There has been a huge uproar in the Android circle with the latest reports of several Android apps stealing personal data of users, and one such app, a wallpaper app called “Jackeey” has been exposed as potentially being a piece of malware designed to steal your personal info and send it to China.

US-based security firm Lookout revealed the results of its ‘App Genome Project’ report, demonstrating that around 300,000 applications for both Apple’s iPhone and Google’s Android operating systems, were stealing user data. But if you are an Android user, here are some useful tips to stay safe and secure your data from these malicious apps.

Android Apps Permissions Explained

When you install an application from the Android Market, it will tell you all of the permissions it needs to function. These are important to read as it can give you an idea if the application is asking for permission to do more than it needs. While some legitimate apps often ask for more permission than they need, it should at least raise an eyebrow when deciding if an application is safe and of good quality.


Again, to see the permission given to an application after installation, go to the Market, press menu > downloads, then select the app, press menu again, then press security.

android-permissions

This list was initially prepared by alostpacket who talks about android security in greater detail. The list is not definitive by any means and will be updated as and when it is needed.

  • Services that cost you moneymake phone calls
    This permission is of moderate to high importance. This could let an application call a 1-900 number and charge you money. However this is not as common of a way to cheat people in today’s world. Legitimate applications that use this include: Google voice and… (suggestions needed here).
  • Services that cost you money - send SMS or MMS
    This permission is of moderate to high importance. This could let an application send an SMS on your behalf, and much like the phone call feature above, it could cost you money. Certain SMS numbers work much like 1-900 numbers and automatically charge your phone company money when you send them an SMS.
  • Storage - modify/delete SD card contents
    This permission is of high importance. This will allow the applications to read, write, and delete anything stored on your phone’s SD card. This includes, pictures, videos, mp3s, and even data written to your SD card by other applications. However there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission. You will have to use your own judgment and be cautious with this permission knowing it is very powerful but very often used by legitimate applications. Applications that typically need this permission include (but are not limited to): camera applications, video applications, note taking apps, backup applications.
  • Your personal information - read contact data
    This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn’t much of a reason to give an application this permission. The one exception to that rule includes typing or note taking applications and/or quick-dial type applications. Those might require your contact information to help make suggestions to you as you type. Typical application that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
  • Your personal informationread calendar data, write calendar data
    This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access.
  • Phone calls - read phone state and identity
    This permission is of moderate to high importance. Unfortunately this permission seems to be a bit of a mixed bag. While it’s perfectly normal for an application to want to know if you are on the phone or getting a call, this permission also gives an application access to 3 unique numbers that can identify your phone. The numbers are the IMEI, IMSI and a 64 bit unique id that Google provides for your phone. Some software developers use this as a means of tracking piracy. Additionally, any developer targeting older versions of android (1.6 and earlier I believe) will get this permission automatically added to their app. Nevertheless, while this permission can be innocuous, it is one to keep a good watch on. As someone posted in this thread the application Locale was caught sending this information over the internet unencrypted to a third party — much to to the surprise of it’s users.
  • Your location - fine (GPS) location
    While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications.
  • Your locationcoarse (network-based) location
    This setting is almost identical to the above GPS location permission, except that it is less precise when tracking your location.
  • Network Communicationcreate Bluetooth connection
    Bluetooth is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices.
  • Network Communicationfull internet access
    This is probably the most important permission you will want to pay attention to. Many apps will request this but not all need it. For any malware to truly be effective it needs a means by which to transfer data off of your phone, this is one of the setting it would definitely have to ask for. However, in this day and age of cloud computing and always-on internet connectivity, many, many legitimate applications also request this. You will have to be very careful with this setting and use your judgment. It should always peak your interest to think about whether your application needs this permission. Typical applications that would use this include but are not limited to: web browsers, social networking applications, internet radio, cloud computing applications, weather widgets, and many, many more.
  • Network communicationview network state, view Wi-Fi state
    This permission is of low importance as it will only allow an application to tell if you are connected to the internet via 3G or Wi-Fi.
  • System toolsPrevent phone from sleeping
    This is almost always harmless. An application sometimes expects the user to not interact with the phone directly sometimes, and as such would need to keep the phone from going to sleep so that the user can still use the application. Many applications will often request this permission. Typical applications that use this are: Video players, e-readers, alarm clock ‘dock’ views and many more.
  • System toolsModify global system settings
    This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android’s main ‘settings’ window. However there are a lot of these setting that are perfectly reasonable for an application to want to change. Typical applications that would use this include: Volume control widget, notifications, widgets, settings widgets.
  • System toolsread sync settings
    This permission is of low impact. It merely allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
  • System toolsWrite Access Point name settings
    I need a bit of clarification on this setting myself. I believe this relates to turning on and off wifi and your 3G data network. (if someone can comment and clarify I would greatly appreciate it and update this guide to reflect). Essentially however I believe this to be similar to the ‘modify global settings’ permission above.
  • System toolsautomatically start at boot
    This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in an of itself, it can point to an applications intent.
  • System toolsrestart other applications
    This permission is of low to moderate impact. It will allow an application to tell Android to ‘kill’ the process of another application. However that application should have the option of immediately restarting itself.
  • System toolsretrieve running applications
    This permission is of moderate impact. It will allow an application to find out what other applications are running on your phone. While not a danger in an of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets.
  • System toolsset preferred applications
    This permission is of moderate impact. It will allow an application to set the default application for any task in Android. For instance clicking on a hyperlink in your email will bring up a browser. However if you have more than one browser on your phone, you may want to have one set as your ‘preferred’ browser. Typical legitimate applications that require this permission include any applications that replace, compliment, or augment default Android functionality. Examples of this include web browsers, enhanced keyboards, email applications, Facebook applications and many more.
  • Hardware controlscontrol vibrator
    This permission is of low importance (but could be lots of fun). As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
  • Hardware controlstake pictures
    This permission is of low importance. As it states, it lets an app control the camera function on your phone.
  • Your accountsdiscover known accounts
    This permission is of low importance. As far as I can tell it just tells the application if you have a Google account/Facebook account, but doesn’t tell the application anything about that account.

