The EULA is the document that tells you what permissions an app has and how those permissions can be used. The app permissions that can be used to violate your privacy are called “access control” permissions. If an app has access to your microphone, for example, it could be using that data to track your movements and sell advertising to you.
-Your computer’s hard drive -Your computer’s files -Your computer’s registry -Your computer’s settings -The applications you use on your device -The websites you visit
What Are App Permissions?
Apps need to integrate with Android’s built-in features in order to do their job. This can be difficult for new apps, as there are often many things the app needs to do in order to function properly. ..
Android apps are written in Java, which is a programming language. When you download an app, the developer asks for access to certain parts of your Android device. This way, the app doesn’t take up space on your phone and the developer can write code specifically for that app. ..
What App Permissions Should I Avoid?
Normal permissions are those that are needed for the app to run, like reading and writing to files. Dangerous permissions are those that could allow the app to do things that you don’t want it to, like access your microphone or camera. To protect your app from being used by someone who doesn’t have the right permissions, you should create a list of normal and dangerous permissions for your app and add them to the permission manager in your Android phone.
Your privacy is important to you, and you want to be sure that the permissions that are given to you are safe and appropriate. To protect your privacy, it is important to understand what permissions are safe and what permissions may present a risk.
“30 dangerous permissions in Android Developer’s Reference” The Android Developer’s Reference has 30 dangerous permissions, which are listed in alphabetical order. The name of the permission is given, followed by a quote from the reference about what the permission allows. Then, we’ll briefly explain why it could be dangerous. These are app permissions you may want to avoid if possible.
ACCEPT_HANDOVER
This feature allows a calling app to continue a call even if the user’s phone is in another app. This can be helpful if the user wants to continue talking to someone while they’re in another app.
This permission allows you to make a call to an app or service you might not be aware of. If this call is transferred to a service that uses your data quota instead of your cell plan, it could cost you money. It could also be used to secretly record conversations.
ACCESS_BACKGROUND_LOCATION
This permission allows an app to access your location in the background. If you’re requesting this permission, you must also request either ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION. Requesting this permission by itself doesn’t give you location access.
This permission allows you to be tracked even if you think you’ve closed the app and it’s no longer tracking your location. If you decide to use this permission, be sure to check the app’s settings to make sure that it isn’t tracking your location.
ACCESS_COARSE_LOCATION
An app can access approximate location by using a network-based location service. ..
The accuracy of coarse location locates you to a general area, based upon the cell tower to which the device is connecting. It’s helpful for emergency services to locate you during trouble, but no one else really needs that information.
ACCESS_FINE_LOCATION
Allows an app to access your precise location.
The new location permission feature on the iPhone will use GPS and WiFi data to pinpoint your exact location. The accuracy could be within a few feet, possibly locating which room you’re in within your home. ..
ACCESS_MEDIA_LOCATION
Allows an application to access any location persisted in the user’s shared collection.
This app can help you better understand your travel history by analyzing your photos and videos to create an accurate profile of where you’ve been based on data in your photo files.
ACTIVITY_RECOGNITION
This app allows you to track your physical activity and see how it compares to the average person.
Activity trackers like FitBit can use a person’s location data to infer what they are doing and where they are. ..
ADD_VOICEMAIL
This application allows an application to add voicemails into the system.
The number provided in the voicemail isn’t the bank’s. This could be used for phishing purposes. Imagine adding a voicemail from your bank asking to give them a call, but the number provided isn’t the bank’s. ..
ANSWER_PHONE_CALLS
This app allows you to answer an incoming phone call.
This could be a problem if an app were to answer calls without your consent or if it were to do something you didn’t want it to do.
BODY_SENSORS
This app allows you to access data from sensors that are inside your body, such as heart rate. This makes it possible for the app to track your health and provide you with information about it.
A new study has found that when data from other sensors is combined, it can provide a more accurate picture of climate change than using just one type of sensor. ..
CALL_PHONE
An application can initiate a phone call without going through the Dialer user interface by using the Confirm Call button. ..
It’s scary enough to think an app could make a phone call without you knowing it. Then think about how it might call a 1-900 number and you could be on the hook for hundreds or thousands of dollars if it gets caught.
CAMERA
“To be able to use the camera device.”
A lot of apps want to use the camera. But if a simple kids game wants this permission, that’s just creepy.
