Permissions are far from ideal. I'll probably never have an Android device.

[Stevie Harley]

Hello there. This is my first post here, sorry if the title sounds rude but I couldn't do better.

My mother has an Android smartphone and I was playing with it recently and it surprised me that Apps permissions are something that no one seems to care about nowadays (I only install from Google play). Seriously, the massive majority of apps request permissions that doesn't make any sense and are very suspicious. Even the simplest app needs access to network, your precise location and phone calls. (I understand network and location could be for ads, but why 'precise' (gps) location? And why phone calls?)

Most people seems to happily install these apps but I would never install >95% of the 'free' apps solely because of their permissions.

In my opinion, the permissions should either be much more detailed (for example "read phone status and identity - Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call." should be broken in "allows the app to determine the phone number and device IDs", "allows the app to determine whether a call is active" and "allows the app to determine the remote number connected by a call") or they should be 'toggleable' (yes, the devs will have to handle if a permission is denied), or maybe both.

Anyway, Imho, it's an absurd risk to have almost every single application 'knowing' exactly where you are, who you called, your phone number, and being able to access the network.

I know most people are okay with that, but I'm not and will never be, and it seems Google also doesn't care about the devs just throwing a blank check for the users to sign (some apps simply ask for every permission possible). You can call me 'old' but if 'young' means to let the entire world know everything about me then I'm proud of being old.

I have a Nokia featurephone that has offline GPS navigation (something android doesn't have - google maps is a joke (seriously, which country has internet in 100% of the territory) and sygic isn't as precise and reliable) and doesn't have a store with thousand of titles but also doesn't expose my personal information to the entire world.

For me, there's no advantage in having a smartphone as the battery life is awful in most of them and the biggest advantage (the apps) are outta control imho, so I'll probably never install most of them.

I know this topic is kinda pointless to most of you but I'd really like to have a smartphone, however, an Android smartphone is out of question, and I don't see any 'safe' alternative.

Thanks for your time.

 

[neonworm]

Just FYI, the phone call permission is not really accessing your phone calls it is just finding out the state of your phone.

 

[Stevie Harley]

Just FYI, the phone call permission is not really accessing your phone calls it is just finding out the state of your phone.

I don't know... According to the Operatin System itself:
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.

 

[Stevie Harley]

If you allow me; I think ideally the user should be able to choose which of the requested permissions will be in fact granted (like checkboxes on the gui) and Android should handle them in a 'smart' manner, for example, if the app wanted network permission and you didn't allow it, when it tries to access the internet, the OS should emulate a return code from the server... If the app tries to access the contact list, the OS returns an 'empty' contact list, the same for calls and stuff, if the app tries to access the phone number, android returns something like some zeroes. This way most apps will continue working but will be effectively denied from accessing personal information.

 

[kingseanrocks]

Read phone state and indentity is for when your on a app and get a call the app has to be able to regonize the call so it can be answered. Iphones have to do the same thing they just don't list them as much. if you google android app permissions it will tell you exactly what each permission is

Sent from my VM670 using Android Central Forums

 

[Audiyoda]

Okay, so seriously, you're simply not ready for a Android device. You're far too paranoid.

Imagine if Android handled permissions the way you're suggesting - Oooo, look, a call is coming in. The app I'm running needs permission to recognize that call is coming in so the call can actually interrupt the app in question so I can answer the call. While I'm in the process of giving permission to the app to recognize that a call is coming in, and then giving permission to the phone app to pass the call along to my contacts list to match up the caller ID to anyone in my contacts list, which is then passed back to the phone app so I can answer the damn phone, the call has gone to voice mail - which by your theory of smart handling - needs my permission to record the message.

Oh, any your feelings about Google Maps - maps are available for off-line GPS, and are far better than any Nokia navigation system I've come across.

 

[Stevie Harley]

Read phone state and indentity is for when your on a app and get a call the app has to be able to regonize the call so it can be answered. Iphones have to do the same thing they just don't list them as much. if you google android app permissions it will tell you exactly what each permission is

Sent from my VM670 using Android Central Forums

Nope, it also allows the app to read the phone number, ID, and the number I'm calling/receiving a call.

Okay, so seriously, you're simply not ready for a Android device. You're far too paranoid.

