Permissions management noob trying to understand android permissions better - Android Q&A, Help & Troubleshooting

Hi I am trying to understand permissions management a bit better, primarily what all the different things you can block etc are. Some of the things such as Call logs, Calendar, SMS etc are self explanatory, but other things (what they are and implications of access to) such as:
Device ID
Subscriber ID
SIM serial
Phone and mailbox number
Incoming call number
Outgoing call number
Network location
List of accounts
Account auth tokens
SIM info
Network info
Is there an FAQ/Guide that explains these things in detail that someone could point me to?
Thanks,
-Gaiko

Make phone calls
Services that cost you money
This permission is of moderate to high importance. This could let an application call a 1-900 number and charge you money. However, this is not as common a way to cheat people in today's world as it used to be. Legitimate applications that use this include: Google Voice and Google Maps.
Another important point to note here is that any app can launch the phone screen and pre-fill a number for you. However, in order to make the call, you would need to press [Send] or [Call] yourself. The difference with this permission is that an app could make the entire process automatic and hidden.
Send SMS or MMS
Services that cost you money
This permission is of moderate to high importance. This could let an application send an SMS on your behalf, and much like the phone call permission, it could cost you money by sending SMS to for-pay numbers. Certain SMS numbers work much like 1-900 numbers and automatically charge your phone company money when you send them an SMS.
Modify/delete SD card contents
Storage
This permission is of high importance. This will allow applications to read, write, and delete anything stored on your phone's SD card. This includes pictures, videos, mp3s, documents and even data written to your SD card by other applications. However, there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission. You will have to use your own judgment and be cautious with this permission knowing it is very powerful but very, very commonly used by legitimate applications. Applications that typically need this permission include (but are not limited to) camera applications, audio/video applications, document applications
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT and you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Read contact data, write contact data
Your personal information
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Read calendar data, write calendar data
Your personal information
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access. Additionally, it's good to keep in mind that calendar events can, and often do contain contact information.
Read/write Browser history and bookmarks
Your personal information
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
Read logs / Read sensitive logs
Your personal information / Development Tools
This permission is of very high importance. This allows the application to read what any other applications have written as debugging/logging code. This can reveal some very sensitive information. There are almost no reasons an applications needs this permission. The only apps I might grant this permission to would be Google apps. The name of this permission recently changed as it came to light how important and dangerous this permission can be. Both the old name and category and the new name and category are listed above.
Read phone state and identity
Phone calls
This permission is of moderate to high importance. Unfortunately this permission seems to be a bit of a mixed bag. While it's perfectly normal for an application to want to know if you are on the phone or getting a call, this permission also gives an application access to 2 unique numbers that can identify your phone. The numbers are the IMEI, and IMSI. Many software developers legitimately use these numbers as a means of tracking piracy though. This permission also gives an application to the phone numbers for incoming and outgoing calls.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
(see image above)
Fine (GPS) location
Your location
While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications. This can sometimes be used for location based services and advertising.
Coarse (network-based) location
Your location
This setting is almost identical to the above GPS location permission, except that it is slightly less precise when tracking your location. This can sometimes be used for location based services and advertising.
Create Bluetooth connection
Network Communication
Bluetooth (Wikipedia: Bluetooth) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-Fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: Sharing applications, file transfer apps, apps that connect to headset out wireless speakers.
Full internet access
Network Communication
This is probably the most important permission you will want to pay attention to. Many apps will request this but not all need it. For any malware to truly be effective it needs a means by which to transfer data off of your phone; this is one of the settings it would definitely have to ask for.
However, in this day and age of cloud computing and always-on internet connectivity, many, many legitimate applications also request this.
You will have to be very careful with this setting and use your judgment. It should always pique your interest to think about whether your application needs this permission. Typical applications that would use this include but are not limited to: web browsers, social networking applications, internet radio, cloud computing applications, weather widgets, and many, many more. This permission can also be used to serve Advertising, and to validate that your app is licensed. (Wikipedia article on DRM).
View network state / Wi-Fi state
Network communication
This permission is of low importance as it will only allow an application to tell if you are connected to the internet via 3G or Wi-Fi
Discover Known Accounts
Your accounts
This permission is of moderate-high importance. This allows the application to read what accounts you have and the usernames associated with them. It allows the app to interact with permission related to that account. An example would be an app that was restoring your contact, would discover your Google account then send you to Google's login screen. It doesn't actually get to see your password, but it gets to work with the account. This is also legitimately used by applications to add contacts to your accounts, such as dialer replacements and contact managers/backup/sync/etc.
Manage Accounts
Your accounts
This permission is of high importance. This allows the application to manage the accounts on your phone. For instance it would be used by a service like Facebook to add an account to your accounts list. It seems at this time unclear if this permission allows an app to delete accounts.
Use Credentials
Your accounts
This permission is of high importance. This will allow an application authorization to use your accounts. They do this typically by giving what's called an AuthToken depending on what account you use (Google/Facebook/Yahoo/Last.fm/Microsoft/etc.). It's not as scary as it sounds however, it does typically protect your password from being seen by the application. However, it's still a very important permission you should give only with great caution.
Read/modify Gmail
Your messages
This permission is of high importance. Few apps should need access to your Gmail or email account. Email is also a prime method for managing accounts with other companies and services. For example, someone with control over your email could request a new password from your bank. While this is the worst case scenario, and there are various legitimate uses for this permission, it's still best to treat all email related permissions with extreme care.
Install Packages
System tools
This permission is of critical importance. This allows an application to install other applications on your system. This can be exploited by virus writers to install adware and malware on your system without your knowledge. It is a very, very dangerous permission and should almost NEVER be granted to a typical app. The only legitimate uses for this permission are for Market-like apps such as the Amazon AppStore or the Android Market.
Prevent phone from sleeping
System tools
This is almost always harmless. Sometimes an application doesn't expect the user to interact with the phone directly, and therefore may need to keep the phone from going to sleep. Many applications will often request this permission. Typical applications that use this are: Video players, e-readers, alarm clock 'dock' views and many more.
Modify global system settings
System tools
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However, a lot of these settings may be perfectly reasonable for an application to change. Typical applications that use this include: volume control widgets, notification widgets, settings widgets, Wi-Fi utilities, or GPS utilities. Most apps needing this permission will fall under the "widget" or "utility" categories/types.
Read sync settings
System tools
This permission is of low impact. It merely allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
Restart other applications
System tools
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However, any app that is killed will likely get restarted by the Android OS itself.
Retrieve running applications
System tools
This permission is of moderate impact. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets.
Control Vibrator
Hardware controls
This permission is of low importance. As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Take Pictures & Video
Hardware controls
This permission is of moderate importance. As it states, it lets an app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.

