How to spot a bad Android smartphone application
Most of the time Android applications only request access to your personal details and your phone's features so that they can work properly.
Sometimes rogue apps request access to your information so the developers / hackers can:
- Use your GPS location for targeted advertising
- Install other malicious Applications
- Delete your useful applications
- Phone 0900 numbers at ££ per minute without your knowledge
Don't panic, it's rare to encounter a rogue app, and you can arm yourself against future attacks by double checking that all the permission requests make sense.
To help you spot a rogue app, we've posed a theoretical situation below with a fake application that claims to be a simple recipe collection with a tickable ingredients list, but which is asking for access to a lot of your personal information and phone features.
All the permissions below are taken from the official Google Marketplace and are extremely common. The question to ask when examining any application’s permissions is: ‘Why would this application want access to this phone feature?’
We've highlighted the permission requests that caused us the most concern, in the hope that they will make you examine what future apps you download are asking for:
Super cook cute recipe collection Permissions
This application has access to the following:
- Directly call phone numbers
Very suspicious. This allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
- System tools - prevent device from sleeping
Normal. This allows an application to prevent your smartphone from going to sleep after you haven't interacted with it for a while so that you can keep the app running without interruptions.
- Your location
Suspicious. This allows the application to access location sources such as the Global Positioning System (GPS) on the device, where available. Malicious applications can use this to determine where you are and feed you local adverts, plus this can lead to additional battery consumption.
- Mock location sources for testing
Very suspicious. Malicious applications can use this function to override the location and/or status returned by real location sources such as GPS or Network providers.
- Network communication - full internet access
Normal. This allows an application to create network sockets so that you can access online content through it.
- Storage modify/delete USB storage content/ modify/delete SD card contents
Normal. This allows an application to write to your USB storage, for instance to enable save games or capture saved information it requires to run properly.
- Read contact data
Very suspicious. Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
- Read calendar events
Very suspicious. Allows an application to read all of the calendar events stored on your device. Malicious applications can use this to send your calendar events to other people.
- Write contact data
Very suspicious. Allows an application to modify the contact (address) data stored on your device. Malicious applications can use this to erase or modify your contact data.