A smartphone is nothing without its apps. Looking around the apps store is something we do quite frequently, either by necessity or to see what’s new or which game is most popular. And probably, while you are there browsing you end up downloading one or two.
That’s when Android users have to accept certain permissions of their new application. Apple users approve these permits the first time they use the app or certain features.
Applications request access to certain data and features of your device. As expected, maps apps ask for permission to use GPS and locate your device. However, most applications ask for more permissions than they should, which means that we are taking a few risks just by accepting them.
One of the most shocking examples is the flashlight apps. For using them you don’t need to sing in and they are free. However, when installing the app we have to accept permissions which have nothing to do with the app’s purpose, as knowing their location thanks to GPS data, taking pictures, recording audio or even reading our text messages.
App Permissions – Read before accepting
Facing that avalanche of totally unnecessary permissions, the best thing users can do before installing an application is to look closely at what information the app wants to access.
Most of these times, these permissions do not respond to a real need for the application to function, but serve to create an advertising environment that adapts the location and the user’s interests. Hence a flashlight wants access to GPS or a QR code reader asks permission to view your browsing history and your web markers.
The users take several risks when they systematically accept these permissions. On the one hand, they are letting developers to know their location or their Internet habits, and the final destination of this information is not clear at all.
But the situation may be much more serious if there is a security breach in the application’s meat that allows cybercriminals to access your smartphone through these permissions.
So, giving full access to Internet could result in cybercriminals taking advantage of the connectivity to download malware to your device or to steal passwords transmitted through Wi-Fi.
However, security breaches and cybercriminals are not the only risks that a user may face when approving the requested permissions. In fact, they are not even the most common. The major risk is users handing over their data to apps development companies, and these companies end up sending their users’ private information to analysis or advertising companies.
These permissions can also lead, in the case of downloading malicious applications, to scams related with calling services and premium messages, which do not provide any service for the user but charge exorbitant prices for each message.
Finally, when you download and install an application, the best thing you can do is to stop and analyze if the permissions required are necessary and, especially, if the developer can be trusted.
Checking this before approving permissions willy-nilly can avoid any surprises, or at least, our data falling into anybody’s hands.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
