As Android users, we are given the curse of knowledge. Each application we buy in the marketplace (now Google Play) tells us in exactly which ways the app will be snooping on us. Unfortunately there is neither a justification for these violations nor usually any more granular information about the intrusion than "Monitor All Phone Calls" or something equally opaque.
I think that other mobile OSes might not be as explicit about what permissions an application has, likely because the apps are screened as opposed to the wild west Android market. Perhaps most users ignore these permissions and blithely accept that they have no privacy anyway and thus aren't that concerned about what further damage is being done. I thought it might be useful to go over a standard application from the more suspicious perspective so that developers can understand what they are up against when they request these permissions and maybe why I have stopped updating at least half of my apps.
So I'll pick the Facebook application which is admittedly a bit more permissive than a run of the mill application simply because of the amount of coordination and communication it does. I'll list the different permissions, then my paranoid mind's worst misuse case for them, and finally what they might actually be doing with my information.
- Your location - fine GPS location
Your personal information - read contact data, write contact data
- Paranoid: Where to begin? I'm allowing Facebook to know where I am at all times. Not just when I'm posting something to provide a search context, but all the time, even when I'm not using the app. Facebook can know whether I visited the STD clinic, a political rally, when I'm usually away from home, and how much I like to eat Taco Bell. They could assemble that data into traffic maps and sell that data to the highest bidder or really just all the bidders.
- Reality: The only location aware thing the app does that I am aware of is their version of check-in.
Network communication - Allows the application to accept cloud to device messages from application's service, full Internet access
- Paranoid: So Facebook has an extensive social graph of me already, but now they have access to data I haven't specifically given them. Is my old girlfriend in my contacts list? Is some old work contact of mine going to see me suddenly show up in their suggested friends list? Really, should Facebook be seeing that at all?
- Reality: So I really don't know why Facebook needs access to my contacts. It doesn't seem to link them up in the contacts view, and I don't see any integration with the app. I assume this is to enable the initial scan if you choose to do it?
Your accounts - act as an account authenicator, manage the accounts list
- Paranoid: Facebook can do anything related to the internet (which I assume in this case means just any TCP/IP traffic). Anything. Facebook could be downloading additional content, using a keylogger, anything that it has access to could be pumped back to their servers wholesale. This would be a particularly thorny one to try to restrict, but it's also pretty insidious.
- Reality: Probably mostly just sending you status updates so you can see when your friend posted a funny picture of cat, right?
Storage - modify/delete SD card contents
- Paranoid: The description on this is poor. It could mean that Facebook is logging you into your other apps. It could be proxying your access and doing all sorts of malicious things. Heck it could even be removing your Google+ account.
- Reality: Probably logs you into Facebook app based on your android credentials
Phone calls - read phone state and identity
- Paranoid: Yes, please read everything on my phone. Would you use the Facebook website if you had to allow it to read the hard drive on your PC? Your Quicken files? Your website cookies and browsing history? Your passwords? Are there any limits to this file system access?
- Reality: Probably runs a cache of images and video on your SD card, or maybe it needs it to upload photos you took? I actually have no idea why it would need this access if the app is running on the system storage.
System tools - prevent phone from sleeping, write sync settings
- Paranoid: Facebook doesn't make phone calls and doesn't log phone calls. What is this all about? Must be spying on your phone calls to add more payload to your social graph. All the more information to sell to third parties.
- Reality: Probably just doesn't want to send you a notification while you are on the phone? Needs to not update if the phone is asleep?
- Paranoid: If I've set the phone to go to sleep on inactivity, Facebook should comply with my settings, why are they trying to second guess me?
- Reality: Stop the screen from blanking out when you are playing a video maybe?
So there you have it: a peek into the mind of a paranoid user. Now would these permissions be a lot easier to accept if they said something more akin to what is in the "Reality" statement? I think so. You really have to give far too much trust to an application when you run it on your smartphone. Other operating systems might hide this from you, but in reality your rights are probably far more compromised than you think they are.
Now mutliply this problem times the 40-100 apps you want to run and you have the difficulty involved with being an Android user. And multiply that times another 30% of the apps that seem to want to "upgrade" their permissions by requesting more access when they release a new version. It's really pretty scary and a real waste of my time to try to sort out what is legit and what is not. We need a better system.