Both iOS and Android have a variety of security features built into them in order to provide security to its users. One of them, which is quite important, is the implementation of app permissions. When you are downloading an app, it will request permission to access certain aspects of your device. You must then decide if you want to grant these permissions or not.
It is great that these operating systems have considered our security (and privacy) to this extent. Unfortunately there is a possibility that these permissions can be used against you for malicious purposes. Certain apps may indeed be spying on you and collecting your information against your will, among other malicious activities.
There are steps that you can take to mitigate against this possibility however. These are what we will be exploring in the context of both iOS and Android.
What Are App Permissions And How Do They Work?
App permissions define the level of functionality an app is allowed on your device. For example, a third party camera app will obviously need access to your device’s camera.
App permissions define the level of functionality an app is allowed on your device.
As of Android 6.0+ and iOS 6+, users have granular control over app permissions. For relatively low-level permissions, apps will be granted access to these automatically by both operating systems.
If the app needs permission to access functionality which could be harmful to the device’s operation or could compromise the user’s privacy, the user will be alerted and asked if they wish to grant the app permission to access the requested functionality.
Note: In general, Android and iOS permissions are similar but there are some key differences on how each operating system implements them.
When you are viewing an app in the Google Play Store, you can view an app’s permissions even before you attempt to download it. Take a look at Wifi Analyzer below for example.
When you indicate your desire to download and install an app however, you will then be shown a list of the permissions required for it to run.
When you launch an app and it needs access to a permission which is considered to be potentially dangerous, the app first asks the user if they want to allow the app that particular permission.
We can see this below with Instagram. Instagram will, of course, need access to the camera in order to take pictures within the app.
You can view the different permissions groups that the apps on your phone have access to by going to Settings -> Apps and then tapping on the gear icon on the top-right of the screen.
You will then be able to view the permissions groups which are considered potentially dangerous. Accessing these groups reveal the apps which might request access to particular permissions in order to carry out a particular function.
You can then grant access to apps which may not have been granted access before or revoke access to apps which may have previously been given access.
If you select individual apps from Settings -> Apps you will be able to view and enable/disable the important permissions that the app in question has access to.
iOS takes a simpler approach in how it presents information about permissions to users. It only alerts users to information that could potentially be harmful to their device.
Subsequently, you will not see information about permissions in the iOS App Store. However, when an app wants to have access to functionality that could be harmful, the user will be alerted as seen below.
As you can see above, a brief explanation is given to the user to why the app needs to have a certain permission granted. In this case the app needs access to the camera in order to scan documents with the device.
As with Android, iOS users can also access the most important permissions groups and disable apps’ access from within Settings -> Privacy.
Moreover, iOS users can also alter individual app permissions by selecting the app in Settings.
How to Avoid Being Exploited
Granting apps these various permissions gives them access to areas of your device which they would not normally have access to. In most cases, the app genuinely needs to have these permissions to work. A sneaky developer could, however, use these permissions against you.
Although in most cases the app genuinely needs to have these permissions to work, a sneaky developer could use these permissions against you.
For example, consider the following scenarios:
1. Malicious Access to Location Data
Granting a malicious app access to your location data could be harmful. Based on your location, a malicious attack could be launched.
You could be directed to a harmful website which sites your location making it appear somewhat legitimate.
2. Malicious Access to Contacts
Granting a malicious app access to your contacts could also be harmful. A dishonest party could create an app which reads your contact list. It could then create an email address which sends you an email using a known contact’s name.
Even though the email address will be different to your friend’s actual, you may see the name and immediately think that it is indeed the person you know.
Attacks like this are not unheard of and the offending parties try to coerce victims into things like sending money only for you to realize after the fact that you were duped.
3. Malicious Access to Storage
Permissions related to storage could also be problematic.
Granting this kind of access gives an app access to a certain degree to your file system allowing for the possible planting of various types of harmful files.
What Measures Can I Take?
At this point you are probably asking yourself what you can do to avoid being taken advantage of. Well, you will be pleased to know that there are measures that you can take to avoid being duped.
Some easy steps are all it takes from being duped by apps.
1. Always Inspect Permissions
Firstly, you should always inspect requested permissions closely to see why they are needed. For example, if you come across a car racing game that needs access to your contacts then you should be wary.
If you run into a situation like this, avoid the app in question.
2. Obtain Apps From Reputable Sources
In addition, you should obtain your apps from a trusted source; namely the Google Play Store in the case of Android and the App Store in the case of iOS. 3rd party stores mostly don’t have any security checks in place (or not as stringent) for the hosted apps.
Yes both iOS and Android have implemented robust security measures but devious parties will look for any loophole to exploit your devices. Although exploiting your device may be quite difficult to do directly, a clever indirect attack using app permissions could prove harmful.
You should, therefore, pay close attention to your permissions and query any inconsistencies. Be safe out there guys!