Excessive mobile application permissions have long been a security and privacy concern, in particular for Android users who download apps for the platform from a number of sources, and not just from Google.
The most notorious case is likely Goldenshores Technologies LLC, which agreed to settle charges with the U.S. Federal Trade Commission that it deceived consumers who downloaded its Android flashlight application that requested an inordinate amount of permissions, including geolocation, which was shared with advertising networks.
Today at its annual I/O event, Google announced a new system coming to Android that brings the platform closer to Apple’s way of doing business. The system will enable users to download apps with zero permissions granted, and then during the course of normal usage, users will be prompted by the app if they want to extend any number of permissions.
In the past, mobile apps have overreached, looking for access to contact lists, SMS messaging, built-in cameras and microphones, images and more. Malicious apps, meanwhile, can take advantage of this environment, for example, to send premium SMS messages at great cost to the user and great profit for the criminal. Permissions are generally granted en masse during download, and generally consumers who aren’t as security savvy, will agree to whatever conditions they’re presented so long as they can download their app quickly. To illustrate, the U.K.’s Information Commissioner’s Office (ICO) last September published a report that examined 1,200 popular apps and the permissions they seek. Most apps (85 percent), the study concluded, do not explain in clear language to users what information is collected, how it’s collected, nor how it’s used and disclosed; the availability of a privacy policy is also dubious in most cases, the ICO said.
During the I/O keynote in San Francisco kicking off the event, Google said it hopes the new system encourages developers to consider user privacy and security at the outset, and seek less data from the device, and consequently, the user. Under the new system, users will make a one-time decision whether to grant or deny the app the individual permission in question with the understanding that denying may limit the app’s features and functionality.
“Hopefully this helps users pay more attention and understand the security impact of any applications they install,” said Steve Manzuik, Director of Security Research at Duo Security.
Google has been slowly moving in this direction since introduction of Android 5.0, or Lollipop, which deployed kernel-level policy enforcement via SE Linux and turned on device encryption by default. Both moves helped curb the risk of excessive permissions by bringing application enforcement to the kernel.
Google’s first Android Security Report, released in April, put some hard numbers behind the effectiveness of other security measures in the OS, notably Verify Apps (the old Bouncer), and Safety Net. Both measures cut down on the number of potentially harmful apps users are allowed to download from Google Play. For example, as of the report’s publication, fewer than one percent of Android devices had a harmful app installed and 0.15 percent of devices that downloaded only from Google Play had a harmful app installed.
I/O image via Maurizio Pesce‘s Flickr photostream, Creative Commons