costing me money.  And subscription SMS services are everywhere, so this is one to keep an eye on.  SMS apps Handcent or Chomp will need this, that makes sense, but what about an app that allows you to edit or take a picture and send it to a friend?  Yep, it's going to need to send MMS messages, too.  Same with something like a Mr. T soundboard (I pity the fool!) that lets you send a sound byte.  If an app is set up for you to share media, you might see this one listed as one of it's permissions.  If it's not, think twice about installing it.

contactsYour personal information — read your contacts

More scary sounding permissions, but let's think for a minute here.  Of course any messaging app is going to need this, that makes sense.  But a home screen contacts widget will need this, too.  As will apps like Twitter or Foursquare, so you can share tweets or check-in information over e-mail or SMS.  If an app doesn't have any social aspect, there's no need for this permission.

calendarYour personal information — read calendar events 

Used too often for my tastes, few apps outside of PIM or task management apps need this one.  If you come across it, carefully consider why the app would need to read (let alone write) to your calendar.  Most don't.

phone idPhone calls -- read phone status and identity

The most abused, and least understood permission of them all.  Some apps need to know if your phone is about to ring.  Maybe they need to save state (ie freeze what they're doing) for when the incoming call screen pops up, or they need to turn over audio control back to the OS.  But this is also the one that can read, and send your IMEI and other identifying information back to some random server on the Internet.  Often, these unique numbers are needed as piracy control, or to keep track of you without using any more sensitive personal information.  The issue is when developers use these numbers for things like remembering your preferences for online services or app history.  Remember the big wallpaper app scare?  After some investigation, we learned the developer was using your device ID to keep track of your favorite wallpapers on his servers.  Seemingly harmless, but not the right way to handle it.  My only advice here is to be sure you trust the developers of the app when you see this one.  Or take a moment to email them and ask why they need this permission.

locationYour precise location —​ GPS and network-based location

These two are no-brainers.  If an app needs to know where you are, it has to know where you are.  If an app gets its revenue from location-based ads, it needs to know where you are.  If an app has any mapping abilities, it needs to know where you are.  And finally, if an app tells you information about finding things like businesses, it needs to know where you are.  If you don't want these apps to know where you are, turn off the location services on your phone and don't install the app.  If you want an app to tell you where to find cheap gas, you're going to have to let it know where to look.

NetworkNetwork communication — full network access

Another permission that we see far too often.  If an app has no function for you to communicate with anyone else, or any type of downloadable content, this usually means ads.  To show you ads, the app needs to get them from the Internet.  If they app you're using is ad-free, has no need to contact the outside world, and doesn't have any type of add-on content, be wary.  But don't be silly.  Ask the developer why.  If he or she tells you, they have nothing to hide. If they don't respond, move on.


There are many other, less suspicious permissions for things like keeping the phone awake, controlling hardware, or accessing system settings.  Use a bit of common sense with these.  An app that takes pictures needs to control your hardware.  Netflix needs to keep your screen awake for the 90 minutes you're not touching the screen.  A ringer mode widget needs access to your settings.  And most apps nowadays need access to SD card content (which can mean internal storage as well).  When you come across something you don;t understand, usually a bit of deductive reasoning can figure out why an app needs to do something.  If not, read comments in the Market, and ask questions in the forums.  Just don't be silly and think the sky is falling -- most Android developers just want to make apps that make them a little money, and have no bad intentions.

 
There are 38 comments

Reader comments

What some of those scary application permissions mean

38 Comments
Sort by Rating

Seems like they should break up the phone state and identity permission into 'Read phone state' and 'Read Phone Identity'. Because reading if my phone is about to ring sounds like a good permission. The other half, not so much.
Just like there should be a 'read SD card'. I don't like read/write.

