I love the freedom and configurability that my Android phone offers me but I’m also very concerned about my privacy.
Recently I’ve been hooked on checking app permissions of popular apps in the Android Market and I’m increasingly concerned about the permissions that app developers are assigning to their mobile applications.
Tonight I’m checking the permissions behind one of the most popular weather widgets in the Android Market that has been downloaded a couple of million times and can boast of an excellent user rating. From a usability point of view, the widget interface is super-cool with great graphics and is easy to set up.
But it alarms me that this simple weather widget that basically sources weather information from a weather bureau and displays this information via pretty graphics has the following permissions (among others) listed:
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system’s various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
MOUNT AND UNMOUNT FILESYSTEMS
Allows the application to mount and unmount filesystems for removable storage.
CHANGE NETWORK CONNECTIVITY
Allows an application to change the state of network connectivity.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other application.
So is there a faster way of determining which apps pose a risk?
There are free applications in the Android market that you could use to track the permissions of other applications. Applications such as PermissionDog appear robust enough to serve the purpose of monitoring app permissions on your mobile because they err on the side of caution, i.e.; some of Google Inc’s own applications are flagged as being dangerous based on their access rights. See some screenshots below.