Android App Permissions: A new look into privacy
Android was previously considered less secure than its iOS counterpart. While it's still true to some extent but Android devices have caught up. They're more secure and have given more user control for permissions that app uses. Often we tend to ignore reading these popup boxes and agree on everything that we see. This practice hampers our privacy and may lead to dire circumstances. Let's take an example and understand what it means for us as users.
Let's assume that you've downloaded an application that helps you set some cool alarms. This app basically should need only storage permission on your device. If in case that app requests you more permissions such as contacts, access to microphones and cameras, then you need to raise the red flag. Why on earth should an app like that need all these permissions? Unless there's any feature that justifies these permissions you should uninstall that app firsthand. This raises the concern regarding the fact that how do we trust these apps and how do we know which permissions are to be granted?
Well here are a few quick tips:
Always keep the app task in mind. Understand what the app is intended to do. If it's a notes app asking for camera permissions, you're been warned.
Newer versions of Android, have an option of "Allow while only using the app". You can use this option so that if an application requests location access, it will be accessed only when the application is in use.
To avoid apps using your location data and tracking everywhere you go, always set your location off. Use location only when it's necessary.
Avoid installing applications from shady websites.
Always read what permissions you're granting the particular application. If you don't understand something, google is your best friend.
Last but not the least, always turn off data when not in use. Some applications run in the background and gather usage statistics and send them for analysis.
Need your application to be trusted by millions? Contact us regarding application security testing at firstname.lastname@example.org
Your Security | Our Concern