This is a guest post by Nabeel Ahmed who is an enthusiastic new blogger who writes about Technology, WordPress & Social Media on Mushive. You can also follow him on twitter @mushive

386
SHARES

 
Founder-Editor

Raju is the founder-editor of Technology Personalized. A proud geek and an Internet freak, who is also a social networking enthusiast. You can follow him on Facebook and on Twitter. Mail Raju PP. Follow rajupp

 
 
  • http://sam.ai.ki/ Sam Watkins

    thanks, a great summary of Android permissions, very helpful.

  • alex k

    really good list
    appreciate it very much as a first-day user

  • john star

    is there any way to turn some of these off? fight apps with app…perhaps?
    Does IMDB really need my GPS location? I’m just saying!

    • Shiftastic

      Imdb uses your location to find the movie theaters closest to you

      • PassingThru

        how about instead its asks instead of prying into my privacy. I came to this site because I just got an android phone. I do not plan to download any apps at this point. My privacy is too important (really taking pictures access when ever it wants? – not needed)

  • Vlad

    A great summary. The ‘Write Access Point name’ permission allows an app to modify access point names – the settings that control how your phone connects to the internet via cellular. For example an app could change this setting to make your phone connect via a WAP gateway, which could be more expensive, depending on your phone company. Some applications use it legitimately. For example, APNDroid mangles APN settings on your behalf to help you keep your phone from using cellular data when you don’t want it to.

    Also, the ‘take pictures’ permission is not that innocuous. It can be used to take pictures and record videos without user’s knowledge.

  • stephaneb95

    Thanks for that guide I definetely needed into the android jungle.
    I have spent many days trying to figure out why some apps had
    the Phone calls and the Storage permission in the app. manager though it wasnt asked before downloding in the android market…
    I have a question:
    Can applications with fine (GPS) location turn on the GPS or it just
    retrieves older information in the GPS log?
    Thank you for your reply.

  • Abdul

    I steel don’t understand the need for app to control the camera

    • Shiftastic

      If you use apps like adobe photoshop or picsay pro you can take a photo from the app instead of using your gallery in which it would need the permission to use your camera

    • George

      Augmented reality and bar-code/QR scanners also make use of the camera.

  • http://www.diamondroid.com Mattias

    Check out Privacy Blocker. This app can remove permissions for those who are concerned of privacy!

  • prowse!

    One way to generally look at Android permissions is to consider: when a permission is merely requested to make your in-app experience more “convenient”, ask yourself, “Do I mind if an app would only really occasionally need to send an SMS or MMS or make a phone call FOR me, or would I rather have a pop-up asking me very seldom?”. That is the key, is the app likely to SELDOM if ever need to make a call or check your location, or NEED to Do these things ALOT of the time? If the latter, like GPS for a GPS app, or SMS for an IM app, probably needs those perms, but a Photo app needing to make a phone call? Not so much.

  • jeff

    Take pictures and record video when they want ?? Hello guys.wake the egg up !!! That’s privacy invasion you are allowin

  • peter

    thanks im using privacy blocker now

  • aihara

    as far as I know, there’s some popular apps in android market that “cheats” with their permission stat. e.g. like popular game Unblock Me free, which pre-installation the market stated it only need permission for Full Internet Access, but strangely after installation it stated that the apps also has access to the “phone state and indentity” and “modify/delete SD card contents”

  • Joern

    I’m missing a system tool setting here: “read system log files”.

  • Shiftastic

    Most free apps need “full internet access” to allow ads to be running while you play on the app

  • http://www.workingwordspro.com Marilyn

    I also would like to know if there’s a way to get the apps without granting these onerous permissions, which I think are invasions of privacy and should not be required for apps to run. The phones and data mgs are expensive enough; one should be able to download whatever apps one chooses without granting permissions to snoops with no business knowing one’s personal and private business. Anyone come up with an app to bypass these permissions?

