Reputation: 11720
Whats are the ten most deadly permissions?
I would like to know what would be the top ten most deadly permissions that can be requested by an android. I know it might be a matter of opinion, but supposing that I had the 10 permission listed in by an application, I would definitely know my application did not generate a whole lot of confidence among users. What would be the permissions I would most likely like to avoid asking the user for.
I am aware of permissions like BRICK and SHUTDOWN but since they don't apply to third party devs I would like to know only of permission which can be requested by a third party developer.
PS: need not necessarily be 10. Any number of permissions you believe might lead to the user being weary of application would be nice.
Upvotes: 8
Views: 7628
Answers (6)
Reputation: 1
- Access the list of accounts in the Accounts Service
- Act as an AccountAuthenticator for the AccountManager
- Access information about networks
- Request authtokens from the AccountManager
I routinely check permissions before download. If the application has no business doing these, then I would not even download it . Even if it does, I would think twice whether I really, really need the app to reside on my device. And BTW - the above are part of 34 permissions coded in Skype!
If we do not know who and where the developer is, we would tend not to download software on our PC's. Yet, so many don't use this logic for their Android devices.
Upvotes: 0
Reputation: 13060
Here are some I found that could potentially be very dangerous (not including the ones above :)
GET_ACCOUNTS - Allows access to the list of accounts in the Accounts Service
MOUNT_FORMAT_FILESYSTEMS - Allows formatting file systems for removable storage.
PROCESS_OUTGOING_CALLS - Allows an application to monitor, modify, or abort outgoing calls.
READ_SMS - Allows an application to read SMS messages.
SEND_SMS - Allows an application to send SMS messages.
READ_EXTERNAL_STORAGE - Allows an application to read from external storage
WRITE_EXTERNAL_STORAGE - Allows an application to write to external storage
And of course the best way to transmit some of this data
INTERNET - Allows applications to open network sockets.
Upvotes: 1
Reputation: 33901
Any app which uses ACCESS_INTERNET and READ_CONTACTS could be stealing your contacts. However, there are thousands of apps in the market that have these permissions and probably aren't...
Upvotes: 0
Reputation: 9407
I think it depends on what the app is meant to be doing.
Some days ago, for example, I was looking for a task killer app, and I ended not installing any because all the "Task Killers" I saw on the market requested full internet access. Why would they need internet access in order to kill a task? If they wanted internet access in order to display ads then they should say so, but otherwise I take the paranoid approach and I assume it is spyware.
Other than that, I am very protective of my SIM card and contacts.
Upvotes: 0
Reputation: 1481
CALL_PRIVILEGED - call numbers without going through the dialer
SET_ALWAYS_FINISH - controls whether or not applications become finished when put in background. Could lead to some nasty trackers or something.
READ_CONTACTS - could lead to some data stealing for ppl to add to their spammer lists.
Upvotes: 4
Related Questions
- Android permissions: How can I learn which are dangerous vs normal?
- Determining the level of Android permission
- Android Classified Permission List
- Identifying Android methods list which requires dangers permissions
- Android M get all dangerous permissions listed in the manifest
- A list of Android APIs that require certain Android permissions
- Where do these required permissions come from?
- Android Permissions: Where are they described?
- Android perimision "user's private information", "your personal information" , "read sensitive log data"
- what do these android permissions mean and how to use them?