Android Market and security

[Fourstar]

I'm just having my first browse through the marketplace and the access requirements I find quite shocking.

A google maps update wants access to pretty much everything including making phone calls and recording audio.

Barcode scanner wants to read and write contact data; read my browser history and bookmarks; modify wifi state and global system settings.

Everything seems to want my GPS location.

All of these are in the "top free" apps section with hundreds of thousands of downloads so I assume all these apps must need these things for a reason I can't yet fathom that is not connected to stealing data?!

 

[Reza86]

It is worrying, you've just got to look for things with good comments or publishers you trust.

 

[HumbleCoder]

The Android permission system, while an excellent concept, is difficult to implement. Read and write contact data is good example, if you write an app that lets you share a link or data via email it makes sense you want to use the persons contacts to look up email addresses so you add that permission to your manifest. The user then gets what you did and thinks "WTF, why does shake the kitty to death app want to access my contacts?!" when it's perfectly valid.

There is many simple functions that require mad permissions, acquiring a wake lock is another example, if the app does something in the background and doesn't want the phone to go sleep while it's working you need a wake lock therefore you need to change global settings.

Sadly there is no simple solution, making more granular permission would mean a massive list that the user probably wouldn't read and allowing the app dev to add a reason they want that permission is pointless because a bad guy is hardly going write "To send messages to a special number that cost you £4 each"

The best you can do is if something looks like it wants too many find an alternative app and check reviews online for what you're about to install.

 

[Fegruson]

I think the problem is, those lists being too vague.

When barcode scanner has "access" to you history, it will only store history of what you have scanned...

Maps, the record audio is for speaking to your phone for directions (Car Mode etc), and the making phone calls bit will be for Latitude/Talk/Contacts... placing them on the map and allowing that to use the dialer.

There are apps out that that require too much data just for it to be used - I think the reg made an article at some point last week about it.

But there is definitely isn't malicious in Maps wanting to read your contacts and make calls. Nor is there about Barcode Scanner accessing your "browsing history".