The Facebook app wants to be able to reconfigure your wireless connections along with other totally ludicrous permissions. Facebook don't seem to be willing to explain why they need these permissions even though they demamd such details from people developing Facebook applications
Whoah! How many Google Play apps want to read your texts?
A security firm has criticised Android's all-or-nothing permission approach, arguing it unnecessarily creates extra privacy risks for businesses and consumers. Users are obliged to accept an entire laundry list of requested permissions before they can download an Android app. Disagreement on any point means that the software …
COMMENTS
-
-
Wednesday 16th July 2014 13:14 GMT Steve Evans
Facebook are a huge offender.
Luckily the play store recently introduced a "do not automatically update" flag you can set against apps who are creeping the permissions. Assuming you already have an older version you don't object to.
Others in my offenders list are Absolute Radio who now want location, contacts/calendar
Amazon, Ebay who want fine location information
BT Wi-Fi (which is just supposed to auto logon to BT wifi APs) for SMS, Phone, Photos/media
The list goes on.
If you've got a rooted phone, I recommend Xprivacy. You can block permissions after you have installed, and at a far more granular level.
-
Wednesday 16th July 2014 16:26 GMT Craigness
"do not automatically update" flag
Apps which have new permissions will not be updated automatically nomatter how your flags are set. Additionally, pressing "Update All" does not update those apps - it notifies you of changes* and prompts you to accept or skip the update. I have a number of apps in my Updates list which have been there for many months following the introduction of an unnecessary invasive requirement.
It *used* to notify you of the changes, but after their "simplification" of the permissions system it just says that something is different and leaves you to work out what it is.
-
Wednesday 16th July 2014 18:36 GMT Kanhef
Amazon and Ebay aren't actually that unreasonable – they're probably trying to look up your postal/zip code so they can automatically calculate shipping costs. Still, it would be nice to have the option to turn that off, in case you're shopping while not at the location you want things delivered to.
-
Thursday 17th July 2014 14:12 GMT Anonymous Coward
"Luckily the play store recently introduced a "do not automatically update" flag you can set against apps who are creeping the permissions. Assuming you already have an older version you don't object to."
It doesn't auto update an app that has changed permissions anyway. Never has.
But also regarding the point of this article, that Android users who are too dumb to root can't manage permissions... how is that different from any other phone? on iOS they don't even tell you what Steve Jobs approved magical apps even do.
-
-
Wednesday 16th July 2014 15:32 GMT James Micallef
From Android systems ermissions page - https://developer.android.com/guide/topics/security/permissions.html
"Applications statically declare the permissions they require, and the Android system prompts the user for consent at the time the application is installed. Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security."
This is complete BS. It's no more complicated for users to grant permissions once at first runtime than once at install time. The document also makes no mention of why permissions are 'all-or-nothing'. Why can't I install an application but give it only a subset of permissions it asks for? Every app should be able to run gracefully even if denied certain 'optional' permissions. (Of course some permissions will be essential for some apps depending on their function, but in this case it's up to the developer to explain why certain permissions are needed)
-
Wednesday 16th July 2014 18:01 GMT Tinker Tailor Soldier
How do you make sure of this?
As you said, some permissions are essential to the app function. How do you deal with the inevitable moron that denies net access to their mail app? And how many apps in practice respond gracefully to having random things from the system fail. I don't think that Android necessarily strikes the right balance here, but the matrix is large and users are stupid.
-
Thursday 17th July 2014 10:07 GMT Adam 1
Re: How do you make sure of this?
>How do you deal with the inevitable moron that denies net access to their mail app?
You allow the developer to specify whether the token is mandatory or optional and you let them formally declare why they want it so the user can see it on the play store. The user can't reject a mandatory token but can reject an optional token.
The developer can then access a method to return whether token xyz is available. If not, they can hide the relevant button on the ui and offer a cut down experience of their app.
For backwards compatibility you could even assume all permissions of existing apps are mandatory. Over time, competitive forces should make developers think twice about the permissions that they demand. Google could even allow you to compare the permissions matrix between a group of apps selected by the user and add a filter to allow users to exclude apps with specific permissions.
Simples!
-
Thursday 17th July 2014 14:17 GMT Anonymous Coward
Re: How do you make sure of this?
