How to customize Android app permissions > 자유게시판

• 목록
• 답변
• 글쓰기
• 게시판 리스트 옵션
  • 수정
  • 삭제

Everything you need to know about app permissions and the danger they can pose in the hands of attackers.

Often, many of us do not look at the pop-up windows when launching a new program, giving the necessary permissions and agreeing to the "default" settings. Users do not pay attention to what rights they grant to applications, but this can be very costly.

Let's understand the dangers of granting certain permissions to untrusted applications and how and where you can customize them.

Common and dangerous permissions

Some permissions require more attention than others. Some of them, such as Internet access and stopping background processes, are categorized as "normal" because they are not dangerous to the user. Others, such as accessing the calendar and contacts, recording audio, using wearable sensors, and reading data from external storage, are considered "dangerous".

Users of Android 6.0 and newer can choose which permissions to grant to apps after installing them. In earlier versions, there was no choice. Cybercriminals learned to use this to their advantage by developing apps that required older API layers to be downloaded to install.

This security loophole has now been closed. As of August 1, 2018, Google requires apps to be compatible with an Android version no younger than 8.0.

Basic information about dangerous permissions

Since app permissions need to be granted before installation, it's important to know how they can affect your privacy. There are nine groups of dangerous permissions. If a user grants or denies one of the permissions in a group, that choice applies to the other permissions in the same group. Each of the groups is described below.

Body sensors

These permissions are associated with the use of fitness bracelets, heart rate monitors, and other similar gadgets that are allowed to monitor the user's health metrics. But a malicious application can record these metrics from the device and send them to its command and control server.

Calendar

These permissions allow applications to access, modify, and delete events in the calendar, as well as create new events.

Calendar permissions are used by social networking apps and are very useful for scheduling appointments. However, they open the door to all the personal information you probably don't want to share with outsiders.

Camera

These permissions allow apps to take photos, record descargar video de instagram and audio. The very thought that a malicious app could send photos from your device to cybercriminals is unpleasant.

Contacts

This permission allows apps to access contacts, modify and delete them, and add new ones to your phone. Malicious apps can try to get phone numbers and emails from a user's contacts to then use them for phishing and other attacks.

Location

These permissions are responsible for GPS and Wi-Fi hotspots on your phone. By using them inappropriately, attackers can learn the user's location and track the user.

Microphone

These permissions allow apps to record audio using the device's microphone. If a particularly skilled attacker obtains them, they can turn on the microphone even when the user is not using it, record audio, and send the audio to the app's developers.

Phone

This group of permissions gives the application access to the user's phone number, cellular network information, call status, voicemail, IP telephony, viewing and modifying call log data, and even call forwarding to other numbers. Malware with this permission can monitor how the user uses the phone and even make calls without the user's permission.

SMS

Once given these permissions, it is possible to view, receive and send SMS, as well as receive push notifications via WAP and MMS messages. Malicious apps have been known to use these permissions, not only to monitor existing messages, but also to use the phone to spam it and subscribe it to unwanted paid services.

Memory

These permissions are responsible for accessing the device's internal and external storage. Malware that obtains them can view, create and modify documents, photos, music and other files on the phone.

Administrator and superuser permissions

In addition to the normal permissions you'll encounter, there are two other advanced device access options you should be aware of.

Device administrator permissions

These permissions allow you or an app to make changes to the device's system. This includes changing the password, locking the phone, and even wiping it of all data. Security apps, such as Avast Mobile Security for Android, use administrator rights to remotely lock the device and wipe it if it is stolen. Of course, if a malicious app gets these rights, it could jeopardize your phone.

Superuser rights

These are the highest level rights for Android devices. Superuser rights give access to all basic functions of the device. Whoever holds them can do whatever they want with the device. While these rights are disabled by default, cybercriminals have been known to work to gain access to them.

For example, the Colourblock game discovered in the Google Play store turned out to be a trojan attempting to gain superuser rights. We wrote more about dangerous games from Google Play earlier.

Checking an app's request for permissions

The Android system displays the permissions you need to grant before installing an app, but there are several other ways to check for them.

Viewing the requested permissions before installing an app

First, each app page in the Google Play store lists the permissions required for the app to work. Scroll down to the Developer section and tap View Permissions to see the permissions required for the app.

Manage app permissions after installation

As mentioned earlier, you can now view and manage app permissions after installation on your Android. Alternately, select items such as: Settings > Apps > Downloaded apps > [App to check] > Permissions . From this tab, you can grant or revoke permissions.

Managing multiple apps with the same permissions

Android has a separate screen for each permission, which you can use to check which permissions apps are using. Alternately, select items such as: Settings > Apps > [Gear icon at the top] > App Permissions .

Why does the installation show two requests for the same permission?

Often when you install an app, you will be prompted twice for the same permission. The first prompt comes from the app itself and simply notifies you that it needs permission, and the second prompt comes from the Android system. It is when the second prompt appears that you grant the permission. The app will only get permission if you approve the second request.

Grant permissions responsibly

Security consists of two factors - technical and human. The technical factor is automated cyber defense software: antivirus, firewall, and the like. They protect the device by detecting malware and blocking it.

The human factor is entirely up to the user. You, as a smartphone user, are responsible for the permissions granted to third-party apps and programs. Be careful. Keep an eye on the permissions granted.

If you grant a malicious app permission to access your device, there are few security measures you can take to prevent a leak. At the end of the day, it's all in your hands.

Always scrutinize the permissions you are asked for. It may seem inconvenient at first, but the information you gain will help you protect your device.

Follow our news on social networks VKontakte, Odnoklassniki, Facebook and Twitter.