Header Ads

Google Play Store Update Review App’s Permissions

Google just made a huge change to the way application permissions work on Android devices which has left a potential door open to malicious app developers and hackers.
Google narrows down Android's 145 permissions into 13 broad categories and groups app permissions into 'groups of related permissions', likely for Android users to have an easier time dealing with app permissions.
Unfortunately, the new update has introduced a few potential security and privacy issues, as listed below:
  • hiding permissions behind the group names
  • auto-updating app with no warning for new permissions
According to new update, once a user approves an app’s permissions, he actually approves the whole respective permission groups. For example, if an app want to read your incoming SMS messages, then it requires the “Read SMS messages” permission. But now installing an app, you are actually giving it access to all SMS-related permissions.
The app developer can then include additional permissions from ‘SMS-related permissions Group’, in a future update, which will not trigger any warning before installation.
Google explains, “If you have automatic updates enabled, you won't need to review or accept these permissions as long as they are included in a permissions group you already accepted for that app.
If your Android apps update automatically, then malicious developers can gain access to new dangerous permissions without your knowledge by abusing this mechanism, though a smart user could manually view all permissions in a dropdown before installation, but one out of thousands does that.
Below I have listed some most abused Android app permissions that cyber criminals are exploiting for their personal gain:
  • GPS Location and Network-based Location
  • Read Phone State and Identity
  • Automatically Start at Boot
  • Modify/Delete SD Card Contents
  • Read/Send SMS Messages
  • Read/Modify Contacts
This are what i screenshot

I strongly recommend users to disable automatic updates and verify app permissions manually every time an app wants to update.

No comments

blogmytuts. Powered by Blogger.