Which Device Permissions To Worry About

fig

Today’s Amazon Free App of the Day is Akinator, a kind of 20-questions game app, and as per usual with many apps there are a number of negative reviews that complain about unnecessary or excessive “permissions”. So, what does that mean, exactly?

Permissions – It’s The App’s Way Of Asking, “Mother May I?”

Whatever kind of web-enabled device thingie you have (e.g., smart phone, iPad, Kindle Fire, Galaxy Tab, laptop, Blackberry, et cetera), it can do some amazing stuff. It can connect you to the internet, it can provide access to your email account, it can maintain a calendar and to-do list for you, and it can run all kinds of productivity and entertainment media, like videos, music, games, ebooks, and of course, apps.

Some of those apps take advantage of the stuff your thingie can do and build on it. For example, every cell phone has a ‘contacts’, or phone book, feature built in, but the built-in contacts feature is usually pretty basic. People who want to do more with their contacts, like sync their phone contacts with their email contacts, add more custom fields for their contacts (e.g., birthdays, notes, extra phone numbers or addresses) or similar stuff will often turn to contact or phonebook apps to get that added functionality.

Obviously, these apps need “permission” to access the contacts or phone book feature of your device thingie in order to provide whatever enhanced functionality they’ve got to offer. Similarly, an app that allows you to access the web (like how Words with Friends lets you play against other real-life players by hooking up your devices across the internet) needs permission to access your thingie’s web browser and “network sockets” (which means internet access) functions—that kind of app must be able to tell if you have an active internet connection, and if not, to create an active connection when it’s needed.

Which Permissions Are Reasonable?

fig

Once you understand this basic principle of app and device permissions—that some apps need to access your thingie’s features or functions to do their jobs—, it’s pretty easy to tell which permissions are reasonable for a given app and which aren’t.

Going back to the Words With Friends example, it would be reasonable for that type of app to need permissions in the network/internet area and possibly your contacts too, if it lets you choose opponents from your contacts list. Many apps will also need access to your device’s ‘sleep state’, to prevent your device from switching itself off while you’re using the app. Even a kids’ drawing app may reasonably ask for access to your thingie’s contact list and email functions, if it provides the ability to email finished pictures.

But if an app is asking for permission to access something it clearly does not need, there’s cause for concern because it’s possible the app is a piece of “spyware”: a program designed mainly to steal information from your device and track how you use it so that information can be sold to marketers. For example, a cookbook app that doesn’t provide any internet or email functionality has no need to access your thingie’s “network sockets” (means internet access) or contacts list, so if it’s asking for those permissions, you should be suspicious.

You Can Control Which Permissions Are Used, To Some Extent

It’s important to know that just because a given app requires certain permissions, that doesn’t mean it will actually use all of them.

For example, many game apps provide the ability to play against other real people, post your high scores to online leaderboards, or share your game progress on websites like Twitter or Facebook, and those apps will need internet access permissions to do those things—but only if you use the online features. If you never choose to share progress online, play against real-life people, or do anything else that requires internet access, the app may have permission to access the internet but it won’t actually usethat permission.

Likewise, since I never entered any contacts or calendar information in my Kindle Fire, I don’t have to worry about contact or calendar permissions for any app I download to my Fire. I also don’t have to worry about any kind of billing permissions for apps with in-app purchasing capabilities unless I actually make an in-app purchase (e.g., buying more ‘coins’ to use in a casino game app).

How To Know What Permissions An App Is Asking For, And Whether Or Not It Really Needs Them

In the Google Play Store, iTunes App Store and Amazon App Store, the permissions required by each app are always listed in the product description for every app. Get in the habit of reviewing them, if you’re at all concerned about spyware or privacy issues. While none of the permissions in the list will have plain English names, most of them are easy enough to figure out based on the type of app. If you have no idea what a given permission is for, just copy it down, then go to Google and type it into the search box to find many online sources for more information about that specific permission. Be sure that you type in your search text like this:

“[permissions text you copied]”

Here’s an example:

“com.android.vending.BILLING”

The quotation marks at the beginning and end are important, because they limit your search to the entire phrase instead of looking for any result that contains any of the words in the phrase.

The biggies to watch out for are anything with the word “network” or “wifi”, which has to do with internet/wireless access, anything with the word “contacts”, anything with the word “billing” or “vending”, which cover actual financial charges (though these are reasonable in apps with in-app purchasing capability), and anything with the word “phone state” or “accounts”, which cover permissions granting access to cell service or online accounts.

The fact that a given app has one or more of these permissions is not suspect in and of itself. It all comes down to whether or not the app actually needs those permissions, and whether the consumer feels the app’s use of those permissions is reasonable.