Read the Fine Line when Using Android Apps{4}


Most of us are using android phones and its application. Some of the apps request special permission to access contacts, or other functions of the phone., and the users are aware of that. But there are also apps that require no permission at all. The term no permission seems to be counter intuitive. One will think that this app is really safe to use. But it’s exactly the opposite. This “no permission” apps have full access to the device and can share and use the data from the phone in any form they want. Most of it travels via the web browser of the phone.

Paul Brodeur, who works for “Leviathan Security Group” was successfully able to create a test app with no permission access. He was then able to extract out all the hidden and non hidden files from the phones memory and the SD card. If an app can do that, it is a matter of great concern. People buy SD cards just to store more information on the phone. An an app with no permission access can take everything. In addition he was able to see which apps were installed on the phone too. Phones that used GSM services from AT&T and T-Mobile were easily vulnerable to the test app. Paul stated that such apps can be an easy game for people with malicious intent. All this can happen without the user knowing about it.

However, the app developers have to worry more about such problems in order to avoid big lawsuits against them as opposed to the consumers using the app. A report created by “TheVerge.com”, showed that the gallery app that cam per installed with android phones had stored full addresses associated with the photos. Further digging showed that the photos that were tagged using Picasa had that problem. Picasa was purchased by Google in 2004, and it was caching the locations of the photos for no reason. This type of information is not given in Google, or Picasa’s agreement.

There is a group of believers that such tests and runs can actually help create more secured apps than before. Once one has the information about the weak spots, they can fix it. And as it turns out that the users of these apps can’t really do a lot to avoid that, but the best practice is to read the permission access information before installing the app since they specify the requirements needed in order for the app to run on the device.

Reference:

Gahran, Amy. “‘No Permission’ Android Apps Can See and Share Your Data – CNN.com.” CNN. Cable News Network, 23 Apr. 2012. Web. 28 Apr. 2012. <http://www.cnn.com/2012/04/23/tech/mobile/no-permission-droid-apps/index.html>.