Learning > Tech

Know what app permissions you are agreeing to

Lester Hio on 24 Mar 2018

The Straits Times


Facebook Email

Some give those you have downloaded access to more critical or potentially sensitive data


Why do some smartphone apps ask for permissions that they don't seem to need? For instance, why does the Facebook app ask for permissions to my microphone or SMS access?


The first time you open a newly downloaded app on your phone, you will most likely be greeted with a pop-up window asking if you will allow that app to access certain information about your phone, like contacts, camera or SMS.


And like the terms and conditions people tend to swipe through and ignore, most users will agree to them so they can jump straight into using the app. But those who are more cautious might wonder just what exactly they are agreeing to.


To muddy things further, the specific app permissions are often listed under an umbrella of permission groups for convenience.


That's also the reason why some apps might ask for permissions that they do not seem to require on first glance, but are actually sub-permissions required by the apps so as to function properly.


But on the flip side, malicious app developers can use this ambiguity to design apps that ask for information for the purpose of mining personal data.




App permissions let users give apps they downloaded access to specific capabilities or information on their device.


The two big mobile operating systems - Apple's iOS and Google's Android - require app developers to clearly state what permissions their apps would need from your phone.


According to Android's official development notes, the purpose of a permission is to "protect the privacy of an Android user".


Location, too, is another permission to be wary about, as it can divulge where a user spends the most time, which can be used to extrapolate a home or work address.


Android apps must request permission to access sensitive user data, such as contacts and SMS, as well as system features like camera and Internet, the guidelines continue, so users know what data they are giving up when they use the app.


Apple, too, has strict guidelines for apps that ask for permissions.


"Users must grant permission for an app to access personal information, including the current location, calendar, contact information, reminders, and photos," said Apple's app development guidelines.


Both Android and iOS have, in their later versions, allowed users to revoke access to individual permissions within each app.


If you don't want an app to have access to your camera, for instance, you can turn it off. But if the app requires the use of your camera, then the next time you activate the feature, the app will prompt you again to give it permission to access it.


The Android operating system has nine general categories which it labels as "dangerous" permissions, as these give apps access to potentially sensitive data.


These nine permission groups are: calendar, camera, contacts, location, microphone, telephone, sensors, SMS and storage.


iOS has 13 different permission groups, including iOS-specific ones such as its smart home system HomeKit and media file system Apple Music.


When an app asks for permission, it is actually asking for one of the permissions within the category, rather than all of them.


Take, as an example, the permissions for an app most people have - Facebook. The Android version asks for eight out of nine permissions - all save for sensors - which seems a bit much, but makes sense in the context of what the app does.


Calendar lets the Facebook app post events you agree to onto your phone calendar, while camera and microphone access lets you take photos and videos from within the app itself so you can upload them directly to the social media website.


Facebook asks for location access for users to tag where they are in their posts, while access to contacts is needed to sync your Facebook friends with your phone contacts.




Some permissions give up more critical data than other permissions.


The "read phone status" permission under the telephone group gives the app access to your phone number, people you call and, most importantly, details like your device's unique 15-digit Imei code.


Another one to look out for is the "body sensors" permissions, which grant access to data like heart rate or steps taken. If you're downloading a health or tracker app, that's a legitimate permission to ask for. But if an app with no relation to health or fitness asks for it, warning bells should go off.


Location, too, is another permission to be wary about, as it can divulge where a user spends the most time, which can be used to extrapolate a home or work address.


If any suspicions arise, it is best to check comments and reviews on the app you are downloading.


If many users are calling out the app for excessive app permissions, then it is probably wise not to install it.


Source: The Straits Times © Singapore Press Holdings Limited. Reproduced with permission.


The views, material and information presented by any third party are strictly the views of such third party. Without prejudice to any third party content or materials whatsoever are provided for information purposes and convenience only. Council For The Third Age shall not be responsible or liable for any loss or damage whatsoever arising directly or indirectly howsoever in connection with or as a result of any person accessing or acting on any information contained in such content or materials. The presentation of such information by third parties on this Council For The Third Age website does not imply and shall not be construed as any representation, warranty, endorsement or verification by Council For The Third Age in respect of such content or materials.