READ_CALENDAR
This application allows an application to read the user’s calendar data. This allows the application to track events and plan future activities.
The app will know where you are and when you’ll be there. If you make notes with your appointments, it’ll also know why you’re there. Add to the location information and the app will know how you got there too.
WRITE_CALENDAR
This application allows an application to write the user’s calendar data. This allows the user to easily keep track of their schedule and plan their next steps.
This is a tool that bad actors use to put appointments in your calendar making you think you might have to go somewhere you don’t, or call someone you don’t need to.
READ_CALL_LOG
This application allows an application to read the user’s call log. This can be useful for debugging or for understanding what was said and done during a particular call.
Calling your co-worker during the day? Normal. Calling them at 2 a.m. on Saturday night? Not so normal. ..
WRITE_CALL_LOG
This application allows an application to write (but not read) the user’s call log data. This allows the application to track calls and record them for later analysis.
If you have a phone that is running Android OS 4.4 or later, there is a small chance that an app could access your call logs without your knowledge or consent. This could be used to set you up for something, like being scammed or having your personal information stolen. ..
READ_CONTACTS
An application can access the user’s contacts data if it is allowed by the user. ..
People often rely on their contact list to communicate with friends and family. However, if someone has access to your contact list, they could use it to phish your friends or sell your contact information to advertisers. Therefore, it is important to keep your contact list secure and only share information with people you trust. ..
WRITE_CONTACTS
This application allows an application to write the user’s contact data. This data can be used by the application to find and contact the user.
Imagine if you could edit or overwrite your contacts, potentially changing the number for your mortgage broker to another number and calling some scammer. ..
READ_EXTERNAL_STORAGE
This feature allows an application to read from external storage, allowing it to be used even if the device is not connected to the network.
If you allow your device to access removable storage, like a microSD card or laptop, then any data stored on that storage could be accessed by your device.
WRITE_EXTERNAL_STORAGE
Allows an application to write to external storage. ..
If you grant this permission, then the app can access any connected data storage, including your iCloud Drive and Google Drive.
READ_PHONE_NUMBERS
Allows users to access their device’s phone number(s).
If you download an app from the Google Play store, and grant it access to your phone number, the app now knows your phone number. If the app is sketchy or asks for too much information, you may get robocalls soon.
READ_PHONE_STATE
This app allows you to view your phone’s current cellular network information, the status of any ongoing calls, and a list of any phone accounts registered on the device.
This permission could be used to facilitate tracking and eavesdropping on you by which network you’re on.
READ_SMS
This app allows you to read SMS messages.
Text messages can be a way for someone to eavesdrop on you and gather personal information. ..
SEND_SMS
This application allows an application to send SMS messages.
This could be used to sign you up for paid texting services, like getting your daily horoscope. This could cost you a lot of money, quickly.
RECEIVE_MMS
This application allows you to monitor incoming MMS messages. ..
The app would be able to see any pictures or videos that were sent to you and saved in your phone. ..
RECEIVE_SMS
This app allows you to receive SMS messages.
This app would allow you to see all of your text messages from the past 24 hours.
RECEIVE_WAP_PUSH
This new feature will allow an application to receive WAP push messages. ..
A WAP push message is a web link that also contains a message. Selecting the message could open a phishing or malware laden web site.
RECORD_AUDIO
Allows an application to record audio.
This is a new way to listen to people, and it can be very helpful in learning more about them. There are a lot of things you can learn from the sounds around someone, even if they’re not talking.
USE_SIP
This allows an application to use the SIP service.
Skype, Zoom, and other VoIP services are vulnerable to eavesdropping and data theft because they rely on the insecure transmission of voice over Internet Protocol (SIP) sessions. This means that malicious apps can watch and listen to your conversations without your knowledge or consent. ..
Should I Avoid All Android Permissions?
We need to consider the permissions that our app needs in order to do its job. If we block all the permissions for an app, it won’t be able to do its job.
Your Android device is your home. It’s where you store your photos, videos, and other important files. The app is like the repairman who comes to your home to fix things. They have a specific job to do and will need access to certain parts of your home, but not others.
If you have an app installed on your phone that asks for access to your contacts, calendar, and other personal information, be sure to say no. Apps should only ask for access to the things they need to do their job, not things that could potentially harm your privacy.
