Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Understanding the Android Market security system
Last week I (and a bunch of other sites) ran a scandalous-sounding story about the Android Market and how 'up to 20% of its apps could be malware'. Google actually contacted us and asked for a retraction; I refused. Instead, I decided to explain the Android Market permission system.If you don't own an Android phone, the permission system is fantastic. Every app has to define which resources it wants access to. When you install an app (via the Market), you are shown a bunch of very clear warnings that detail what data and services the app will have access to. The great thing about this system is that apps can't lie. An app can't, after two weeks, gain access to your email.
The system is, in all honesty, fantastic. The only real weakness is user ignorance -- if you install a wallpaper app that wants the ability to send SMSes, that's your fault!
So, this guide goes some way to explaining what each of the permissions allow your phone to do. I'm not going to cover every single facet of the system, but hopefully you'll be a little more savvy by the time I finish.
Location
This one's fairly simple, but still: watch out for apps requesting your fine (GPS) location when it's not necessary. Ask yourself whether an app really needs to know your exact location, especially when combined with some of the 'transmission' permissions.
Internet Access
Almost every app has this permission -- and that's fair enough in most cases. But does a Play Your Own Vuvuzela!!1 app really need Internet access? This permission, combined with almost any other, is a potential recipe for disaster!
Your Messages
With this permission, an app could in theory forward your most private and treasured text messages to anyone (via the Internet). Combined with the next permission, an app could send the worst SMSes to your ex-girlfriend or boyfriend...
Your Personal Information
As you might think, this one's probably the most dangerous permission when it comes to privacy. Do apps really need access to your browser history? With access to your contacts, and Internet (or SMS) access, your phone could be used as a full-blown spam factory! (This is why there are concerns about malware on Android...)
Hardware Access
OK! Now it's getting a bit creepy -- in the wrong context at least. Android apps can request access to your camera and take photos -- they can even use the flash! Apps can also record audio. Again, just ask yourself whether an app should be able to use your camera...
Storage
A lot of Android Market apps want access to your SD card! I imagine this is mostly for storing configuration and cache files. What I don't know is whether this permission grants access to files created by other apps. I hope not...
System Tools and Configuration
This isn't as scary as it looks! Well, it could expose sensitive data, but I doubt it. Just be aware that some apps might stop your screen from turning off, or might force your Wi-Fi on and off -- apps that play with your System Tools will probably affect your phone's battery life.
Modify Phone Calls
This one's odd, and another one that you shouldn't see very often in legitimate apps. You could see some kind of voicemail app needing this permission, or an app that redirects incoming calls -- I don't know why you would want to interceptoutgoing calls.
Services That Cost Money
Notice how this permission is nicely separated from the 'reading SMSes' permission. If you see this warning when installing an Android Market app, think twice. Unless it's Skype or Google Voice, does an app really need the ability to make telephone calls?
Appendix
I haven't covered everything here -- but I have covered just about everything you will usually see. Still, here's a few more resources:- Security and Permissions on Android -- this resource outlines the actual architecture of Android security. It's a good read (and the first few paragraphs aren't too complicated).
- Manifest.permission -- the Android Developer resource containing every permission in existence.
- The Brick Permission -- believe it or not, you can give an app permission to 'brick' your phone...
Comments
17
Subscribe to commentsUnknownJun 28th 2010 1:45PM
Gina Trapani talked about this last week on the This Week in Google podcast. She made a good point: that even though apps must declare which systems it can access, it is too easy for users to simply not pay attention to the warnings. (Quite like Facebook's privacy settings.)
It would be good if apps were required to explain why it needs or how it will use system services. And it would also be nice if there were a red flag warning for apps that ask for suspicious system access. But even better would be if you could deny an app's request for certain services, but still install the app, even if doing so cripples the application. Otherwise, it's all or nothing.
Thanks for this article. This is a good primer for making heads or tails of the services requests that come with new app installs. I'll be bookmarking this for future reference.
Sebastian AnthonyJun 28th 2010 4:47PM
Ah! Being able to deny access to various parts of your phone would be AWESOME! Great idea. I wonder if any Android devs are reading...
It's definitely a step in the right direction, but could still be better as you say :)
And no problem!
