Q: Can you explain the dangers of allowing apps to access my contacts, photos, location and other items on my Android phone?
The app permissions process on Android phones is very much like the installation process for computer programs for many — overwhelming and confusing. Why does an app need access to so many things on your phone, like the camera or your contacts in order to work?
The answer to that question can vary widely, from a sneaky app developer to the standard disclosure process required by Google.
You may recall last year’s Facebook Messenger permissions controversy that had most of the Internet up in arms. Taken at face value, the permissions seemed to imply that Facebook could record audio or video at any time, contact your friends without your permission or modify files at will.
As it turned out, the permissions required are more of an issue of how the Android app platform has been set up and many apps required many of the same permissions.
For instance, in order for any flashlight app to work, you have to “allow the app to take pictures and video with the camera” without your confirmation. This is because the LED on your camera that’s used as the flashlight is part of the camera circuitry and can’t be separated. Therefore, it becomes an all-or-nothing proposition.
Technically speaking, if the app can turn on the flashlight, it can take a picture or video as well, so Google’s requirements necessitate the scary-sounding permission.
On the other hand, sneaky app developers will overstep the “needs” of the app by including permissions that allow them to generate revenue from ads or through in-app purchases.
In-app purchases in particular can be a big point of exposure if you don’t require authentication in your Google Play store settings. Permissions for things like location information, device and app history and contacts are reasonable for mapping, GPS, browsing or social networking apps, but not for games and flashlight apps.
In general, the apps that you should be the most wary of are free, as they often exchange use for your personal information or to sell ads.
Understanding this — and reviewing the app permissions on everything you install on your phone — is certainly the first step, but there’s another thing to consider: Paying $0.99 for an app that limits it’s required permissions versus using a free app that’s asking for a lot more may be the wiser choice.
As always, if you really don’t need an app, don’t install it. When you do, take the time to understand what you are agreeing to in order to minimize your exposure.