Speaking of breaking down permissions into something more granular, wouldn't it be nice if the "Network communication -- full internet access" permission could be more limited. I'd much prefer to see "Network communication -- advertising", "Network communication -- admob", or "Network communication -- somedomain.advertiser.com" That way, you'd know your phone would be reaching out, but you'd know more about where it was going. Maybe I'll suggest that to the Android team...

the problem with that is that Google has no idea what purpose every developer in the world will have for connecting to the net or what developers are going to connect to with a network connection. And there's no way to programatically determine that.

you think its a pain in the ass waiting for an OTA now?
see what happens when Google has to collect the source code for EVERY app that EVERY developer plans to release so that they can analyze it and include a separate special permission for EVERY single connection into the SDK so that you can see your fancy "Network communication -- somedomain.advertiser.com" message when you download whatever app you're looking at.

Of all the permissions, this one bothers me the most. Allowing an app to see the number I'm calling is a huge privacy hole. And certainly isn't needed to suspend for an incoming call. With so much off shore development, it would be easy for malicious code to be written. People are concerned about the NSA while freely giving away even more private information to commercial companies.

I'd just like to add that "Phone calls -- read phone state and identity" is an add-on permission by Android if the app supports Android v1.5. Meaning, the app doesn't need the permission to do anything, and isn't explicitly declared by the dev, Android automatically tacks the permission on to support Android v1.5.

The only way around it is to not support Cupcake, which is the reason I never had any intention of supporting less than 3% of the install base in exchange for having to declare that permission.

I agree with Mgamerz. Some of the permissions are too broad, lumping together permissions that, from a security perspective, should absolutely be specified separately. Isn't that the point of permissions, declaring them and reviewing them... security?

On the other hand, developers sometimes declare permissions they don't need, or do things in such a way that the permissions are required, when an alternative method would not require the permissions.

I have apps that can share things, and they don't need to read my contact data. I tell the app to share something, and a list appears containing all the available sharing methods, based on what's installed on my phone. I select the method, and the appropriate app opens. No special permissions required.

Perhaps, the real App that we all need is one that checks the Permissions for each of our installed Apps and alerts us when there is a concern! I'd buy it. This App should also provide the ability to quickly Uninstall Apps with silly Permissions.

I know of at least 2 apps that do exactly that. I can't think of them off the top of my head right now, but I do know one was featured on XDA's portal a few weeks ago. It would rate the permissions a given app has and designate it (the app as a whole) as safe, mild, dangerous, or scary if I recall correctly.

thats impossible. Without a ton of reflective programming built into the app being analyzed, all that an app like what you are suggesting could do is make a (somewhat) educated guess at best. Computers dont have intuition and AI is limited, so while a computer knows what specific lines of code do functionally, there's no way it could determine the overall intent or purpose of the combined code.

the only way i could think to even implement such a thing is too take user input that would indicate what kind of app you are asking about, and ten have it (again) guess (more or less, via some sorta of determinant algorithm) what it should or shouldnt have.

so basically it would be like asking your nearest techy pal...only with potentially less trust worthy results.

I guess i could be wrong though.

Ironically, that have to give an app ALL the permissions wouldn't it? I would ONLY think an app like this would HAVE to be made by Google. They won't of course, because they are too greedy.

Thanks a million for this article. I'm new to Android and it took me a bit by surprise to see the application permissions screen for the first time. But i mostly install well-known apps, so I'm not too paranoid.

"Phone calls -- read phone state and identity"

This one is thanks to Android bug #10603

The android operating system is supposed to have a built-in unique identifier that any app can access. Unfortunately, all the Droid 2 phones and a bunch of other Froyo devices shipped with the exact same unique identifier.

Advertisers need unique identifiers to prevent fraud. Since they can't trust the built-in serial numbers on Froyo devices they're forced to use your phone number to identify you.

This sucks, but please don't blame the app-makers. All the major advertisers require this permission.

More info on bug #10603 here : http://code.google.com/p/android/issues/detail?id=10603

Well done! People need to know that fanboys saying we are responsible for these permissions, need to have this information at their disposal. I doubt if they will want to comprehend it but good show.

Good Article!
Its really annoying to see in app stores every app gettin unfair reviews because of people who dont understand permissions or that tey are needed to do whatever it is they want the app to do. Its really hard to get an honest opinion and gauge the qualilty and effectiveness of an app when that happens.

some can't help it, not everybody is a techy I understand that...the people that get on my nerves are the overly paranoid conspiracy theorist freaks though.

