Answer Line: Creepy permissions for Android apps

Sdlmd downloaded an Android app that wanted access to Contacts, even though it had no legitimate reason to do so. What can be done?

Sdlmd downloaded an Android app that wanted access to Contacts, even though it had no legitimate reason to check on friends and relatives. What can be done?

[Email your tech questions to or post them on the PCW Answer Line forum.]

As protection against malware, adware, and just plain arrogant software that thinks it owns your phone, Android requires apps to announce what they may access and change. For instance, an app must tell you if it might access your contacts or track your location. The app provides this information at installation, when a list of so-called permissions pops up before you make the final install-or-not-install decision.

But installing an Android app is an all-or-nothing choice. If you object to what an app wants to do, and you're not willing to root your phone, your only other option is to not install the app.

Apps often ask for permissions that, on the face of it, they shouldn't really need. For instance, I have a rhyming dictionary called B-Rhymes, that I couldn't install without giving it permission to check my location. Why? To find rhymes for the cities I visit?

Yes, I know (or at least assume) the real reason: So it can target advertising to match my physical location.

To make matters worse, Apps can add permissions after you install them. You've probably noticed that some apps require a manual update. When you update an app manually, examine the screen carefully for a new Permissions section.

Want to check what you've allowed your existing apps to do? Depending on your version of Android, tap Menu>Settings>Applications>Manage applications or Menu>Settings>Apps. Tap an app and scroll down to the Permissions section.update. When you update an app manually, examine the screen carefully for a new Permissions section.

On the other hand, you may prefer to look up a permission and see what apps have it. For that you'll need the free Permission Explorer app, which, you'll be glad to discover, "requires no special permissions to run."

If you're truly determined to keep an app but deny it some of its permissions, you'll have to root your phone, then use an app like Permissions Denied. But that's a dangerous process and not one to do lightly.

Read the original forum discussion.

Tags: mobile applications, apps, security, Android, Answer Line, mobile, privacy

Hackers prepping for OpenSSL Heartbleed attacks

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Web Gateway

Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.