A CyberNews investigation looked into the 50 Most Popular Android Apps from the Play Store and their permission requirements. When installed, Android apps request a series of authorizations, or permissions, from users. These must allow apps to access key features or sections of the smartphone, such as the camera or the contact directory.
Dangerous permissions on Android
Some of the permissions requested by apps are considered “dangerous”. This is the terminology used by Google. This is the case for localization, recognition of user activities, as well as the use of the camera, microphone, calendar and file storage. They can indeed “affect user privacy or basic phone functions”Ultimately, these authorizations risk compromise privacy and users’ personal data.
On its site, Google explains that “Runtime permissions, also known as dangerous permissions, give your application additional access to restricted data or allow it to perform limited actions that specifically affect the system and other applications”. This is why apps must expressly request access from users. Google also orders developers to “ request runtime permissions in your app before you can access restricted data or perform restricted actions ».
There are a total of 41 authorizations that could be dangerous for the user. In some cases, these permissions are completely legitimate. They are essential for the application to function. But sometimes, apps do not hesitate to request much more access than necessary. This observation is not new. Google has been fighting for years against developers who use Android apps, and permissions, to siphon off personal information.
Also read: 1.3 million Android devices infected with malware
WhatsApp, Google, Facebook…
As CyberNews found, the top 50 most downloaded apps require a mountain of permissions. The study listed the popular apps that require the most permissions. Topping the list is MyJio: For Everything Jio, a popular app in India, followed directly by WhatsApp, the instant messaging app with two billion users worldwide. WhatsApp requires a total of 26 dangerous permissions.
Messaging is followed by TrueCaller, an app that can identify unknown calls, block unwanted calls and manage contacts, and which asks for 24 permissions upon installation. Others include Google Messages, WhatsApp for Business, Facebook and Instagram.
Which Android permissions are most requested?
Among the most requested permissions by apps is the permission to publish notifications on the smartphone screen. In fact, 47 of the 50 apps studied request permission to send notifications. The notification system is “often abused by malicious applications,” explains security researcher Mantas Kasiliauskis. It allows “bombarding users with unwanted ads, phishing links or even misinformation”.
Researchers also pinpoint access to storage among the most common dangerous permissions. More than 30 applications request this access. With it, they can view a photo stored in your gallery. This is why you should not store important files in your smartphone gallery, such as a photo of your identity card, bank card or passport.
Obviously, these are social networks and image processing apps that most often require this access. This is essential when “you need to upload media to your profile, share stories on social media, store photos or videos”notes Mantas Kasiliauskis:
“Instagram can’t access your photos, your messaging app can’t save documents, or your photo-editing app can’t store your creations. However, these permissions are also considered high-risk. The app should clearly explain why it needs this access to user data.”
Finally, 31 applications request access to the camera and audio recording, two permissions considered sensitive. But, as the cybersecurity researcher points out, “Permissions may be justified when they relate to core functionality such as messaging, voice and video calls”. Despite everything, “too many apps with too many dangerous permissions” remains a dangerous practice in terms of personal data protection. This is why the researcher recommends granting them sparingly. In addition, it is better to stick to apps developed by reliable and recognized developers.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
CyberNews
