community.riocities.com

Android apps

Android Applications with sane permissions

Finding apps at the play store with sane permissions is a bit like looking for a needle in a hay-stack.

There is no way to, for instance sort apps by the amount of permissions they require.

How do I define sane permissions:

  • A. Does not require more permissions than what should be necessary to accomplish task X
  • B. Does not require access to private data + Internet
  • C. Does not require access to parts that only system apps should need

Why:

  • A. "Make each program do one thing well"
    1. If an app tries to do multiple things, it is probably its main task that it does the best. Task y,z might be of lower code quality and also therefore more sensitive to security bugs.
    2. There is also most probably apps that will do y,z much better anyhow.
  • B. "Maintain isolation of your data from others" / "Principle of Least Privilege"
    1. There is a risk that the app is malicious, in that it sells (or in other ways abuses) your private data
    2. If the app (or what the app interfaces) has a security fault you personal data it at risk
  • C. "High risk of the app being malicious"
    1. Why should for instance a calculator app need access to your wifi password?

A word of warning; Please note the the sdcard is always world readable (configurable in Android 4.1->4.3) , i.e all apps can always read your sdcard. Seriously conciser this when you grant (/install) apps with network access.

More on sd card (EXTERNAL_STORAGE) read: http://source.android.com/devices/tech/storage/

Worth reading about the new permission groups in play: http://www.xda-developers.com/android/play-store-permissions-change-opens-door-to-rogue-apps/

List of apps that I have found that fulfills my requirements:

Published

Last Updated

2015-01-15 00:00:00+01:00

Author

henrik

Category

SW