We use apps on our smartphones daily, many times blissfully unaware of what is really running the background of the app. Does this hot new photo editing app you’ve downloaded require access to your contacts? And if you said yes, now your address book is potentially out there.
App permissions are required for every app that finds its way to the Google Play Store or Apple App Store, explaining what parts of your phone the app requests access to, even blocking you from using the app in some cases if you deny approval. Let’s break down exactly what app permissions are and what to look out for when downloading. For the majority of this blog we are going to focus on Android app permissions for devices on Android 6.0 and above, but we will cover Apple iOS permissions as well.
What do app permissions mean?
App permissions basically explain what features of your device the app will access when you are using it or may possibly run in the background. It might require your camera, location, or your media files. Social media apps such as Facebook or Instagram will request access to your photos and camera before usage and map apps like Waze will need your location info. Most apps will require only the features it needs to function, but some apps can request a ridiculous amount of permissions before usage. It’s important to understand what facets of your phone will be accessed by these apps to ensure your security online.
A good example of this was the anime makeover selfie app, Meitu, in 2017. You would think that a camera app would only need access to your camera, right? The absurd amount of permissions the app needed created a huge privacy concern for something that is supposedly just a camera app.
The Meitu app not only required camera access but also demanded users’ GPS locations, Wi-Fi connection data, SIM Card status, and cell carrier information. For a selfie app.
What kind of permissions are required?
These are the permission types to pay attention to when downloading a new app:
- Body Sensors. This allows an app to access your health information such as your heart rate or step counts. These are normally required for fitness trackers such as a Fitbit wristband or Smartwatch to function.
- Calendar. The app will have access to your calendar events, with the ability to read and edit your existing appointments. Social networking apps typically need calendar access, but not too many other apps should. We normally recommend using the default calendar app that comes with your phone or Google Calendar for better safety rather than a third-party calendar app.
- Camera. The app can access your camera to take pictures and record videos. This one is crucial because if the app does not have a camera function in it, it should not require access to your camera. Through an app that maliciously requires your camera, a hacker could take control and record video without you even knowing it.
- Contacts. The app can read and possibly edit your personal contact list. By allowing access to your contact list to an app, you are giving away not only your information but potentially several others, so if an app require access to your contact list, be very careful about allowing access, especially if it really doesn’t need it.
- Location. The app requires your GPS whereabouts, which may include exact locations and times via cellular connections and Wi-Fi hotspots. Giving away your exact location could make your home a target for thieves. Apps for iPhone that require location access now typically give you the option to “only access location while using the app,” so we recommend that option.
- Microphone. The app would use your microphone to record audio. Just like the camera, this is another crucial one because malicious apps could record full private conversations and place them in the hands of a hacker.
- Phone. This permission allows the app access to your phone number and network information. Several other apps that utilize a Voice Over IP (VoIP) connection, such as Facebook Messenger or LINE, will require this permission. Be wary of apps that could make phone calls without your consent.
- SMS (Text Messaging). This permission also includes MMS (multimedia messages), and allows the app to read, write, and send messages. Apps such as Google Hangouts typically as for this permission but if there isn’t any reason for messaging through another app, think twice before allowing access.
- Storage. This allows an app to access your internal storage or SD card. Photo, social, and music apps tend to require this permission more as there is content being loaded on to the device. However, be careful on this one as well because there is a chance a malicious app could swipe your private photos or other files on your device.
A calculator app should not need access to calling abilities. We suggest looking elsewhere in the Google Play Store for a less intrusive app.
Now that you know more about the typically requested app permissions, we hope that you will give every app a thorough review before downloading. That flashlight app you have installed on your device should not need access to your contacts.
And most importantly, ONLY download apps from verified locations such as the Google Play Store and Apple App Store. “Sideloading” apps or downloading programs from unknown sources can be a recipe for disaster.
How do you check what permissions your apps require?
For Android devices, when you download an app from the store, a pop-up will typically display what permissions are required before launching.
The process of checking app permissions after installing may vary depending on your phone’s operating system as some phone companies have their own version of Android, but here is typically how to check your app permissions after installing:
- Go to your Android device settings. You typically can access it by pulling down the menu bar from the top of the screen and clicking the ⚙ icon.
- Choose Apps.
- Click on any app.
- Choose Permissions.
Now you can see all the permissions that the app requires and can toggle what it can have access to. Keep in mind that some apps will not allow access without certain permissions enabled, but that is why you need to assess if it is necessary or not. Sometimes you may get the same permission twice when installing as one may be from the app itself and the other from Android, so be sure to read each one carefully.
iOS apps also require permissions as well, and they will have pop-up messages that display when an app is accessing the camera, Bluetooth functionality, photos, etc., making the process a bit easier to manage. However, if you need to check your app permissions on iOS devices here is how:
- Choose Settings.
- Choose Privacy.
- From there, choose the permission you wish to review.
- A list will appear with the apps accessing this feature and you can toggle them on and off.
Managing your apps is a pivotal part of being safe online. It may take more time to maintain, but you can’t rush your own cyber security. Take the time to review your apps, delete apps you do not need anymore, and watch what you share online.
neoRhino’s Security Awareness Team, certified IT consultants, and 24/7 helpdesk squad are here to help strengthen your online defenses. You can visit our homepage, see more about The War on CyberSecurity, or give us a call at (281) 779-4850, and we can manage your technology so you can manage your business.