Woah - isnt this dangerous?

[doobidoo]

Yesterday I downloaded the McAfee Mobile Security app for my Samsung phone and clicked ACCEPT after seeing all the permissions. After it was installed, I went into the app info and saw the following :-

- the app can directly call phone numbers (this may cost you money) and reroute outgoing calls
- edit your text messages
- send SMS (this may cost you money)
- modify your contacts and write call log
- modify or delete the contents of your SD card
- use accounts on the device
- take pictures and videos
(the above are some of the permissions that freaked me out)


I understand that a virus program needs access to some info so that it can check for and delete a virus. I guess deleting a virus is what is meant by modifying, so I get that. But can someone please help me to understand the following :-

a) For an app to be able to call numbers from your own contacts, or take pictures and/or videos without you knowing, send text message from your own phone without you knowing, etc etc... isnt this dangerous? Isnt it also some form of invading one's privacy?

b) Does anyone find it ironic that all these permissions are asked for by a security software company and they are not open enough to explain in clear terms why they need these permissions?

c) If I uninstall the McAfee app from my phone, will any residual files remain that have permissions or will the app be completely deleted?

Appreciation in advance, thanks.

 

[monsieurms]

Who said "For an app to be able to call numbers from your own contacts, or take pictures and/or videos without you knowing"

This sounds a lot like the Facebook messenger exaggerations that went 'round and 'round.

Did they claim to be able to do that without your knowing? Is there one single example of McAfee turning on your camera or phone and starting to operate unilaterally and do things that you did not request to be done, even if by the user's request that means choosing some setting in the program for subsequent operation?

I know Lookout, for instance, asks for photo rights--they also allow you to choose settings in the program that will let you cause a photo to be taken if someone tries to unlock your phone incorrectly so you can take a picture of the thief. That is purely a setting you choose. Makes sense. If it happens, the photo then gets taken automatically. But you choose to allow that PROCESS or not.

I'm not entirely sure why McAfee wants phone rights, but I'm pretty sure if they start calling people without your knowledge or volition and for no purpose connected to a service you wanted, they will be in big trouble and that is not what this means at all. Ask them on their website. I'm willing to bet that they have an excellent answer--but in any event, even if the permissions are broad on their face, it will be an answer that is hardly threatening to the user. You're just not going to be sitting in the bathtub and find McAfee all by itself decided to take photos of you and post it on Facebook or start calling their personal friends in France. TOS and permissions are in many respects simply contracts of adhesion. I'd love to see a company like McAfee explain that in a Court and claim "But the permissions said it was ok...."

One thing I do agree with---too many permissions are often broadly worded and unexplained. But I know why that happens! Lawyers! They don't want to be caught doing anything that might be even a little bit over the permission line. Better to be broad and inclusive than risk violating a permission. That's called the old "CYA" process Wondering why a permission is needed on an internet forum does NOT result in a lawsuit. Somebody complaining that the program violated stated permissions--hey, that's a money-making opportunity and makes the company a target.

 

[cpaight]

Here's some explanations for the different permissions:

What some of those scary application permissions mean | Android Central

 

[Gobucks1234]

This is my first reply on ac so bare with me. I was freaked about permissions too. Then I realized in the past with computers and other devices the typical default situation was the apps could do whatever they wanted. This is Google's attempt to lock down apps to prevent them from doing strange stuff and to make you more aware. This is actually much better and an opportunity spot a bad actor. The link above is very good explanation.

 

[monsieurms]

This is my first reply on ac so bare with me. I was freaked about permissions too. Then I realized in the past with computers and other devices the typical default situation was the apps could do whatever they wanted. This is Google's attempt to lock down apps to prevent them from doing strange stuff and to make you more aware. This is actually much better and an opportunity spot a bad actor. The link above is very good explanation.

I think the article touches on a lot of good points and it is well done to that extent, but it minimizes (or ignores) the broader picture--the tendency of companies to CYA things even when they are legit. Which is to say, permissions are not always just logical and carefully thought out. They tend to be broad because it is easier to protect yourself as a company with a broad one; and it's easier not to spend 9 extra pages explaining every last detail. (And in fairness--how many of us will read those 9 extra pages if they do explain it in tedious detail?) Some "possibility" in some programmer's head or some "we do this once every 3 years" event may lead to something that sounds scary even when it isn't. It's just shreds of common sense sometimes and gossamer wings. Buy reputable apps--it shouldn't be much of a problem. Buy no-name guys in the Wild, Wild Internet, who knows what is going on. As with so many things, you wind up taking your chances.

What's perhaps more important to remember for legit companies--considering the paranoia that spread around from the Facebook Messenger exaggerations--is that the Courts have interpreted terms of service and the like with a rule of reason. In other words, an app can tell you in unqualified language "we reserve the right to use your camera and post for you to Facebook," but I guarantee that if your messaging app decides to spy on someone, turns your camera on all by itself at 2 a.m. and start taking pictures of doing the nasty with a friend and posts it to Facebook without your permission (either then or in advance through the program settings you select), they ARE going to be sued and successfully, no matter what that permission says. If it starts doing things all by itself for no purpose connected to a service you wanted and requested, there's going to be a problem.

For instance and by analogy, many companies have tried to screw over consumers with harsh terms of service that include venue clauses like "in the event of a dispute, we arbitrate this only in our international headquarters in Paris, France, where all parties must be present." That might fly if the company were based in Paris (and might not!), but when it is based in Cleveland, the Courts tend to start laughing and throw clauses like that out the window as fast as the window can be opened.