Wen downloading apps from google play wat are the type of permissions to watch out for that are bad?

  • 18 September 2013
  • 2 replies
  • 962 views

Wen downloading apps from google play wat are the type of permissions to watch out for that are bad?

2 replies

Userlevel 7
First thing is to google the App name or even better the package name and see what appears.First think you have to ask yourself what the program is and why is it asking for certain permission? If its an stop watch application why is it asking for permission to read your contacts/send SMS or to access the phones IMEI that should set alarms bell off. On the flip side if its a internet messenging application it will need internet access and access to your contacts. 
 
Be very careful installing apps that arent from the google play store (i.e if you have rooted your device). I am not saying that if its on the google play store its definately good btw.
 
android.permission.Read SMS
android.permission.Send SMS
android.permission.Read Phone State
android.permission.Internet
android.permission.Access_fine_location
 
 
Userlevel 7
I'd say these are big ones to watch out for:
Authenticate accounts, Read sensitive log data, Read contacts, Write secure settings, Process outgoing calls, Send SMS, Read social stream
 
Mostly, those could be used for information stealing attacks, but some of them could do things like try to charge you for making a phone call or sending an SMS.
 
Possibly some of our threat researchers might want to add to this list.  @ maybe?

Reply