Android,
the open-source operating system i.e. led by Google is now found on more than
half of all smartphones. This massive use of technology has caught the
attention of cybercriminals, who have begun to double down on their efforts to
illegally obtain personal information from Android users. Mobile malware can
allow cybercriminals to intercept messages, monitor calls, steal personal
information, and even listen in with the device's microphone.
One
of the upcoming issues among the android users is the list of permissions the app requires in order
to work whenever installed. It's tempting to just skip past it, but it’s
recommended to resist as one should at least look at them, not to understand
what each permissions type means but to understand, why an app is requesting it
when you install or update. Even some app requires root i.e. to grant access to
the inner workings of your phone’s OS. Apps like ROM
Manager and Titanium Backup need root because they're performing system-level
tasks on your phone. However, if a clock app or even a new app launcher
requests root, make sure you understand why it needs it before you click
"Allow."
Everyone
wants to protect their privacy, but still want to be participating
in things like social media. And even if you trust everything the app developer
is doing today, you never know if a new update may contain malware planted by
someone else.
Therefore as a precaution you could consider
following suggestions:-
1.) Legitimate app store
When downloading apps, do so from a
legitimate app store i.e. from companies like Google, Amazon, Samsung etc. who
monitor and scan for potentially dangerous or fraudulent programs. However,
fake BBM app recently was able to slip through the cracks and managed to secure
more than 100,000 downloads, before being removed. But if people had looked at
the reviews they could have avoided that spamming service.
2.) Settings
Google includes
numerous settings in the Android operating system that can prevent malicious
attacks. Devices running Android 2.2 or higher, which essentially means all
android apps, have access to Google's malware scanner. Prior to installing an
application, you downloaded outside of the Play store, Google will scan the app
and warn you of any potential threats.
This feature is
enabled by default and can be accessed in the Google Settings app in your
device's app drawer. Alternatively, devices running Android 4.2 or higher can
access the feature by going to Settings, clicking on Security, and scrolling
down to Verify apps.
Devices running
Android 4.2 or higher are also protected from premium SMS charges. A
notification will alert you if an app is attempting to send a text message
using a premium service, at which point you can approve or deny the
transaction. This feature is built directly into the operating system and does
not need to be enabled.
3.)
Software
updates
If there is an update for your
device make sure you download and install it. Manufacturers are constantly
pushing out updates with bug fixes, enhancements, and new features that can
make your device more secure.
4.) Monitor and Tweak App
Permissions On Your Own
If you
really want to install an app that has questionable permissions, or permissions
you don't understand , there are apps that can help. Some will stop intrusive
apps from getting the data, others will just monitor the apps you install to
see if they're doing anything fishy. For example:
- Pdroid
Privacy Protection -(requires root) is an app that keeps an eye on
the types of information that your apps request, and lets you allow or
disallow it on a per-app basis. You can block access to personal or
identifying information for each app you have installed, and it won't
break the app in the process.
- LBE
privacy guard- (requires
root) notifying you when an app tries to access data and giving you the
choice to allow or deny it. The key is that if you deny something an app
needs to function, it may very well crash, so you'll have to think before
you tap. Keep in mind people loved the old version and the new version
hasn't been as well received at Google Play, so your mileage may vary.
- PermissionDog- shows you
exactly how dangerous your installed apps are at a glance. You can tell
just by scrolling through the list which ones are okay and which ones you
should pay closer attention to.
- Pocket
Permissions- it’s
a complete guide to app permissions. It's helpful for Android beginners or
anyone else who's interested in the topic, and wants more detail about
what each permissions type means specifically, and what data is available
when that permission is granted. You can use the app to research
permissions and understand why other apps need them, search by permission
to see which apps request it, sort by risk or importance, and more.
- XPrivacy (requires root)- it’s an open source tool can override a particular permission setting by feeding it junk data. For example, it can feed your Linkedin app fake location information, or your Twitter app an empty address book. And you can do this on an app-by-app basis. So, even if you prevent LinkedIn from accessing your location, you can still offer access to your mapping app. Google removed XPrivacy from the Android Play Store soon after it was made available. But the store still includes a tool that will at least walk you through the installation of the app. According to Bokhorst, creator of app,” I am not building the tool for money. The goal of the XPrivacy project is to offer a free, decent Android privacy solution for as many as possible people," he says.
.
Mostly
pirated and cracked apps contain some form of malware. You could spend a bit on
that game/app you always wanted, which in the long run will give you hours of
entertainment and reward the developer for their hard work, or you can pirate
it and put your personal information at risk.
The
decision shouldn't be hard.
In the end, as a
user, by taking above precautions you really need to trust the developer with
the permissions and as a developer, you have to be transparent about why you
need every permissions.
