Unacceptable Permissions?

[Dani]

I asked in a previous post if you generally allow permissions and got mixed answers... some do and some don't. When I obtain or get update notifications for apps, I do read the permissions but I don't really understand them so I usually just accept them. Can any of you give me an example of an unacceptable (to you) or dangerous permission... and tell me why it is unacceptable? I'm just trying to get an idea of what to watch out for. Thanks.

[Ads]

[Lesismore]

...and to add another question to go along with Dani: Once you delete an app, and associated data, i.e., folders, user data, etc. It SHOULD all be gone. So, IF YOU decide to RE-install an app, it's permissions must be approved AGAIN, and you could decline, correct? Albeit if you do decline, the app won't install.

[zigackly]

I don't think a general reply is easy, because I might allow permissions for an application by a well-known trustworthy company which I would not allow from an independent developer, or I might decide to take a chance on permissions I would not generally allow, in order to get my hands on some much-needed functionality. One thing I would recommend is to every now and then audit which apps on your system can do what, and if you are rooted perhaps even try blocking a few that you have allowed on installation, using a third party app.

[claudermilk]

A couple of examples I can think of is why would a live wallpaper need to know your position (GPS)? Or access accounts? Why would a game need to know your position? Both of those have shown up on apps I've looked at. I declined to install them. It really is on a case-by-case basis; you need to look at the permissions--and basically understand them--then decide if you believe the app really needs them & you are comfortable with allowing them. IMHO, the system Google has put into place is one of the best I've seen; the specific permissions are fairly well defined, and the end user is explicitly told what the app is requesting so they can make an informed decision on whether to install or not. You will also see that when an app is updated & adds a new permission, you are again explicitly told what is added & must manually update (when permissions are removed you are not--but that isn't a big deal IMHO).

[x1gx4g]

I agree in general with what both zigackly and claudermilk suggest and it is definitely worth reading the permissions and considering whether they really are required.

I don't profess to know in detail what a few of them mean in terms of their implication, but I found this thread at androidforums helpful. See if it's any good for you or any others:

Android permissions explained, security tips, and avoiding malware - Android Forums

[Lesismore]

I agree in general with what both zigackly and claudermilk suggest and it is definitely worth reading the permissions and considering whether they really are required.

I don't profess to know in detail what a few of them mean in terms of their implication, but I found this thread at androidforums helpful. See if it's any good for you or any others:

Android permissions explained, security tips, and avoiding malware - Android Forums

Thanks for that link. It was actually very informative, particularly the WARNING sections. Also think logically whenever reading the permissions. As Claudermilk said, a live wallpaper might seem that it shouldn't have GPS rights... Unless for example, it's a weather app, that monitors your location and the weather at those coordinates, to show on your screen.

x1gx4g's link above is good stuff; it will make me think about the who what when where & why's.

[tbonemax]

HD Widgets has now ask for camera use both front and rear. why? Uninstalled this app.Enough is enough.

[x1gx4g]

You're welcome Lesismore. Glad it helps. I have long believed that Google should make Devs, as a condition of publishing to Play, explain the reasons for their permissions in their app description. Some voluntarily do it but many don't and I think it would increase transparency if all had to do it.

[Lesismore]

HD Widgets has now ask for camera use both front and rear. why? Uninstalled this app.Enough is enough.

Just because an app needs a specific permission, doesn't necessarily make it nefarious.

In the case of HD WIDGETS, it has the new flashlight toggle widget which is powered by the camera's LED. I've written a couple of apps, and I know that whenever you include a particular library (such as the camera's driver software), then those permissions must be shown at install time. The Dev has no control over that. When a Dev uploads an app to the market, Google scans all the code (libraries) an app uses and presents those permissions to the user.

For HD WIDGETS, here's that actual dialog about the camera use:

Permissions

This application has access to the following:

Hardware controls

• take pictures and videos
  
• Allows the app to take pictures and videos with the camera. This allows the app at any time to collect images the camera is seeing.

