||Tweet this page|
We all love to download and install apps on our smartphones, but few of us pay enough attention to the personal data we let those apps access. Gordon Holmes thinks it's time we started taking app permissions seriously
I like my smartphone. Don't get me wrong, I'm not one of those zombies that walk along the street with eyes glued to the screen reading emails or messages that absolutely have to be read or responded to right now without delay. What is it with these people? For goodness sake leave it alone until you get to your desk or arrive at your destination and stop blocking the pavements. Honestly, it drives me nuts.
Anyway, as I was saying, I like my smartphone. The convenience of accessing the net wherever you are together with some pretty useful apps add up to a positive and practical addition to my daily life. Not that I have gone mad downloading tons of apps; just the essentials like maps, rail travel, news and so on. Oh, and a couple of games for those very long journeys just to break the tedium. So, the other day I was browsing the Google Play store checking out the latest crop of utilities when I saw a game that took my fancy and, seeing that it had loads of good reviews, pressed the install button.
I was then greeted with an eye-watering list of permissions that this game wanted me to agree to. These included the ability to make calls and send texts and emails from my phone without my knowledge, access to my calendar and full contact lists, and to read my phone state and phone identity.
The only thing it didn't ask for was the keys to my house and a full schedule of when it would be empty so it could steal all my belongings and run away laughing.
Needless to say, I didn't download it, but it did make me wonder why this essentially time-wasting game would require all these permissions, and what the motivation was behind such an exhaustive list. It struck me that this was the equivalent of seeing the vampire at the door, recognising it and it only being able to cross the threshold if it was invited in. So I didn't.
The sad fact is that many of us just don't bother to read and consider what it is that we are allowing into our devices; we want the game and just press install, accept the permissions and crack on. I'm not sure that this is the right way to go about things.
Times are definitely changing, with the list of malicious apps and mobile malware growing daily. I am aware of an alert posted as a result of research by the security firm Adaptivemobile - see http://tinyurl.com/kolerworm. This latest threat is a variant of Android ransomware known as Koler, and it has the properties of a worm, using SMS to spread, and also requests permission to read the victim's contact list. The infection starts with an SMS message on the targeted device reading "Someone made a profile named (the contact's name) and he uploaded some of your photos! Is that You?"
This message contains a bit.ly URL which, when clicked, directs to a file-hosting service where the victim is invited to install an app in order to view the photos. Once installed, this malicious app blocks the user's screen with a fake FBI message stating that the device has been blocked for accessing child pornography and Zoophillia (!?!). The victim is then asked for a payment to be made so that the device can be unblocked.
The victim's contact list is read and further SMS messages sent to all listed contacts, so spreading the malware very quickly. It has to be said, however, that this attack can be foiled by not allowing apps to be downloaded from unknown sources; an option that can be found in Settings/Security on Android devices. Just make sure that the corresponding box is not ticked.
At the moment this malware seems to be centred mainly in the USA, hence its use of the FBI warning, but I'm guessing that it won't be long before it's over here. I have already seen one alert by a UK law-enforcement body warning of this attack.
This neatly illustrates how app permissions are becoming more and more relevant if we are to keep our devices safe and avoid our digital identities being stolen or abused. My own response has been to look at all my apps and assess the need for the permissions they require. To be fair there have been a couple of apps that, on reflection, made me wonder just why they need such extensive access. These apps have been binned.
There are others, such as my mobile security program, that require full access, and it is patently obvious why this should be; the apps let you find and monitor a device remotely and even wipe its data in the event of theft or loss, so it's worth keeping your sense of perspective when undertaking this type of review.
As with everything, it pays to use your common sense. If you don't have a problem with those free apps using your data to make a quick buck and report your details to advertising companies, then fine, just keep in mind the potential of the access you decide to grant.
In Bram Stoker's best novel, when Jonathan Harker approached Castle Dracula, he was greeted with "Welcome to my house. Enter freely and of your own free will". You should also be careful with what you accept. You never know where it may lead.
For more, and to stay abreast of everything that's going on in the world of technology, Subscribe to Computer Shopper magazine today, and get your first 3 issues for just £1 »