wow, thats perfect thanx!

Related

Motorola's Suspect APK's

I finally posted on Motorola's Forums asking about the suspect APK's with as much info as possible.
See HERE
If they for some reason take it down I will duplicate it here below:
Ok,
We Motorola owners have been silent and I think its time that we was not. Just last year I signed up for the Electrify Beta test for Motorola's 2.3.5 update for the phone. I received an email from Motorola that within 24 hours I would be getting the updated pushed to my device. At the time I got the email (around 9:30 am) I was using a custom ROM (Cyanogen Mod 7) and I proceeded to back up my phone and flash the phone back to Stock 2.3.4. Once I did that, I never got the update pushed to my device. So in turn I posted that question why I never received it on the Forums.
Mark answered it by saying this:
“Wow you've reset your phone 21 times... Whatever for? The reason you can't get the update is because you've factory reset the phone after the update was sent out. I'll reply in the other thread concerning the wifi issue. It's off topic here.
Mark
Support Forums Manager”
Click to expand...
Click to collapse
To which I answered that it was really non of his or Motorola’s business how many times I reset my device as for one – its MINE. I also asked what else Motorola was tracking from my device and why we users are not made aware of it. Of course I never got an answer to that post.
To be honest it was a Godsend that I never got the update, because as we all know Motorola relocked the Bootloader and has every intention of never making it unlocked again. However that’s a different issue and not the one at hand here.
Now I get that that I missed the update to 2.3.5 because I was on a custom ROM that is totally not supported by Motorola, and quite frankly this isn’t the issue here.
The issue is that my activity was tracked. When I got the phone and activated it I was not aware of any EULA that would state that Motorola would be tracking its users and activities. There was no such message in the Box, Manual, or on the phone on first boot. If it IS in the manual then it is so far embedded in some clause that it’s criminal that it is in there. However I am pretty sure its not.
So I would put that down to my activity was tracked WITHOUT my consent. Which to me, is a pretty big deal.
So this brings me to the meat of this post. A few users have stated there are some suspect apps (Motorola Stock) that are running in the background and require some insane Access Rights.. I will now list them along with the permissions they require (You can see these for yourself on your own phone. Applications > All > and find them on the list.). Some of these are quite the eye opener…
AdService.apk
Network Communication (Full Internet Access)
Phone Calls (ReadPhoneStateand identity)
DataCollection.apk
Your personal Information (Read Contact Data, Read Sensitive Log Data, Read user Defined Dictionary, Write Contact Data)
Services that Cost you Money (Directly Call Phone Numbers, Send SMS Messages)
Your Location (coarse (network-based) location, fine (GPS) location, mock location sources for testing)
Your messages (edit SMS or MMS, Read SMS or MMS, Receive SMS)
Network Communication (control Near Field Communication, Create Bluetooth Connections, Full Internet Access)
Your Accounts (manage the accounts list, use the authentication credentials of an account)
Storage (Modify/delete SD card Contents)
Phone Calls (intercept outgoing calls, read phone state and identity)
hardware Controls (change your audio settings)
System Tools (Bluetooth Administration, change network connectivity, change WiFi State, Change WiMAX State, Change your UI Settings, Modify Global System Settings, Mount and unmount file systems, prevent phone from sleeping, reorder running applications, retrieve running applications, write Access Point Name settings, write Sync Settings)
(Hidden)
Default (Modify battery Statistics, Read Certificates)
Your personal Information (write to user defined dictionary)
network Communication (view network state, view Wi-Fi state, view WiMAX state)
Your Accounts (discover known accounts, read Google service configuration, View configured accounts)
hardware Controls (control vibrator)
