First things first. For apps to work, they need permission to access certain features and functions of your mobile device. Unfortunately, threat actors can use this relationship maliciously. Some applications access permissions they don’t need, thus collecting your data.
At best, advertisers can use the information to showcase targeted ads. The bad news is that cybercriminals can also use these permissions for nefarious purposes, such as launching location-based attacks, uploading malware, such as cryptojacking, stealing, and selling your personal data.
What Are App Permissions?
App permission dictates what an application is allowed to access and perform. Depending on the apps you use, the permissions needed would differ. For example, WhatsApp and Viber would need to access your contacts. They would also need permission to call phone numbers. A photo-editing tool, on the other hand, would need a different type of access permission. For instance, it would need to access your camera and photo gallery.
App Security: A Closer Look
All mobile operating system (OS) developers face the security challenge posed by malicious applications that take advantage of app permissions. While they have different techniques to address such problems, their goal is one and the same—create a balance between user data security and app usability.
Below are some insights on the status of app permission and security of each mobile OS.
- Windows: The Microsoft Store’s software array is quite limited compared to those of other OSs. Apps follow an approval and certification process to get access to the Microsoft Store. Someone from Microsoft would check the app for potential vulnerabilities, among other things.
- macOS: Apple, in turn, has a wider range of applications available. However, they’re also very strict about privacy. Users are not allowed to download media outside the Apple Store, so the chances of installing harmful unofficial software are lower.
- Android: Since Google is open source, the number of apps on Google Play is immense. As of 2019, it had more than 2.7 million apps, and thousands are being added every day. Although Google Play Protect is available, you may still find programs accessing data they don’t need. Moreover, Google lets you download applications outside its store as well. You’ll be warned if the file is dangerous but you can still download it. That is where things could go bad, as you may end up downloading harmful Android Package Kits (APKs) or the raw forms of apps that may put your data privacy at risk.
- Fire OS: Fire OS is a mobile OS Amazon created. Most people know it as the user interface (UI) on Amazon tablets. When compared to Android, you’d realize that the two UIs are oddly similar. That’s because Fire OS is based on Android. It only hosts official Amazon apps on its store, though, so the chances of installing apps capable of stealing data are low.
- iOS: Similar to how they are with macOS, Apple is very careful with apps they let onto iTunes Store. iOS is often considered superior in terms of privacy, and apps can’t have permissions enabled all the time. They have to request them only when a specific action is required. The same is true for iPad OS.
What Is Being Done about the Issue?
Android has the most number of apps, and so it gets the most criticism for being unprotected. To address this, they routinely try to improve their systems. For example, they have already tackled several apps stealing data with the Android 10 update. Now, you can let specific apps access location permissions only when they are running. They’ll no longer be able to access your precise location either. And if they try to, you’ll be notified.
With Android 11 around the corner, Google claims that the restrictions would extend to other permissions, not just location. As Fire OS piggybacks off Android, its systems modeled off Android 10 and 11 would be similar.
iOS 14 saw rapid changes to its system as well. You can severely restrict camera and location access. For instance, apps will only be able to access pictures from certain files.
From iOS 14 and iPad OS 14 onward, you’ll also know when the software is using your camera and microphone, as a notification would pop up. Plus, apps won’t be able to track you on the Internet, as you will be able to choose if you want a specific application to track you or not.
App Permission Setting: How to Turn App Permissions On or Off
Whatever device you’re using, you can learn if your data can be “stolen” by apps by following these steps:
1. Go to Settings on your device.
2. Click Apps
3. Look through their permissions. You’ll see a list of all the files and actions your apps are granted access to.
4. Toggle to allow or disallow the app to access a specific function or feature.
Go through them one by one and analyze them carefully. Do they make sense for the functions they carry out? Should the flashlight application on your phone have access to your location, for example? What about your photo-editing tool? It probably shouldn’t need access to your microphone.
More specifically, make sure you check the permissions related to accessing your:
- Contacts
- Location
- Messages
- Cloud storage
- Camera
- Calendar
- Biometrics
If you are not a YouTube content creator, for instance, and you don’t upload videos onto the platform, it would be safest to turn off the app’s access to your microphone, phone, contacts, camera, and storage. Furthermore, it would be wise to uninstall applications you seldom use.
Final Thoughts
The number of apps that misuse permissions is not numerous. However, they still exist and can put your personal data at risk. To ensure your privacy is safeguarded online, it’s essential to do regular audits of your app permissions and keep an eye out on what terms and conditions you agree to whenever you install a new application.
