Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Why do apps require more permissions than they need?
Cybernews research has revealed the risks for Android users associated with excessive permissions in popular apps. According to experts, many of the programs require significantly more access than is necessary for them to function, which increases the likelihood of personal data leakage.
An analysis of 50 popular apps on Google Play showed that, on average, one app requests 11 dangerous permissions. Among these accesses are location tracking, using a camera, microphone, as well as access to user files. The leader in the number of permissions was the Indian service MyJio, which requests 29 accesses, including location, access to the camera, microphone, calendar and files.
Ranking apps by number of requested permissions
WhatsApp asks for 26 permissions, ranking second on the list. Truecaller, which is used to identify numbers and block spam calls, requires 24 dangerous accesses. Facebook* and Instagram* also request a significant number of permissions — 22 and 19, respectively.
The researchers emphasize that even small permissions, such as sending notifications, can be exploited by attackers. In 2023, U.S. Senator Ron Wyden warned that notifications could be used for spying as data passes through intermediate services such as Google's Firebase Cloud Messaging. This creates additional privacy risks.
One of the most frequently requested accesses is permission to write and read data from external storage. This can allow the app to access personal files, such as photos or documents stored on the device. According to experts, such access is often necessary to download media files or save the results of the application. However, if used incorrectly, such permissions can lead to data breaches.
Most Frequently Requested Permissions
Other popular app requests are camera access and audio recording. 33 out of 50 apps studied require such permissions. Features can be used to share photos and voice messages, but they also carry a risk of abuse by advertisers or malicious actors.
A study of permissions showed that most of the applications belonging to the category of communication and social networks require the largest number of accesses. The average number of permissions for communication applications was 19, for social networks - 17. However, some apps, such as WhatsApp and Messenger, ask for access to call control, phone status, and precise location, although these features are not always obvious to users and are not always directly related to the core functionality of the apps.
Dangerous permissions requested by apps in the "Communication" (left) and "Social" (right) categories
The researchers advise users to pay special attention to what permissions they grant to apps. For example, for games that request only a few accesses, you should also be careful. While programs like Among Us don't require any dangerous permissions, others, like Mobile Legends or PubG Mobile, ask for more than 10 accesses, including access to camera, audio, and location.
At the same time, Cybernews experts emphasize that even if the application requests a minimum number of permissions, this does not guarantee security. The application can run in the background, access the network and other data without notifying the user. Experts recommend regularly checking device settings and removing unnecessary apps to minimize the risk of personal data leakage.
Cybernews experts previously conducted a study that showed that the iPhone continues to actively exchange data with external servers, even when it is idle for a long time. The experiment used a factory reset iPhone SE, on which the 100 most popular applications from the German App Store were installed. Each outgoing connection to external servers was monitored through the NextDNS service. Cybernews researchers have already conducted a similar experiment with an Android smartphone, the more interesting it will be to compare the data obtained.
Source
Cybernews research has revealed the risks for Android users associated with excessive permissions in popular apps. According to experts, many of the programs require significantly more access than is necessary for them to function, which increases the likelihood of personal data leakage.
An analysis of 50 popular apps on Google Play showed that, on average, one app requests 11 dangerous permissions. Among these accesses are location tracking, using a camera, microphone, as well as access to user files. The leader in the number of permissions was the Indian service MyJio, which requests 29 accesses, including location, access to the camera, microphone, calendar and files.
Ranking apps by number of requested permissions
WhatsApp asks for 26 permissions, ranking second on the list. Truecaller, which is used to identify numbers and block spam calls, requires 24 dangerous accesses. Facebook* and Instagram* also request a significant number of permissions — 22 and 19, respectively.
The researchers emphasize that even small permissions, such as sending notifications, can be exploited by attackers. In 2023, U.S. Senator Ron Wyden warned that notifications could be used for spying as data passes through intermediate services such as Google's Firebase Cloud Messaging. This creates additional privacy risks.
One of the most frequently requested accesses is permission to write and read data from external storage. This can allow the app to access personal files, such as photos or documents stored on the device. According to experts, such access is often necessary to download media files or save the results of the application. However, if used incorrectly, such permissions can lead to data breaches.
Most Frequently Requested Permissions
Other popular app requests are camera access and audio recording. 33 out of 50 apps studied require such permissions. Features can be used to share photos and voice messages, but they also carry a risk of abuse by advertisers or malicious actors.
A study of permissions showed that most of the applications belonging to the category of communication and social networks require the largest number of accesses. The average number of permissions for communication applications was 19, for social networks - 17. However, some apps, such as WhatsApp and Messenger, ask for access to call control, phone status, and precise location, although these features are not always obvious to users and are not always directly related to the core functionality of the apps.
Dangerous permissions requested by apps in the "Communication" (left) and "Social" (right) categories
The researchers advise users to pay special attention to what permissions they grant to apps. For example, for games that request only a few accesses, you should also be careful. While programs like Among Us don't require any dangerous permissions, others, like Mobile Legends or PubG Mobile, ask for more than 10 accesses, including access to camera, audio, and location.
At the same time, Cybernews experts emphasize that even if the application requests a minimum number of permissions, this does not guarantee security. The application can run in the background, access the network and other data without notifying the user. Experts recommend regularly checking device settings and removing unnecessary apps to minimize the risk of personal data leakage.
Cybernews experts previously conducted a study that showed that the iPhone continues to actively exchange data with external servers, even when it is idle for a long time. The experiment used a factory reset iPhone SE, on which the 100 most popular applications from the German App Store were installed. Each outgoing connection to external servers was monitored through the NextDNS service. Cybernews researchers have already conducted a similar experiment with an Android smartphone, the more interesting it will be to compare the data obtained.
Source
