Views & Reviews
Law in Motion: Cyber Crimes 16 – App Permissions
What are App Permissions
An app is an external software which integrates with the operating system – iOS or Android, and Inter-links with the ‘Core features’ of an Operating System to provide additional functionalities on a Smartphone.
Thus, a compatibility between the Operating System and an App is essential. An older version of Operating System would not be suitable for a new app – some or all features may not work.
Similarly, a newer version of an Operating System may render an older app incompatible.
A harmonious marriage between the Operating System and an App is imperative for the happy married life from a user’s perspective.
Since the Operating System and Apps are two different systems sets, they have to have Linkages to give the desired results. It is like the Apps having to Embed themselves and from Bonds with the Operating Systems. For all the purposes of the Apps to be achieved, the Apps, Seek Permissions from the Users to access various parts of a smartphone – both Hardware and Software. This essentially has the effect of the Operating System (Apple OS or Android) acting as the Central Nervous System (CNS) comprising the Brain and Spinal Cord and the Apps functioning as the various nerves emanating from the CNS but only being able to act upon receiving signals or commands i.e., Permissions from the Operating System.
The nature of these permissions determines the efficacy, sophistication and performance of an App. Once app permissions are granted, the OS and App are Bound to each other.
What are the kinds of Permissions Required-
Different Apps require different permissions to serve their desired purpose effectively. Some of the permissions which Apps require or seek are as follows: –
(i) Access to contacts on smartphone- Hardware/instrument as well as those on SIM Card or connected email addresses where contacts are saved or in the contacts folder;
(ii) Location Access – the apps require access to your location through the GPS/location feature on your smartphone. However, there may be the option of ‘Always On’ for location or ‘Only While Using The App’.
The user can, nevertheless, manually turn off the location access permissions.
(iii) Phone Permission – to read phone status and identity i.e., to determine if the phone is off or on or connected to internet or Wi-Fi etc. and identify the user through the instrument’s IMEI number or SIM Card or IMSI number or even the MAC address.
(iv) Storage Permissions – this access is required to determine whether the phone has enough space for the App to be installed in the first place.
Storage permission also helps the App modify or delete contents on the shared storage of the smartphones, besides this access to storage also enables the App to read the contents on your phone, especially the categorised contents i.e., documents, images, audio-visual files, pdf files, voice recordings, email addresses, contact folders, SMS messages etc.
These storage permissions help the App carry out functions like sending or receiving attachments and cataloguing them for future use and retrieval.
(v) Read Sync Settings – this helps update and synchronise data across devices e.g., Between two smartphones of the same user or between a laptop/ desktop and a smartphone so that the same data is displayed across devices.
If sync settings for a n account – device pair is not turned on, it would keep displaying old and redundant data and not fresh/ updated data.
For example, if the Gmail app sync is turned off in one device, it will not be able to display fresh data accessed from another device. It will ‘Leave Time Gaps’ in information available on devices.
(vi) Access Bluetooth Settings – this permission allows the user and mobile phone to access and connect other Bluetooth devices to the mobile phone while using the downloaded App;
(vii) Near Field Communication – helps connect and share files or device data or App data with other devices;
(viii) Run at Start-up- if this permission is not given, the App will have to be run by ‘manually clicking’ the icon when required and starting at.
However, if the App is given permission to run at Start-up, it is ‘awake’ and ready to use. It remains awake in the background. However, if it is awake and running in the background, it consumes storage space, battery and makes other operations slow. Sometimes this can also lead to the phone getting Hot while in use.
(ix) View Network Connections – Mobile devices can connect over the mobile network or on Bluetooth or Wi-fi. If this permission is granted, the user can use the faster and sometimes free, Wi-fi networks to connect the device and the app. This includes WLAN networks too;
There are numerous other permissions which may be requested when an app is downloaded and installed. Some of these are – receive data from internet; installation of shortcuts; controlling sound and vibrations; access to camera; access to video files; access to display and light on screen; access to microphone on the phone; Google play billing service; read SMS messages; and many more.
