Permission to spy on you?

Most people have smart phones these days and of course smart phones really come into their own through the use of Apps. There seems to be an app for every conceivable thing and lots of them are free. The phone makers make a good effort to protect us from bad apps by making sure that when we install or update an app, which wants to access, for example, the camera – then we are shown this clearly and we have to grant the app permission to have the access it wants.

But do we really pay attention to these pop-ups that advise us what the app is looking to get permission to access? I would say no in most cases, because we just want to get the app and we trust the maker of said app, so let it have whatever it wants.

I’m raising this issue following:

1. the recent revelation about Snap Map, which is effectively Snapchat’s stalker mode, where you can see the current exact location of other Snapchat users.
2. a discussion with a colleague who uses an app that was developed for a small, rural community area and which she discovered showed the current exact location of any other user of the app.

In the case of Snapchat, they are a large corporation with a huge number of end users and the revelation about the Snap Map feature has gotten quite a lot of media attention. Therefore a lot of people will have become aware of it and for those people who are concerned for their privacy, there is a means of disabling it, while still using the app for it’s original intended purpose.

In the second case above, there is probably only a hundred or so end users of this app, which was supposedly a simple community noticeboard. The discovery of the map containing the location of current users was made by accident and caused great concern for my colleague, who is now going to speak with the app developer. There is no way to disable the location tracking without uninstalling the app.

That app, when it was being installed, obviously asked for permission to the person’s identity and location (amongst other things), but like most people, anybody downloading the app would have trusted their local app developer and just accepted whatever permission was requested by the app, without question.

I tend to be more careful about what permissions apps are looking for, before I let an app install or update (with new permissions). For example, I have an old Android phone (not my primary device), which is no longer receiving updates from Google. So there probably exists vulnerabilities which are not being patched (if you wonder why this is important, you obviously haven’t read Commandment 1 ).

I therefore downloaded the free Avast Anti-Virus app to give me an additional layer of protection (in keeping with Commandment 2). Initially it looked for permissions to in-app purchases, Device & App History, Identity, Contacts, Location, SMS, Phone, Photos/Media/Files, Wi-Fi Connection information and Device ID. I was a little cagey about it needing access to location. Avast is a large company with a good reputation, so I took the decision to allow it access.

Then several weeks ago it looked to update the app and needed some additional permission granted. Now it wanted the following:

I can see no justifiable reason for an Anti-Virus application to need permission to access the camera and microphone, let alone Bluetooth connection information. Viruses do not come through by the phone looking at or listening to something. So I have not allowed it to be updated.

Everyone really needs to be more careful when installing or updating apps, particularly when presented with the permissions pop-up. Just think “What is this app going to do for me?” and then go through each of the permissions it is asking for and say “Why does it need access to …?”. If you are really unsure, then please ask somebody who knows about such things (and not your pre-teen or teenager). If you want, you can reach us at support@L2CyberSecurity.com.