Are we opening ourselves up to privacy and security issues in our rush to get that great-looking app on our phone or tablet? I think we are. This is arguably old news, but it bears repeating if you don’t already know.
Just as we have had to learn to be suspicious about incoming emails and the links they may contain, we need to pause before installing apps. I’ll write this post from the perspective of Android apps for now. The situation on iOS is generally better in my view, but it’s not black and white and I’ll try to add the colour back to this later on.
I’m not having a knock at Android for the sake of it. At home I use Windows, Linux, iPads and have used Android for my phone for five years or so.
Let’s get straight to an example before I waffle too much as that’s the easiest way to understand what I’m talking about.
I’m not picking on this app in particular, it’s just a handy example. I went looking for a spirit level app for my phone. There are quite a few. One of the highest rated on the Play store at the time of writing is iHandy Level Free with a star rating of 4.5 from nearly 9,000 reviews. It has had 500,000-1,000,000 installs according to Google’s Play store.
- receive data from Internet
- view network connections
- full network access
- disable your screen lock
- control vibration
- run at startup
- prevent device from sleeping
- change system display settings
- modify system settings
I took my privacy in my hands and briefly installed the app just to see all the amazing functionality that it provides which justifies all of these permissions.
It’s possible to see how some could be needed (perhaps you don’t want your phone to sleep if you’re trying to use the spirit level), but most offer no advantage that I can see. The app simply displays a spirit level and has a hold button used to freeze the measurement. It also has a calibrate function so that you can put your phone on a known flat surface and calibrate the sensor. Ironically, Google doesn’t seem to have a permission for the tilt sensor which is the only thing which is really crucial for this app.
So this app can know exactly where you are whether or not you have run it (it is allowed to run at startup) and it can read all of the information on your SD card, modify it and delete it if it wants.
Because it has full network access it can also transfer any information it likes.
And these are all permissions which 500,000 – 1,000,000 users (including me briefly in the interests of research) have given it.
Or we could choose an alternative free spirit level app (e.g. Bubble level (Spirit Level) rated at 4.2 from 114K reviews and 10- 50M downloads which requires no additional permissions. N.B. This app does request the Other permission group, but doesn’t currently use any special permissions from that group. If it asks for them in an automatic update later on, Android will ask for consent before giving the app these permissions.
Occasional musings 