"The developer can then access a method to return whether token xyz is available. If not, they can hide the relevant button on the ui and offer a cut down experience of their app."
Except that if you can revoke permissions at any time, those functions would have to be called every time anything is done in the app ever. Making it ridiculously slow.
-
Friday 18th July 2014 11:56 GMT Adam 1
Re: How do you make sure of this?
"Except that if you can revoke permissions at any time, those functions would have to be called every time anything is done in the app ever. Making it ridiculously slow."
Firstly, I did not describe a model where users could revoke permissions at any time. I suggested that they could choose which optional tokens they accept.
Secondly, the permissions are held in a manifest, and the OS could quite easily maintain a hashmap of application/permission. Even on modest phone hardware this would be capable of several hundred thousand containsKey calls per second. I am really racking my brains to imagine what sort of overheads you are imagining. I would be unsurprised if the OS does this behind each API call anyway.
-
-
-
-
-
-
-
Wednesday 16th July 2014 12:21 GMT IcyBee
Re: Yup, that's why I won't use apps.
Have you noticed the subtle change to they play store that Google made a few weeks back?
They have decided that all apps need "full network access", so it doesn't tell you that it has granted permission for them.
I noticed this when I installed a game that required "no special permissions" that then started serving ads.
I've decided to restrict my apps to those offered by F-Droid. You can't trust anything on the Play store any more.
-
Wednesday 16th July 2014 12:23 GMT Robert Helpmann??
Re: Yup, that's why I won't use apps.
It obviously does not stop with Android. I don't recall getting any sort of notification that Chrome would be able to access my web cam and mic. I just happened to notice that it had spawned yet another process. I realize that Flash and similar do this, but I can choose to enable, disable, or uninstall these if I wish. Now, Google have embedded this in their browser. Additional bloat, no or ill-defined user controls, and more... what's not to love?
Google seems to be intent on undermining any expectation that consumers should have control over their online lives. This is definitely not what I want to deal with.
-
-
-
Wednesday 16th July 2014 15:45 GMT Anonymous Coward
Re: El Reg story conjunction
One thing that concerns me.
Say, none of these apps are malicious or have malicious intent such that they install backdoor trojans or steel bank accounts or what not. So, why the required access to so many things? Why, if I install a simple app to convert from one unit to another, does it need access to my camera, my microphone, my wifi info, my storage, other devices on my network (Yes, there are apps that ask this)?
What info are they gathering and what is being done with this? Is it being sold, kinda like people used to do with telephone numbers and email accounts? Who is buying it?
In a world where every country now seems hell bent on collecting as much info about every living person in and out of their borders, it makes me wonder.
I feel somewhere that there is a huge profile of me, just sitting.
-
-
Wednesday 16th July 2014 11:23 GMT Mage
I agree
Despite the commercial axe to grind the Android model is COMPLETELY wrong.
Each aspect should be denied by default.
Only asked for activation when the Application needs to access it and then either:
Allowed once.
Denied this time.
Allowed every time unless user changes it later (Choice of notification or not)
Denied every time unless user changes it later (Choice of notification or not)
All settings to be accessible without launching the App.
-
Wednesday 16th July 2014 11:52 GMT John Robson
Re: I agree
One missing:
Simulate null data.
So when the app asks to read SMS you can either deny it, or pass it an empty list.
When it asks to send you can either deny, or accept the message and then discard it.
When it asks for location you can tell it you're in Greeenwhich (or some other selected place) or tell it to sod off...
-
Thursday 17th July 2014 17:04 GMT tecnofantom
Re: I agree
That's why I prefer to run the CynagoenMod version of Android, which with its Privacy Guard feature allows you to selectively block access to things that apps don't really need. You can also set Privacy Guard to be active on all apps by default. CM has been made very easy to install on a number of popular devices using the install tool on their web site.
-
-
Wednesday 16th July 2014 11:24 GMT Buzzword
Maths
68 per cent of apps (that request SMS permissions) ask for the ability to send SMS messages;
28 per cent of apps (with SMS permissions) also request read SMS access;
So out of a hundred apps which request "SMS permissions", 68 can send and 28 can read. What do the remaining 4% of apps do, if they request SMS access but neither read nor send?
-
-
Wednesday 16th July 2014 13:18 GMT R 11
Re: Maths
Seems hugely unlikely. I check permissions before installing any app, and don't recall any unusual ones asking for read/send SMS permission. So I dig around and find the actual source for the article: http://research.zscaler.com/2014/07/and-mice-will-play-app-stores-and.html
And sure enough, of the 75k apps, 7% ask for SMS permissions, or 5,250 of the 75,000 tested.
68% of apps with SMS permissions have the ability to send, so 68% of 7% is 4.76% of apps, from the 75,000 tested, can send text messages.
-
Thursday 17th July 2014 14:25 GMT Anonymous Coward
Re: Maths
"And sure enough, of the 75k apps, 7% ask for SMS permissions, or 5,250 of the 75,000 tested.
68% of apps with SMS permissions have the ability to send, so 68% of 7% is 4.76% of apps, from the 75,000 tested, can send text messages."
Not trying to bash the register here, but the media in general... kind of sad when the comments have done more research than the article. Reg should hire you.
-
-
-
Wednesday 16th July 2014 11:43 GMT ACZ
Yup.. rubbish permissions handling in Android
Like the article says (and various other articles have said before and commentards commented on), this is a fundamental problem with Android. I've got a Nexus 5 and Android's permissions handling is the main thing that would push me back towards using an iOS device.
-
Wednesday 16th July 2014 12:07 GMT Sven Coenye
Re: Yup.. rubbish permissions handling in Android
It is not all sunshine and roses on iOS either. It can grant total control over the phone without even telling you it did.
We use a hosted Exchange domain via outlook.com. After MS switched that to O365, my Android phone popped up a request to install a device adminstrator that would give MS persmission to go as far as wiping the phone, including vaporizing all other data. On iOS, you do not get that warning.
-
-
-
-
Wednesday 16th July 2014 17:34 GMT Anonymous Coward
Re: iOS is worse!
"I would be careful with your degree of smugness.....I too like BB10 but when I wanted a spirit level and thought 'there must be an app for that' I found the first three all wanted access to my contacts and the Internet???????"
The difference is that if it's a native BB10 app you are in complete control of what an app can and cannot access. So you can take an app that wants to do things like access the internet, and stop it doing that. Unlike Android. Most of the apps I've de-permissioned don't seem to care anyway.
Interestingly you cannot change the permissions settings of Android apps running on top of BB10. Seems that highly undesirable characteristic of Android has followed the apps across...
-
-
-
-
-
-
Wednesday 16th July 2014 17:06 GMT cambsukguy
Re: Yup.. rubbish permissions handling in Android
WP mentions required permissions in the store listing, lists them at install time, and apps prompt for location permission, if required, when first run.
When an update occurs, a list of apps in the update list (when using update all) shows those that want location.
These always appear to be legitimate. Some apps will work without knowing your location, not certain which but I have seen the prompts like "...works better with location to give you more accurate results...", IMDB might be an example.
MS specifically state that the location given is anonimised, but I am not sure how that makes sense if the app knows who you are. Mind you, the phone identity doesn't tell the app who you are so they basically may have a phone they know and a location they know but the still don't know who you are exactly.
-
Thursday 17th July 2014 04:12 GMT Steven Roper
Re: Yup.. rubbish permissions handling in Android
"MS specifically state that the location given is anonimised, but I am not sure how that makes sense if the app knows who you are."
It makes perfect sense, when you consider that MS is simply saying "It's anonymised" as placatory buzzword blurb intended only to allay your privacy concerns and get you to buy the product - or BE the product, as the case may be.
"Anonymised" doesn't actually mean anything to these people, to them it's just another meaningless buzzword that they've figured out that consumers like to hear, along with expressions like "scientifically proven" and "as seen on TV."
-
-
-
-
-
-
Wednesday 16th July 2014 11:46 GMT ElReg!comments!Pierre
Real concern but rubbish assumptions
Most people I know choose their apps first by comparing the list of permissions asked; only after that do they compare looks etc. Litterally all the people I know who own an Android device has at least once refused to install an app because it asked for unreasonnable permissions.
So, the concern is real, and it is a pain in the nads that you can't handpick permissions that you grant (well, without getting your hands dirty under the hood at least). But the assumption that it results in people not paying attention to security is -in my limited experience- rubbish.
-
-
Wednesday 16th July 2014 17:45 GMT bazza
"Yes this sucks but its the app writers fault not google, they request ludicrous permissions for their apps."
It's not ludicrous from their commercial point of view. If they can make more money by doing so then they will. They have to make a living after all, and Android is a crummy platform to try and sell software on given that piracy is appallingly easy.
Google have a slight problem. If they improve the end users control of permissions then the free apps will disappear because the app writers will lose their profit making model. And without major changes to Android it will remain ludicrously trivial to pirate paid-for apps. In short, Google have carelessly pushed out an underdeveloped, badly thought out mobile ecosystem that will one day cause catastrophic damage to their reputation, and it's too well entrenched now for them to make the necessary changes.
-
Wednesday 16th July 2014 12:17 GMT Jonathan Richards 1
Don't forget the camera...
Several apps I run have recently asked to add to their permissions on update to be able to take pictures and record audio at any time. I am sufficiently creeped out by this to have installed Disable Camera.
I totally agree that the permissions model is not correct, and the recent "simplification" has made things worse. Updates *used* to tell me which permission requests were new, and now they don't.
-
This post has been deleted by its author
-
Wednesday 16th July 2014 12:19 GMT Olius
Old news but still not fixed!
Unbelievable that Google refuse to fix this. People have been saying for literally YEARS that the OS could easily fake giving the app all the permissions it wants and supply dummy GPS, a tmpfs filesystem instead of SD, a fake SMS list etc etc ETC, but Google will not listen.
Here's a bug report of this from *2009* -
https://code.google.com/p/android/issues/detail?id=3778
-
Wednesday 16th July 2014 13:16 GMT Anonymous Coward
Re: Old news but still not fixed!
You shouldn't have to send dummy data. Any app should check for a permission before trying to access it. My Nexus 7 has no SMS client, no phone dialler etc. so, any apps that require those and try to access them will probably crash unless the code sensibly checked beforehand.
There are perfectly sensible reasons why certain functions are not available to apps, not just the revocation of permissions. Tablets with no 3G chips, PC/dongles with no cameras, no wifi for all devices at times.
If any app crashes because I don't want it to have access to SMS, contacts etc., then it is poor coding by the dev.
Seeing as Google ad Facebook compete for the advertisers dollar, surely anything that allows Google users to restrict the tentacles that the FB app tries to wrap around their devices would be seen as a good thing?
-
Wednesday 16th July 2014 13:56 GMT sabroni
Re: Any app should check for a permission before trying to access it
and if that permission changes? Apps need to gracefully handle things failing, whether that's because of a permission or some other error. There's no harm in checking first obviously, but that's no excuse for crashing if the call fails.
-
Friday 18th July 2014 08:11 GMT Nick Ryan
Re: Old news but still not fixed!
I too have a Nexus 7, and install apps on it rather than my phone for precisely this reason - no SMS, phone dialler, etc. really restricts what apps can do. I've deleted and purged quite a few apps where it turns out that they implement cretinous behaviour such as install system notification processes, reminding you to come back to play the game and other nonsense. It's ****ing game, why does it need to know when my device starts up?
-
Wednesday 23rd July 2014 08:41 GMT Olius
Re: Old news but still not fixed!
Sorry, didn't see this response, don't know if this thread is still alive, but...
At the time - and at any time - there are MANY apps already written. The original bug report suggested that these permissions should be even more granular and should be user selectable both at install time and at any time after.
Google's, rather valid, argument was that the existing apps would break if this were done.
The counter argument was that apps that didn't handle being denied access they are expected and crashed (due to being old or poorly written) could be allowed to cope by having dummy data given to them through these interfaces rather than being explicitly denied access to them and having unhandled "access denied" errors thrown. This would give the best of all worlds - a set of apps that are stable under all user conditions, and improved security for the user.
This counter argument was ignored and the bug report closed for reasons never expressed.
-
-
-
Wednesday 16th July 2014 12:19 GMT Joe Harrison
The way I limit this
1. Cyanogenmod "privacy guard" natively allows you to prevent apps looking at your private stuff, contacts etc. regardless of what permissions the app thinks it has.
2. Use a PAYG SIM and not put much credit on it. That way a rogue premium dialler can at worst cost me ten quid or so.
Not saying this is a complete fix but it prevents the two most heinous problems.
-
Wednesday 16th July 2014 12:20 GMT Novex
Rooting
I didn't buy an Android phone until I felt sure I could root it and install a 'firewall' around the core (in my case I use xprivacy). Despite having to do that, and keep an eye on xprivacy settings too, I'm very glad I did as some of the app permission requests beggar belief.
However, I agree with comments above that such pullovering ;-) about shouldn't be necessary. There really should be a proper permissions capability built into Android right 'at the core' giving a user total control over what data and facilities can be seen/used by any application, without having to do such things as 'booting and rooting'.
-
Wednesday 16th July 2014 13:14 GMT durbster
What I don't understand is why they don't force developers to explain WHY they need access to each feature. Sometimes it might want access to something for entirely innocent but slightly obscure reasons, so you're never quite sure whether to be suspicious or not.
Rather than saying this app requires access to:
Your camera
Your contacts
SMS
It should say this app requires access to:
Your camera: To see if you have a moustache
Your contacts: To allow you to send your high score to your contacts
SMS: To text your mum and tell her your phone is secure
-
Wednesday 16th July 2014 13:25 GMT Terry 6
Developer's reasons
I NEVER install an app that wants phone access, (unless it's a phone app).
But almost all the ones I look at do require this. For no apparent reason at all.
And phone access is a big blanket permission. It's your ttotal phone history, who you spoke to and when.
So sometimes I email and ask why.
Very few reply.
One or two that did have had excuses like, "So that it doesn't interfere with your calls."
Which is pretty much just a load of bollocks.
I just assume that if an app wants access to my call it's because they are gathering this into a database.
-
Wednesday 16th July 2014 16:55 GMT Craigness
Re: Developer's reasons
AFAIK Android does not send out alerts to apps when a call comes in. So if you have an app which plays music or makes some kind of noise, it has to have access to the phone APIs in order to know when to mute itself. Because the API is not sufficiently fine-grained, developers need to ask for a lot of private information in order to behave nicely when your mum calls.
So the good developers will ask for this permission. But so will the bad ones.
-
-
Wednesday 16th July 2014 13:55 GMT Whitter
Not just what and why - but what, why and when
An app needs SMS access to allow it to send/receive authorisation codes for example: this may be a good thing to do. But the permission will let it access/send SMS any messages anytime. Dragons beware: even if the original app designer doesn't intend to abuse the privilege(s), a hacker piggybacking on it might. Or the big megacorp that buys out the designer with greedy eyes on the contact lists of its userbase.
-
Wednesday 16th July 2014 14:49 GMT thomaskwscott
Focusing on SMS
SMS seems a strange thing to focus on. Especially since in KitKat only the default SMS app is allowed to send SMS and there are actually now two types of Receive SMS with the default app getting one and any other apps getting a far more limited version. It seems Google are taking steps.
That said, the model where permission is granted as required is so much better. App developers almost never tell you why they need those permissions so you have to make a choice to trust them without knowing the details of their usage. An on demand model would be much clearer to the user. Maybe we'll get it in Android 5?
-
Wednesday 16th July 2014 15:26 GMT Anonymous Coward
Oh, how the IT world changes....
... and only for the better, of course. ;-)
At one time you needed anti-virus software to protect yourself from unwanted software. Now it seems there is an opportunity for the AV vendors to provide protection from wanted software.
[Skeleton icon == too old for this now]
-
Wednesday 16th July 2014 16:08 GMT Anonymous Coward
Android permissions cannot revoked after installation?
"Android permissions cannot be denied or granted after installation"
ref: 'This is all changed with a hidden feature released in version 4.3 (Jelly Bean), which allows users to revoke permissions after installing a particular app'
ref: 'Android 4.3 has a hidden feature! It's called "App Ops" and it lets you selectively disable some permissions for your apps'
-
Wednesday 16th July 2014 16:58 GMT Uncle Ron
The 'Why' of it is not that clear...
