888.678.7282    Get SUPPORT

Strata Information Technology Blog

Tip of the Week: Why You Should Keep a Closer Eye on Your Android Permissions

Tip of the Week: Why You Should Keep a Closer Eye on Your Android Permissions

Downloading an app is a fairly straightforward process on an Android device. Access the Google Play store, find the app, and press install. However, when you first try to use the app, things can sometimes become more complicated as your phone starts asking you for vague permissions. For today’s tip, we’ll explore what these permission requests are actually asking for.

First, the permissions themselves. These permissions are worded to be somewhat vague. To some, an app requesting permission to access your phone’s camera is benign, and to others, they feel that their privacy is at stake.

For this reason, developers have a tendency to describe the potential effect of what the app will do, rather than what you are actually enabling it to do.

As a result, the application may be given considerably more leverage than you may anticipate from what is described. Furthermore, if the app was developed by someone with less than upstanding motives, you could find yourself made vulnerable. It is for this reason that permissions that could potentially give the application access to a user’s information are classified as “Dangerous.”

The “Dangerous” permissions include the following, and are listed with what makes the application a potential security risk.

  • Calendar permissions -- These permissions allow your apps to read any events that you have in your calendar, as well as edit them and create new ones. Of course, this can be considered dangerous as the app has carte blanche access to everything recorded in the calendar, and can edit or delete any of it.
  • Camera permissions -- Many of these permissions are fairly self-explanatory, and this example is quite possibly the most obvious of them. These permissions allow the app to access your phone’s onboard camera to record still shots and video. The problem is, this allows an app to do so at any time, whether you’re using the app or not.
  • Contact permissions -- There are very legitimate reasons that an app would ask to access and edit the contents of your contact list, but there are also illegitimate ones as well. In the wrong hands, your address book can serve as a literal list of potential victims for a spammer to target. In addition to this, these permissions also allow an app to access a list of the accounts you use in your apps, including Facebook, Google, and others.
  • Location permissions -- With these permissions granted, an app can access your location at any time. Depending on the app’s preferences, this location is either a general one (gleaned from Wi-Fi hotspots and cellular base stations) or an exact one (from GPS data). This presents a security risk for a very simple reason: if an app knows where you are, a cybercriminal potentially could too.
  • Microphone permissions -- In another case of self-explanatory permissions, this allows your device’s microphone to record audio. However, this permission doesn’t specify when it is able to do so. As a result, a malicious app could keep a recording of everything going on within earshot, whether or not you were actively using your phone.
  • Phone permissions -- Granting these permissions equates to giving the app in question permission to do just about anything it wants with your calls and call history. Not only do they allow the app to make calls and use Voice over Internet Protocols, they also give it access to read and edit your calls list. Furthermore, these permissions allow an app to read your network information and learn about any outgoing calls you make. Finally, with these permissions active, the app can even redirect your call or hang up the phone. In summation, these permissions could give an app complete access to your phone’s primary function. As scary as this sounds, many apps require phone permissions just to pause the app when you pick up an incoming call, so it’s a fairly common permission request to see on games and multimedia apps.
  • Body sensor permissions -- If you use certain accessories with your phone to keep track of your health data, these permissions allow the app to access that data. This does not include your device’s native ability to track movement.
  • SMS permissions -- With these permissions, an app can not only send SMS messages on your dime, it can also read incoming messages of all types. In addition to the privacy concerns that come with this kind of access, a criminal could leverage these permissions to add paid services to an account without their victim’s consent.
  • Storage permissions -- These permissions allow an application to read, and save information to, the storage on your phone or SD card. As a side effect, this also enables an app to edit and remove files. Almost any app might need this, as apps will often store a small amount of data based on your usage. For instance, Netflix will store your login and account session on your phone, and games like Angry Birds will store your high score.

Many applications that ask for these permissions have legitimate reasons to do. After all, you want a messaging application to have SMS permissions so it can fulfill its purpose. Facebook needs access to your camera so you can take photos and upload them to the social network. However, if a calendar application asks for body sensor permissions, you should start to question why it needs them--and if there isn’t an alternative application you may use.

For more IT tips, tricks, and best practices, make sure you subscribe to the Strata Information Technology blog.

