Summary

Here we will take stock of these famous permissions, these pop-ups that the vast majority of Android users accept without ever taking the time to read them.Here is why you must absolutely check your permissions before installing an application on Android.

The practice is well known: the more popular an operating system, the more the target of malware and developers.If Windows is the target of an incalculable number of pirate attacks, it is not only because it is a colander, it is because it is the bone most commonly used in the world.The principle applies in the same way to Android.Everyone has heard of this Wallpapers application that lied bitcoins in the background without warning the user.In this specific case, the fault does not include any fault present in Android but to the one who installed it.To allow this application to undermine bitcoins, it gave it permission to connect to the Internet.And Google is not even in question since even before installing this wallpaper the user accepted - and therefore theoretically read - the permissions of the application.This is a central point of the functioning of Android: you have in your hands a secure bone and it is up to you to soften its safety constraints by giving permissions.

The opportunity for us to explain why paying attention to the permissions you grant is crucial on your Android terminal.

Before getting to the heart of the matter, it is good to remember what exactly permission is.You are aware that Android comes from a Linux kernel.In particular, he takes up an extremely important thing for him: his safety model.This security system is very well thought out since, you will have guessed it, it is based on a permission system.

Let's go back to Linux for a few moments.When you create a user, the latter is immediately assigned a Userid and a Groups ID.A user can thus belong to several or any group and a group can be zero or more users.Users and groups each have permissions.For example, a user A can have access to a set of permissions defined by group B.Concretely, I authorize Albert to have access to all files in the photo folder.But this photo file does not allow Albert to, for example, open the "Pony Photos" subfolder, whose access is reserved for other user.By thus partitioning the access rights, we ensure data security.Finally, depending on the rights given to the user or the group, it will be possible to read and/or write and/or execute the authorized files.

The idea behind all this is partitioning access to data according to users.And this principle, Android pushed it a little further with the applications.When installing an application on a phone, a Userid will be created.And not only will the application in question be attached to it, but in addition all files, access to the process, memory and peripherals linked to the application will use this Userid.In other words, an application A - in theory - exclusive access to its own files and no other application is able to come and search in its business.Unless ... you give him permission (or if it is an exported contentprovider, but we will not enter into the details).And this is our problem.

In itself, Android was designed to ensure maximum safety for its users.The underlying idea is to give the user a very restrictive system in terms of security and data partitioning.It is to him, then, that the decision (or not) comes back to soften it.Do you not want the Facebook Messenger application to search your web browser history?Do not give him authorization.But in this case, and if your phone is not rooted (we come back), the application will refuse to settle, purely and simply.It is a choice made by Android designers: you fully accept permissions or you do not install the application.

Did you know ?Facebook asks 58 permissions to settle on Android.Or more than a third of the total permissions offered by Android.

What are these permissions?There are many (just under 150 in total) and they are all publicly displayed on the Android website.If you are lazy to check everything, a courageous member of the Android Forum forum had fun taking over the most common permissions and describing their operation.If you are English, a member of the mobile generation forum has attempted - with more or less success - to translate the posts of the English forum in French.Be careful however, the list of permissions changes regularly with the various bone updates.

If you have followed Android safety logic, you understood that the higher the number of permission, the more security is ensured.For an application developer, this means that he only has to draw in these permissions so that his application works with the minimum of permissions possible.This approach has a name: the principle of separation of privileges (or in English: Principle of Least Privilege).Here is what Wikipedia says of this principle: "Each functionality must only have the privileges and resources necessary for its execution, and nothing more".If, for example, you decide to design a free application of telephone file explorer funded by advertising banners, you will only need two authorizations: access to telephone memory as well as internet accessTo display the banners of pubs.In fact, a minority of applications applies this principle.

The reason, I had it by asking the question to Edouard Marquez, an applications developer on Android and a well -known editor of Frandroid."All developers strive to apply the principle of separation of privileges: we only use the permissions that we need for the proper functioning of the application.But when we develop a program, we already know what future developments we could bring him.It can therefore happen that we add some additional authorizations which could later be used for the application.What you need to know is that if we add after additional permissions to an application, the user must be re-Valid.This is something that can increase the fragmentation of the versions of an application and that we want to avoid ".

This application to display simple screens of a famous Canadian singer asks to access SMS, your position, network, your information on networks and especially your bad taste.

What must also be understood with this system of binding permissions is that a permission taken alone is never dangerous for the phone or the confidentiality of your data.On the other hand, the synergies created by multiple permissions can lead.Remember our file explorer of which we were talking about a little higher.He needed access to phone memory as well as an internet connection.Give him these two authorizations will therefore allow him to properly fulfill his role but can also potentially give him authorization to export your data on the Internet and to use it for fraudulent purposes.He can do it, but if you have done the necessary research, he will surely never do.

We can never remind you enough: it is up to the user to find out about the applications he will install.And to do this, Google has put a number of tools at its disposal.The first verification has carried out, before even installing the application, is to read user comments.Is the average note less than 3 stars?Users don't understand how the application works?The announced service does not correspond to that observed by the unfortunate commentators?In this case, and even if the application is free, it is better to be wary.Another good reflex is to go see the other developer's application: if it has multiplied the clones, the lazy Wallpaper applications, the rotten ringtones, in short, coded small unimportant stuff with poor or bad notes, itis seriously time to look for another application.

Please note, there is a trap on this screenshot.Despite the disastrous notes and the countless permissions necessary for its installation, Home is not a malicious application.

