What You Need to Know About Android Permissions and Rogue Apps

BY GreenBot Staff

Published 11 Jul 2014

Recently, an imitation game called Subway Train Game, with multiple unnecessary permissions, rocketed to the top of the Play Store charts. This incident highlights the importance of protecting yourself by checking permissions before downloading apps. Here’s a look at the necessary permissions you need to be aware of and what they’re capable of.

Subway Train Game

Early in one, an app called Subway Train Game became a top game in the Play Store rankings. It seemed to be an organically growing slammer of a hit game. However, as Reddit users began to dig deeper, a problem became apparent. They discovered the app was a scam, partly because the permissions requested on installation were way beyond. What would generally be needed for a simple game. This included access to the device microphone, camera, and GPS location, none of them required for a simple chase game. This means that we need to watch out for you and me. A general lack of code review by Play. Which many consider a good thing because it allows apps to be uploaded quickly, exacerbates the need for self-preservation.

Permissions are a Dead Giveaway

Subway Train Game has now left the station. But the potential is there for big trouble ahead if we users don’t read and act on app-relevant permissions. To complicate matters, the full list of permission options are not displayed when installing an app on your phone. You have to look for the detailed list in the app description. On the mobile version of the Play store or visit the Play store on the web.

Finding Detailed Permissions

Search for the app in the Play desktop version, then scroll down the page to the Additional Information section. You can use an Android device browser if you don’t have a laptop. For the Play Store app on your Android phone. You can scroll down to the bottom of an app, to the Additional Information section. Tap on the little View Details link to get detailed permissions information.

permissions play privacy permissions ss
The mobile version of Play is vague. Use a desktop browser for the details.

If you want to claw back some safety, you’ll have to know which permissions are worth worrying about. Context matters; a mapping app requires your location, while a simple game probably doesn’t. However, if that game has a find opponents near me function. It does make sense for it to know where you are. You’ll have to use some common sense but consider these the scariest permissions to keep an eye out for.

Phone

Direct call phone numbers permission can be used to dial revenue-generating numbers belonging to baddies. While this is legitimate permission in phone-based calling apps. Like Viber or Skype, most other apps don’t need to make phone calls.

permissions facebook ss
Facebook’s app wants to be allowed to make calls.

SMS

Authorizing the Send SMS messages permission can eat into your text messaging allowance. There’s no need for this permission unless it’s for a communications-based tool like WhatsApp Messenger or calling apps. Some Internet-only messaging services, like Skype, don’t even ask for it.

permissions facebook mobile play ss
The permissions listed on the mobile app popup are sort of vague, compared to those on the web.

Contacts/Calendar

Reading your contacts, Adding or modifying calendar events. Send emails to guests without owners’ knowledge are two permissions that you should be extremely wary of. Whereas the previous two permissions can bilk you out of your savings. These can find out who your friends are and spam them. Social networking apps like Facebook use this permission legitimately and back it up with a privacy statement. Check for privacy statement links on app developer Play pages.

Photos/Files

Modifying or deleting the contents of your USB storage permission allows data tomfoolery. Like uploading private camera images to a server. It’s legitimate permission for data sharing. A cloud storage app like Dropbox uses it, for example. But an app that doesn’t need your photos. Could look at all the pictures you’ve taken on your device and do who knows what with them. Are you comfortable with the developer seeing all your photos?

permissions facebook other ss
Many safe permissions are in the Other section.

Safe Permissions

Many permissions are innocuous. Almost all apps connect to the Internet, for example. The mobile version of Play doesn’t even bother listing that permission. Other relatively safe permissions include preventing the device from sleeping and changing your audio settings, for example.

In App Purchases

And finally, the In-app purchases permission is used to authorize an app’s upsell functionality. Many apps are free to install, then hit you up for add-ons or extra services. While this isn’t inherently a bad thing. It can be an expensive problem if your device falls into the wrong hands. Like a precocious seven-year-old. Who’s secretly tasted Stealing Trains IV or Las Vegas. Knows your account password, and sees a new purchase authorized app to play with.