Permissions

We've all heard about bad apps that steal your valuable data and ship it off to the far east, and those discussions always end with one thing -- someone says you need to read an app's permissions before you install it.  Well that's fine, but there is a small problem -- what the heck do those permissions mean?  System tools -- automatically start at boot is easy enough to decipher and understand why it's needed, but what about Your personal information -- read contact data?  Hit the break, and we'll try to figure some of these out together.

Remember, this list isn't 100 percent complete.  For a complete in-depth list we're going to need a guest writer from Google to write it.  The permissions system is micro-managed, with nuances I'll never fully understand, so I won't try.  I can talk about a few of them that I do understand to give you an idea why they aren't always as scary as they sound, and why some apps need some of them. 

Services that cost you money -- make phone calls

Warn me that something is going to cost me money, and you have my attention.  But some apps need to make phone calls.  Dialer replacements, Google Voice, anything tied to your phone dialer -- these types of apps have to have this permission.  On the other hand, a ringtone app doesn't.  You will want to look for this one, and if the app in question has no business setting up a phone call, be suspicious.

Services that cost you money -- send SMS or MMS

Again with the costing me money.  And subscription SMS services are everywhere, so this is one to keep an eye on.  SMS apps Handcent or Chomp will need this, that makes sense, but what about an app that allows you to edit or take a picture and send it to a friend?  Yep, it's going to need to send MMS messages, too.  Same with something like a Mr. T soundboard (I pity the fool!) that lets you send a sound byte.  If an app is set up for you to share media, you might see this one listed as one of it's permissions.  If it's not, think twice about installing it.

Your personal information -- read contact data

More scary sounding permissions, but let's think for a minute here.  Of course any messaging app is going to need this, that makes sense.  But a home screen contacts widget will need this, too.  As will apps like Twitter or Foursquare, so you can share tweets or check-in information over e-mail or SMS.  If an app doesn't have any social aspect, there's no need for this permission.

Your personal information -- read calendar data, write calendar data

Used too often for my tastes, few apps outside of PIM or task management apps need this one.  If you come across it, carefully consider why the app would need to read (let alone write) to your calendar.  Most don't.

Phone calls -- read phone state and identity

The most abused, and least understood permission of them all.  Some apps need to know if your phone is about to ring.  Maybe they need to save state (ie freeze what they're doing) for when the incoming call screen pops up, or they need to turn over audio control back to the OS.  But this is also the one that can read, and send your IMEI and other identifying information back to some random server in Russia or God knows where.  Often, these unique numbers are needed as piracy control, or to keep track of you without using any more sensitive personal information.  The issue is when developers use these numbers for things like remembering your preferences for online services or app history.  Remember the big wallpaper app scare?  After some investigation, we learned the developer was using your device ID to keep track of your favorite wallpapers on his servers.  Seemingly harmless, but not the right way to handle it.  My only advice here is to be sure you trust the developers of the app when you see this one.  Or take a moment to email them and ask why they need this permission.

Your location -- coarse (network-based) location; fine (GPS) location

These two are no-brainers.  If an app needs to know where you are, it has to know where you are.  If an app gets its revenue from location-based ads, it needs to know where you are.  If an app has any mapping abilities, it needs to know where you are.  And finally, if an app tells you information about finding things like businesses, it needs to know where you are.  If you don't want these apps to know where you are, turn off the location services on your phone and don't install the app.  If you want an app to tell you where to find cheap gas, you're going to have to let it know where to look.

Network communication -- full internet access

Another permission that we see far too often.  If an app has no function for you to communicate with anyone else, or any type of downloadable content, this usually means ads.  To show you ads, the app needs to get them from the Internet.  If they app you're using is ad-free, has no need to contact the outside world, and doesn't have any type of add-on content, be wary.  But don't be silly.  Ask the developer why.  If he or she tells you, they have nothing to hide. If they don't respond, move on.

There are many other, less suspicious permissions for things like keeping the phone awake, controlling hardware, or accessing system settings.  Use a bit of common sense with these.  An app that takes pictures needs to control your hardware.  Netflix needs to keep your screen awake for the 90 minutes you're not touching the screen.  A ringer mode widget needs access to your settings.  And most apps nowadays need access to SD card content (which can mean internal storage as well).  When you come across something you don;t understand, usually a bit of deductive reasoning can figure out why an app needs to do something.  If not, read comments in the Market, and ask questions in the forums.  Just don't be silly and think the sky is falling -- most Android developers just want to make apps that make them a little money, and have no bad intentions.

