Apps on your phone, They know a lot

November 9th, 2021 - Written By CyberLabs

Your mobile phone is accessing lot of data of yours? Are you safe?

The average smartphone user these days has between 60 and 90 apps on their device. Most of these apps request some sort of information about you and the device you are using. They may want to know your name, your email address, or your real-world address. But because smartphones are so powerful, they can also get quite a bit more than that, such as your exact location. Some apps will even request access to the device’s camera or microphone.

In order to find out what kind of data your apps may be looking for, Symantec has decided to put the most popular to the test. They downloaded and analyzed the top 100 free apps as listed on the Google Play Store and Apple App Store on May 3, 2018. Neither practice is inherently suspicious. In most cases, information is shared and device permissions are enabled with the user’s consent. And there is usually a very good reason why apps require either. For example, a taxi app will need to be able to access a user’s location in order to tell the driver where to go. Instead, Symantec were more interested in whether any apps were requesting excessive access to information or if app developers were doing everything they could to protect users’ privacy.

Are all permissions necessary?

Do some apps request too many permissions? They took a closer look at several that seemed to request a lot. The first was the Android horoscope app “Zodiac Signs 101 – 12 Zodiac Signs & Astrology”, which has been downloaded more than 1 million times. Among the permissions it sought were:

• Precise user location
• Access to user’s contacts
• Send and receive SMS messages
• Receive MMS messages
• Permission to directly call phone numbers
• Permission to reroute outgoing calls
• Access to phone call logs
• Access to camera
• Read/write contents of USB storage
• Read phone status and identity

The second example they looked at was the Android flashlight app “Brightest Flashlight LED – Super Bright Torch”, which has 10 million installs. Included in the list of permissions it sought were:

• Precise user location
• Access to user’s contacts
• Send SMS messages
• Permission to directly call phone numbers
• Permission to reroute outgoing calls
• Access to camera
• Record audio via microphone
• Read/write contents of USB storage
• Read phone status and identity

Ultimately, it may be up to the user to ask if these additional features are essential to the function of the app and if it’s worth granting permissions for features that only provide marginal benefits.

Do these apps really need all of these permissions? In each case, there were features in the app which made use of the permission. For example, Brightest Flashlight LED offers the user extensive customization options and the ability to make it flash in different ways when the user receives incoming calls or texts. In order to do that, it would need access to calls and messages.

Are some app developers adding features simply to gain access to permissions? It’s a possibility, but something we can’t provide a definitive answer to. Ultimately, it may be up to the user to ask if these additional features are essential to the function of the app and if it’s worth granting permissions for features that only provide marginal benefits.

Guarding your privacy

How to avoid granting excessive permissions

Before you install an app:

• Read the permissions required for the app.
• Think about why an app needs the permissions it requests. If the permissions seem excessive, ask yourself if it’s likely they are there simply to acquire data about you.
• Read the privacy policy. If there’s none, or if it’s impossible to determine from it where your data will go, don’t install the app.

If you have already installed the app:

• You can remove unnecessary permissions by going to the Settings menu and then clicking on Permissions. Removing permissions may cause a poorly designed app to stop working. Well-designed apps will indicate if they need a permission when you attempt to perform the function that requires it.
• In the case of iOS apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on Privacy

How to protect your personal information

• Read the privacy policy on each social networking site and app you use.
• Ideally, don’t sign into an app using your social networking site account. If you do, check what data the app will receive from the social network account.
• If you do sign into apps using your social network account, be frugal about how much information you provide in your public profile on social networking sites.
• When you post data to a social networking site from an app, think about whether you want the social networking site to have this information about your app.

How to check what apps are using data from your Facebook account

• Go to the small down-arrow at the top right of the homepage and select Settings.
• Select “Apps & Websites in the menu on the left to discover what apps are actively using your data.
• Select each app to view and edit the permissions on the data it uses.

How to check what apps are using data from your Google account

• Visit https://myaccount.google.com/permissions
• Here you can review and edit what third-party apps have access to your Google account.

You can also review and edit which apps are using Google for sign in and what information is being shared with them.