Apps and Permissions

Are we really secure? (Part-3) - How an app on your mobile phone is a potential threat

Apps and Permissions

Are we really secure? (Part-3) - How an app on your mobile phone is a potential threat

Android is an operating system for handheld devices like smartphones. It was announced in 2007 and was the first commercial device was released in 2008. Today, after exactly a decade in the future, it has more than 2 billion monthly active devices. With such level of a userbase, sure comes a lot of prying eyes on your data. Though Google Play Store has restrictions on what you can install and what data your apps see, it is just a matter of a few permissions before these apps can start harvesting your data.

It is not uncommon to see people having almost a hundred apps on average on their android phone since nowadays storage is relatively cheaper than before. We install an app and use it for some time, and then completely forget about its existence. This is not to mention, a very bad habit, even worse than you could ever imagine. Data in today’s world is valuable, if not for you, for tech giants and firms, which use it for various purposes ranging from advertisement to controlling political opinions of people. You can never trust any device, platform and the same goes for any of the apps that you have on your phone.

Apps come in many shapes, sizes, and uses. Some are used for a few minutes, like a flashlight app, some take away a major chunk of your time, like YouTube, some are extremely useful, like an alarm clock app, and some are just there, like the cool game you installed and never even played once. While they may be all different, they have this one thing in common, they are on your phone and with the right permissions, they can control your phone, or do anything with it as they like it. These permissions through an essential part of the Android app design and development, might not guarantee your privacy and security from malicious apps. Why? - Simply because you gave it permission.

Before the Android KitKat (version 4.4) these permissions from the user were taken in one go - while installing. In those days, the app permissions structure required the user to either allow all or none. Since the release of Android Marshmallow (version 6.0), users can now install apps with certain permissions and allow others when needed, or if they like it, keep them disabled. They also have this feature where the app has to specify the privilege level - for example - Storage can have two permissions - Read or Write. Many people do not care about permissions and they tick yes to all the prompts on the screen, thus granting the app all the permissions, whether or not their intent is malicious. Apps with malicious intent are popularly known as Malware or Spyware. And these are a real headache for Play Store.

These apps can send data back to the servers, including your location and contacts. They can easily control your phone, if you’ve enabled permissions for reading the Gallery then they’ll spy on your stored photos, if you’ve enabled permissions for Camera, they might even take a photo!. All of this without you knowing that your privacy is being ripped to shreds.

Untrusted Sources - Google Play Store can and will protect you from these apps 99.9% of the times. But as you saw a ‘cool new cracked app’ online not available on play store or you took an APK file of some app from your friend over file sharing, chances are that this is the malware app I talked about earlier. You should be very careful while doing so and should only install the app if it is from a trusted source, or only with the required permissions.

These malwares are very smart, they are often hidden inside Cleaning apps, Optimizing apps, widgets and can even install further apples and hide them from the System Menu. In some cases, they may look and feel normal but cause harm in multiple ways working silently in the background.

Conclusion

Just go into the app settings now, and check for each app’s permissions, disable what you suspect to be malicious. Why does your alarm app need your contact access? - Disable all such permissions and the ones which you don’t use - Never took a photo with your photo editor app: Disable camera permissions for it.

And remember, just disable the Location and Camera settings for apps like Facebook and Instagram, don’t compromise your privacy for every little feature that an app offers.

As an android user, make sure the permissions are all good, and you’ll be fine. But do make sure that the app that you’re installing is from a trusted source as permission bypassing apps do lurk around on the internet.

  • Further Reading and Recommended Links -
    • A huge proportion of apps already track you - here.
    • Government List of Spyware Chinese apps in India - here.
    • Google Play Store on Privacy, Security, and Deception.
    • Why you should not rely on Google Play Store only for your security - here.

Do note that fighting these malwares is just a matter of awareness and common-knowledge about them, yet over 2 million Android users worldwide are affected by malware apps.