Android Permissions…What do they do?

By TrustGo Security Labs On July 5, 2012 In Privacy, Security

If you’ve ever pressed “Accept & Download” button and wondered, “What did I just do?” we applaud you. That’s the first step to becoming aware of the permissions you grant the apps you use. But unless you’re a deep-thinker about privacy and data security, you might still have questions.

To help, we’ve put together a list of these permissions and what they could mean to you if you accept. There’s a lot to go over, so we’ll divide them up into a few blog posts. If you don’t want to read all of this, remember one thing: Think before you grant. In permissions, as in life, it’s a good idea to consider what the app wants from you and decide if you think it’s worth it.
That said, here’s the first group to ponder:

Make Phone Calls—Services that cost you money

There are legitimate reasons to let an app do this…Google Voice and Google Maps ask for this permission and you should grant it if you want them to be able to make calls. But some apps could use this to call a 900 number and charge you for the privilege. Not a big threat these days, but be careful.

Send SMS or MMS—Services that cost you money

Like the ability to make phone calls, this one could allow an app to send a text message to a number that charges you. If you’re downloading an app that’s designed to send messages for you, this makes sense. But if that’s not why you’re downloading a particular app, think twice.

Modify/delete SD card contents—Storage

With great power comes great responsibility. This permission is one to pay attention to because it has the potential to overwrite the stuff on your storage card including your pictures, music and videos. Lots of apps commonly ask for it, so it’s hard to know whether it’s always good. If it makes you uncomfortable, look for a similar app that doesn’t require this permission. If they all do, you might just have to accept.

Read contact data, write contact data—Your personal information

This is one of the permissions that TrustGo looks very closely at. You and your contacts probably do not want to be the target of a spam campaign, so we believe it shouldn’t be granted unless the app REALLY needs it. Social apps, note-taking apps and those that help you dial, message or mail people can legitimately use it, but very few other apps need to do these sorts of things.  Be very skeptical about this and you’ll stay safer.

Read calendar data, write calendar data—Your personal information

While your calendar information may not seem useful to spammers, the contacts that are often included in those events might be. Again, make sure the app needs to access your calendar before allowing this.

Read/write Browser history and bookmarks—Your personal information

This permission not only gives access to the history of where you’ve been, but also potentially the credentials to get there (Do you visit your bank’s mobile website?). Certainly, some apps should have this, like a 3rd party browser, but not others.

There’s the first six to think about…only 20 more to go! Check back soon for the next installment.

Happy Downloading!