Cybernews talks about dangerous games with settings and permissions.
Researchers from Cybernews analyzed the 50 most popular apps on the Google Play Store and found a worrying trend: on average, each app asks for 11 unwanted permissions. Through settings, we can unknowingly give apps access to users' sensitive data and key phone functions.
The team examined the Manifest files that determine what an app can access on a device. There are a total of 41 permissions that can affect the user's privacy or basic phone functions. Experts emphasize that the best development practices require requesting a minimum amount of data — only those that are really necessary to perform a specific action. However, many developers seem to ignore this principle.
The leader in the number of requested permissions was the MyJio: For Everything Jio application, developed by a popular Indian provider of telecommunications and digital services. It asks for as many as 29 permissions, including access to location, activity recognition, radios, camera, microphone, calendar, and files.
In second place was WhatsApp from Meta*, which requires 26 permissions. It is followed by Truecaller (24 resolutions), Google Messages and WhatsApp Business (23 permissions each), Facebook (22) and Instagram (19).
Interestingly, some popular games, such as Among Us, ask for minimal or no permissions. However, experts warn: fewer permissions do not necessarily mean the security of the application.
The most common request was permission to send notifications - 47 out of 50 applications request it.
Security expert Mantas Kasilauskis warns that this feature can be used by spyware vendors to track users. Moreover, in 2023, US Senator Ron Wyden warned that notifications could facilitate government surveillance, as they pass through an intermediary - a kind of "digital post office".
The second most popular permission is access to storage outside the application directory. 40 apps ask for write permission, and 34 ask for read files from external storage. This means that they can access, for example, a photo of your ID saved on the device.
Camera access and audio recording are next on the list of the most requested permissions, with 33 apps requiring them. While these features are essential for many apps to work, they can also be used by attackers, snoopers, and even advertising companies to set up targeting.
More than half of the analyzed programs (26) want to track the user's exact location with an accuracy of several meters. The same number of apps request access to contacts.
22 apps out of 50 require Bluetooth access, allowing them to connect with other devices and potentially share data. The same number of applications want to monitor the status of the phone. Kasiliauskis emphasizes that this is a particularly sensitive setting that provides access to critical information about the status of the device and its interaction with networks, including phone number, information about the current cellular network, current calls, and a unique identifier.
Messengers and social networks are the most greedy for user data. On average, communication apps ask for almost 19 permissions, while social media asks for 17.2 dangerous permissions. All analyzed programs gain access to cameras and files, most record audio, track location data, read contacts and phone status, and also receive information about accounts.
Gaming apps have proven to be less demanding – on average, they only require 4 dangerous permissions. However, there are exceptions here as well: for example, Mobile Legends: Bang Bang requires 12 permissions, while PUBG Mobile requires 11.
Most games (16 out of 19) want to send notifications. Ten games are to write data to external storage, and nine are to read that data. Eight games ask for permission to record audio, and seven ask for access to the camera. Some games even try to access the calendar (3), reading the phone's status (3), and the exact location.
Shopping apps ask for an average of 13.4 dangerous permissions. At the same time, Lazada and AliExpress require 16-17 permits, and Wish gets by with only seven.
All shopping services request access to the camera, geolocation, sending notifications, as well as reading and writing to the storage. Some of them also need access to Bluetooth.
According to Cybernews experts, even applications with zero dangerous permissions can pose a threat. They still get access to a variety of neutral permissions when installed on the device, including the ability to run on system boot, run in the background, and full network access.
Experts recommend regularly uninstalling unnecessary apps, revoking excessive permissions in device settings, and using web versions of services whenever possible. It is also important to install programs from trusted sources, keep your software up to date, and regularly back up your important data.
Source
Researchers from Cybernews analyzed the 50 most popular apps on the Google Play Store and found a worrying trend: on average, each app asks for 11 unwanted permissions. Through settings, we can unknowingly give apps access to users' sensitive data and key phone functions.
The team examined the Manifest files that determine what an app can access on a device. There are a total of 41 permissions that can affect the user's privacy or basic phone functions. Experts emphasize that the best development practices require requesting a minimum amount of data — only those that are really necessary to perform a specific action. However, many developers seem to ignore this principle.
The leader in the number of requested permissions was the MyJio: For Everything Jio application, developed by a popular Indian provider of telecommunications and digital services. It asks for as many as 29 permissions, including access to location, activity recognition, radios, camera, microphone, calendar, and files.
In second place was WhatsApp from Meta*, which requires 26 permissions. It is followed by Truecaller (24 resolutions), Google Messages and WhatsApp Business (23 permissions each), Facebook (22) and Instagram (19).
Interestingly, some popular games, such as Among Us, ask for minimal or no permissions. However, experts warn: fewer permissions do not necessarily mean the security of the application.
The most common request was permission to send notifications - 47 out of 50 applications request it.
Security expert Mantas Kasilauskis warns that this feature can be used by spyware vendors to track users. Moreover, in 2023, US Senator Ron Wyden warned that notifications could facilitate government surveillance, as they pass through an intermediary - a kind of "digital post office".
The second most popular permission is access to storage outside the application directory. 40 apps ask for write permission, and 34 ask for read files from external storage. This means that they can access, for example, a photo of your ID saved on the device.
Camera access and audio recording are next on the list of the most requested permissions, with 33 apps requiring them. While these features are essential for many apps to work, they can also be used by attackers, snoopers, and even advertising companies to set up targeting.
More than half of the analyzed programs (26) want to track the user's exact location with an accuracy of several meters. The same number of apps request access to contacts.
22 apps out of 50 require Bluetooth access, allowing them to connect with other devices and potentially share data. The same number of applications want to monitor the status of the phone. Kasiliauskis emphasizes that this is a particularly sensitive setting that provides access to critical information about the status of the device and its interaction with networks, including phone number, information about the current cellular network, current calls, and a unique identifier.
Messengers and social networks are the most greedy for user data. On average, communication apps ask for almost 19 permissions, while social media asks for 17.2 dangerous permissions. All analyzed programs gain access to cameras and files, most record audio, track location data, read contacts and phone status, and also receive information about accounts.
Gaming apps have proven to be less demanding – on average, they only require 4 dangerous permissions. However, there are exceptions here as well: for example, Mobile Legends: Bang Bang requires 12 permissions, while PUBG Mobile requires 11.
Most games (16 out of 19) want to send notifications. Ten games are to write data to external storage, and nine are to read that data. Eight games ask for permission to record audio, and seven ask for access to the camera. Some games even try to access the calendar (3), reading the phone's status (3), and the exact location.
Shopping apps ask for an average of 13.4 dangerous permissions. At the same time, Lazada and AliExpress require 16-17 permits, and Wish gets by with only seven.
All shopping services request access to the camera, geolocation, sending notifications, as well as reading and writing to the storage. Some of them also need access to Bluetooth.
According to Cybernews experts, even applications with zero dangerous permissions can pose a threat. They still get access to a variety of neutral permissions when installed on the device, including the ability to run on system boot, run in the background, and full network access.
Experts recommend regularly uninstalling unnecessary apps, revoking excessive permissions in device settings, and using web versions of services whenever possible. It is also important to install programs from trusted sources, keep your software up to date, and regularly back up your important data.
Source
