Friday, 29 March 2013

Permissions and Warnings - should we pay more attention?

If you've ever installed an app on your phone (who hasn't?) then you'll have seen a list of permissions an app requests before being installed. You've probably also come across warnings on Android, but how much attention do we really pay to either of them? I think too many people blindly agree to a lot of things on their phone without fully understanding what they're asking for, similar to how we always click the little check-box asking if we agree to the T&Cs when we're signing up to stuff.

You have been warned

You rarely get warnings on Android but when you do, make sure you know what you're agreeing to before clicking to go ahead. I've picked the two below that I want to talk about, partly because I was quickly trying to find warnings to use as examples (it's harder than you think!), but mainly because I think they are very important to have a think about. The first is the location services using Google's database, it might seem innocent enough but have you ever had WiFi at your house and gone on Google Maps only to find your location given to a couple of feet without GPS? Chances are that it was your phone that transmitted your WiFi and its location to Google, who are now able to give you an accurate location by only using WiFi. This service constantly runs in the background when WiFi is on and you are not connected to any network. This happens because data is collected from all the networks your phone comes across. As it states, data can be sent back to Google even when there are no apps running, so when your phone is in your pocket this is likely to be happening too. 


Now I might make this seem really evil, but in fact it's not that bad. If you think about it, a database such as this is most effectively built by using thousands of phones to relay data back because of the nature of what's being collected. Basically because WiFi networks come and go quickly, it would never make sense for Google to independently collect this sort of data. Still, bearing in mind what it actually does, at least now you can make a better informed decision about whether you want this going on or not right?


The next warning I want to look at was the input method whereby it warns you about any application potentially being able to collect sensitive data you input onto your phone. I think this one is more serious than the last as it depends more on the app that will handle your input. There are a lot of keyboards on the Play store, but how can you be totally sure that the one you're using right now isn't storing and sending your data to a server about what you've just written? I'm not saying that keyboards on the Play store are doing that, but I think people should take care when trusting apps with their sensitive details. As with all apps, if you're getting it from somewhere that's not the Play store then you should really be wary as apps are very easy to manipulate and what might seem like a legit copy of a keyboard app could be an altered version to record all your keystrokes. You just never really know.


Permission to do what?
Well permission to do a lot of things actually! Permissions are basically rights you give an app in terms of what it can and can't do on your phone. I've taken Viber as an example as it requests a long list of permissions but I think you should have a little flick through the permissions any app requires before installing it just in case you find something that doesn't quite add up. This isn't a witch hunt against Viber as it's an over-the-top service provider like Skype or Whatsapp so they require various permissions, whilst sometimes a permission might only be required for a small thing, such as verifying your phone number at the beginning. You might also notice the system tools permission, which might seem a bit scary at first and hard to work out why an app would need it but for something like Viber, if you receive a call then the app needs to be able to disable your lockscreen to allow you to answer.



These permissions are somewhat expected of a messaging and calling app, to be able to access your contacts and logs to extract and match who uses Viber on your phone. Nothing really that worrying here but again, it's always good to have a think about how an app would use these permissions and how they could potentially abuse them too. 


I don't mean to scare anyone or cause paranoia, but giving permissions a bit of thought before you blindly accept it on your phone might save you a headache or two further down the line, especially at a time when Android is becoming so popular that malware is being created specifically for it.

Mo



No comments:

Post a Comment