Originally published at: http://www.howtogeek.com/190863/androids-app-permissions-were-just-simplified-now-theyre-much-less-secure/
Google just made a huge change to the way app permissions work on Android. Apps already on your device can now gain dangerous permissions with automatic updates. Future apps can gain dangerous permissions without asking you, too.
Ok I am sooo not techy savvy and I am wondering how I can secure my phone. I do not like how unsecured my phone is by this latest update. What can I do?
I don't think we can do much of anything...
But users can no longer see the Internet access permission when installing an app and current apps that don’t have Internet access can now gain Internet access with an automatic update without prompting you.
I think the internet permission is there, but it's hidden under the Other category.
Sure, that's what they all say. I just wish that iOS's permission system had more granular control like App Ops.
Manual updating of apps is a VERY reasonable solution. I have and will always NOT allow automatic updates for ANY of my Android apps. Manual update only takes a few seconds and is worth the extra minor effort.Most app permissions are necessary for the app to work properly. The only time you really need to worry is when an app asks for permissions to do things that the app is not designed to do, for example if a simple off-line game asks for camera permissions. CM Security is a good app to scan for malicious programs, protect your web browsing, and identify unusual permissions.
I use Android and I'm a huge fan of the brilliant simplicity of stock Android on my Nexus 5... but I'm getting sick of the basic cop out argument we get from most other Android fans mentioning App Ops when trying to defend Android app permissions. Bottom line is 99% of Android users don't even know what App Ops is, the vast bulk of people who use Android aren't geeks, don't root their phones, and stick with whatever flavor of Android they get out of the box. It's an irrelevant defense of a broken permission system. Android is still pretty secure regardless, I've never had an issue but I have noticed an increasing number of really popular well known apps beginning to ask for permissions that should not be needed, why the hell does a popular premium paid game like Hitman Go want access to track my location, there's no way to deny it access while still being able to play the game.
Google need to sort this permission system out, if it means copying iOS so be it
That's not true. Google indeed bundled permissions into groups, and that's, as you pointed out, a step to the wrong direction. But this only affects the Play Store, and the app doesn't get every permission of the group. If you install a APK, the usual permissions are shown.
There's also a way to see the actual permissions the app uses:
-Select an app to see its detail fragment.
-Scroll to the bottom and tap onto "Show details"
Where might one find the "Other" category if one was looking for it? Say for google search app?
No idea - I read it somewhere. I'm still using the old Play Store. (Store updates take a long time to come to me, for some reason...)
I do not see this article as a fanboy thing. I never used an "I" thing and thus not qualified to compare these platforms, however, these issues of Android are very concerning and need to be addressed. For example, why a "news" app needs to know the status of my phone if it is in call or not and also need to know the number of the other party it is connected to. I assume that they don't want to disturb me with the news of world war 3 and that my neighbourhood is under nuclear attack while I am on the phone with a telemarketer BUT why in the world do they need to know the phone number who I called. I agree with paulsilvan's solution of updating apps manually, however, that still does not protect us from those umbrella permissions. For a longtime I have been thinking to root my phone but I guess at this point I am not left with many options but to root it and put a secure rom on it. We will see.
I do find it odd that we don't have control over what the apps do as standard. I did root my Nexus 4 but to be honest the benefits really didn't outweigh the hassles (banking apps no longer working, having to go back to stock on occarion etc.).
I think the best we can do is just go through our phones and uninstall every app we don't use or just use once every 6 months. Just keep the core apps we use most of the time. It just reduces the risk basically.
I recently deleted about 50+ apps off my phone and it's quite liberating.
Just wish I could shift the dozen Google apps I never use...
You can use Safe Play instead of Google Play.
Also disable automatic updates.
No problem getting into my bank's app on a rooted nexus 4,or Nexus 5.
Permissions that I do not accept are the reason all my Android devices are rooted and run XPrivacy. That way I can individually allow (or not) apps to do things they claim are necessary. The underlying permissions are little different, it's just that Google now make them sound less threatening. Such a shame they lost their "don't do anything evil".
Well, you can look at the bottom of the app page on Google Play and click on View information to see all the permissions an app uses. I know you can set updating to manual to prevent apps from automatically getting more permissions. You should tell people about the possibility of viewing the full list of permissions in the article.
But i'm just wondering one thing, does the Play Store ask you to confirm when an app needs more permissions if you are updating it manually, also if the new permissions belong to the same group? Can someone test that?
Nice work. However, the ones I use don't and tell me they don't if you open them up on a rooted phone. even if you try to trick them with various methods.
So for me rooting is a waste of time. I have to say after spending months rooted and then switching back tp 100% stock life is so much easier. It's just a smartphone again rather than something that has to suckle at the end of a USB cable all the while while some other cache or library updates. Battery life etc. seem better on stock too, ironically.
Unless you love fiddling, need a specific function to work or your phone is no longer supported by the manufacturer...just don't bother with rooting. It's an obsession you can live without.
This article is bullshit, if you were just comparing un-rooted android phone with iPhone(JB or not), I agree the situation, but since you brought up the rooted case, your were making no sense.
Once you rooted your android phone, you could install a most comprehensive permission management system of out all mobile OSs on your phone. There are numbers of excellent candidates out there, you could use XPrivacy built upon Xposed framework, or LBE security manager, or you can even use Lucky Patcher to manually disable specific permissions or services for particular apps.
Look, not everybody who uses Android roots their phones, but everybody who runs Android wants their phone and its content safe. You won't see my dad's S4 rooted or encrypted or anything, but if an app he uses is recording his phone calls and reading his messages, you gotta admit, it's pretty freaky.
I really hope, this story gets blown up bigtime, preferably out of proportion. Maybe then Google will be forced to fix the system.
Two problems though:
- I bet Apple has a patent on their way of asking for permissions.
- Because Android has/had Apps that just cannot exist on iOS in that form, such as wallpapers and keyboards, Apple's system couldn't be transferred keeping the entire simplicity. The types of things that are apps on Android (keyboards and internet!) would require more restrictive default permissions than on iOS, so you'd get more popups overall.
Its a shame though. On the iPad mini I can install apps without care*, on Android its kind of a science. As I learned the hard way when trying to explain to my mother how to judge if an app is trustworthy... We ended up agreeing, that she just won't install any apps.
*Except that I'm constantly out of memory.
As usual, I am a little lost with this App Ops permission.
- Does this apply to my Samsung Galaxy Note 8?
- Is the android app version the 4.4.1 the same as my tablet's Google+ 184.108.40.206642489 that I find in my App Manager? Or are you all talking about phones and something else?
- I read that 4.4.2 will have access to App ops again? Does that make sense? If so what is the ETA on that?
- How do I switch from automatic app updates to manual ones? Does that solve the problem.
I like my privacy and do not like my data being used to feed me choices, searches and ads. They always get it wrong. I am different than the crowd and a geek in that regard.
next page →