MxxConJun 28th 2010 6:02PM
app permission selection could become a major headache. just look at blackberry. there you specify each permissions to each specific app and look how clunky it is to use.
android's permissions all or nothing is also very bad.
by now users are trained to always approve apps regardless of whats listed there or what that app does.
this is something similar to browser ssl certificate warnings. users are trained to just blindly accept whatever certificate they are presented with regardless of its content..
EricJun 29th 2010 12:57PM
Ooh. Grant only certain permissions? As a developer, I can only imagine what kind of mess this can cause. There is an epidemic on the Android Market of users not understanding the fundamental ways that things work, leaving bad reviews for *market* problems, complaining that the app doesn't do some feature they created in their head, stuff like this.
Now give them the ability to turn off permissions and you have apps crashing left and right. I can only imagine the market ratings.
..and thats to say nothing of a mass developer exodus once everyone turns off internet access and location permissions thereby destroying revenue streams of free applications.
The way I see it, you're worried about what an app does? Put your phone into airplane mode before you launch it. Problem solved(as long as the app is not also running a service).
..or stop living your life in paranoia. If an app was discovered to be malicious, it would have poor ratings, tons of complaints, and a write up on every tech blog on the internet.
Sebastian AnthonyJun 29th 2010 6:51PM
Yeah, OK -- I concede! You're right, it would be a complete pain in the ass.
I've only had my phone for a few weeks and I've already done the Airplane Mode thing! I thought I was being fairly smart, but I wonder how many other people use it :)
My main concern isn't apps that are blatantly bad... it's the quiet worms that bide their time and then STRIKE! (That's how most malware works...!)
D GriffinJun 28th 2010 2:10PM
The phone call intercept is used by the Google Voice app. It intercepts the request from the contacts app to the dialer app, connects to GV, then dials the local GV number.
Sebastian AnthonyJun 28th 2010 4:46PM
Ah, that makes sense :) Thanks.
youandenJun 29th 2010 12:12AM
I think phone calls is a necessary feature if an app wants to pause itself when you receive a call. e.g. Archipelago, etc. Or maybe an application does that when it detects it is being switched. I wonder...
EricJun 29th 2010 12:50PM
That permission is actually "read phone state", not "make phone calls"
IscinJun 29th 2010 7:30AM
Most apps require an internet connection, not always because they use it but because if they are free apps they use advertisements.
EricJun 29th 2010 12:52PM
Correct. The same rule applies to location permissions as well. (usually *coarse* location). Advertisers use location data to serve you more relevant ads.. which I have to say I appreciate personally. It's really beneficial to the advertisers AND the users.
JimJun 29th 2010 1:19PM
External storage (the SD card or other mountable memory) has no security. Any application can read it and it can be viewed from a connected PC once the drive is mounted. If it is private information then it should not be in external storage.
Internal storage is private by default and unless permission is granted by the application it cannot be accessed by other applications.
see: http://developer.android.com/guide/topics/data/data-storage.html for details.
Sebastian AnthonyJun 29th 2010 6:54PM
Ah, of course, internal storage! I'd forgotten that all Android phones have so many megabytes of it.
Well, that's good to know :)
DangerousHippoJul 4th 2010 3:04AM
Regarding storage: This permission WILL allow access to ALL files - the reason being that the FAT32 file system typically used on those cards doesn't support any type of meaningful permissions system. Notice that when you mount your SD card on your computer, of the files are visible to you, without you having to authenticate or anything.
Even if the card was formatted with a Unix/Linux file system that supported more robust permissions, those are usually user-based, not application-based.
Sebastian AnthonyJul 4th 2010 6:13AM
Yeah, I know that much about FAT -- but I thought perhaps the OS controlled access, with quotas or similar :)
It was answered above -- there's internal AND external storage. Internal (registry-type stuff, I guess) is secure.
whipit82Jul 10th 2010 12:25PM
What I'd like to see is the ability to set up prompting, along the lines of Windows UAC, for specific privs on specific apps. Like, I can give full "read text message" access to a text message app, but I want to be prompted any time it wants to use its "send text messages" privs, at least for a few weeks while I test it out...
NicJul 21st 2010 12:03PM
Thank you so much for this article! I just got an android phone and have been a little worried and haven’t wanted to download any apps till I figured out what all these “warnings” really meant (cause I didn’t think it made sense that a chess game would need the ability to intercept my calls…I mean, really?). I greatly appreciate the info and feel much better about determining what I really want to download to my phone.