New permissions in version 1.99 (and how to check whether an app is malicious [ours isn't :)])

We’ve had a few queries regarding the new permissions in the app version that is now rolling out. Two new permissions are added, they appear as:

This app has access to:

Your messages
Read SMS or MMS

Your personal information
Read contact information

Sounds scary but in fact the app does not read any content of SMS or contacts.

Why we added these

These have been added so the app can keep track of the number of text messages sent and received, as well as the number of calls made and received. In this way the app can help you stay within your usage plan if you have a contract, or stay in control of your spending if you are on pre-pay.

The only data we access using these permissions are:

For calls:
time, duration, whether it was sent or received

For SMS
time, whether it was sent or received

This let’s us make pretty things like this:

We really hope these are useful to keeping track of your spending.

I think Google’s permission system is great, but it does have the disadvantage that sometimes you need quite broad permissions to do very specific things – I don’t think there’s any easy way round that, if there was a permission for every function call things would get rather unwieldy.

How to check whether an app is maliciously collecting data

To see all the data that is sent from your phone (to check if there are any malicious apps on it) this is what you can do:

- Install OpenGarden on your Android device and laptop (not built by us, but by some very cool people we’ve met)
- Turn off Wi-Fi and mobile internet on your Android device.
- If your laptop is connected to Wi-Fi your device should (perhaps after a short while) connect to your laptop via OpenGarden (they will both need bluetooth on!)
- Now all your phone’s data is routed via your computer.
- Using WireShark or a similar network monitor on your laptop to see all the network traffic.

You might have to wait for a while for some apps to fire off data, and some apps might pick up on the fact the data is being sent by another interface, I’m not sure, but this should work in many cases.

This entry was posted in Android Development. Bookmark the permalink.

3 Responses to New permissions in version 1.99 (and how to check whether an app is malicious [ours isn't :)])

  1. shubhangi says:

    thanks for sharing such important and useful information on check whether an app is maliciously collecting data

  2. Pingback: Android App Permissions « Greg Hausman

  3. Pingback: Android Permissions Misery - OpenSignal

Leave a Reply