Understanding App Permissions
The other day I was looking for a new flashlight app for my Samsung Galaxy S4 smartphone, so I jumped onto Google Play and searched the term “flashlight.” The first app that came up was Brightest LED Flashlight from Surpax Technology Inc. It had been installed over 50 million times, had been updated as recently as last month, and had received very favorable reviews, with an average rating of 4.7 out of 5.
It sounded perfect, right? I went ahead and tapped ‘Install’ and was presented with the usual list of permissions. Only this time, I actually read them.
It turns out that in order for me to install the app, Surpax Technology would need full network access, including access to all my Wi-Fi connections; continuing access to my precise location; access to storage so it could “modify or delete the contents”; the ability to take pictures or video using my camera; and the ability to modify my system settings. All this to turn on my LED flash?
It seems that we have become so enamored with our smartphones, and the clever apps that turn them into so much more, that we are no longer concerned about privacy. And even when we do stop and think, we are more than happy to trade in those concerns for a little extra convenience or a good smartphone game.
Before iPhone owners mention the vulnerability of Android devices and the extra security surrounding the App Store, it’s worth pointing out that Apple mostly allows iPhone app developers the very same permissions as Android developers, except that those permissions aren’t disclosed or are delivered in the form of notifications after an app has been installed.
At second glance, some of the permissions that developers seek may not be quite so threatening. For example, Surpax’s desire to access both my location and my network is almost certainly to enable it to deliver meaningful advertising. While I might regard advertising as intrusive, it’s a cost I might be willing to bear for the convenience of a reliable flashlight. However, I can’t imagine any reason why the app should need to modify or delete the contents of my storage.
Interestingly, the sheer number of app permissions that certain developers seek is not necessarily a sign that something is wrong. I recently installed an app called Permission Dog to see which of the apps on my phone were using the most permissions. It flagged just 4 apps as having a “dangerously high” number of permissions: Facebook, Twitter, LinkedIn and WhatsApp. (Yet more proof that we effectively sign away our lives when we join these social networks!)
So should we be worried about app permissions? After all, in the case of Brightest LED Flashlight, 50 million people can’t be wrong, can they?
Perhaps the best commentary I have seen on the issue of app permissions is a 2012 post on the community forum on Phandroid, an independent blog covering Android news. Here they list the risk associated with granting each individual permission. For example, permissions to make phone calls, send texts, or read your contacts should always be red flags, and, unless there is a very good reason, apps requiring these permissions should be avoided.
The Phandroid post makes a good point when it suggests checking out the developer’s web site before downloading an app. If the site is well laid out and informative, that’s often a much better indication of an app’s legitimacy than a standard list of permissions. The post also notes that updating an app is the same as installing it anew, and we should take as much care with the update as we do with the initial download.
In conclusion, permissions do matter. If you can’t imagine why the developer would need access to a certain feature – and you can’t find out – then it might be wise give the app a miss. After all, there are over a million apps to choose from, so it shouldn’t be hard to find ones we trust!