Join Nick Brazzi for an in-depth discussion in this video Working with app privacy permissions, part of Learning Android Phone and Tablet Security.
- When you install apps on your Android device, they may have the ability to access other data stored on that device. For example, the Facebook app can access your address book contacts, and the Evernote app can access your location and calendar. Some people are not comfortable granting this sort of access. Can you trust that the developers who made these apps are using your private data responsibly? Now I can’t tell you which apps to trust, but what I can do is help you figure out what data your apps can access, so you can make an educated choice about which apps you want to use.
Now first, I want to do something that you’ve probably done many times. I want to install an app. So I’m gonna go to the Google Play Store, and I’m just gonna do a search. I want to use the Facebook Messenger app as an example. Now I’ll go ahead and type that into the search... And here it comes up. And I’ll tap on the Messenger app here. And because I want to install it, I just hit the ‘Install’ button. Now here’s a screen that most people skip past pretty quickly. You’ve got to hit the ‘Accept’ button to install this app.
But before you do that, do you ever stop and look at this list of permissions? This is a list of data and services that this app will need to access. If you’re okay with granting permission for the app to access all of this stuff, just hit the ‘Accept’ button to install the app. If any of this concerns you, you might want to cancel the installation. Now let’s look at some of these permissions. If you’re using Lollipop, it looks a little bit different from older versions of Android. In Lollipop, all of these permissions are organized in categories.
And if I tap on any of these categories it gives me more information. So this app wants to have permission to access my address book contacts. It needs permission to use my device’s actual location. It’ll even access my text messages, as well as my camera and my microphone. So these are important things to keep in mind, and you want to make sure you’re okay with these permissions before you install this app. Some people would argue that they don’t want Facebook to access their personal data, because they think Facebook might use it in a way that they’re not okay with.
Now I’m not gonna get into that debate, but Facebook Messenger is an app that you use to communicate with other people as well. Regardless of how you feel about Facebook, you should be aware of what information you might be sharing with other people. In a moment we’ll talk about how at least one of these permissions might be a concern to you. For now I’m gonna go ahead and accept these permissions by installing the app. So I’ll just hit the ‘Accept’ button, and the app will install. After I’ve installed the app, I want to take a look at something in ‘Settings.’ So I’m gonna hit the home button, and I see the app appears there on my home screen.
I’m gonna go into ‘Settings’ on my device, and I’m gonna go to the category for ‘Apps.’ And here I can review the permissions required by each app I have installed on my device. So I can tap on any of these apps. So let’s scroll down to Facebook Messenger. We’ll tap on that. <i>And if I scroll down on this screen,</i> again I can see all of those permissions required by this app. Scrolling back up to the top, of course, you can see that you can uninstall this app if you decide that you don’t approve of any of these permissions.
But I’m not able to revoke individual permissions. It’s an all or nothing thing. Either you install the app and let it use its permissions, or you just uninstall it. Or you don’t install it to begin with. So that’s how it works in general. I’m gonna give you one example of where you might be concerned about permissions like this. So I’m gonna back out of this, go to the home screen, and I’ll launch Facebook Messenger. It’s my first time using the app on this device, so I’m gonna have to log in to my Facebook account. I’m not gonna log in with my phone number, I’m just gonna hit this option to log in with Facebook, and I’ll type in my name and password for Facebook.
And I’ll hit ‘Continue.’ And I’ll skip past a few details here. I don’t want to use text, so I’ll hit ‘Not now.’ I don’t want to do anything with my phone number. I’ll hit ‘Not now’ and skip. And I’m all set up. I’ll hit ‘Continue.’ And I haven’t used this in a while, but I’ve got some messages here waiting for me. If I want to respond to one of these messages, I just tap on it, and I’m gonna go ahead and write a message just by tapping in this field here. And I want you to notice this message that pops up. It says, “People in this conversation “can see your location on the map.” By default, the Facebook Messenger app is set up to send your location with every message that you send.
If I hit the x on this, I can actually turn that feature off by hitting this button right here for location, on the right side. And now it tells me that ‘Location’ is turned off. If I hit it again, it’s back on. But I want you to notice something: If I turn it off here, let me just back out of this conversation, and maybe I’m gonna reply to this message to a completely different person, I see that location is on here. So turning it off is a setting for each individual conversation. Now, it is worth noting that I can go into the settings for this app and I can turn off the option for ‘Location.’ But that’s not the point.
The point is this setting was on by default, and by default it would’ve sent my location to anybody I was chatting with, and this could be a significant privacy concern for you. Especially if you’re a parent with children who use apps like these. Now that’s just one example. But you can see why it’s really important to be aware of the permissions that come along with each app that you install, and then decide whether you actually want to install it, or uninstall it. The options that you saw in this movie were shown on a Nexus device running the stock version of Lollipop.
The menus and options work the same in the stock version of KitKat. However, these menus may be different on devices from other manufacturers. On a Samsung device, to access the app information after installing an app, you’re gonna need to go into ‘Settings,’ and fairly close to the bottom we’re looking for the ‘Application manager.’ This is where we can view the apps that we have installed, we can tap on these apps and see which permissions they have access to. Most Motorola devices should work the same as stock Android.
On any other device, you may have to hunt a bit in your ‘Settings’ screen, but you should see an option similar to ‘Apps’ or ‘Application manager.’ There are too many possible permissions to talk about them all. But I hope when you install an app you’ll take a moment to see what permission that app requires. Think about whether it’s using data that you might not want to share. I think it’s a good idea to think critically about this before installing any app.
- Protecting passwords
- Working with a Google account
- Keeping software up to date
- Enabling screen lock and Smart Lock
- Locating and disabling a lost device
- Adjusting app privacy permissions
- Installing malware-free apps