Most Phone Apps Want Unnecessary Device Access

John Lister's picture

Most popular mobile apps request system permissions that aren't necessary for their stated functions, according to a new study. In some cases, an app requested more unnecessary functions than necessary ones.

The figures come from NordVPN, which examined the five most popular apps in 18 common categories. They repeated the exercise for both Android and iOS, making a combined total of 103 different apps. (Source: nordvpn.com)

Both mobile operating systems now use a permissions system that means apps must request specific permission for different types of access to a phone's data and components - for example: contacts, stored files, or the camera.

In theory at least, users can grant some permissions while rejecting others. However, it's not always clear which permissions are genuinely necessary for the app to work as advertised.

One in Five Requests Questionable

The NordVPN survey relied on a little subjectivity about whether a particular permission was necessary for the core functions of the app.

It found that on average 20 percent of the requested permissions were unnecessary. Only 13 percent of Android apps and 40 percent of iOS apps requested no unnecessary permissions. With 16 Android apps and 18 iOS apps, the majority of the requested permissions were unnecessary.

While the problem appeared to be worse with Android, the study authors noted this is partly to do with iOS blocking some access completely, with no option to give permissions. That's part of a common security-vs-freedom debate with the two systems.

Green Light Could Be Bad News

According to the study, the most common type of unnecessary permission was accessing data from the user's activity outside of the app itself. Other common requests for unnecessary permissions included location data and access to the camera, stored photos, and the microphone.

It seems users find apps accessing phone hardware particularly worrying. The latest version of Android now displays a small green light whenever an app is accessing the camera or microphone. The idea is that if users sees this light when they aren't expecting it, they can be alerted to possibly spyware on their device. (Source: croma.com)

What's Your Opinion?

Do you pay any attention to app permission requests? Are studies like this useful or is it too subjective to say whether a permission is necessary? Do you prefer Apple's approach of blocking some access completely or Android's approach of giving more choice to users about granting permissions?

Rate this article: 
Average: 4.9 (10 votes)

Comments

caseymcpoet's picture

Hi Dennis. Been awhile since I've commented but I just want to tell you I am grateful for your newsletter and the topical and important subjects you alert us to. Keep up the great work. I deny them all except for those apps that need the info to function. All the best. Casey

dbrumley3077's picture

Is there a way to remove the permission or the app after this happens ?

beach.boui's picture

Yes. There are permission settings for each app in the Apps section of Android's Settings. But, be thoughtful if you limit permissions. You don't want to limit the permissions that allow the app to do what its supposed to do.

buzzallnight's picture

So, you start to load an app, it wants a permission you don't want to give it,
so you don't give it and the app won't load or run but it's installer is already on your phone
so, you have already been breached and the virus is already loaded.

So, as much as I don't like ios blocking some access completely is the only way to go.

Anyone who has used computers or phones for very long knows that

"software security" is an oxymoron!

Software is so full of holes it is just pitiful.

A really funny example of this is M$'s XP was out for 10 years while M$ supposedly patched any problems with the software. After 10 years of trying to fix it they said you need to upgrade to our new software because it is more secure. LOL!!!

Our new software with no real exposure to the real world is more secure than our software that has been tested and patched for ten years!

ID 10 T error...

So, with an andriod phone you really can't use any apps at all,
Right?