30 App Permissions To Avoid On Android. Do you just choose to accept whatever is thrown at you when you install a new app on your Android device? Most people do that. But what do you agree to?
There is an End User License Agreement (EULA) and then App Permissions. Some of these app permissions can allow the app and the company that created it to go too far and compromise your privacy. You need to know what app permissions to disagree with on your Android.
What permissions should you avoid? It depends on the circumstances, and we will talk about this further. Be careful with access permissions:
- Phone
- Audio
- Location
- Contact
- Camera
- Calendar
- Messaging
- Biometrics
- Cloud Storage
What are application permissions?
When you install an app, it rarely comes with everything it needs to work, already built in. Your Android already has a lot of things that an app needs to integrate with in order to do its job.
Let’s say you’ve downloaded a photo editing app. The app developer will not write the complete photo gallery or camera software in the app itself. They will simply ask for access to these things. This will keep apps small and efficient, and your Android won’t be filled with duplicate app code.
What app permissions should I avoid?
For Android developers, permissions are divided into 2 groups: common and dangerous.
Normal permissions are considered safe and are often allowed by default without your explicit permission. Dangerous permissions are those that can pose a risk to your privacy.
We’ll cover 30 dangerous permissions listed in Google’s Android Developer’s Guide. The name of the permission will be listed with a quote from the Developer’s Reference on what the permission allows. Then we will briefly explain why this can be dangerous. These are application permissions that you can avoid if possible
ACCEPT_HANDOVER
“Allows the calling application to continue a call that was started in another application.”
This permission allows you to pass the call to an application or service that you might not know about. It can be costly if it transfers you to a service that uses your data quota instead of your data plan. It can also be used to secretly record conversations.
ACCESS_BACKGROUND_LOCATION
“Allows the application to access the location in the background. If you are requesting this permission, you must also request ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION. Requesting this permission does not, by itself, give you access to the location. ”
As Google says, this permission alone does not track you. But what it can do is let you track even if you think you’ve closed the app and it no longer tracks your location.
ACCESS_COARSE_LOCATION
“Allows the application to access the approximate location.”
Coarse location accuracy allows you to locate a common area based on the cell tower to which the device is connected. Emergency services can help find you in times of trouble, but no one else needs this information.
ACCESS_FINE_LOCATION
“Allows the application to access the exact location.”
When they say exactly, they mean exactly that. Accurate Location Permission will use GPS and Wi-Fi data to determine where you are. The accuracy can be within a few feet, perhaps you can determine which room you are in in your home.
ACCESS_MEDIA_LOCATION
“Allows the application to access any geographic locations stored in the user’s shared collection.”
If you haven’t turned off geotagging for your images and videos, this app can view all of them and build an accurate profile of where you’ve been based on the data in your photo files.
ACTIVITY_RECOGNITION
“Allows the application to recognize the physical activity.”
By itself, this may not seem like much. It’s often used by activity trackers like FitBit But combine that with other location information and they can understand what you are doing and where you are doing it.
ADD_VOICEMAIL
“Allows the application to add voice messages to the system.”
This could have been used for phishing purposes. Imagine that you add a voice message from your bank asking you to call back, but the specified number does not belong to the bank.
ANSWER_PHONE_CALLS
“Allow the application to answer an incoming phone call.”
You can see how this could be a problem. Imagine an application that simply answers your phone calls and does whatever you want with them.
BODY_SENSORS
“Allows an app to access sensor data that the user uses to measure what’s going on inside their body, such as heart rate.”
This is another case where the information itself may not matter much, but when combined with information from other sensors can be very revealing.
CALL
“Allows an application to initiate a phone call without going through the Dialer UI so the user can confirm the call.”
It’s scary enough to think that an app can make a phone call without your knowledge. Then consider how he might call 1-900 and you get hundreds or thousands of dollars.
CAMERA
“Required to access the camera.”
Many applications will want to use the camera. This makes sense for things like photo editing or social media. But if a simple child’s play requires that permission, it’s just creepy.
READ_CALENDAR
“Allows an application to read the user’s calendar data”
The app will know where you will be and when. If you take notes of appointments, he will also know why you came. Add location information to the information and the app will also know how you got there.
WRITE_CALENDAR
“Allows an application to write the user’s calendar data”
A bad actor can use this to write appointments on your calendar, making you think that you might need to go where you don’t go, or call someone you don’t need.
READ_CALL_LOG
“Allows the application to read the user’s call log.”
With whom and when we talk can tell a lot about our life. Call a colleague in the afternoon? Usual. Call them at 2 am on Saturday night? Not everything is so normal.
WRITE_CALL_LOG
“Allows the application to write (but not read) user call log data.”
This is unlikely to happen, but a malicious application can add call logs to set you up for something.
READ_CONTACTS
“Allows the application to read the user’s contacts”
As with reading a call log, a person’s contact list says a lot about him. You can also use the list to phish your friends, making them think you are the one who is texting them. It can also be used to create a marketing mailing list that a company can then sell to advertisers.
WRITE_CONTACTS
“Allows the application to write the user’s contacts data.”
What if this could be used to edit or overwrite your contacts? Imagine if he changed your mortgage broker’s number to a different number, and you call some scammer and give them your financial information.
READ_EXTERNAL_STORAGE
“Allows the application to read from external storage.”
Any storage that connects to your devices, such as a microSD card or even a laptop, can be accessed if you allow this permission.
WRITE_EXTERNAL_STORAGE
“Allows the application to write data to external storage.”
If you grant this permission, then READ_EXTERNAL_STORAGE permission is implicitly granted. Now the application can do whatever it wants with any connected data store.
READ_PHONE_NUMBERS
“Allows read access to device phone numbers.”
If the app asks for this and you provide it, it now knows your phone number. Expect to get some robots soon if the app is sketchy.
READ_PHONE_STATE
“Allows read-only access to the state of the phone, including current cellular network information, the status of any ongoing calls, and a list of any phone accounts registered with the device.”
This permission can be used to make it easier to eavesdrop on and track you on which network you are on.
READ_SMS
“Allows the application to read SMS messages”
Again, another way to eavesdrop on you and collect personal information. This time by reading your text messages.
SEND_SMS
“Allows the application to send SMS messages .”
It can be used to subscribe to paid text services, such as a daily horoscope. This can quickly cost you a lot of money.
RECEIVE_MMS
“Allows the application to track incoming MMS messages.”
The app will be able to see any images or videos sent to you.
RECEIVE_SMS
“Allows the application to receive SMS messages .”
This app will track your text messages.
RECEIVE_WAP_PUSH
“Allows the application to receive WAP push messages.”
A WAP push message is a message that is also a web link. Selecting a message can open a phishing or malware website.
RECORD_AUDIO
“Allows an application to record sound.”
Another way to eavesdrop on people. Plus, you can learn a lot from the sounds around a person, even if they are not speaking.
USE_SIP
“Allows the application to use the SIP service.”
If you don’t know what a SIP session is, consider Skype or Zoom These are communications that take place over a VoIP connection. This is just another way a malicious application can observe and listen to you.
Should I avoid all Android permissions?
We need to look at permissions in the context of what we want the application to do for us. If we blocked all of these permissions for every app, none of our apps would work.
Think of your Android device like your home. For our analogy, imagine the app is a repairman entering your home. They have a specific job and will need access to certain parts of your home, but not others.
If a plumber comes to you to fix your sink, they will need your permission to gain access to the sink and the pipes that supply and drain water. This is it. Therefore, if the plumber asks to show you the bedroom, you will begin to suspect what they are doing. It’s the same with apps. Keep this in mind when agreeing to app permissions.
–