 
There are 17 comments

Mgamerz says:

Seems like they should break up the phone state and identity permission into 'Read phone state' and 'Read Phone Identity'. Because reading if my phone is about to ring sounds like a good permission. The other half, not so much.
Just like there should be a 'read SD card'. I don't like read/write.

crxssi says:

+100

Matt Passell says:

Speaking of breaking down permissions into something more granular, wouldn't it be nice if the "Network communication -- full internet access" permission could be more limited. I'd much prefer to see "Network communication -- advertising", "Network communication -- admob", or "Network communication -- somedomain.advertiser.com" That way, you'd know your phone would be reaching out, but you'd know more about where it was going. Maybe I'll suggest that to the Android team...

baykes says:

the problem with that is that Google has no idea what purpose every developer in the world will have for connecting to the net or what developers are going to connect to with a network connection. And there's no way to programatically determine that.

you think its a pain in the ass waiting for an OTA now?
see what happens when Google has to collect the source code for EVERY app that EVERY developer plans to release so that they can analyze it and include a separate special permission for EVERY single connection into the SDK so that you can see your fancy "Network communication -- somedomain.advertiser.com" message when you download whatever app you're looking at.

cvmaas#AC says:

I'd just like to add that "Phone calls -- read phone state and identity" is an add-on permission by Android if the app supports Android v1.5. Meaning, the app doesn't need the permission to do anything, and isn't explicitly declared by the dev, Android automatically tacks the permission on to support Android v1.5.

The only way around it is to not support Cupcake, which is the reason I never had any intention of supporting less than 3% of the install base in exchange for having to declare that permission.

UncleMike says:

I agree with Mgamerz. Some of the permissions are too broad, lumping together permissions that, from a security perspective, should absolutely be specified separately. Isn't that the point of permissions, declaring them and reviewing them... security?

On the other hand, developers sometimes declare permissions they don't need, or do things in such a way that the permissions are required, when an alternative method would not require the permissions.

I have apps that can share things, and they don't need to read my contact data. I tell the app to share something, and a list appears containing all the available sharing methods, based on what's installed on my phone. I select the method, and the appropriate app opens. No special permissions required.

rogeratm says:

Perhaps, the real App that we all need is one that checks the Permissions for each of our installed Apps and alerts us when there is a concern! I'd buy it. This App should also provide the ability to quickly Uninstall Apps with silly Permissions.

squiddy20 says:

I know of at least 2 apps that do exactly that. I can't think of them off the top of my head right now, but I do know one was featured on XDA's portal a few weeks ago. It would rate the permissions a given app has and designate it (the app as a whole) as safe, mild, dangerous, or scary if I recall correctly.

baykes says:

thats impossible. Without a ton of reflective programming built into the app being analyzed, all that an app like what you are suggesting could do is make a (somewhat) educated guess at best. Computers dont have intuition and AI is limited, so while a computer knows what specific lines of code do functionally, there's no way it could determine the overall intent or purpose of the combined code.

the only way i could think to even implement such a thing is too take user input that would indicate what kind of app you are asking about, and ten have it (again) guess (more or less, via some sorta of determinant algorithm) what it should or shouldnt have.

so basically it would be like asking your nearest techy pal...only with potentially less trust worthy results.

I guess i could be wrong though.

w0rryw0rt says:

Thanks a million for this article. I'm new to Android and it took me a bit by surprise to see the application permissions screen for the first time. But i mostly install well-known apps, so I'm not too paranoid.

VRAndy says:

"Phone calls -- read phone state and identity"

This one is thanks to Android bug #10603

The android operating system is supposed to have a built-in unique identifier that any app can access. Unfortunately, all the Droid 2 phones and a bunch of other Froyo devices shipped with the exact same unique identifier.

Advertisers need unique identifiers to prevent fraud. Since they can't trust the built-in serial numbers on Froyo devices they're forced to use your phone number to identify you.

This sucks, but please don't blame the app-makers. All the major advertisers require this permission.

More info on bug #10603 here : http://code.google.com/p/android/issues/detail?id=10603

baykes says:

Good Article!
Its really annoying to see in app stores every app gettin unfair reviews because of people who dont understand permissions or that tey are needed to do whatever it is they want the app to do. Its really hard to get an honest opinion and gauge the qualilty and effectiveness of an app when that happens.

some can't help it, not everybody is a techy I understand that...the people that get on my nerves are the overly paranoid conspiracy theorist freaks though.

johnsmart says:

Technology is grooming fast day by day. so many mobiles applications are running different mobiles just because of growth in technology.
Now there are many funny and fool applications are available to make someone fool on April fool day like hack the mob, share others credit from mob, lock phone, hack bluetooth etc etc.
some years people were tried april fool messages to make others fool but not they used many mobile softwares and smiley which can make people foor in batter ways.. :)

shistro says:

I appreciate that...the citizens that obtain on my April Fool Messages are the excessively suspicious scheme philosopher freaks although.

samuelshun says:

Each and every of these solutions Romantic Facebook Status present feeds every time a new content is added, but have different options to supervise the blog and configure its look and feel. You would like to try these before going to find something else.

roadpizza73 says:

samuelshun,

serious dblspk