Whenever you install an app you’re given the opportunity to see what “permissions” it uses. In the earlier days of Android this was done in a much more visible manner than it is now, but still today we have the chance to see just what we’re getting into before we install apps.
In yesterday’s Android Guy Weekly we talked about becoming more educated and informed about the technology we use, and not being led blindly by, trusting in others to provide for our protection and well-being. Today we’ll get into app permissions, what they are, how they work, and why they keep changing all the time.
The way Android is built, for any app to have access to any particular subsystem on your phone or tablet, it has to declare the use of that subsystem in its “manifest” — if not, it won’t be able to access said subsystem.
Subsystem? Manifest? What does all that mean?
Simply put, a subsystem is a particular bit of code that controls a specific part of your device. Some examples include sending text messages, being able to make phone calls, access to your location, etc.
A manifest is a file included inside every app that declares what subsystems the app will have access to after you’ve installed it. It’s an XML file, which means it’s technically human readable, but it’s full or jargon. Instead, just before you install the app the Play Store will read this file for you and present it in an easier to understand format .
In this example, Shop Savvy, a price comparison app that allows you to scan bar codes on products you’re looking to buy and find better prices at local stores, requires the following permissions to be able to run:
- Storage: Modify/delete USB storage contents
- System tools: Change network connectivity
- Your location: Coarse (network-based) location, fine (GPS) location
- Network communication: Full Internet access; Receive data from Internet, view network state
- