daveposh's musings

July 17, 2012

Permissions? What are your phone apps requesting?

Filed under: — daveposh @ 9:11 pm

I have an android phone (HTC EVO 4G LTE from Sprint) and every now and then it asks to update apps on the phone. I normally accept the updates, but recently decided to look at what the permissions I am allowing during the update.  I was surprised!  Here is the text displayed with the update for Facebook for Android (my emphasis is in RED).

 

This app’s permissions have changed to have access to the following:

Phone calls
NEW
Read phone state and identity

NEW Read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of the phone, whether a call is active, the number that call is connected to and the like.

Storage
Modify/delete SD card contents

Modify/delete SD card contents
Allows an application to write to the SD card.

System tools
Prevent phone from sleeping, write sync settings

Prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.

Write sync settings
Allows an application to modify the sync settings, such as whether sync is enabled for Contacts.

Your location
Fine (GPS) location

Fine (GPS) location
Access fine location sources such as the GLobal Positioning Sstem on the phone, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.

Hardware controls
Record audio, take pictures and videos

Record audio
Allow application to access the audio record path.

Take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.

Your accounts
Act as an account authenticator, manage the accounts list

Act as an account authenticator
Allows an application to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.

Manage the accounts list
Allows an application to perform operations like adding, and removing accounts and deleting their password.

Your personal information
Read contact data, write contact data

Read contact data
Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.

Write contact data
Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.

Network communication
Full internet access

Full internet access
Allows an application to create network sockets.

See all————————————

Network communication
Receive data from internet, view Wi-Fi state, view network state

Receive data from Internet
Allows the application to accept cloud to device messages sent by the application’s service. Using this service will incur data usage. Malicious applications may cause excess data usage.

View Wi-Fi State
Allows an application to view the information about the state of Wi-Fi.

View network state
Allows an application to view the state of all networks.

System tools
Install shortcuts, read sync settings

Install shortcuts
Allows an application to add shortcuts without user intervention

Read sync settings
Allows an application to read the sync settings, such as whether sync is enabled for Contacts.

Hardware controls
Control vibrator

Control vibrator
Allows the application to control the vibrator.

Your accounts
Discover know accounts

Discover know accounts
Allows an application to get the list of accounts known by the phone.

 

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress