It goes without saying that we exist in an increasingly mobile world. All you need to do is take a look around you – whether you are just hanging out at home, on the bus, or at the coffee shop – Mobile phones and tablets are omnipresent in the hands of consumers, and the adoption rate of mobile devices is not going to cease. These devices do everything the average consumer wants them to do, whether it’s to check news headlines and e-mail, make phone calls, take photos, and of course, download software (apps).
When we download new applications on our devices, many of us instinctively just click the next button, ignoring the requested mobile app permissions, and agreeing to a EULA that we didn’t read. In doing so, we sometimes provide applications with quite an exceptional level of access to our devices! The question has to be asked: do we really know what we are getting into when we click on that tiny little “install” button?
Understanding Mobile App Permissions
When it comes to understanding what our mobile applications are actually asking, we are not left totally in the dark. For Example, Google has detailed documentation regarding this matter, and the descriptions for each of the mobile app permissions exist to delineate, in specific terms, the type of access the application will require to perform at peak functionality. Additionally, the good folks over at the Pew Research Center have done an extensive overview of mobile App Permissions on the Google Play Store.
A typical user might observe that common mobile app permissions include access to the camera, the ability to purchase things within the app (microtransactions), the ability to use the microphone, etc. However, even allowing for variances of the typical user base, Pew Research found that the top three most common mobile app permissions relate to Internet or network connectivity.
This is an important point: Malicious apps are not just the ones that install malware or viruses directly – they can also be apps that burn through your battery intentionally, or use your SMS/Data plans to cost you extra money for simply having the application on your device. That is what it is so important to consider mobile app permissions as you choose which apps to use.
A good rule of thumb: if you don’t use it, uninstall it.
Apps From Unknown Sources – No Mobile App Permissions?
Logically, most legitimate, non-malicious applications will request access to things relating to the specific functions of that app (e.g. an instant messaging application may want permission to send SMS messages to contacts.). Mobile app permissions are a useful way to detect potentially malicious applications before you download them (for example, the app that promises to give your daily horoscope but also requests root access permissions and the ability to make phone calls is probably malicious).
Of course, there are instances where sideloading (the process of installing applications from unknown sources on Android) may be beneficial – but this practice come with a high level of responsibility and requires caution and additional research on your end. These additional apps almost never have an instantly obvious display of mobile app permissions.
How-To-Geek has a great article on How to Avoid Android Malware and Other Android Security Threats, which goes into great detail about both the pros and cons of sideloading. One of the important points to note is that many unknown sources do not have the same stringent verification process as applications on the Play Store – and you could end up paying the price for your curiosity.
When in doubt, let Google double-check those apps for you, and stick to the typical App store whenever possible.
Whether in your own research or by reading through the mobile app permissions that are presented to you on the App Store of your choice, it comes down to a judgement call. When in doubt, a good way to spot a potentially malicious app is to view the requested mobile app permissions and ask yourself: does this app really need to perform this function?
Malicious, but often innocuous looking apps will request a lot of control over the user’s device, and because many people will simply grant the permissions without reviewing them, it’s not difficult for a malicious application to be installed without the device owner ever even knowing.
4 Key Takeaways:
If nothing else, keep these four things in mind when perusing for applications. It might save you a lot of hassle down the road!
- Pay Attention. Common Sense is your friend, so listen to that tickle at the back of your mind and read through the mobile app permissions before you download any app. It only takes a few extra seconds, and you will have a much better understanding of the effect your new app will have on your device. Even if it isn’t related to malware, you could save a lot of battery life or even data by being critical of what apps want to do.
- Download from Trusted Sources. When downloading applications, always go through the officially sanctioned app store (App Store on iOS, Google Play on Android, Windows Phone Apps on Windows Phone). The chances of running into a malicious application on these stores is significantly lower than on non-official app stores, which often have little oversight or approval processes in place to determine what apps get approved and put on the store.
- If it’s too good to be true, it probably is. Take this time-tested theory to heart. An app promising to download thousands of paid games for free is almost definitely malicious.
- Feel free to judge an app by it’s cover. Hackers are known to upload malicious software masquerading as the real thing. Look for things on the app download page that are classic giveaways of counterfeits (e.g. low quality pictures used to demonstrate product, spelling errors in the app description, etc.)
Technology has become exponentially more intelligent over the years, and we as consumers need to develop equally intelligent practices for handling that technology as well. Checking simple things like the mobile app permissions could potentially save you from various inconveniences, from poor device functionality to fraud and identity theft – the best defense is an active offense. If we keep getting smarter along with the software and devices that we use on a daily basis, outsmarting malicious hackers will be a no-brainer.
What do you think? Have you run into any issues with mobile app permissions? Let us know in the comments below!
Follow us on Twitter @PortalGuard