System Tools (Automatically start at boot, expand/collapse status bar, kill background processes, measure application storage space, read Home settings and shortcuts, read sync settings, read sync statistics, set wallpaper, write Home settings and shortcuts)
DataCollectorProvider.apk
Your Personal Information (read contact data)
DataCollectorService.apk
Your Personal Information (read contact data)
KpiLogger.apk
Your personal Information (Read Contact Data, Read Sensitive Log Data, Read user Defined Dictionary, Write Contact Data)
Services that Cost you Money (Directly Call Phone Numbers, Send SMS Messages)
Your Location (coarse (network-based) location, fine (GPS) location, mock location sources for testing)
Your messages (edit SMS or MMS, Read SMS or MMS, Receive SMS)
Network Communication (control Near Field Communication, Create Bluetooth Connections, Full Internet Access)
Your Accounts (manage the accounts list, use the authentication credentials of an account)
Storage (Modify/delete SD card Contents)
Phone Calls (intercept outgoing calls, read phone state and identity)
hardware Controls (change your audio settings)
System Tools (Bluetooth Administration, change network connectivity, change WiFi State, Change WiMAX State, Change your UI Settings, Modify Global System Settings, Mount and unmount file systems, prevent phone from sleeping, reorder running applications, retrieve running applications, write Access Point Name settings, write Sync Settings)
(Hidden)
Default (Modify battery Statistics, Read Certificates)
Your personal Information (write to user defined dictionary)
network Communication (view network state, view Wi-Fi state, view WiMAX state)
Your Accounts (discover known accounts, read Google service configuration, View configured accounts)
hardware Controls (control vibrator)
System Tools (Automatically start at boot, expand/collapse status bar, kill background processes, measure application storage space, read Home settings and shortcuts, read sync settings, read sync statistics, set wallpaper, write Home settings and shortcuts)
MasterClearErrorReporter.apk
Your personal Information (Read Contact Data, Read Sensitive Log Data, Read user Defined Dictionary, Write Contact Data)
Services that Cost you Money (Directly Call Phone Numbers, Send SMS Messages)
Your Location (coarse (network-based) location, fine (GPS) location, mock location sources for testing)
Your messages (edit SMS or MMS, Read SMS or MMS, Receive SMS)
Network Communication (control Near Field Communication, Create Bluetooth Connections, Full Internet Access)
Your Accounts (manage the accounts list, use the authentication credentials of an account)
Storage (Modify/delete SD card Contents)
Phone Calls (intercept outgoing calls, read phone state and identity)
hardware Controls (change your audio settings)
System Tools (Bluetooth Administration, change network connectivity, change WiFi State, Change WiMAX State, Change your UI Settings, Modify Global System Settings, Mount and unmount file systems, prevent phone from sleeping, reorder running applications, retrieve running applications, write Access Point Name settings, write Sync Settings)
(Hidden)
Default (Modify battery Statistics, Read Certificates)
Your personal Information (write to user defined dictionary)
network Communication (view network state, view Wi-Fi state, view WiMAX state)
Your Accounts (discover known accounts, read Google service configuration, View configured accounts)
hardware Controls (control vibrator)
System Tools (Automatically start at boot, expand/collapse status bar, kill background processes, measure application storage space, read Home settings and shortcuts, read sync settings, read sync statistics, set wallpaper, write Home settings and shortcuts)
So, to paraphrase Mark….
Wow these Apps need some insane permissions…. WHATEVER FOR??
And aren’t they named well?
I suggest that someone provides FULL DISCLOSURE on what all these apps do. They are NOT required to run the device (if you are rooted you can freeze the processes with no ill effects and can infact remove them) and they most certainly are NOT part of Android’s original OS.. So whatever ARE they for and what ARE they collecting???
So Motorola, the ball is in your court so to speak, I and a great many others would be really curious on telling us what they are for…
Your move..
