One of the biggest reasons for the success of the Android platform is the wide array of applications and games available, and the open-source nature of the OS is such that this is set to grow exponentially for the foreseeable future. New Android users will have noted the speed and ease at which software can be downloaded and installed from the marketplace, but may also have raised an eyebrow at the rather scary looking requests for access to various content or features of a phone.
These permissions are present to act as a security measure in that they inform users of the various things the software will need to do in order to work as intended, and though it’s not possible to manually select which to allow, can at least offer food for thought when choosing whether or not to install unknown applications.
You’re not given a lot of information on exactly what these permissions mean, so below we’ve rounded up the most common to offer some more insight into how the software will be interacting with your phone.
Make phone calls / send SMS or MMS: These are two permissions that allow the application to make phone calls or send texts and have legitimate uses for software such as Google voice. However, since they also have the potential to automatically contact premium-rate numbers and text services, this is a good one to look out for when deciding whether a request is reasonable.
Network Communication (full internet access, view network / wi-fi state, create Bluetooth connection): This is a fairly common request and often involves and application simply retrieving updates online, and can include widgets, web browsers, social networking software and more. However, this is also an essential permission for malware designed to transfer data off a phone, so should be viewed with some caution. Apps requesting Bluetooth connections are less common, but since this would again allow data to be transferred within a limited range it should be obvious exactly why this is being requested.
System tools: There are a range of system tool permission requests and most are fairly self-explanatory. Typically these aren’t potentially dangerous, and simply allow an application to modify the behaviour of a phone to allow it to work as intended. You may, for example, find an alarm clock application that requests “prevent phone from sleeping”, widgets that request “automatically start on boot” and a replacement keyboard that asks “set preferred applications”. System tool requests are very common and are rarely cause for concern.
Hardware controls: (control vibrator, take pictures): These are again fairly self-explanatory, and aren’t commonly requested. It should be obvious what types of applications ask for this control, and you’ll often find them on games, media players, photo applications and call managers. Again, they pose little or no concern from a security standpoint.
Your location (find GPS location, network-based location): These could allow applications to remotely activate the GPS functionality of a phone and use it to track the handset’s location. There may be some concern surrounding privacy with these permissions, but it’s usually easy to determine whether a request is legitimate. Mapping apps, location finders and GPS software will commonly ask for this access, which would obviously be integral to the smooth running of the software.
Storage – modify/delete SD card contents: Another commonly requested permission, this offers an application full access to read and delete data and create files on an attached SD card. Though it is potentially dangerous in that any malware designed to gather data from a phone or install additional files will need this form of access, you’ll find that a great many legitimate applications require it at as well. Again, you should judge each case on its individual merits and exercise caution if you believe the request to be unusual.
Your personal information (read contact data, read/write calendar data): While these permissions are potentially dangerous in that malware could be used to access contact and calendar information on a phone, it’s also fairly easy to spot unusual requests. Replacement calendars, phone books and social networking software would all commonly request this access, but unless it’s obvious exactly why an app would need this information it should usually be avoided.
The key thing to remember is that these permissions are intended to be used as a guide to what the application will be doing on your phone, so if you are unsure of the integrity of a particular piece of software, check to make sure it’s not requesting anything out of the ordinary. If in doubt, it’s always better to opt out of installing the package right away, and if no suitable alternative is available check online to see if the application appears genuine.
Of course the concerns surrounding applications that may contain malware designed to steal sensitive data is one of the main reasons why mobile security suites are rapidly growing in popularity. Installing such a suite is particularly important if you’re expecting to take advantage of the wide range of software available and enjoy trying out different packages on your phone, and will offer peace of mind that any files being downloaded will be checked for malware and viruses before they can do any harm.