What Do App Permissions Do –
Apps attack themselves to the OS of the main smartphone. They therefore, literally ‘Create Access Pipelines’ into the Operating Systems of the smartphones.
However, there are external and third-party apps which, while creating these ‘Access Pipeline’ drill holes into the safer Operating Systems. Therefore, Apps, can create security risks and enhance vulnerabilities in the smartphones by creating ‘Holes’. These holes can be used by Hackers to steal vital data from users.
Sometimes, some unverified and dubious applications can be having automatic programmes to send your user data to the app makers through these holes, automatically.
On the other hand, the App manufacturer is aware of the capabilities of his App and the linkages he has created through the permissions. These permissions can also be used to Compromise smartphones by various means, all of which would come under Hacking and Cyber Crimes.
Which Apps Are safe –
On the internet, your degree of foolishness and greed determine the safety.
There is nothing like absolutely safe. It is a relative concept. However, the Operating Systems are probably the safest of the lot, until compromised. Apple and Android keep updating their Operating Systems by developing Security Patches or updates when vulnerabilities come to their notice.
Next in line of better security are Apps developed by big companies like Google, Facebook, Twitter, Snapchat, Tumbler, Amazon, Nykee, Myntra, PayPal etc. this is because they have enormous resources and a credibility and image to protect and enhance. Their business models are also built around advertising revenues and creating linkages/ platforms for others. Compromise of security is not a risk worth taking for them.
However, despite the checks and safeguards in place, these companies also sometimes allow Third-Party Apps to integrate and access their features. These could be potentially dangerous from a cyber- security view point.
Even in these companies, people can make Fake Apps which provide similar functions but are actually clones meant for nefarious activities. Therefore, even when trying to download and install these APPS, the maker details should be checked and verified before installation.
Then there are apps made by companies (businesses) who have expertise in these fields. Depending upon the background and credentials, the safety can be gauged. Known developers who earn revenues out of software and App development are less likely to be insecure/ vulnerable.
Apps developed by small time developers could be most vulnerable of the lot.
Can Apps make Me Vulnerable –
Yes.
As explained above, usually the Aps are verified and secure and often from trusted Developers. However, the Play Store allows multiple apps and developers to display their apps on it. Some of these could make our smartphones more vulnerable if adequate security features are not incorporated in the Apps.
Some of the basic ways in which Apps can make Smartphones or users vulnerable are as follows: –
(i) Outrightly dangerous Apps – developed only for purposes of data or identify theft or leakages;
(ii) Apps not having Security Features – Some apps may allow leakages of data when on Wi-Fi networks or unprotected networks.
(iii) Encryption – some apps, especially social media apps may transmit messages in ‘Plaintext’ or ‘Plain Sight’ over the internet which anyone can intercept and see. Adequate encryption ‘Wraps the Messages with a Security Cover’ so that unless a ‘Key’ to Decrypt is available, the message content cannot be deciphered;
(iv) Backdoors – some apps create ‘channel’ which are secretive which can be sued by criminals or hackers or the developers to access the data on the App or the user smartphone. These backdoors can lead to compromise either of App Data or data on the entire device too.
Sometimes, some backdoors may be used to either modify or alter or even delete/ erase data on Apps/ Smartphones.
Backdoors can be sued to steal data or even to alter the functioning of the smartphones by creating access to their cameras or microphones so that the user’s device can actually be used to Spy on the User SPY without his/her knowledge.
The backdoors can alter the functioning of smartphones without the suer being aware of the changes.
(v) Ad-clicks – A number of free Apps earn revenue because of the ads displayed when a user opens/ uses the apps or when the user Clicks on the apps.
The Clicks can potentially take the users to harmful websites or softwares which can cause security breaches.
Rupin Sharma
rupinsharma@gmail.com