One of the biggest caveats when it comes to downloading any application onto your Android device is the permissions that an app requests. An application can be programmed to do just about anything that it wants. This includes, but is not limited to, send SMS, intercept phone calls, send private data, etc. All of this can be set to be performed unbeknownst to you. However, in order for the apps to do so, they must be granted the permission to do so. Although the lack of initial moderation on the Android Market may be as much of a problem as it is a benefit, any app that has requested permissions that tie into any type of personal data causes a permission warning to display before you can install. So what kind of things should you look out for when installing a new application in order to avoid potential trouble and billing catastrophies? Read on to find out.
I won’t cover the details of each available permission that an app can request. This post over at Technically Personal covered them amazingly well (a very highly recommended read if you’re an Android user). In all honesty, the easiest way of staying safe when it comes to app permissions is to just use some common sense.
Here is an example: let’s say that you have just found a new jigsaw puzzle app that you want to try. You go to install and you are given a permission warning. The items in the top section displayed in orange are the ones that spark the system into displaying the warning. Many apps (mainly free ones) may request coarse location and internet access. This is relatively common as it is used for in-app advertisements such as AdMob. But if that same application is also requesting the permission needed to send SMS, make phone calls, and/or read contact data, you might need to think twice before you hit that install button. If an app that has absolutely nothing to do with SMS communication is requesting the permission to send SMS on your behalf, it could easily be a rogue app designed to invisibly send SMS to services as a means of collecting spam data or charge you astronomical fees associated with pay-per-use services.
But as stated within the Technically Personal post above, some of the permissions can be tricky when it comes to whether they should set off a red flag. Full internet access, for example, is needed by many apps in order to communicate back with a host server to transfer legitimate app data. But if that app has also requested contact data but does not have any type of sharing feature (to share scores or invite friends), it has no need to be requesting such data and there is a slight chance it is stealing your contact data.
This post is not intended to draw fear into Android users nor is it meant to discredit apps that are requesting the features for legitimate purposes. I just suggest using caution when installing a new application that could be questionable. Those of you who have no issues reading from logcat could always use that method to make sure no inappropriate activity is being done by an active application after its been installed. But those who are familiar with logcat and use it probably already watch their app’s permissions.
For example purposes, I decided to go searching the Android Market for an app that takes these warnings to the extreme. So to do so, I decided to venture into the questionable list of adult applications by using search term “adult”. No, I have no interest in adult apps. But anyone familiar with these types of rogue apps knows that the adult market is one that is a huge target of its distribution.
After a bunch of app permission reviewing, I came across this lovely piece of scam potential. The app is designed to supply you with dirty jokes. Should be a simple app with no need for personally identifiable permissions, right? Well, click the pictures below to see them in their full scamming glory (and if you come across this in the Market, do NOT install it. Report it as inappropriate like I did).
While I don’t want to see the walled garden approach that Apple has with their App Store, I think it would be wise to add basic moderation of submitted applications before they are published. For example, apps that request the permission to use “services that cost you money” should require a simple review by a moderation team. This way, developers still have the freedom to submit their apps without fear of extreme moderation and control but consumers can feel just a tad more safe when browsing the market.
Agree? Disagree? Let me know.
