Android's permission problems

Apps are notorious for leaking information, but can you really do anything about it?

Mobile apps are a privacy nightmare. Some apps are constantly connected to the Internet, and can upload your personal data--such as your private photos or documents--to a remote server without your knowledge or consent. While iOS users can generally depend on Apple's app-curating process to keep their data safe, Android users pretty much have to fend for themselves, left to rely on a cryptic system that doesn't seem to be working.

How Google's Permission System Works

Whenever you download an app from Google Play (the store formerly known as the Android Market), you see an alert that explains what information that app will be able to access once you install it on your phone; for instance, the alert will indicate whether the app needs to access your contacts list, or connect to the Internet. An app cannot use any part of the phone that it does not have permission to access, and the developer sets these permissions when it first submits the app to the Play store.

The Problem With Permissions

While the providing of this information is a good idea in theory, it doesn't work so well in reality. According to Joe Keehnast, a product manager for Norton, very few people actually look through an app's permissions before installing it.

Even if you were to read through the alert, you may not come away with much information: The permissions list can be extremely unclear and unhelpful. An app can request permission to use my network connection, for example, but I'm never sure what it's actually using that connection for. Some security apps, such as Lookout Mobile Security, feature "privacy advisors" that can give you a little more detail as to why an app would request certain permissions. At best, however, that is a workaround for a larger problem. Even with the extra information from security apps, you never see explicit details as to why, say, a browser app wants access to your phone's SMS function.

Confusion aside, the permission system as it is currently designed just does not work. In late February, the New York Times demonstrated an inherent flaw with the Android permission system by building an app that was able to access photos stored on an Android phone and copy them to a remote server. To accomplish that, the app needed only permission to access the Internet.

According to Google, the problem stems from the fact that it originally developed the permission system to work with devices that stored photos on the removable memory card. Now that phones store photos on the built-in storage, Google's permission system no longer works as the company originally intended.

What to Look For

Though app permissions are by no means clear, you can look for a couple of red flags. Almost every app asks for access to the Internet (usually for ads), but very few should request permission to access your phone calls or your messages. A malicious app with permission to make calls or send messages can cost you big by dialing certain phone numbers or by sending out premium text messages without your knowledge. The only apps that should have access to your phone calls or text messages are security apps and communication apps such as Google Voice. If a game asks for permission to access your text messages, do not download it.

Some app developers will list what their programs use each permission for. The developer of the Any.Do task-managing app, for instance, has a FAQ page that explains each of its requested permissions. It's really helpful to be able to see why an app needs access to your contacts or hardware controls. If an app developer doesn't explain why it is requesting certain permissions, send the developer an email; the Google Play app gives you each developer's basic contact information, and you can drop the app creators a line in case you have any questions. If a developer doesn't respond, and you can't find anything more about the developer or the app online, avoid them. It's better to forgo an app than to install it only to find out that it has taken over your phone.

It should go without saying, but the situation needs to change. Google must revamp the permission system so that it is easier to understand, and app developers have to clearly explain what their apps can access--and why. But until that day comes, it's important for you to keep questioning whether each app really needs access to all parts of your phone.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Armando Rodriguez

PC World (US online)
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?