You might have noticed by now that apps require special permissions in order to function. Unfortunately, it's not always clear what the permissions are used for. This article will provide an overview of the most important app permissions and we'll try to separate the necessary ones from the sketchy ones. And in our update, we'll discuss the new groups of permissions and what changes have taken place in newer versions of Android.
- App permissions as a complete package or as required
- Revoking individual permissions
- What importance do permissions have in everyday use?
The first type meant accepting all permissions of an app as a complete package before installing it on the Play Store. As a result, people were not worried and blindly handed everything over to the app and thought, "It'll be fine, I just want to finally be able to use the app!"
The new type is of app permissions is significantly newer and will finally be standard by the end of 2018. This method requires permissions according to the system used starting with Android 6.0 (from the year 2015!), and only allows apps to have access to permissions when they are in use. This incidentally has led developers to explain why they need certain permissions.
Both models haven't changed the fact that permissions are allowed to come in big packages, some of which are quite extensive. And since it's no longer obvious what's coming your way with a given permission, we've updated this article for you.
Apps that use this new authorization model allow you to revoke permissions. Google classifies some permissions as 'dangerous permissions', including the following:
There are permission packages that combine several partial permissions. A flashlight app can record videos of you, because it needs the camera permission for LED control. But an app that is allowed to read text messages may not send them automatically because of SMS permissions. This makes it all the more important for app developers to adhere to Google's transparency for users and to explain why their app requires a given permission.
Starting from Android 8.1, several permissions are classified as 'normal' and every app is entitled to them. These include:
- Network status
- Notification guidelines
- Bluetooth admin
- Change network status
- Keep key lock open
- Stop background processes
- NFC (near-field communication)
- Disable battery optimizations
- Change background image
- Use fingerprint sensor
Apps request these authorizations upon installation, and the user can't withdraw them afterwards.
Similar to SMS permissions, calendar permissions are divided into access to reading and access to writing. Obviously, these permissions only make sense for third-party calendar apps.
Flashlight apps request this strange-looking permission, but the LED light is accessed via the camera. Since the permission isn't broken into sub-permissions, these kinds of apps get full access to your camera, but not to the microphone.
This group has a few different kinds of permissions: apps can read your contacts or view available smartphone accounts. Do you also use Facebook or Twitter and have the accounts already connected to your device? The address book and chat apps often want to read your contacts so it can network with them. The developer of an app can then store your contacts on its servers, and in the worse case, try to sell the numbers. So watch out!
Exercise or other health apps may want to measure your pulse. If your device has this kind of sensor, you'll have to activate it to allow apps permission to it.
These permissions allows audio recordings to be made immediately. If recordings are being made in the background, Android will notify you.
Some apps like WhatsApp don't offer SMS functionality. Instead, they are able to use this permission to read the SMS with a verification code. In principle, you can deny the permission and enter the code manually in the chat app. Google is working on removing this permission for verification purposes with Android 8.0.
Furthermore, this group of permissions is divided into five groups. There are permissions for sending, receiving, and reading text massages, receiving a WAP Push messages, and reading an MMS. You have to be especially careful with permissions for sending text messages. Ideally, you should only allow this permission if you've deactivated paying for text messages through your provider.
When an app gets this permission, it has access to your memory. You'll run into this with file manager apps and the microSD card. The sub-permissions will either have reading access or writing access, and can therefore also be deleted. Many apps use this permission to provide your user data where it doesn't actually belong. Since your memory is virtually unprotected by the permission, these apps can spy on all your information in your memory.
Apps can determine your location, either roughly or precisely. Android does this through the location service, i.e. a mixture of Wi-Fi, GPS, and other potentially available sensors. Apps with this permission can record a motion profile of you. Depending on the number of users, heat maps of cities and other big data analyses can also be created.
This is by far the largest group of dangerous permission. It is divided into...
- Receive phone status
This is often used in music apps that pause playback when a call is received.
- Reading out telephone numbers
The app hands over your mobile number so you don't have to type it in. Deny this permission if the app doesn't necessarily need your mobile phone number.
- Making calls
- Answer calls
- Reading the call list
- Writing the call list
- Add mailbox
- Using SIP (Session Initiation Protocol)
- Editing outgoing calls
- Reading incoming numbers
Good apps, bad apps
There is improvement in sight. With every Android update, you can get one step closer to more precise control over your permissions. If you prefer to keep your friends' phone numbers to yourself and don't want to be part of the next big data scandal, be careful about what data you disclose. Trust is good, but control is better!