Permissions

[103Softail]

Hi folks. Not sure if this correct place but I'll ask away.
Why does the AC app need permission for contacts and for storage (which will not be required how I use the app) and that if I do not allow these then my app appears not to want to work?
I do actually like using the forum however I have never been keen on allowing unecessary permissions for ANY apps.

 

[Mr Mendelli]

Hi folks. Not sure if this correct place but I'll ask away.
Why does the AC app need permission for contacts and for storage (which will not be required how I use the app) and that if I do not allow these then my app appears not to want to work?
I do actually like using the forum however I have never been keen on allowing unecessary permissions for ANY apps.

I've decompiled and hacked looooooots of android applications, and have found that some developers don't bother to remove arbitrary features that SDKs and compilers automitically add to their apps. This doesn't mean that some developers don't care or notice, but also doesn't mean they have sinister intentions. You can find a complete lst of app permissions here on Android Authority, complte with what they mean/do. Some permissions may even be present, but not active or used by the app and are "dead" code. Some permissions no longer appear upon an app installation since android 5 (Lollypop) like network or billing permissions.

Here's the complete list of prmissions in the Android Central app as of version 5.0.25, build 145:
----------------------------------------------------------------------------------------------
ACCESS_NETWORK_STATE
VIBRATE
RECEIVE_BOOT_COMPLETED
WRITE_EXTERNAL_STORAGE
ACCESS_WIFI_STATE
WAKE_LOCK
USE_CREDENTIALS
RECEIVE
GET_ACCOUNTS
ACCESS_COARSE_LOCATION
READ_EXTERNAL_STORAGE
SEND
(Sorry for ratting you guys out ...)
----------------------------------------------------------------------------------------------
Keep in mind: Some of the permissions that are location and account related, don't necessarily mean the app can track you or get account credentials from external sources. Often times app developers are paid to use location services to get proper locale and time information, and can be used to monitor traffic. Some apps that are Google sign-in compatible merely send a request to the devices login data cache to retrieve a user's info simply to ask if the presented account is the one you want to use. If an account is used, there is a sort of "one-time handshake" from Google to the inquiring app to allow a login. The inquiring app cannot decrypt or parse any of the information in the handshake to gain unauthorized access. Hope this answers your questions.

PSA:
While Google does it's best to ensure creeps don't distribute malicous software on the Play Store, this does not mean every app should be inherintly trusted. If you have any doubts, research the app first. Chances are if it's suspicous, other people on the internet know.

 

[103Softail]

Thanks. Does it ans my query? Yes & no. Still do not understand why if I do not give permission for, say, contacts, then the app won't load. That's a nonsense to me.

 

[Mr Mendelli]

Thanks. Does it ans my query? Yes & no. Still do not understand why if I do not give permission for, say, contacts, then the app won't load. That's a nonsense to me.

Sometimes you can deny access to some permissions and the app in question will still work. Part of the Lollypop OS also introduced granting individual permissions to apps upon either launching them for the first time, or when the app attempts to access said permissions. I liked the old method better. You got to see everything an app would access on installation, and agree to/grant the permissions upon the installation. Why the Android Central app requires access to contacts is uncertain. If I find out, I will get back to you.