Excess permissions put Android app users' data at risk
Over a third of the 1,020 most-downloaded Android apps on the Google Play store request access to a user's camera -- despite no obvious benefit for user experience and potentially placing sensitive data at risk.
Research from CyberNews also shows one in three apps request access to track a user's precise, or approximate, location. Excluding those that require such access to function, such as weather or navigation, applications attempting invasive access included gaming and even wallpaper, which appear to have no legitimate reason to track location data.
The research sheds light on the widespread tactics used by app developers to harvest personal and sensitive data through permissions requested at the point of download. Apps in the lifestyle, communications and navigation categories rank top for the highest percentage of unique dangerous data access requests, including access to the camera, microphone and location.
Mantas Sasnauskas, Senior Researcher at CyberNews, says:
For some apps, permission access is a vital step in providing a service for users -- location access is crucial to a navigation app working correctly, for example. But our research has uncovered worrying access requests that do not enhance the user experience in any way -- these apps have no reason to access your camera or microphone!
It's purely a data gathering exercise from developers, which could have huge consequences if the data falls into the wrong hands.
People are aware that data can be a form of currency: we trade this in exchange for 'free' apps. In some cases, users will view this trade as worthwhile. But as the research shows, some developers are crossing the line and exposing sensitive information to third parties, or at worst bad actors who could gain access via a cyber-attack. So, before you install an app from any of these categories, be extra careful when making sure it only asks for permissions that are necessary for it to function.
You can read more about the research on the CyberNews site.