If like myself, you use and have a lot of apps installed on your smartphone or tablet, app permissions wouldn’t be a new thing to you. App permissions are those questions boxes that pop up requesting access to use some device hardware (e.g camera, microphone, etc) or personal data (contact, pictures, files, etc.) whenever you use an app or a feature within the app for the first time.
However, just like how we rush to accept terms and conditions of —virtually— everything without reading them, we equally rush to click “Allow” when these mobile apps’ permissions pop up on our screens without knowing exactly what they mean, what the apps want, or the consequences of granting/denying such permission(s).
Don’t get it wrong though; app permissions aren’t bad. In fact, apps need them to function properly. However, you should be careful which apps you grant certain permissions as hackers and cybercriminals can exploit these permissions for things you have no idea of.
In this article, we talk about app permissions you should keep an eye out for when installing and using mobile apps.
App permissions you should care about
The permissions most often requested by majority of apps include location, microphone, camera, storage, SMS, contacts, call history, etc. These permissions are grouped as “Dangerous/Delicate delicate permissions” because they grant these apps access to personal and private information about you. This is why your phone’s OS always prompts you to approve such permissions so it can be sure you really want such apps to have access to your information.
This is a common permission you see some apps requesting. In the same vein, it is a permission you shouldn’t grant access to just any app because you can easily be tracked in real-time. Location access is commonly requested for by ride-hailing apps, map/navigation apps, event apps, check-in apps, and some social media apps (for geo-tagging).
You may want to deny location access to your camera apps because they embed location information (GPS coordinates) in photos you take. This makes it easy for someone to track you by simply downloading your geo-tagged picture from the internet or when you send to them directly.
Additionally, you should also keep an eye out for suspicious apps that you do not recognize requesting for location access. Granting location access to malicious apps could be used as an entry point to send location-based malware to your device.
SIDE NOTE: For Android users, Google’s upcoming Android Q OS has a feature that would allow you choose when an app should use your location. This would go a long way to curb unauthorized location sharing and tracking.
2. Phone/Call log/history
This is another delicate permission you should keep an eye out for. Normally, your built-in smartphone apps (e.g Dialer, Google) might require this permission so you’d be able to call anyone on your contact. Some trusted communication app might also require access to your call logs be history.
You should not grant any third-party app that looks odd access to your call history or phone app. You do not want a malicious app making calls on your behalf or worse: spying on your conversations.
To conclude, when you grant an app phone/call history access, you’re basically handing the app your phone number, cellular network information, (incoming & outgoing) call data, voicemail access, and the ability to read, modify, and redirect your phone calls to other numbers.
Contact permission hands an app access to view, modify, and add new contacts to your phone’s contact list. An app with contact permission could also access other accounts on your device (Twitter, Instagram, Facebook, etc.). While a trusted app uses this permission to allow you call and text people on your contact, a malicious app can use this permission as a backdoor to steal your contacts and subsequently spam them or use the contents of your contact book for something even more dangerous.
Permissions to use your smartphone microphone are usually requested by communication apps that you use to make audio and video calls. Some music and music recognition apps, as well as voice recorders, also request for this permission.
You’d, however, be doing yourself more harm than good if you grant microphone access to untrusted apps. They can record everything around you without your knowledge, doesn’t matter if you’re using your smartphone or not. Some apps have been exposed in the past for recording private conversations of users, events happening around them and TV shows they watch to build an advertising profile around such users.
This video from WeAreChange.org explains how one software company collects information about users through their smartphone microphone.
SMS permission is commonly requested by system and communication apps. This permission grants apps access to send and receive SMS messages on your device. Also, it also grants them access to read the content of your SMS messages, MMS, and other push messages.
Trusted apps will use the permissions to allow you send and receive messages while malicious apps could misuse this permission to spy and spam you. These apps could also use this permission to subscribe to unwanted services without your consent.
This one’s a no-brainer. This permission is most required by apps that use your device camera for some functionalities. Apps that take photos and record videos would request this permission. You should be sure that you trust apps you grant access to use your camera though. This is because once you grant such permission, an app can (secretly) use your camera to record activities and happenings around you.
When you allow access to your storage, you are giving an app the go-ahead to read all the content of your device’s internal and/or external storage. This permission also hand apps the access to modify and delete contents stored on your device. There shouldn’t be anything to fear when you grant trust apps this permission. Your browser, for example, can use storage permissions to download new files (music, images, documents, etc.) to your device.
Allowing malicious apps access to your storage is where the problem lies. This is why you should be very sure of the authenticity of any app before you grant them access to whatever permissions they seek. You don’t want to wake up one morning to see that your files have been wiped up by a certain game app you installed.
As mentioned in the introduction, app permissions aren’t bad. All apps require one or more of your device’s hardware and personal information to function properly. The message here is to tread carefully while granting apps certain permissions. Also, you should ensure apps you grant permissions are trusted apps from trusted companies/developers. Some trusted companies also abuse permission privileges but you should also be conscious of permission you grant apps. You cannot be too careful.
You shouldn’t just tap “Allow” to every permission prompt that pops up on your smartphone screen.
Other permissions to watch out for include Calender (could be used to spy on your routines) and Body sensors (some apps could use this permission to spy on your health).