Those Application Permissions Aren’t As Harmless As You Think
February 13, 2019 Instant Messaging
You’ve seen the notices pop up on your screen — Allow (application) to Access Your Camera.
Or your microphone. Or your contact list. And the list goes on. And if you’re like most, you tap Allow without hesitation. You then start using the messaging application without giving it a further thought.
But what do these notifications mean exactly? And are they as harmless as they seem?
They’re called permissions. And below we’ll explain them, the consequences of not considering them more carefully, and a few steps you can take to better protect your privacy and the security of your data.
What Are Permissions?
Permissions are concessions or allowances that you, the user, agree to in order to let an application perform its full range of capabilities. With each permission description, the app lays out the conditions which it may affect (or may affect it) while the application is installed or in use.
The permission protocol varies across operating systems and can be confusing as multiple permissions are often presented either at once or one after another in quick succession. Even if the language is clear, the exact meaning behind the permission or why it’s suggested is often unclear. What’s more, consideration of the potential consequences is often ignored.
In a perfect world, the requesting and granting of permission acts as a show of transparency and good faith — indicating that the developer has nothing to hide, while at the same time providing the potential user a more thorough understanding of how the app does what it does. Moreover, the permission is designed to ensure that the app in question is given the data and system access it needs to do its job.
Logically, for example:
- A song recognition app would need access to your microphone
- A mapping application would need your GPS coordinates
- An email application would need your address book to fulfill its duties.
Is That All?
Unfortunately not. With the boom in popularity of free messaging applications, so too have increased the permissions which these apps request upon download and registration. For example, apps like WhatsApp, Viber, Telegram, Facebook Messenger, and Trillian can request access to:
- Photos and multimedia
This doesn’t mean you should rush to delete these apps. What it does mean, however, is that you ought to consider the ramifications of using them — what data the apps have access to, what permissions you’ve given them, what they’re doing with this information, and what could potentially result from providing this access.
For instance, with access to your hardware, features, location, and data:
- You could be unwittingly spied on, eavesdropped, or tracked
- Your photos and multimedia could be snooped and/or stolen
- Your sensitive files and documents could be compromised
Let’s be clear — just because an application is asking for your permission doesn’t mean they’re being straightforward about what they intend to do with your data.
For precisely this reason Facebook has been a regular in the headlines. Over the past year, the social media giant has scraped phone and text message data from Android users, provided Cambridge Analytica access to millions of users’ personal data, and most recently, harvested users’ data through a deceptive “Research” VPN; even going so far as to pay users — many of whom are teenagers — twenty dollars to use the application.
Upon “Trusting,” the app, users consented to providing Facebook limitless data — private social media messages, chats from instant messaging apps, shared media, emails, web searches, browsing activity, and even location information. Now banned by Apple — a clear violation of their rules — the application is still running on Android operating systems.
And while Facebook has perhaps been the biggest violator of users’ data and permissions, they’re not alone. Users of the popular messaging app Telegram have reported instances of unsolicited remote camera access without having first provided permission. What’s more, WhatsApp provides Facebook, its parent company, with users’ personal information, including phone numbers. Supposedly, this is in order to allow businesses to more directly target customers. But by also providing permission to access your location, it opens up any number of hypotheticals.
Let’s say you visit a counselor, for instance. You also happen to have the contact information of an addiction clinic in your phone. With access to your contact information and location, not only could any number of conclusions could be drawn from that data, but that data could end up literally anywhere.
So What Steps Should I Take?
- Use logic and common sense — When going through the permissions list, don’t simply rush to accept every permission in order to begin using the app. A messaging application shouldn’t need access to your device or app history, storage, multimedia, or files. These permissions could expose your browsing history or enable an application to steal, delete, or share your data.
- Read the fine print — It’s something we almost always skip over. But always read the fine print regardless of the application you’re installing. While an application may still collect your data, by educating yourself before you download and install the app, you’ll now whether or not you want to proceed with the app in question. This way, there won’t be any surprises.
- Consider an enterprise instant messenger — In many cases, enterprise instant messengers offer stronger security and fewer surprises regarding permissions or the data they have access to. Brosix Instant Messenger, for example, offers a completely secure internal communication platform which:
- Never requests unnecessary permissions or access to your hardware, features, location, or data
- Prioritizes data security — preventing its exposure to outside threats
- Provides a fully private Team Network
- Utilizes peer to peer communication channels and AES 256 bit end-to-end encryption
- Offers a host of tools and features to streamline internal communication and team collaboration
In some instances, you can disable certain permissions after the fact by accessing them through your settings. But why take that risk? And by the time you disable the permissions in question, who knows what data will have already been collected?
You’ve seen enough examples of user data misuse and malfeasance on the part of big tech companies and their applications. And you, the consumer, simply don’t have enough information regarding how they use your data and what they do with remote access to your hardware.
By carefully thinking through the permissions these apps request, inspecting the finer details of each application and its permissions, and, importantly, considering the instant messenger you use, you can begin to better ensure your privacy and the safety of your data.
Originally published at www.brosix.com on February 13, 2019.