Every OS has vulnerabilities. There are plenty of conspiracy theorists in the Google Play Store reviews that take it way too far.
So Android, and every other operating system in the world are vulnerable in some ways. What are you getting at exactly?

Technology is grooming fast day by day. so many mobiles applications are running different mobiles just because of growth in technology.
Now there are many funny and fool applications are available to make someone fool on April fool day like hack the mob, share others credit from mob, lock phone, hack bluetooth etc etc.
some years people were tried april fool messages to make others fool but not they used many mobile softwares and smiley which can make people foor in batter ways.. :)

Each and every of these solutions Romantic Facebook Status present feeds every time a new content is added, but have different options to supervise the blog and configure its look and feel. You would like to try these before going to find something else.

Good article, Jerry. One thing to clarify, though.
re: Services that cost you money —​receive and send SMS or MMS
"Yep, it's going to need to send MMS messages, too."

I'm not in front of my development machine to confirm, but I don't think this is entirely accurate. Apps can use the "intent" system to send email/sms without special permissions. it's only when the app wants to automate things and not have that pesky user interaction involved that they need special permissions. I'd argue that the ShareActionProvider is the best way to do this, anyway. Be wary of things that want to send SMS on your behalf.

Well written. It is VERY important and TOO tricky these permissions are don't you think? When you state some of these permissions ONLY Google knows about, proves my point from past comments on this site THAT Google/Android is very insecure AND Google is too greedy to do anything about it. The fanboys have screamed at me me when I professed this but more and more information keeps proving my point. They say it is the user's problem and responsibility BUT not if some permissions only Google really only knows what they are for. Lastly, these permissions will continue to be ignored by the general public THUS keeping the Google/Android OS incredibly insecure

Many have complained about the NSA. However, Google/Android's system has allowed for ALOT worse, it really has. So, over reaction? I don't think so

Why are most of these comments saying they are from 3 years ago? Is this a recycled article?

Posted via Android Central App

I updated the Facebook app over the weekend and it stated that no new permissions are needed. But guess what happened next? I got a friend suggestion, my boss. How would FB know of him if it didn't read my emails? FB doesn't have my phone number and the email address I used when I signed up for FB is my Gmail one, not the work one.

The panda has spoken

Facebook seems to have started mining your Contacts list. I suddenly started getting friend suggestions for a bunch of new people with the only thing in common being that they're in my phone directory. I personally think that's really creepy. It'd be one thing for Facebook to have a feature to allow you to search for specific people in your phone directory. To do that, they'd only have to read your contacts locally. But they seem to be sucking up your phone list to their servers to automatically generate 'people you might know' alerts. I didn't give them permission to take that data (well maybe I technically did by allowing their app to run on my phone). Anyway, it sucks.

My banking app recently updated, adding the "read your contacts" permission requirement. When I asked them why a banking app would need this, they responded, "it's for a future feature." Um... yeah. Anyone else deal with something like this? I need the banking app for mobile deposit, etc., but I'm currently refusing to let it update.

This doesn't explain the constant addition of "new permissions" from apps that never needed them or have a noted use for them.. Why is it that every app all of a sudden wants to know what other apps I have on my phone? A few months go, not a single app wanted or needed this permission, now they all need it all of a sudden. I seriously have not purchased or updated a single app in 6 months due to this bombardment of "new permissions".. Even the PAID apps! Paid or Free it's all a bunch of user approved spyware.. We would never tolerate this crap on a PC.. I don't know why people tolerate rampant spyware on a device that may have more personal info than your PC (or Mac)..

I just open app ops and disable every permission that definitely isn't relevant, never had any issues.

I have revoked "Read phone identify" from ALL user apps on my device, using LBE privacy guard. Everything is still working fine.

I have an app called Navigation Layer which adds gesture control to device and is pretty great. One of the new permissions on a recent update is 'full permissions to all device features and storage.' How can I know exactly what that means and ensure the app isn't doing some shady stuff now?