Tip of the Week: Two Apps to Help You Manage Incom...
For Benefits over Your Old Phone System, Dial VoIP
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, February 15 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Managed IT Services Privacy Cloud Network Security Internet Malware Hackers Communications Cybersecurity User Tips Tech Term Software Ransomware Productivity Backup Smartphones Outsourced IT VoIP Efficiency Microsoft Passwords IT Support Business Management Business Hardware Alert Email Data Productivity Google Social Media Windows 10 Data Recovery Communication Small Business Network Browser Data Backup IT Services Innovation Save Money Cloud Computing Hosted Solutions Collaboration Microsoft Office Mobile Device Smartphone Phishing Holiday Users App Business Continuity Bandwidth Twitter Data Breach Vulnerability Apps Access Control Android Internet of Things Miscellaneous Saving Money Cybercrime Networking Wireless Applications Government Mobile Device Management Mobile Devices Facebook Wi-Fi Computer Compliance Patch Management Workers BDR Workplace Tips Personal Information Law Enforcement Settings Excel Blockchain Company Culture Politics Office 365 Employer-Employee Relationship Remote Monitoring Scam Vendor Management Virtual Assistant Spam Managing Stress How To Information Remote Monitoring and Management Entertainment Recovery Maintenance Password Connectivity Retail Office Marketing BYOD Antivirus Managed IT Service Automation Dark Web Chrome SaaS Website Data Security Virus Computers Education Word Medical IT Windows SSD Voice over Internet Protocol Credit Cards Proactive IT E-Commerce News IT budget PowerPoint Television Information Technology VoIPSavings Yahoo Multi-Factor Security Specifications Staffing Training Licensing Voice over IP Digital Internet Explorer Smart Technology Authentication Email Management disposal Printer GDPR Hard Drives iPhone A.I. HaaS Printer Server Eliminating Downtime Inventory Gadget Payment Telephone System WannaCry IT Management Sports Biometrics Update DDoS Security Cameras Travel Edge Threat Two-factor Authentication Business Intelligence Authorization Sales Dongle Dark Data Physical Security Spyware Value Storage Avoiding Downtime WiFi Movies Cleaning Printers Wireless Internet Amazon Current Events Shortcut instant Messaging HIPAA Tech Terms Leadership Access Technology Efficiently Router Content Filtering Live Streaming Tech Support Cortana Tablet Bring Your Own Device Help Desk Unified Threat Management Files HP Error Telephone Systems Data Protection Data loss Safety Computer Care Gmail The Internet of Things Net Neutrality CrashOverride Regulation Vulnerabilities Managed Service Provider Cost Management Remote Support Hard Drive Streaming Media Outlook Hybrid Cloud Healthcare Managed IT WhatsApp Wireless Charging Gadgets Budget Disaster Recovery Troubleshooting Knowledge Technology Tips Certification Botnet VPN Document Management Database Touchscreen Hiring/Firing Employer Employee Relationship Remote Control Staff RAM Gaming Console Reporting Processors Downloads Analytics Managed Service Backup and Disaster Recovery Cables Scalability Phone System Plug-In Encryption Lead Generation VoIPMyths Battery Data Management Comparison Google Maps Mobility Emergency Telephony Paperless Office Tactics Microsoft Office 365 Automobile Websites Microsoft Teams Video Games Synergy e-waste Upgrade Worker Apple Artificial Intelligence Trends IaaS Profitability Domains VoIP Autocorrect Paste Virtualization Business Technology Remote Computing Machine Learning Public Speaking Search Scheduling Conferencing Managed IT Services eCommerce Server G Suite Presentation Emoji Telecommuting Telecommute Lithium-ion battery Mobile Security Augmented Reality Instagram Wireless Technology 5G Wearables Money Online Shopping Laptop Printing Quick Tips Samsung Millennials IBM Unified Communications Operating System Network Attached Storage Hacker Paper Google Drive IT Support Customer Relationship Management Hosted Solution File Sharing Competition User Tip Environment Big Data Cryptocurrency Server Management IP Address Fun Ink Customer Service Copy Spam Blocking User Security Tip of the week Windows 10 Mobile Office

Newsletter Sign Up