App Permissions

OK, folks. You've read Jerry's excellent explanation of Android app permssions, right? It's important. You need to know this stuff.

Back? Good. Now it's time for a little brutal honesty. Do you really read through the app permissions when installing something, or do you just click through? Or are they simply to confusing? There's no shame in any of that. Let's hear it, people.



Reader comments

Late-night poll: Do you read app permissions before installing?


As far as polls go, this is a very bad one.
I read the permissions and understand them. I don't worry too much about them and I don't read them religiously.
If you want REAL answers don't make the options sound scary.

A better set of options for this poll would be: Yes, Sometimes, Rarely, No

I agree, I am the same way. To me, both the "I read them" options are the same. I take a more informative read through of them, and then install it anyways.

much agreed.
I dont read the relgiouly, i hardly ever worry about them, i dont always click right through, and if ever i dont read them, its not because i dont understand them.

Horribly designed poll, but these guys arent psych majors, they play with phones for fun, so i guess you cant expect too much.

I agree about this poll. I sometimes read through the permissions and sometimes I don't. If it's a program like Facebook, which I'll have almost no matter what, I'm not going to look: I know Facebook wants most of the information from my phone anyway. If it's a new app and I see lots of bad reviews about permissions, I'll read through them. If the program calls for a manual upgrade, I'll see what's changed and then install. And so forth.

Therefore I read them sometimes and sometimes I can't be bothered.

I agree as well. Sorry, but this is not a good poll. Please re-do it.
Poll questions should not skew responses -- Please remember that for all your polls.

Agreed. The choices are actually pretty rigid in people's perception of how they handle app permission reading. For example, I have my times where I read them get it; times where I don't. Sometimes I read them; other times I won't—really it just depends on the devs and if they're a name/product I already know and trust.

Like you stated, what really would have worked better was just simply using "Yes, Sometimes, Rarely, or No". Then in the comments section people can explain, in detail (if they wish), why they may have chose the answer they did.

I never really worry... but I do read them all the time. Other things worry me more than a permission. If an app makes me join a service or somehow makes me enter a password and I don't see **** as I start to type... exit... uninstall.

Depends on the app. A lot of apps require different permissions and if my words cheater needs my location and modify permissions then no.

There's plenty of dirty apps out there that ask for permissions they don't need, I'd honestly say at least 55% of them do this, asking for phone ID, location, internet connection. I'm not ignorant, I know what I'm talking about and I'm right.

I tend to stick to apps with gigantic user bases and good reputaitons so no.
Only when im downloading something small time or off the map.

but there usually isnt anything to worry about anyway, people try to read too much into app permisions, and its mostly people who know nothing about application development spreading unwarranted panic.
If they spent as much time reading the features the app is supposed to provide as they did the permissions it requests, you typically find all permissions well justified.

Nope. I read reviews, though. And if the permissions are really, really out there, someone will be ranting about it.

Ditto. Same here. Plus, if the auto-update switches from a standard update to a manual one, then that's a red flag for me and I'll skim the changelog.

Usually, regardless of what I read, I go ahead and install.

I'd really like to know after I have given these permissions how often and when they were last required, then you'd really have a good idea what the app was doing. I can't see why Android can't gather these stats.

I read them, but if I want the app, its not like I have a choice in the matter. It's the same way I feel with EULAs.

I use LBE Privacy Guard to pick and choose what perms to allow and which to block. I seem to see some similar app reviewed lately that did not require root.

I read through them but mostly I use common sense when installing apps. I pay very close attention to apps asking for root access, unless they've been verified on xda and triple checked, I don't grant SU access at all.

Mostly i just click through... that's what you guys are for... I read your reviews and follow your news feeds, so if something was truly 'Sus then I would expect to read about it from you.

Great strategy. By the time you find out about a bad app, the damage has already been done. So much for "An ounce of prevention"...?

Wow, majority just click right through huh? That's like playing Russian Roulette IMO. Wonder how many do the same thing on their PC's? It would explain the malware prevalence.

Most of the time if they aren't asking to take pictures on my phone without me knowing I'll just click through after a quick skin of the permissions.

For me it really depends. I have a little process I go through. First I look at the publisher. If it is a household name, click right through. If it isn't a well known publisher, look at the rating. If the rating is good, install and read the permissions and comments carefully to see why. If I don't like what I see, I cancel the install. If the rating is bad, I pass on the app without looking at anything else other than maybe a quick glance at the reviews to see what was so terrible. Most of the time it is because it is an overglorified website

I do click through. But to be fare i do not fly in to an app
I do research on my apps and stick to main stream or paid

Ditto most of the preceding: Sometimes read permissions in their entirety, sometimes not. Big name apps usually get the blind eye. Therefore, I have excluded myself from this poll.

As I've said elsewhere, the weakest link in device security is the user. The results of this poll back that up. I think Google could to a lot more with regard to security - allowing users to revoke or deny permissions during installation or afterward (e.g. as in CM7). Unfortunately Google doesn't do more, and the onus of security falls on the users, who are shirking this responsibility in droves.

Frankly, I'm insulted by Google's stance that anything more complicated than a blanket acceptance of permissions during installation overly complicates the user experience. If users had the ability to accept or refuse individual permissions during installation, they would have a much improved user experience knowing that their installed apps have only the access granted to them. I also think that more fine-grained permissions are required, completely separating potentially privacy-invading permissions from those that are benign.

This could easily be handled in a manner similar to the way installation choices are presented during installation of an application in Windows - an expandable tree structure with some (or all) boxes checked by default. For the careless - one click and you're through. For the more diligent - expand the tree structure and be as detailed and thorough as you like.

Of course, developers should have the option of making some or all permissions mandatory when required for basic functionality of the app. The most obvious such permission would be internet access for apps that are ad supported. It would be unreasonable to deny internet access to an ad supported app, as this would cut off the developer's revenue stream.

I think an approach like this could make everyone happy.

To be fair there should have been a "sometimes" option. If the app is well known I might brush past it. If I've never heard of the app I check the reviews first to see if anyone has flagged and then read through what it can and can't do and decide.

If the developer wants information from our phone without showing a permission, I feel that they can so I don't really worry about it too much. I don't have any proof but that's just my theory.

I just skim the first 10 reviews and see if there is more than one 1 Star "review" bitching about permissions. Then I look to see if there is at least 1 4 Star review complaining about the complainers and calling them "silly gooses" for being so paranoid. Oh wait, that's every app. *clicks through*

But seriously, I'll generally look to see if people are making a stink and if so I'll read what they are saying and look into if it doesn't seem frivolous. So, I crowd-source my security concerns. Look for smoke before getting out the hose.

I’m diligent about checking permissions, even on existing app updates. Before installing the update, I check the existing permissions to see what may have changed. I live by “An ounce of prevention…” I’d rather prevent an issue if at all possible than deal with the aftermath.

I read them if they are for an app that I have never heard of, something that does not have an established reputation. For reputable apps I skip right through them.

How about this poll option: "I read them, but recognize that they only tell me what the app has access to do, not what it will do with that access."