Now that you’ve had some spare time after the hectic holiday season, chances are you’ve downloaded a few new apps or installed some of those pesky updates, with little thought for the privacy implications.
But you might not have been so quick to press ok if you knew how some of Australia’s most popular apps, including banking and social media apps, used your private information.
Each application you downloaded has a list of required permissions, which enabled the app to access sensitive and vulnerable parts of your phone, whether it’s an iPhone or a device running the Google Android operating system. Without knowing what each app will have access to, you don’t know what sort of information you are handing over or how it will be used.
“Ignorance is dangerous,” says app developer Luke Fletcher, who adds that giving an app access to certain features, such as your external storage, can be the same as giving it unlimited control over that part of your phone.
“The SD card is fair game. If an application requests access to it and successfully receives it, then it can access anything on the SD card,” Mr Fletcher said. “It can read from it, delete anything from it, and even upload the contents to the internet.”
“You need to watch out for applications which do not look like they need to access a permission, but do anyway.”
It is also common for apps to track your location, read and send SMS and MMS messages (which can cost you money), obtain your contacts list and upload this information for marketing purposes.
Even when you grant permission to what seems like a trustworthy app, such as giving Instagram access to your photo gallery and camera, this permission could still be misused to siphon away your private data.
“It is possible to access features that the user has granted previously for what appeared to be legitimate purposes, and then use those for ulterior motives,” Fletcher told The New Daily.
Permission granted
The good news is that, in most cases, an application can only gain access when you allow it.
“Occasionally, the hacker community will find bugs that exploit loopholes in the operating system which bypass the permissions, however these are exceedingly rare,” he said.
The biggest concern seems to be apps that ask for unnecessary, and even creepy, permissions. An example is the latest Commonwealth Bank app for Android phones, which was released over the holiday period. This app requires permission to take pictures and video, modify your contacts, and modify or delete the contents of your SD card. The latest Angry Birds and Candy Crush for iPhone can track your location. And many Facebook apps also require full access to your microphone, with the potential to listen to you and even record your phone calls at any time.
“You need to watch out for applications which do not look like they need to access a permission, but do anyway,” said Fletcher.
In order to be aware of the risks, you need to look at the strengths, weaknesses and quirks of the different operating systems.
Apps like Instagram can take much more than photos. Photo: Getty
iPhones
Every iPhone app has basic permissions which cannot be revoked, such as access to your phone’s camera (for both picture taking and video recording) and your internet connection. But you are prompted the first time an app asks to enable other permissions, such as tracking your location or accessing your contacts.
“One of the positives for the iPhone is that it asks your permission when the permission is needed, not when the application is being installed. This gives you a visual clue as to why the application is requesting the privilege at that time,” said Fletcher. “It helps you to make a more informed decision.”
Another handy feature in the latest iPhones is the ability to toggle the permissions of each app after you download it. If you have an iPhone, disable unwanted permissions by going to “Settings” and selecting “Privacy”.
Android
Android smartphones have over 130 unique permissions, whereas iPhone permissions are bunched together in a handful of broad categories. This means that Android users can access more specific information about the permissions requested by apps before and after download.
The downside is that permissions must be granted in bulk when you download an Android app.
“There’s a reduced opportunity to test the experience before deciding that it’s acceptable to grant the privileges,” said Fletcher. “You either download or you don’t.”
This “all-or-nothing approach” may mean that Android users are more likely to skim over the permissions, since they can do little about them.
“Most people blindly accept permissions when installing an Android application, because they just want to use the app. They don’t really review what they’re actually accepting. As a result, most Android applications request more permissions than they actually need,” said Fletcher.
If you have the Android 4.3 or 4.4 operating systems, you can download an app called App Ops to change the permissions settings of individual apps. Unfortunately, this feature has been disabled in Android KitKat (version 4.4.2). So if you have this latest version of Android, you may want to look into downloading a completely different operating system called CyanogenMod, which has a similar feature called Privacy Guard.
Windows Phones
Windows Phones operate in a similar way to iPhones, in that you are prompted each time an app wants to use a particularly intrusive permission, even though you would have already granted this permission when you installed the app. This extra layer of security can alert you to suspicious app activity.
Windows Phones also allow the user to block some apps from running in the background. This prevents an app from taking advantage of its permissions until you open the app, instead of at any time when your phone is on.
The Windows app store does list each of the permissions required by an app before download, but very little information can be gleaned from these short descriptions. So be wary.