GT Explains: Understanding Android App Permissions

Namrata Gogoi

Our phones contain so much of our personal data and it’s imperative we protect our privacy with all the necessary tools. These may be in any form like security patches, anti-virus updates, app lockers, etc. In midst of all these, a gullible aspect escapes our attention — Android app permissions.

Android-App-Permissions (1)

When it comes to the world of apps, as you might already know, it’s not as rosy as it appears. Some of the apps do their designated work brilliantly, while a few others do a ‘tad‘ more than that.

In this era where we often question our privacy and the reach of digitization, it’s only natural that we understand how Android app permissions work and what does it mean to provide them with the data that they request.

App Permissions: An Overview

In simple words,  permissions are special rights that an app must have, in order to function properly. It can either be a permission for the hardware aspect of your phone or it can be one pertaining to the software side — reading/modifying information.

Depending on the sensitivity of the area, the system can either grant the permission automatically or it’ll ask the user.

Android-App-Permissions (5)

For instance, a simple messaging service would need permission to use contacts while a hybrid version messaging service (read WhatsApp) will require much more than the plain simple Contacts permission.

Prior to Android Marshmallow, users weren’t given the freedom to choose the permission level. Thankfully, post the introduction of Android Marshmallow, users can now freely decide which all set of permissions should an app have access too.

Android-App-Permissions 7

The permission levels can be easily checked from within the Settings menu or from the app page in Google Play. And should you find an app seeking permission beyond its functionality, then you know that something’s up.

But before that — which permission an app should or shouldn’t have — it’s important that we understand how app permissions work.

How do App Permissions Work?

By default, a basic Android app doesn’t have any permissions which mean that it can’t go about its job without impacting the user’s experience. Google provides about 17 permissions in total for apps to work. These permissions must be defined by the app before it can have access.

On the user’s front, they must agree to before the app can start using the data or the hardware.

These permissions are handled by the Android API framework which calls for the validation process to verify if an app has the necessary permission to function. And if not, you’ll get a pop-up each time, the app tries to access the permission and finds it blocked.

Android-App-Permissions (2)

There was a time when Android developers had to record even the tiniest of app permissions like the vibration of the mobile phone.

However, much has changed and now developers have to list whether the app that they are building needs to have normal permissions or dangerous permissions in the manifests.

Normal permissions are the ones that don’t pose a risk to the user’s data or privacy, while dangerous permissions are the ones which can potentially affect the user’s data or functionality of the device. It’s these permissions that we can either accept or deny.

Why Should You Care?

It’s all about data privacy. For instance, a clock app or a calculator app shouldn’t ask permission for location access or the contacts. Just this year, in January, revelations were made about the beauty app Meitu which sought permissions way above its limits — GPS location, cell carrier information, Wi-Fi connection data, SIM card information, jailbreak status  — which made the common user question the developer’s true motives.

There have also been instances where apps ask permissions to access Contacts lists and when given by an unwary user, would upload the same on its servers.

Android-App-Permissions (4)  Android-App-Permissions (3)

This again leads us to the believe that the popular apps wouldn’t resort to asking permissions for which it has no business. But then, don’t get mislead.

Even popular apps like the Facebook Messenger or Moments requests a slew of permissions. Thankfully, the ball is in our court to decide whether we would like to give the same or not.

Common App Permissions

Aforesaid, there are roughly 17 permissions that are there on Android. While some lesser known may be grouped under similar headings, here are some of the most common ones.

1. Contacts

The ability of an app to access the device’s contacts. When enabled, the app also has the ability to read as well as to modify them.

2. Location

If you are a regular Google Maps user, you must be knowing what this permission does. It helps the device to get a location approximation through the GPS of your Android.

There are two sets of location permissions, though — precise and approximate.

3. In-app Purchases

The permission set through which one can purchase content inside the app. For instance, upgrading to the pro version

4. Phone

The Phone permission accomplishes a diverse set of functionalities like call, read and modify the call log. However, the shady apps can also make calls without the user’s knowledge which can cost money.

5. Storage

A majority of the apps have this permission set, particularly the camera apps and the browser apps, among others. In a  more broader sense, this means the ability to read and write data from the storage — both internal and external.

Did you Re-Visit the App Permissions?

In today’s world where seldom anything remains private, thanks to the insane security attacks, it’s imperative that you revisit all the app permissions one by one. You can either scrutinize them app wise or permission wise — the choice is yours. However, do make sure that it is done straight away. After all, you wouldn’t want some stranger stealing data right from under your nose.

Also Read: How to Securely Wipe Your Android Phone Before Selling It

Also See
#gtexplains #security

Join the newsletter

Namrata Gogoi

Written By

Namrata Gogoi

An engineer turned tech writer, Namrata used to write software codes before turning to a career in tech- writing. She is passionate about travelling, food and reading about cool new stuff. Apart from that, she holds a bachelors degree in I.T and hails from Guwahati.