Android permissions

jondc

jondc

Suspended / Banned
Messages
2,404
Name
Jon
Edit My Images
Yes
So with moving away from IOS for the first time I was looking at the google play apps and their access permissions.
Some seem surprisingly over the top, example below for Linkedin.

So it looks like basically the only thing it does not have access to my inside leg measurements, unless I mark that confidential.......

Why does it need such freedom of my personal information and a free hand to mess about with accounts?

This app has access to:
Identity
  • find accounts on the device
  • read your own contact card
  • add or remove accounts
Calendar
  • read calendar events plus confidential information
Contacts
  • find accounts on the device
  • read your contacts
  • modify your contacts
Location
  • precise location (GPS and network-based)
Phone
  • read phone status and identity
  • write call log
  • read call log
Photos / Media / Files
  • modify or delete the contents of your USB storage
  • read the contents of your USB storage
Storage
  • modify or delete the contents of your USB storage
  • read the contents of your USB storage
Device ID & call information
  • read phone status and identity
Other
  • receive data from Internet
  • read sync statistics
  • create accounts and set passwords
  • control vibration
  • toggle sync on and off
  • prevent device from sleeping
  • view network connections
  • read sync settings
  • full network access
  • send sticky broadcast
 
Thanks for the link. It was not Linkedin per-sa but just why do these apps needs such freedom.

For example it says - Identity (find accounts on the device, add or remove accounts, read your own contact card, create accounts and set passwords): This lets LinkedIn provide personalized recommendations using your Google contact card.

Sorry but I would prefer no personalized recommendations and extra security. Its fine whilst the access is being used in a non impacting way but what happens when someone decides to miss use it; hacker, disgruntled employee and the likes. Just seems excessive to me.

I thinks i'll stick to accessing this online when I want, as opposed to in app.
 
Like the link says, the headings of the permissions are particularly vague.

As the disgruntled employee bit, its never happened, becides beyond your contacts what information are you concerned about. You're more likely to get one of the xcode exploit apps on iOS.

Speaking of iOS, they don't even warn you what info the app gets from your device.
 
In part it is a bit of a land-grab I suspect, they might use all those things at some point depending on your settings, I would think it would want the same on IOS but maybe it is not spelled out in such detail.

jondc said:
I thinks i'll stick to accessing this online when I want, as opposed to in app.
Click to expand...

That's what I tend to do unless I really want to be pestered by something. You can access most things via the phone's browser anyway
 
neil_g said:
Like the link says, the headings of the permissions are particularly vague.

As the disgruntled employee bit, its never happened, becides beyond your contacts what information are you concerned about. You're more likely to get one of the xcode exploit apps on iOS.

Speaking of iOS, they don't even warn you what info the app gets from your device.
Click to expand...
True, its been an eye opener.
I have all my emails accounts on the iphone and my emails have lots of personal information in (icloud, hotmail ect).
 
sirch said:
In part it is a bit of a land-grab I suspect, they might use all those things at some point depending on your settings, I would think it would want the same on IOS but maybe it is not spelled out in such detail.



That's what I tend to do unless I really want to be pestered by something. You can access most things via the phone's browser anyway
Click to expand...
Yes, just apps are quicker and generally display better on the screen. I find the screen when in the browser a bit limiting.
Maybe that will change with a bit larger screen.
 
sirch said:
That's what I tend to do unless I really want to be pestered by something. You can access most things via the phone's browser anyway
Click to expand...
I have to agree. When I first got my phone I got all the apps when prompted. Now I've pretty much got rid of them all. Amazon ,youtube and Facebook annoyed me the most. Why can't you still not leave comments on youtube app!
 
Last edited:
neil_g said:
you can customise notifications :)
Click to expand...

In fact, you really need to if you ever want to sleep.