  • Angela

    Great info for a new Android user! Answered many of the questions I wanted answers for and answered many questions I didn’t know I needed to ask! Thanks.

  • me

    good info, but what about the permission: Your Accounts: act as an account authenticator, manage the accounts list…? this is one of the permissions listed on the Facebook for Android app. i mean i have no problem manually logging into the facebook website, but of course its more convenient to have an app for it. so what does that one mean? i dont need someone pretending to be me.

    • http://techpp.com Raju PP

      Most possibly, it is referring to the management of FB accounts within the app (assuming you have multiple Facebook profiles). In that case the app must manage your profiles and authenticate them as and when it is required. May be Nabeel can provide more inputs here.

  • kate

    Am also interested in the answer to managing accounts. Just looked into locus navigation app which has good feedback and seems trustworthy, but why does a GPS app need access to my accounts?

  • Richard

    You said, “Services that cost you money – make phone calls…: Google voice and… (suggestions needed here).”

    Here’s another one:

    Google Maps (latest as of Sept 2011) asks for this permission (among a host of others)

    • Helpful

      yes because when you click on a business or cafe etc on google maps you have the oportunity to ring them (to book a table for example) direct from google maps, it saves writing down the number and re keying it all!

  • Frankie

    Now – How to you turn the permissions on and off?

  • Virginia

    Hi and thank-you so much for this page.
    I would like to know if by rooting ones phone, one has a better control over the apps permissions?

  • Roman

    Great to know but it seems most apps require unnecessary permission so is there really any choice? Seems like using apps on the Android and giving up your privacy go hand-in-hand. I imagine all this information gathering and accessibility to everything we do in life is valuable to big brother business. Is there somewhere you can go where you’ll find trustworthy apps that DON’T try to get unnecessary permission?

  • Keli

    Thanks for the info. Now I know how careful I have to be in regard to apps!

  • Berkan

    This article helped me alot.

    thanks

  • Lyshian

    Hardware controls
    take pictures and videos
    Allows
    the app to take pictures and videos with the camera. This allows the
    app at any time to collect images the camera is seeing.

    IS this low importance. I’m not sure how comfortable I am with a device that can record what I’m physically doing or saying without me knowing about it. Granted one could just cover the camra and mic, but I don’t like the idea of my tablet taking random videos and pictures of my kids.

    • bruce

      some of the worst intrusions he did not cover. why is there not an out cry over these attacks on our privacy. why is there not a petition to our government to stop these kinds of things. if I was text savvy I would start one. something must be done.if you have an Android phone it comes with lots of permissions already on it.

    • bruce

      this was not a good article. I think this guys doing damage control for google .he ignores the more invasive permissions asked by Google play apps. I think most people download these apps without even considering the permissions that they are giving these apps. these are Blatant invasions of our privacy. what can we do about this?????

  • mr I like my privacy

    I agree the most serious imho is the cotrol of the camera. who needs to have control of our cameras let alone our childrens and what do they do with these images????????

  • Gustavo

    “Hardware controls – take pictures
    This permission is of low importance. As it states, it lets an app control the camera function on your phone.”

    Hello, I have to disagree with this one about being of low importance. Couldn’t it allow apps to take pictures without your control? And more than that, the permission description on the Play Store says “This permission allows the app to use the camera at any time without your confirmation.” So, I feel worried about it, they even say “at any time”, that’s too much for a permission of low importance.

  • TR from T.O.

    I’m with you guys. I don’t have a camera app on my new Nexus 7 because they all seem to want complete control over my machine. What am I missing? Who would agree with that?

  • jun

    There’s more than that. Some apps send messages without confirmation. Others can unlock your screen, modify and delete info from sd card, record audio without confirmation, access all your contacts. Some even say “Malicious apps may cost you money by making calls without confirmation” and others may give away your contacts to a third party. There are other worse permissions out there we don’t even read and grant them green light. Why isn’t something done about this? I can’t even download fox news without me surrendering my privacy to them.

  • dave

    I have to agree with most of the comments here. Some one gives you a box and tells you to carry it with you and it is going to anonymously record audio and video and send it out, and oh by the way, you are going to pay for it. And we do it! If your phone is in your bedroom you can be watched. Now isn’t that a nice thought

  • oroto

    A) skype uses the phone calls permission so that you can call with skype from contacts or dial a number in Phone and use skype to call(using skype credit) b) the most common use of “read phone state and identity” is by ad supported apps so they can tell the ad agency if your device has received an ad. The same reason applies to permissions about network and wifi state and connection.

    • oroto

      Also apps like games that ask for course location, the location info is given to the advertisers to show local ads, however imo they shouldn’t be allowed that because using coarse location (basically cell tower triangulation btw) they can track you to accuracy of 3 miles or less

  • oroto

    Also, all you guys talking about it taking video whenever it wants, a piece or 2 of duct tape on your cameras solves everything