Well, in case anyone hasn’t noticed it yet, every time you install an Android app you need to accept some permissions. It can be really bothering because it usually means that your download will trigger a split second later than you expected, as you have to tap one more time. It’s a luck that Google thinks so much about its users that the ‘install’ button and the ‘accept permissions’ one are in the same place so we don’t have to read what we are really installing. If we had to, we’d better start looking for our old 3210 Nokias that are surely gathering dust somewhere in the attic.
Jokes apart, nobody reads which permissions are needed for each app and even less people knows what permissions mean. Even though tough coders still find themselves downloading and installing stuff they don’t really know what does or can do to their devices or privacy.
Keep in mind that permissions are something key within the Androidverse and everything dances around them. Some permissions are harmless by themselves but critically dangerous when combined with others, the same way that there are a few that should always be written in big, bold and underlined capitals.
Something that should be taken into account is that a same permission can be absolutely normal or totally dangerous according to what kind of app makes use of it. E.g., nobody should be surprised at an app that manages your contacts is able to alter your contact list. Likewise, all ad-supported games need access to the Internet so, in order to have access to the web, they need to know what kind of access you have.
Since we accept permissions without knowing them or worse, without even reading them, does that mean that we’re exposed to any malware that Google doesn’t detect at AM? Mmm, yes and yes. In fact, yes, of course. Permissions are our first, only and last line of defense. It’s a fact that there are some anti-malware apps, but it’s really soon to know how much they can actually protect us. The only reliable tactic is to not download suspicious apps, but that’s somehow tricky.
One simple, yet easy way to know if there’s something strange out there is to compare the app to similar ones. In addition, if we understand at least what permissions mean, it should be easy to sense if there is something odd going on.
Some news have caused alarm among Android users and some bloggers and sites have echoed alarmist declarations. Anti-malware developer app descriptions are more than alarmist, apocalyptic. There are developers who claim that spyware comes “from browsing the Internet through Google, Firefox and Internet Explorer” (read here) as an example used for scaring newbie Android users. Fear is nothing to play with, especially when our young and full of potential Android community keeps growing. We here at AZ are really worried about how malware will evolve in the next months, but we don’t believe that things are or will be worse than in any other OS.
That was theory. Tomorrow we’ll get practical.