This dialog is produced AUTOMATICALLY by Google. In actuality, the app's flashlight widget needs to turn the LED on and off, and because it can only do that via the camera driver, the dialog will appear. It doesn't mean that the app is going to be secretly taking pictures of you and uploading it to the net!

HOWEVER, and this is where you have to be careful, because the app now has the camera drivers loaded, IT COULD conceivably take a picture. So once again, you have to think logically. While HD Widgets probably won't be doing that, other less known apps just might! Read the link above, and then always use your head, and apps produced by trust-worthy developers.

[Travesty]

I read you question when you posted it, and I've thought of it since as
I didn't really know how to express it, I've worked on this reply for quite sometime, as
there's so much to cover and I try to impress a fix (using a HOSTS file).
I won't as it should be obvious and try to keep it short this time (5 or 6th rewrite).

You know what permissions to allow a program by reading the ToS, (Terms of Service),
and I may be one of the few people that does this. The ToS will send you to their Privacy Policy
which is really what you need to read (Privacy Policy trumps the ToS).

With a Cell Phone or Tablet you have no control over your system, unless rooted which
I for one required, while I allow permissions, I also block them.

The two most important permissions to me are superuser and Full internet access.
Allowing Tracking "to me" it's exactly dangerous but close.

Angry Birds (rovio.com) is an example of abusing the full internet access permission:

Angry Birds Privacy Policy: Privacy Policy - Rovio Entertainment Ltd
they use Flurry for analytics

Flurry.com also has a privacy policy: Flurry
That you are agreeing to when you agree to Angry Birds:

Both parties (Angry Birds, Flurry-analytics) use web beacons
Web bug - Wikipedia, the free encyclopedia to track everything you do while accessing
the network via your xoom (were only talking about the Xoom here)

Flurry.com knows when and who (you, your spouse, kids or which friend) checked
their email last from your Internet connection/router/WiFi. As they do collect identifiable information.

rovio.com also sends "some" collected data out of country , other countries
aren't required to supply ToS's - so you no clue what's to become of that.
X-plorer is a good example using both of my important permissions and not one word
of how they handle data or if they even collect it, or if they are going to upload a program my way.-

All of the above is unacceptable to me, it's beyond tracking and into following "for personalized ads".
Target for one may very well know your daughter is pregnant before you.
How Companies Learn Your Secrets - Slashdot

The above is the norm for what Cell Phone, Tablet, and such. On a PC's I at least
would never install something with those conditions. Games from the android stores have
some of the worst ToS I've ever read. While Angry Birds is a good example
ASTRO file manager reads the same way.

Then there's the malware aspect full internet access and SuperUser access you could
have bot, a few bots running, you could be viewed at someones leisure - I'm sure there's
a way to use the front camera without the red light.

----How do I get around this?

Welcome to Rovio.com! - Rovio Entertainment Ltd - 217.149.56.174

Add this to my HOSTS file to block Angry Birds:
127.0.0.1 217.149.56.174
127.0.0.1 rovio.com # just in case.

And I do that for every program I install.

Flurry.com -this one's different I can't block it, as seen here:
flurry.com - robtex
If I were to block it -all of the others would be blocked as well.
I figure that could cause a few problems :} (everyone listed is a tracker).

You can Opt-Out,

Angry Birds
youradchoices.com
networkadvertising.org
(Please note that the links above may not reach all Rovio’s advertising partners)
Privacy Policy - Rovio Entertainment Ltd

But it's not worth the hassle, some opt you back in when you clean your cookies.
But:
Flurry.com Flurry This one is well worth your time to Opt-Out of.

With Angry Birds web site blocked nothing is sent to them from your Xoom, even the
web beacons are blocked. All of the games or programs work 100% and your blocking
ads as well.

The damnedest thing is I trust Google, and do hope they cause no harm.

Hope this helped. -and- What the hell is a hosts file? Blocking Unwanted Parasites with a Hosts File