Imagine if Android handled permissions the way you're suggesting - Oooo, look, a call is coming in. The app I'm running needs permission to recognize that call is coming in so the call can actually interrupt the app in question so I can answer the call. While I'm in the process of giving permission to the app to recognize that a call is coming in, and then giving permission to the phone app to pass the call along to my contacts list to match up the caller ID to anyone in my contacts list, which is then passed back to the phone app so I can answer the damn phone, the call has gone to voice mail - which by your theory of smart handling - needs my permission to record the message.

Oh, any your feelings about Google Maps - maps are available for off-line GPS, and are far better than any Nokia navigation system I've come across.

Nope, maps isn't available offline, it has a stupid cache but you can't do anything offline.
And the permissions you grant when you're installing the app, not when you're receiving a call.

 

[kingseanrocks]

Like I said there's a reason for all those permissions trust me iv had a android phone for a year iv never been hacked never got a virus you seem paranoid maybe your hiding something?

Sent from my VM670 using Android Central Forums

 

[Stevie Harley]

Like I said there's a reason for all those permissions trust me iv had a android phone for a year iv never been hacked never got a virus you seem paranoid maybe your hiding something?

Sent from my VM670 using Android Central Forums

I know there's a reason for most of them. I just don't understand why these permissions:
-determine if the phone is receiving or in a call (irrelevant)
-read the phone number and id (personal information)
-read the remote phone number (personal information)
are grouped together.
At least the fist one should be separated because it doesn't really matters in terms of security (what can someone do with the information you received a call at 22:39hs?), but to give an app the possibility to read you number+ID and the numbers you're communicating and possibly upload this information to the entire globe is a very different safety issue.

I don't know if you're aware, but if a free app reads your GPS coordinates, your number, etc. and sends that to an ad service, even if the app itself isn't malicious, only God knows what happens to that information once it is 'leaked' out of your phone.

I concluded that if you have an Android phone you either have a featurephone on steroids, or zero-privacy. There's no halfway. Once you begin using it as a true smartphone (meaning you're gonna install some apps) you lost completely your privacy.

 

[gone down south]

IPhone does the same thing, they just don't bother to tell you ahead of time.

Sent from my Nexus 4 using Android Central Forums

 

[Stevie Harley]

IPhone does the same thing, they just don't bother to tell you ahead of time.

Sent from my Nexus 4 using Android Central Forums

I'm not saying IPhone is safe. I'd never buy an IPhone nor Windows Phone device. I don't think Apple worth the money and I avoid MS like hell... I don't want Windows in my PC and surely don't want it in my phone.

 

[gone down south]

I'm not saying IPhone is safe. I'd never buy an IPhone nor Windows Phone device. I don't think Apple worth the money and I avoid MS like hell... I don't want Windows in my PC and surely don't want it in my phone.

So who's left?

Sent from my Nexus 4 using Android Central Forums

 

[Stevie Harley]

So who's left?

Sent from my Nexus 4 using Android Central Forums

Feature phones at the moment... at least until some smartphone OS goes 'smart' and allows you a little bit of privacy.
Maybe I'm just 'old', plain and simple, but I find ridiculous and prohibitive that almost every app can send to the internet (ad providers, but you can't be sure) your identification, your exact location, and the remote number of calls. Not to tell that a huge number of apps could also upload all your contacts, messages, pictures and videos both from memory or taken automatically, etc.. If the minimum privacy I can get is to let the entire world know exactly where I am, I don't think it's very 'smart' to use a smartphone.

Also, the massive majority of Android apps doesn't have any quality. Android have a huge quantity of apps but incredibly bad quality overall (somewhat like the Chrome apps).

Maybe people just get used to it slowly, but I don't agree to use an 'awfully' engineered OS (by the permissions 'groups' you see they didn't put any real effort in it) and apps that requires my personal info in order to run.

 

[sting7k]

IPhone does the same thing, they just don't bother to tell you ahead of time.

Sent from my Nexus 4 using Android Central Forums

What is your source of this information?

 

[sting7k]

Feature phones at the moment... at least until some smartphone OS goes 'smart' and allows you a little bit of privacy.
Maybe I'm just 'old', plain and simple, but I find ridiculous and prohibitive that almost every app can send to the internet (ad providers, but you can't be sure) your identification, your exact location, and the remote number of calls. Not to tell that a huge number of apps could also upload all your contacts, messages, pictures and videos both from memory or taken automatically, etc.. If the minimum privacy I can get is to let the entire world know exactly where I am, I don't think it's very 'smart' to use a smartphone.