Click to expand...
Click to collapse
Just a thought on this issue also. maybe a reason you could provide to this **** from Motorola is the fact that these phones have problems out of the box. Random reboots for example. That in itself would be reason enough for me to reset my phone in homes it will go away. Another thing you could point out is that some app developers are using Airpush ads that some people might think are a form of trojan and might also to a reset to try to eliminate them. Bottom line though is you are totally correct and that it's none of their damn business what we do with these phones. Sprint can ***** at us and threaten to void warranties or whatever but Moto has nothing to do with it. I'm curious to know what they respond with. I'm going to post in that forum too
It's funny. Those were the first apps that I had frozen. I have NO problem with my phone since I froze those. It's been about 2 months now and no problems.
My post on that forum rules LOL
Even if they do respond I'll be willing to bet you don't get a straight answer that exposes the truth.
On a side note, are the apps you have listed everything that does the questionable snooping or are there more parts to the puzzle?
I'm a MoPho-er
FernBch said:
Even if they do respond I'll be willing to bet you don't get a straight answer that exposes the truth.
On a side note, are the apps you have listed everything that does the questionable snooping or are there more parts to the puzzle?
I'm a MoPho-er
Click to expand...
Click to collapse
If I knew how to debug and show what those apps did, I would have more "clout" I guess..
I'm sure there's more in there, but those are obvious (and poorly named) with what they do.
I'm not expecting an answer either, but just sitting idly by saying nothing doesn't achieve anything either. It was worth a shot, and if more people post a response in the original thread, then well... its gonna make it harder for them to ignore it as well.
He posted a reply... Usual PR Snuff and tried to make it look like I was the bad one for breaking an NDA on software that was publicly released two months ago..
I think not, so I replied in kind.... Funny how it took a posting of APK's permissions and concerns about privacy (which was brought up before) for him to garner any response on it...
Lets see if this can carry on...
mistaken, your privacy is important and must be protected, in Europe there are strict legislative on this point, and I hope that clarifies why if the European community discovers that unbeknownst to many users, are read everything that trigger sanctions. I also do not want others to know of my sites visited, etc..
sorry for my English
ZeroManArmy said:
It's funny. Those were the first apps that I had frozen. I have NO problem with my phone since I froze those. It's been about 2 months now and no problems.
Click to expand...
Click to collapse
One of the four has something to do with corp. mail now get an error message. Option to FC every thing working though.
Sent from my MB855 using xda premium
Cythrawl,
Honestly, if I would have known that the Electrify would have been like this, I would have stuck with the Hero S. sometimes...I regret switching from the Hero S to the Electrify.
IBMguy said:
Cythrawl,
Honestly, if I would have known that the Electrify would have been like this, I would have stuck with the Hero S. sometimes...I regret switching from the Hero S to the Electrify.
Click to expand...
Click to collapse
If I had have known too, I would have stuck with the Mesmerize until we get the SGII
Love it when people have no idea!
"We Motorola owners have been silent and I think its time that we was not."
"If I knew how to debug and show what those apps did, I would have more "clout" I guess.. "
I would not worry about Moto, the govenment is watching you right now through your tv.
halfdriven said:
Love it when people have no idea!
"We Motorola owners have been silent and I think its time that we was not."
"If I knew how to debug and show what those apps did, I would have more "clout" I guess.. "
I would not worry about Moto, the govenment is watching you right now through your tv.
Click to expand...
Click to collapse
Seeing I don't have TV (or a TV connected to Cable / Sat / OTA) I doubt that...
Thankyou for your really useful post...

[Q] is Camera 360 Ultimate safe?

seems to many permissons...
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
HARDWARE CONTROLS
TAKE PICTURES AND VIDEOS
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
YOUR LOCATION
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Hide
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
VIEW WI-FI STATE
Allows an application to view the information about the state of Wi-Fi.
ksoze11 said:
seems to many permissons...
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
HARDWARE CONTROLS
TAKE PICTURES AND VIDEOS
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
YOUR LOCATION
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
Hide
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
VIEW WI-FI STATE
Allows an application to view the information about the state of Wi-Fi.
Click to expand...
Click to collapse
Yes it is safe, it needs the permissions for geotagging, letting you share pics online, save pics to sd card, keep phone awake while using app etc. Not sure about the log permission though, it might be to read and send them error reports.
Dave
Sent from my LG P920 using Tapatalk
Camera 360 privacy concern
I still suspect it... Why in the heavens would it need these 3:
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
RETRIEVE RUNNING APPLICATIONS
Allows application to retrieve information about currently and recently running tasks. May allow malicious applications to discover private information about other applications.
I just ran it and it only tried using two things, one was gps and one was imei.
The location is for geotagging and I would think it uses imei to identify you have right to use it as it was a paid for app originally and this permission may have been left in.
I use lbe privacy guard and these permissions were all it tried using, blocked both with lbe and app still works so maybe you could try that if your concerned.
Dave
Sent from my LG P920 using Tapatalk
Thanks! I'll try both that privacy guard and the app.
does this blocking thing work with trektrak mobile security as well?

[Q] This application has access to the following

my phone is motorola backflip
Hello there AppMakr folks,
Just some feedback - it would appear that the application permissions that the beta app requests are so invasive that it is scaring a lot of my users away. I had at least 40 of my installs leave me with some very pointed emails accompanying them. Can we get the permissions toned down? Here's what my install asks users for:
Permissions
This application has access to the following:
Hardware controls
take pictures and videos
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.
record audio
Allows application to access the audio record path.
change your audio settings
Allows application to modify global audio settings such as volume and routing.
Your location
coarse (network-based) location
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
fine (GPS) location
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
Your messages
receive SMS
Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
Network communication
full Internet access
Allows an application to create network sockets.
Your personal information
read contact data
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
write contact data
Allows an application to modify the contact (address) data stored on your device. Malicious applications can use this to erase or modify your contact data.
Phone calls
read phone state and identity
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
Storage
modify/delete USB storage contents modify/delete SD card contents
Allows an application to write to the USB storage. Allows an application to write to the SD card.
Show all
Hardware controls
control vibrator
Allows the application to control the vibrator.
Your location
access extra location provider commands
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
Network communication
view network state
Allows an application to view the state of all networks.

S Note permissions comparison? (stock with ICS versus S Choice app store)

Could anyone out there tell me if the S Note that you got with the ICS update - NOT downloaded from S Choice, or from the file that I saw floating around the forum, just the ones that came with ICS automatically - matches the following permissions?
- Your personal information
add or modify calendar events and send email to guests without owner's knowledge, read Browser's history and bookmarks, read calendar events plus confidential information, read contact data, read user defined dictionary, write Browser’s history and bookmarks, write contact data
- Services that cost you money
directly call phone numbers, send SMS messages
- Your location
coarse (network-based) location, fine (GPS) location
- Your messages
edit SMS or MMS, read SMS or MMS, receive SMS or MMS
- Network communication
control NFC, create Bluetooth connections, full internet access
- Your accounts
acts an account authenticator, manage the accounts list, use the authentication credentials of an account
- Storage
modify/delete USE storage contents
- Hardware controls
change your audio settings, record audio, take pictures and videos
- System Tools
allow Wi-Fi Multicast reception, bluetooth administration, change network connectivity, change WIF state, change WIMAX state, change your UI settings, delete all application cache data, disable keylock, format external storage, modify global system settings, mount and unmount filesystems, prevent phone from sleeping, retrieve running applications, write sync settings.
Why I want to know, if you're interested:
I didn't get S Note with my ICS update (SGH-i717R - Canadian, Rogers), and after a song and dance with support, was told by one agent/one email support to download it from the S Choice app store ... and by one call agent that I should stay away from it because it's not from Samsung and possibly malware.. Since S Note was supposed to come with the update, and only My Story needed additional downloading, I was a little wary.
My misgivings started with the bad grammar in the description, the different developer from the My Story app, and finally, the giant pile of permissions it wants. I've tried a slew of things to get S Note/Premium Suite to initialize, and am now at either reflashing the update, which I'd like to avoid since the phone works fine and I don't know what the hell I'm doing, or mailing it in “to the lab,” which I'd like to avoid because apparently not all of Samsung knows what it's doing either, judging by some of the answers I got. So I'd like to just do a comparison to see if the original S Note that comes with ICS also has these permissions. If it does, then I'm just going with the S Choice one and stop trying other things.
Thank you for any help!
Anyone? I know it's a bit of an oddball question, but..? (Unless nobody got it with ICS, which wouldn't surprise me, either.)
Matches what i have... I dont think its anything bad. Samsung proabably wants snote to have full functionality. Insert contacts and be able to call them from the app, geo tag your location etc... Look at the permissions of facebook... They are not that different.
Sent from my Samsung-I717
IMM76D.UCLF6+FJMOD-BUILD2
Stampaufaz said:
Matches what i have... I dont think its anything bad. Samsung proabably wants snote to have full functionality. Insert contacts and be able to call them from the app, geo tag your location etc... Look at the permissions of facebook... They are not that different.
Sent from my Samsung-I717
IMM76D.UCLF6+FJMOD-BUILD2
Click to expand...
Click to collapse
Fantastic - thanks! I was mostly put off by the description of the app "this application is S note can make own note." doesn't exactly scream "I am legit software put out by Samsung, download me!" But if it's pretty much what the original has, then I'm fine.
Again, thanks!

