There has been a spate of security reports recently about Android apps being malware or suspicious. Most of these were found baseless but at least one was indeed correct (e.g. The Russian Trojan app). We also know that Android has a very good security model but even then, the rest of the reports also makes one think and focus on why an apps requires the permissions that it states it needs?
We all MUST check the permissions that an app requires before installing it and then contemplate what particular feature of the app would require any mentioned permission. The problem here is two part. First is that the permissions can be cryptic. Now, I can understand most of these as I also develop Android apps but I’d fathom that a huge majority wouldn’t. A simple solution to this would be for Google to provide more details (and probably examples) for each permission. One can say that it is difficult and a UI nightmare to include too much of text into the limited space that the mobile screen gets. My suggestion here would be to keep the existing layout as it is, but when someone clicks on a requested permission, he be taken to a new page which describes the permission in detailed but simple words and also provides examples.
But this is just the first part of the current problem. The more important issue most apps are facing these days is “permission creep in“, i.e., they request for permissions they don’t really require. This could be because either they are just adding it to their manifest file mistakenly without using them or are taking a long route for solving a problem that should ideally have been solved in a much easier way without requiring excessive permissions. This permission creep in makes even legit apps look bad. e.g. There was this recent case of a wallpaper app which was crucified by mainstream media all over the world because of the permissions it was using and then it turned out to be just that the developer’s method to solve a particular problem (providing “favorites” and “recommended” features to users) was long-winded.This is quite common today in Android marketplace. e.g. I tried to install the hugely famous “Chomp SMS” app today and noticed that it requires my “location” as well. Pretty weird that an SMS app needs my location and when combined with the “Internet” permission that it requires as well, it made me go “hmmm” even though it is tried and tested by a huge number of people without issues. Then I realized that it might need the internet permission for ads (since I was downloading the free version) but still a bit doubtful about location, probably that is needed for ads targeting (especially because it wanted my coarse location only, i.e., cell-triangulation location by which it can easily identify my general region or country, which is all what is needed) but I’m still not sure. Even the Android Guru Mark Murphy has similar reservations about another popular app Evernote.
The solution? I think Google should make it mandatory for app publishers to explain in the market that why their app needs each of the permissions it requests. This should be concisely explained to the user before installation and then the user-review feature of Android marketplace can take over to determine whether the explanation given is indeed satisfactory enough or not. This would, e.g., make it immediately clear to any potential Chomp SMS users why it needs the location. I’m sure this would lead to even more sales for the good and trusted apps as people like me who were skeptical of something can put their doubts to rest. At the same time, it would quickly push the russian trojan like apps down into the oblivion.
A side effect/benefit of this approach will also be that the app authors would look at the permissions that they use more cautiously and would probably try to weed out the unnecessary ones.
Another idea that I have in mind is more community based. I’m not sure if Google will implement the above idea or even if they do, would they make it mandatory since market already has almost a 100,000 apps without this info. BUT, if someone can take up the mantle of making a community site that documents, with the help of android users, the potential uses of all apps’ permissions and also raise flags on any app having a permission without any apparent need, this would become a boon to the Android users. AppBrain, are you listening? I think this would be a good addition to your already excellent service.
What are your ideas about solving the apps and permissions problems and removing the malware scare that looms upon us? Let me know in the comments..
I really do wish folk would thoroughly look into all aspects of these issues before reporting on them. I tried to respond directly to Mark Murphy regarding his post on Evernote, which, frankly, seems to indicate he’s hardly ever looked into its feature set.
Mark says “The Evernote app requests a fair number of permissions. Some make sense, such as the INTERNET permission (kinda important for a Web service). Some are a bit dubious, such as needing both coarse and fine location data.”. If he’d ever taken a good look at the app, he’d see that it offers both geo-tagging and a “Notes nearby” function, both of which obviously require location data!
I would have responded direct to Mark, but he doesn’t enable comments on his site, but seeing as you’ve also mentioned it, I thought it was important to redress the balance a little.
Both Mark and yourself make important points, but they’re a tad nullified by a rather obvious gaff.
Mark Murphy just got caught in the moment because of the Trojan that arrived that week.
I saw his (and this post) on planetandroid and I literally had to scroll down two posts to see why evernote was requesting the contacts permission; it wanted to do what 3banana already does; allow you to have evernote as an option in the menu when you press share on certain items.
No biggie.
@Mark & Roy: Thanks for clarifying about evernote. I agree with what you say but I also agree with what Mark says. Basically, what I meant was that apps authors should just “connect the dots” between permissions and features to make this easy for everyone. e.g. All it needed here on part of Evernote was to mention (supposing they made a list as I suggested) against the location permission “For geo-tagging and notes-nearby”. I think most permissions’ need can be simply explained in a one liner. So, it wouldn’t take much effort on the part of the authors but would make it very easy for the users to understand why they are doing some thing and this would ultimately help the authors themselves as they would gain more users, rather than turning them away (like they turned mark)
BTW, forgot to mention that the 325 char limit affects this too so for someone browsing the market, it is difficult to hop to the listed websites and then rummage around to find the feature set (many apps don’t even have a website or a comprehensive feature set list), so connecting the permissions to what they do in the app becomes all the more important..
One way to trim the permissions required by an app is to decompose it into separate apps that require permissions more specific to their needs.
For instance you could remove the need for internet and locations permissions to serve ads if the Ad to display was retrieved from a separate AdServer app.
A general purpose AdServer app could be resued by multiple applications. Sounds like a decent small open source project to me.
i was just skimming through your post and i was thinking what if android just made it mandatory to include app-specific examples of permissions used in the manifest file ie. what they are really used for. the existing apps will not be affected early on but will be when upgraded to the new api level. btw, i apologize if you already mentioned this idea, i didn’t read the article thoroughly.
Agree. It would be much more secure to let new program X use my program adserver, then let X use location directly. Even if the author of X claims he will only use it for ad purposes, who knows what he really wants to do with the info…
CHECK YOUR PSN MESSAGES BRO!