BTW I've set up a "sleep"mode on my Z3. Between certain hours, if it's connected to the mains then the only things that can "alert" me are the alarm clock or a voice call from a very small list of numbers.
 
neil_g said:
you can customise notifications :)
Click to expand...
But can you customise access permissions? Like not allowing apps access to camera or to location services etc?
 
jondc said:
But can you customise access permissions? Like not allowing apps access to camera or to location services etc?
Click to expand...
Apps can't take photos. Only you can.
 
AFAIK the latest version, Lollipop, lets you have much more control over individual permissions, previously it was pretty much take it or leave it depending on what the app wanted. I guess it will take a while for the App developers to catch up with the new lollipop permissions system.
 
StewartR said:
Apps can't take photos. Only you can.
Click to expand...
Sorry, I thought that's how (by accessing the camera) skype video call (or any other video messaging app) worked. Will have to have a play and see what can be limited.

I must say with all these service providers being hacked and data being stolen, I am being more cautious over things.
 
Last edited:
sirch said:
AFAIK the latest version, Lollipop, lets you have much more control over individual permissions, previously it was pretty much take it or leave it depending on what the app wanted. I guess it will take a while for the App developers to catch up with the new lollipop permissions system.
Click to expand...
Not sure what version mine will have, will need to dig a bit more. Thanks for the info.
 
neil_g said:
you can limit some functions per app within settings -> privacy -> privacy guard. but whether that'll stop the app working at all is another thing.
Click to expand...
Thanks for the info
 
neil_g said:
remember thats hacking/data loss at a server level, not app level. even using the web page rather than the app wont help there.
Click to expand...
Yes, noted. I just meant these incidents have highlighted a general awareness.
 
What you really need to be concerned about is loosing your phone or having it stolen. The criminals then have access to anything that your phone logs in to automatically and if they have your email they can request password resets for anything registered by under that email address..

Personally I encrypt the phone, set decent screen lock and use a different email address for anything financial than I use for general email.
 
StewartR said:
Apps can't take photos. Only you can.
Click to expand...

Is that true? IIRC there's a "use camera" permission.

I've noticed a lot of apps tend to start small with a couple of permissions and then in an update they tend to go for the land grab approach. I think people read permissions (even) less during app upgrade than initial install.
 
StewartR said:
Apps can't take photos. Only you can.
Click to expand...
JonathanRyan said:
Is that true? IIRC there's a "use camera" permission.
Click to expand...
There is a 'use camera' permission. It allows the app to switch to the camera, and to use the resulting image. For example if you're adding an expense to your expenses management app and you want to upload a photo of your taxi receipt, this permission allows you to do that seamlessly within the app. Otherwise you'd have to exit the expenses app, start the camera app, take the picture, exit the camera, back to the expenses app, locate the taxi expense, add image, select image.

But you have to press the button on the camera. The expenses app doesn't know when you're pointing the camera at the right bit of paper. That's what I meant seen I said that only you can take photos.
 
StewartR said:
There is a 'use camera' permission. It allows the app to switch to the camera, and to use the resulting image. For example if you're adding an expense to your expenses management app and you want to upload a photo of your taxi receipt, this permission allows you to do that seamlessly within the app. Otherwise you'd have to exit the expenses app, start the camera app, take the picture, exit the camera, back to the expenses app, locate the taxi expense, add image, select image.

But you have to press the button on the camera. The expenses app doesn't know when you're pointing the camera at the right bit of paper. That's what I meant seen I said that only you can take photos.
Click to expand...

Got you :) So there's no way to bypass the shutter button? Makes sense from a security POV.
 
sirch said:
What you really need to be concerned about is loosing your phone or having it stolen. The criminals then have access to anything that your phone logs in to automatically and if they have your email they can request password resets for anything registered by under that email address..

Personally I encrypt the phone, set decent screen lock and use a different email address for anything financial than I use for general email.
Click to expand...

Yes in a nut shell !

Although I would go one further and for android have a gmail account for each mobile device and have no active email on your phone apart from that gmail account.

Then even if your phone is lost / stolen and someone gets access to the email on it has no value.
 
You must log in or register to reply here.
Back
Top