Finally, and this is the most important advice that we can give you, ask yourself the question: why does this application need these permissions?You don't necessarily need to have done long computer studies to ask yourself the right questions.An application that will modify your phone ringtone does not need full internet access.A QR code reader also does not need to have access to your contacts or read your SMS.If the reflection is insufficient, there are then two solutions to answer your questions: the first is to go to the developer's website and see if it has explained the use of permissions.Let's be honest, few developers do it.But the latest NSA scandals have good that they have developed a small wave of paranoia in some users and forced companies to explain themselves a little more on their practices.The Any application.do, which uses no less than 19 permissions (!), explains for example very clearly on its website what each of them are used for.Firefox also does it very well on a dedicated page.Finally, the vast majority of application sheets on the Google Play have at the bottom right of the page a link to contact the developers directly by email (s) by email (s) by email (s) by email (s) by email (s).Even by stammering a frankish who would cause a lightning stroke of your good old English teacher, there is a good chance that the developer will take the time to answer you on this subject.At least if he has nothing to hide ...

Again, if when installing an application, you find that it has bad grades from users, that permissions go wrong with the announced service and that you do not find any explanation about these permissions, so go see elsewhere.But know for example that with the exception of reading and writing SMS, all the permissions requested by the Messenger application of Facebook (there are 44 in total) are in perfect agreement with the announced features.Confidence in brands that we use on a daily basis obviously distort our judgment to permissions enormously.

We said a little higher, permission is never dangerous alone.The problem is similar to the Auvergne de Brice Hortefeux: it is when there are many that there are problems.So what are the permissions to be monitored?Here is an absolutely non -exhaustive list of permissions which it is better to be wary of when installing an application:

These few examples are purely indicative.In general, monitor all permissions relating to your privacy contained on your phone.

On these permission issues, Android is not free from.The first and main criticism that can be sent to Google's OS is certainly its lack of clarity and information on these permissions.Impossible for example to know what types of permissions have been given to the applications installed on your phone without using a third -party application.The only way to check permissions is to go to the application manager in the depths of Android menus and check the applications of applications one by one.In the same way, the list of permissions that an application will be used can never be viewed on the file of an application on the Google Play without clicking on the Install button.And they are purely unavailable on the classic web version.In short, if Google is well aware that Android is a basic secure OS, it does not do much to encourage the user to know the rights he will grant to his software.

The permissiondog application, although very ugly, lets you know what applications require the most permissions.On my phone, it's Skype with 35 permissions.Note that some games can send SMS or MMS ...

We said a little above, the refusal of a single permission leads to the refusal to install an application.However, there are methods to overcome this limitation and withdraw permissions to certain applications.Applications make it possible to manage one by one permissions given to the applications installed on your phone.Be careful however, all these applications require having rooted your phone beforehand, with all the risks that this has.These applications are therefore reserved for an audience of connoisseurs.If you decide to remove internet access from Chrome, don't complain about having an application that no longer works!

Les applications pour vérifier les permissions :

We are not going to show you tons of applications to check the permissions.Permissiondog is a very simple application that shows both the number of permissions that each of the applications installed on the phone use, allows you to see which applications use the most dangerous permissions and above all allow them to classify them.Ideal for realizing that we have a dozen applications that can send SMS for you, or to realize that this weather app can call telephone number without your consent.Its only defect is that it has not been updated since 2011 and that its interface has become very ugly.

Applications to manage and modify permissions:

To change modify permissions, you must need a rooted phone.The reason is simple, if you are not considered an administrator of your phone (or a great user) you will not be able to touch permissions.The reference in this area to modify one by one permissions is lbe privacy guard.But you might as well warn you, if you have never put your hands in the kidnapped of your phone and a "simple" root seems insurmountable, we advise you to immediately jump this paragraph and the next one and to forget this solution.If, on the other hand you have already rooted a phone and you are the patient and persevering type, then here is the procedure to follow.Today there are two versions of LBE.The first and easily accessible is an old version dating from March 2012 that can be found on Google Play.We absolutely do not guarantee that it still works (trying at least), all we know is that you need a rooted version of your phone to make it work:

The second version is updated regularly (the latest modification is April 19, 2014) and turns out to be the largest Swiss security knife on Android.It's very simple, version 5.2 of LBE is able to manage everything that enters, goes out and settles on your phone.It is both a firewall, an anti-virus and a very advanced permission manager.But as the developer is Chinese and that he has nothing to make of the poor Western that we are, his application is entirely in Chinese.Today, the only way to install this free must-have is to go to the XDA Developpers forum and take the time to search the dedicated topics to find the APK then translate it into French.Good luck !

Finally, if you don't want to tear your hair and have a fairly old phone, it is always possible to re-activate Appops.He is a lightened permissions manager developed by Google himself and that the Mountain View company had disseminated by mistake before removing it.In fact, Google did not remove it, he simply hid it in his menus.Malins have created applications to create a shortcut directly to this hidden menu.If there is no need to root your phone to manage permissions, Appops does not seem to work with all the version of Android.Version 4.4.2 of Android Kitkat no longer displays the menu at all.Finally, we insist that this is a very light permission manager: you will not be able to remove all the permissions you want!

Permissions are present 99 % of the time to use the potential of your phone.The remaining 1 % are there to annoy you.

We will finish this file by recalling that the vast majority of applications present on Google Play are not there to steal your data, to infect your phone or make you call overwitches without your consent.More than ever, it's up to you to pay attention to what you download and it is up to you to take the initiative in case of doubt: ask yourself questions and question the developer!Again, simply pay attention to what you install: if this very beautiful digital clock requires full access to the Internet, your storage and system tools, there is a good chance for it to mine bitcoin without yousee your opinion.

To follow us, we invite you to download our Android and iOS application.You can read our articles, files, and watch our latest YouTube videos.