socialrosiechen: Understanding the Android Market security system

Tuesday, June 29, 2010

Understanding the Android Market security system

Filed under: Security, Features, Mobile, Android

Last week I (and a bunch of other sites) ran a scandalous-sounding story about the Android Market and how 'up to 20% of its apps could be malware'. Google actually contacted us and asked for a retraction; I refused. Instead, I decided to explain the Android Market permission system.

If you don't own an Android phone, the permission system is fantastic. Every app has to define which resources it wants access to. When you install an app (via the Market), you are shown a bunch of very clear warnings that detail what data and services the app will have access to. The great thing about this system is that apps can't lie. An app can't, after two weeks, gain access to your email.

The system is, in all honesty, fantastic. The only real weakness is user ignorance -- if you install a wallpaper app that wants the ability to send SMSes, that's your fault!

So, this guide goes some way to explaining what each of the permissions allow your phone to do. I'm not going to cover every single facet of the system, but hopefully you'll be a little more savvy by the time I finish.

Location

This one's fairly simple, but still: watch out for apps requesting your fine (GPS) location when it's not necessary. Ask yourself whether an app really needs to know your exact location, especially when combined with some of the 'transmission' permissions.

Internet Access

Almost every app has this permission -- and that's fair enough in most cases. But does a Play Your Own Vuvuzela!!1 app really need Internet access? This permission, combined with almost any other, is a potential recipe for disaster!

Your Messages

With this permission, an app could in theory forward your most private and treasured text messages to anyone (via the Internet). Combined with the next permission, an app could send the worst SMSes to your ex-girlfriend or boyfriend...

Your Personal Information

As you might think, this one's probably the most dangerous permission when it comes to privacy. Do apps really need access to your browser history? With access to your contacts, and Internet (or SMS) access, your phone could be used as a full-blown spam factory! (This is why there are concerns about malware on Android...)

Hardware Access

OK! Now it's getting a bit creepy -- in the wrong context at least. Android apps can request access to your camera and take photos -- they can even use the flash! Apps can also record audio. Again, just ask yourself whether an app should be able to use your camera...

Storage

A lot of Android Market apps want access to your SD card! I imagine this is mostly for storing configuration and cache files. What I don't know is whether this permission grants access to files created by other apps. I hope not...

System Tools and Configuration

This isn't as scary as it looks! Well, it could expose sensitive data, but I doubt it. Just be aware that some apps might stop your screen from turning off, or might force your Wi-Fi on and off -- apps that play with your System Tools will probably affect your phone's battery life.

Modify Phone Calls

This one's odd, and another one that you shouldn't see very often in legitimate apps. You could see some kind of voicemail app needing this permission, or an app that redirects incoming calls -- I don't know why you would want to interceptoutgoing calls.

Services That Cost Money

Notice how this permission is nicely separated from the 'reading SMSes' permission. If you see this warning when installing an Android Market app, think twice. Unless it's Skype or Google Voice, does an app really need the ability to make telephone calls?

Appendix

I haven't covered everything here -- but I have covered just about everything you will usually see. Still, here's a few more resources:

Security and Permissions on Android -- this resource outlines the actual architecture of Android security. It's a good read (and the first few paragraphs aren't too complicated).
Manifest.permission -- the Android Developer resource containing every permission in existence.
The Brick Permission -- believe it or not, you can give an app permission to 'brick' your phone...