State of Android
Android Permissions in real life
You can consider your android phone or device as your house or your car. Whenever you install an application , it is as if you are hiring a person to complete a task or job for you. Imagine you hire someone to do clean your garden and he asks you to give him access to certain area which might or might not be related to the garden and he says "if you need my service , you have to accept my requests" . This is actually what is happening when you install an application on the play store market.
Upon touching the install button you are asked whether to accept the list of permissions that this app requested or entirely cancel the installation process. As soon as you choose to grant these permission to an app, you have given the right to this app to use certain part of your android device in any way they want. For instance if an app is asking to access your camera and you grant it, It means this app can use your camera at anytime and any place it wishes to. Same goes with you private information such as your phonebook, emails , files and so on .. !
Google introduced a new way of granting permissions to an app by introducing "Requesting Permissions at Run Time" in Android 6.0 (API level 23 Marshmallow). This feature enables you to grant a permission to the app when it really needs it. for example you if you install Skype on an Android 6.+ device, It will ask you to allow it to use your microphone when you want to make a phone call for the first time. In this version you
can also disable or enable permissions from android settings.
This is has been a great update in terms of controlling what an app can use but it is not perfect for a few reasons. First of all the developer of the app has to use this feature in order for you to use it. Secondly, If you have a device which has version 6 or higher and the developer used the old way of asking permissions , you can still go to settings and disable every single permissions of an app but by doing that you will interfere with the way that app is functioning and it usually causes the app to crash!
Based on the statistics to this date only 7.5% of android devices are updated to Android Marshmallow which means most of the devices are still using the old way of requesting and granting permissions at install time and not ability to deny access to certain permissions.
Suspicious Apps , Suspicious Requests
It is not a critical matter to grant an app certain permissions that are essential for it to function.For example consider facebook. It needs almost all your permissions and it makes total sense because you are sending messages, you are saving content , it has to access your personal data such as phonebook etc .. in order to give you the synchronised experience that you get from a social media network. You should however look for suspicious behaviors by different apps. Imagine a third party app that is asking permissions that are irrelevant to its purpose. For example consider a keyboard application that is asking for permissions to make phone calls or take photos or access the network. This is where things start to get suspicious and you need to take action.
We started developing Protektoid primarily to scan the apps we used on day to day basis to look for odd behaviors. You should too !