I can see why some app developer would want permissions to do all sorts of things in order to monetize it's free app. But it shouldn't be allowed. Apps ask for all manner of stuff that is in no way required by the app to function. That should be the end of it. I don't load any but the most high viz apps (like Netflix, MLB, etc.) and won't load any that require permissions beyond what the app needs to function. I think Google should clamp down. I'm sick of it. No app needs my friends e-mail addresses in order to function. The developer is simply selling these addresses to third parties. Shouldn't be allowed. A pox on all their houses.
-
Wednesday 16th July 2014 17:15 GMT Anonymous Coward
system apps
It's even worse as a lot of the "system" apps on my tablet, mostly Google but some Samsung, are the worst offenders. They've have had huge permission creep with each upgrade - and I can't even uninstall the blasted things (without rooting) even though they are humungously intrusive, unwanted, unused, and clog up my machine.
-
Wednesday 16th July 2014 18:07 GMT PaulR79
Best option
I've thought about this a lot because it always bothers me why some apps request permissions they do and unless you can figure it out your choices are accept and use it or refuse to install. Android started making developers include changelogs with each update and while that's been abused by some with poor logs such as "bug fixes and performance improvements" there are those that use it properly.
What I'd propose is similar to requiring changelogs. For every permission required the app has to state clearly why they need them. For camera apps to use camera is obvious but a torch app needing network access isn't so obvious until you see that it's ad supported. Then there are the really broad permissions like Facebore ask for that I'd never be ok with allowing.
-
Wednesday 16th July 2014 18:59 GMT Anonymous Coward
Feeling my age..
I'd really, really like a 'phone that just does voice calls and SMS, with a decent phyical keyboard (can be QWERTY, A-Z or Keybee, so long as it;s not that horrid 3 letters per key you get on small phones). If I want computer functions in something I carry around with me, I'll buy a flipping computer, thank you very much, and one with a decent operating system, which definitely leaves out Android, IMHO.
Never would have thought thirty years ago that I'd be feeling so jaded and UN-excited by technology; smartphones and tablets have got the kind of processing power I dreamed of being able to put in my handbag when I was in my twenties, but dear me, I really didn't imagine the durned things would be this dreadful and annoying when they finally came to be. I did try an Android tablet back at Android 2.1 (a cheap Kogan, I can;t afford the better stuff), and rapidly came to the conclusion it seemed like a nightmarish version of Linux done about as badly as it's humanly possible to, with least consideration for the users wants and needs. At which point I switched the wireless off, and it's simply been a portable media player ever since. I'm not letting it near the internet ever again.
Sigh.. time to book my spot in the Rest Home for Grumpy Old Biddies methinks.
Oh - and can Google be done for fasle advertising - 'we are not evil'? pah! (mutter grumble, slouches off..)
-
Wednesday 16th July 2014 20:56 GMT NT1
Better Google Play search - they know how!
I have no problem with all or nothing permissions. What I do have a problem with is the inability to exclude apps from search results with permissions I find intolerable. E.g. I should be able to (always) exclude apps from search results which require access to SMS messaging because I *never* want any app which requires this. Exclusion from results would be a good incentive for developers to not ask for them. If everyone could exclude these apps then they would have no presence and make no money through nefarious acts.
Of course, some apps legitimately need permissions - and when I want an app of that nature, then I'll temporarily enable that permission in the search results. Otherwise, complete exclusion for me.
And Google are more than capable of implementing this trivial filter in searches. And they would gain points for doing so.
-
Thursday 17th July 2014 12:07 GMT Wize
Auto Installing Apps
Having a Samsung S4, I have a few apps that, no matter how often I remove/disable (some are bloatware so cannot be removed totally, just set to disabled) they will re-enable themselves and update themselves.
Apps, such as ChatOn, Flipboard, S Health and Trip Advisor.
Some apps I've not updated, such as Facebook and Twitter as the new versions want too much access. No you cannot read my SMS and play with my wifi settings.
Facebook are trying to force and update by disabling the build in messaging and making you install another app, which has all these nasty permissions too.
-
Thursday 17th July 2014 15:12 GMT Anonymous Coward
What can we do
For users who care about their privacy and security, there are not too many options. You can root your device to control the permissions, but root comes with its own security risks. Or you can use an app like Safe Play to keep unsafe apps out. Antivirus are a bad solution because they come after the damage is done.