Also, the massive majority of Android apps doesn't have any quality. Android have a huge quantity of apps but incredibly bad quality overall (somewhat like the Chrome apps).

Maybe people just get used to it slowly, but I don't agree to use an 'awfully' engineered OS (by the permissions 'groups' you see they didn't put any real effort in it) and apps that requires my personal info in order to run.

I understand your fears. But it's not like a developer is collecting your GPS location, plotting it on a map, and then posting it on Facebook. No app is also ever going to pull pictures, videos, contacts, and message off your phone; that is absurd to even suggest IMO. All of that is explicitly OPT-IN. If you want your pictures to automatically uploaded some where you have to explicitly say that is what you want to do.

I feel you on the phone call stuff for apps. But I think you are blowing it way out of proportion.

 

[Stevie Harley]

I understand your fears. But it's not like a developer is collecting your GPS location, plotting it on a map, and then posting it on Facebook. No app is also ever going to pull pictures, videos, contacts, and message off your phone; that is absurd to even suggest IMO. All of that is explicitly OPT-IN. If you want your pictures to automatically uploaded some where you have to explicitly say that is what you want to do.

I feel you on the phone call stuff for apps. But I think you are blowing it way out of proportion.

Opt-in(/out) how? The only trustful way to opt-out something is by disabling the app permissions, otherwise it's up to the developer to do whatever they want with your phone. Nope, you can't trust in-app options once you've granted them permissions. Of course, if the developer is honest (and I'm sure >95% are) you can, but it's just not reliable.

Also, why one would post your personal stuff on Facebook while there's a cornucopia of criminal organizations paying for that information? Who can guarantee some of these ad providers (the less-known ones) aren't also making money in other ways?

If at least my number, phone ID, GPS location, contacts and messages could be effectively "blocked", I could imagine myself using an Android smartphone, as-is, not only my personal data is vulnerable but also possibly my 'physical' safety.

Seriously, I'd like to punch in the face the guy who decided to mix personal and irrelevant information in the same 'permission'.

 

[JHBThree]

You have a seriously flawed understanding of these permissions.

Enjoy having a feature phone for the rest of your life.

Sent from my Nexus 4 using Tapatalk 2

 

[Stevie Harley]

You have a seriously flawed understanding of these permissions.

Enjoy having a feature phone for the rest of your life.

Sent from my Nexus 4 using Tapatalk 2

Are you telling me that an app that has these permissions:

- Your Location (fine gps loc.)
- Phone Calls (read phone state and ident.)
- Network Communication

can't possibly be sending 'who you are' and 'where you are' over the internet?

I'm surely going to remember this post when something really bad happens to Android users... Using Android (apps) is asking for trouble, and even worse, it's clear to me that you're vulnerable using apps and no one seems to care or to understand what most permissions even mean.

I'm sorry to tell you guys, but there are plenty of criminals out there and life isn't a fairy tale.

 

[JHBThree]

Are you telling me that an app that has these permissions:

- Your Location (fine gps loc.)
- Phone Calls (read phone state and ident.)
- Network Communication

can't possibly be sending 'who you are' and 'where you are' over the internet?

I'm surely going to remember this post when something really bad happens to Android users... Using Android (apps) is asking for trouble, and even worse, it's clear to me that you're vulnerable using apps and no one seems to care or to understand what most permissions even mean.

I'm sorry to tell you guys, but there are plenty of criminals out there and life isn't a fairy tale.

That's exactly what I'm saying. Based on your posts you aren't interested in debate or conversation. The only thing you seem to be interested in is blind bashing of android.

Sent from my Nexus 4 using Tapatalk 2

 

[Ry]

Are you telling me that an app that has these permissions:

- Your Location (fine gps loc.)
- Phone Calls (read phone state and ident.)
- Network Communication

can't possibly be sending 'who you are' and 'where you are' over the internet?

I'm surely going to remember this post when something really bad happens to Android users... Using Android (apps) is asking for trouble, and even worse, it's clear to me that you're vulnerable using apps and no one seems to care or to understand what most permissions even mean.

I'm sorry to tell you guys, but there are plenty of criminals out there and life isn't a fairy tale.

This is not just an Android thing.