I’ve been researching Android mobile application permissions on the Google Play Store, and have noticed that quite a few apps are now looking to review what permissions their apps have access too. One particular Android app was Flixster on Google Play which now no longer requires permission to read contacts or text messages. Reading some of the comments on this app, it appears some users are congratulating Flixster for removing these permissions. I am too, but this still got me wondering.
Why do apps continue to access data they actually don’t require to run? Accessing my contact book gives app developers full access to emails and telephone numbers. This is not only useful for spamming but also for renting the data to marketing and 3rd parties. I’m seriously concerned with apps accessing my contact and calendar and my call logs for example – this is my personal private domain. Some say, if you don’t want to allow them access to your data, don’t download the app. Why should I not download an app I believe I need and or I find very useful to my ilife? Enough said.
A company I know called Appthority, recently compiled an interesting App Reputation Report on the hidden security risks of top mobile apps on the Apple App Store and Google Play Store. The report highlights that gaming is the most popular app category (no surprise here folks!), making up 50 percent of the top iOS apps and 20 percent of the top Android apps. Gaming also represented the category that has the most access to sensitive data. This comes as no surprise as gaming developers will probably justify this intrusion, based on how they need to ‘understand user behaviour to improve the gaming experience’. Some apps (mainly freemium) also deliver in-app ads, so it’s also important for advertisers to collect click-thru and user-device specific data as well. I’m not sure contact and call logs should be collected, and for obvious privacy concerns.
Interesting to read in the report was that 94 percent of iOS apps and 84 percent of Android apps have the ability to access sensitive information through in-app ads, in-app purchasing, ad networks, analytics, contact information, calendar details, and location from the mobile device. My readers will appreciate the value of this data (it’s your data after all), so given only iOS and BlackBerry developers on average make more money with their apps than Android, you can see why the data collection is possibly more vital to Android developers. Lastly, the report identified business apps used for business, healthcare, and finance also had visibility of the sensitive information mentioned above. In this case business should be enforcing both a Mobile Device Management (MDM) and or Mobile Application Development (MAM) strategy. So, as consumers and employees what are the options?
When you download an app from any app store, I suggest you check each permission i.e whether an app has access to your phone calls, contact/calendar details etc. This is all you can do right now. Unfortunately, if you don’t grant access to ALL the app permissions , you will be unable to install the app (this is applicable to both the Apple App Store and Google Play Store). I believe there should be options available to install an app without granting access to ALL app permissions. An example might be allowing the app access to the network communication permission to manage and monitor the app data bandwidth. Location-based permissions could also be allowed by default i.e. Foursquare but this app would still work if you denied it access to other permissions.
Right now Google Play rates app content but it should in my personal opinion go one stage further and insist that apps be installed with the minimum of permissions i.e. only network communication access. Will developers buy into this? Let me know.
Safe surfing folks!