Tue | Dec 12, 2017

Tech Times | Permission to steal your data?

Published:Monday | August 14, 2017 | 12:00 AMDanielle Mullings

When is the last time you read the entire terms and agreements of a software you wished to install? Nowadays, we rarely check what we are agreeing to when installing applications on our computers or phones. This gives some malicious software the ability to exploit sensitive data and device functions. The problem is that some apps actually do need these permissions in order to function and so the user is left guessing.

 

What is an app permission?

 

App permissions can give the software the ability to access either hardware features such as the phone mic or camera. For example, Snapchat will require the hardware permission to use your phone camera, so that you can send pictures to your friends. Alternatively, the retail app Earny requests user information in the form of email account logins to send malicious emails pretending to be the user.

 

More about specific permissions

 

- Permission - Directly call phone numbers.

What it means: This permission gives the app the ability to make a phone call at any time without your consent. Without being given this permission, all applications are still able to access your phone dialler and fill in numbers. However, they are not able to actually call unless this permission is granted. It is important to note that this permission can cost you, because your cell service provider will charge for calls.

When not to be concerned: When apps like Google Voice or Skype request this permission.

When to be concerned: When apps that have nothing to do with making calls request this permission. Two examples are gaming apps like Temple run and email apps like Gmail.

- Permission - Read/Write your contacts.

What it means: This permission allows the software to access your contact information. This is useful for apps that suggest new friends based on who you currently know. The trick here is that a person's contact information is not limited to the common perception of a phone number. His contact may also include data regarding his email, location, and employment status - essentially everything that is stored about him.

When not to be concerned: Any app that allows you to contact another person will more than likely request this permission without malicious intent. Concurrently, no alarm should be raised if social applications like Whatsapp or Instagram request this permission.

When to be concerned: Most apps will request this permission, so it is not one to generate much concern. However, you may be concerned if a utility app like Nikon Wireless Mobile Utility, which has no sharing function using requests this.

- Permission - Your precise location, GPS and network-based location.

What it means: This is rather self-explanatory as it gives software access to your location. Network-based location gives a rough estimate of where you are. The GPS-based permission, however, gives a very precise idea of where you are.

When not to be concerned: Apps with location-based features like Google Maps and Store Locators are not likely to be malicious. However, there are some gaming apps that take your location so that they can give location-based ads.

When to be concerned: You should decline the permission if the app has no use for your location.

Usually, Android apps have an all-or-nothing approach. This means, either you accept all permissions and then install or do not install at all. However, Android has made efforts to give users more leverage since the inception of the Android's Marshmallow OS. In this update, users are able to grant permissions at runtime as opposed to prior to installing the app.