Tips

Why You Should Secure your Android App Permissions

Do you know exactly what the apps on your Android phone have access to? Can you name the apps that have access to your contacts, photos, SMS messages or your calendar? We get so used to seeing the ‘allow permissions’ pop-up on our devices, that often we just click ‘Allow’ without paying close attention to what it is that we are permitting.

But with the number of scandals in the media over how companies such as Facebook and Google are using our data, or indeed misusing it, maybe it is time to reassess and take control over exactly what it is we are giving our apps permission to access.

So we are going to explore and explain this topic, allowing you to take back control over your data, your apps and devices. Never before have we had so much information in our phones and computers – we need to be serious about protecting our privacy, especially in light of recent data handling mishaps from companies who are not taking this issue as responsibly as they should.

What do your apps have access to?

The first step to securing your Android app permissions is to discover exactly what your apps already have access to. One way to do this is to go to Setting > Device > Apps. You will be shown all the apps on your phone. If you click on any app, you can select the Permissions option and you will be able to see all the permissions you have granted to that specific app.

How to withdraw permissions from apps

Apps can gain access to a lot of services on your phone, including your Contacts, Calendar, Camera, Location, Microphone, Phone, SMS and Storage. When you select the Permissions option of each app, there will be a slider next to each possible permission. If you have enabled it, you will be able to turn off that permission by clicking on the slider. This will immediately reverse the permission that previously granted to the app. You do need to do this manually for all your apps.

Normally, Android keeps all your apps in an isolated environment, designed to guard your devices’ security. Granting permission eliminates this security wall by allowing your apps access to other areas of your phone.

Kind of permissions

Body Sensors and Additional Information Permissions

There is another category of permission which cannot be accessed as described above. To check your Body Sensors permissions, you will need to go to Settings > Device > Apps and then click on the small cog on the upper right part of the screen. You will be given the Configure Apps menu, choose App permissions to see your Body Sensor Permissions. You can change your permission settings as above, by clicking the slider to turn the access on or off.
If you click back to the Configure Apps menu and scroll down to the bottom you will see an ‘Additional Permissions’ option. This contains four further permissions which are Car information, reading email attachments, reading instant messages and writing instant messages. Toggle these on and off using the slider too, so that you are comfortable with what your apps have permission to access.

Manage Apps’ Access to Systems Settings

You will want to double check which of your apps have access to your systems settings and permission to modify them. Any unwanted modifications to the systems settings could create issues with the functioning of your device. Access this information from the Configure Apps menu again, by selecting ‘Modify system settings’ which will show you all the apps on your phone, and whether they can modify the systems settings. By selecting each app, you will be able to turn off this access by clicking on the slider and changing the setting to ‘No’.

Prevent Malware getting into your data

Illegal malware apps can disguise themselves as genuine apps that you do want on your phone, and trick you into allowing them access when you definitely wouldn’t normally. The way they do this is by overlaying your real apps to gather your authentication credentials to online services. It’s possible to prevent malware from acting in this way by turning off the ‘Draw over other apps’ option which is reached from the Configure Apps screen.

More Permissions

But what are the real consequences of App Permissions?

You might not be aware of what apps can do with the permissions you grant them, so we are going to give you all the facts and then let you decide which permissions you are comfortable with:

SMS permissions

This permission covers SMS messages as well as MMS messaging services. The app will be able to read all of your stored SMS messages, intercept and potentially alter new SMS messages, and even write SMS messages from your phone.

Phone call permissions

If malware apps are granted phone call permissions, they could spread viruses out to your contacts as well as racking up huge bills by ringing premium rate numbers which benefit the hacker whilst leaving you with a massive bill to pay.

Camera and microphone permissions

If apps have permission to access your camera and microphone, you could be recorded at any time without your knowledge – this includes photos, videos and audio files. These files could be sent back to the app creator.

Location permissions

Location permissions can allow apps like Netflix from finding out where you really are and blocking you from accessing their services if you are not in the correct geographical location. More seriously, having access to your location can alert potential burglars to when you are away from home, making you a target for criminal activity.

Operating system and storage permissions

If ransomware gains access to your storage, you could be scammed by having all your files encrypted until you pay for a decryption key. Your information could also be stolen or used without your knowledge.

VPN

Restrict location services on your Android device

Android devices give you the option of turning off location services completely. There are some downsides to this – you won’t be able to use your phone as a GPS to help you find your way somewhere, and some apps won’t allow you access to their services until they have checked your location (a good example is Youtube TV). An Android VPN can be used to give you a different IP address, but many services like Netflix can detect VPNs now so this may not always be successful. If you decide to turn off the location services, you can do this by going to Settings > Personal > Location and clicking on the slider on the Location screen.

So now we have gone through all the ways that you can tighten up your phone’s security by restricting apps’ access to the different areas and services on your device. You will need to keep on top of this regularly. Installing an antivirus is a great step, as it will be able to scan your phone and monitor activity for any signs of malware and viruses trying to get into your phone, especially if they are disguising themselves as genuine apps.

Also consider encrypting your files further if you’re regularly accessing them on the cloud. Make sure to download your apps from reliable sources, and don’t open up attachments or click on links in emails or on websites unless you are expecting them and are completely sure of their content.

App permissions

Each time that you are asked to ‘Allow’ a particular permission to an app, take a moment or two to really consider what it is asking you. Is this information something you will be happy to give them access to and control over?

Does the app really need this permissions access to function, and if so, is it really worth it to give up some of your privacy and security? Only you will know the answer to that so you will want to spend some time weighing up your options. If you find that you are not comfortable, you may decide to uninstall certain apps which seem not to value your data and privacy highly or may put your phone’s security at risk.

You will be empowered by having managed your phone’s security and privacy, and rest easy knowing exactly what your apps have permission to access.