[Q] Excessive Permissions?

I'm after the advice of someone who knows about Android permissions and security.
I'd like to make use of this app - https://play.google.com/store/apps/details?id=com.faradayinstitute&hl=en
That requires these permissions:
This app has access to these permissions:
Your messages
receive text messages (SMS)
Network communication
full network access
view network connections
view Wi-Fi connections
Phone calls
read phone status and identity
Storage
modify or delete the contents of your USB storage
Microphone
record audio
Your social information
read your contacts
modify your contacts
read call log
write call log
Your accounts
find accounts on the device
System tools
send sticky broadcast
test access to protected storage
Affects battery
control vibration
prevent device from sleeping
Your applications information
run at startup
Audio settings
change your audio settings
But isn't that list of permissions completely OTT? I expressed my concerns to them and received the following reply:
I am writing to update you with regards to your enquiry about the Faraday App. I have been in touch with our developers and they have informed me that although this is a long list it is quite common with Android. They are currently working to see if they can reduce the list, however, there is nothing to worry about since you know the origin of there App, The Faraday Institute, and therefore can easily determine whether you wish to allow access (if it is a source you trust/is reputable etc..). The reason they need access to some parts is simply to add their details to your phone, (access your phone book for example is only to add The Faraday to your contacts).
I hope this answers your query for now. I will update you when I receive more information from the developers. Please feel free to contact me if you require further assistance.
I'm no expert but it doesn't really seem satisfactory - or am I worrying necessarily?
Ergates said:
I'm after the advice of someone who knows about Android permissions and security.
I'd like to make use of this app - https://play.google.com/store/apps/details?id=com.faradayinstitute&hl=en
That requires these permissions:
This app has access to these permissions:
Your messages
receive text messages (SMS)
Network communication
full network access
view network connections
view Wi-Fi connections
Phone calls
read phone status and identity
Storage
modify or delete the contents of your USB storage
Microphone
record audio
Your social information
read your contacts
modify your contacts
read call log
write call log
Your accounts
find accounts on the device
System tools
send sticky broadcast
test access to protected storage
Affects battery
control vibration
prevent device from sleeping
Your applications information
run at startup
Audio settings
change your audio settings
But isn't that list of permissions completely OTT? I expressed my concerns to them and received the following reply:
I am writing to update you with regards to your enquiry about the Faraday App. I have been in touch with our developers and they have informed me that although this is a long list it is quite common with Android. They are currently working to see if they can reduce the list, however, there is nothing to worry about since you know the origin of there App, The Faraday Institute, and therefore can easily determine whether you wish to allow access (if it is a source you trust/is reputable etc..). The reason they need access to some parts is simply to add their details to your phone, (access your phone book for example is only to add The Faraday to your contacts).
I hope this answers your query for now. I will update you when I receive more information from the developers. Please feel free to contact me if you require further assistance.
I'm no expert but it doesn't really seem satisfactory - or am I worrying necessarily?
Click to expand...
Click to collapse
what kind of app is it? (currently unable to access playstore)
mjz2cool said:
what kind of app is it? (currently unable to access playstore)
Click to expand...
Click to collapse
Just a "news" app. Here's the description:
The official application of The Faraday Institute for Science and Religion at St Edmund's College, Cambridge. Access news, leading stories of the day, educational resources, and much more, from the institute that is leading research in the understanding of the relation between science and religion.
Bump
Ergates said:
Bump
Click to expand...
Click to collapse
And once more for luck!
Ergates said:
And once more for luck!
Click to expand...
Click to collapse
Any views?

Categories

Resources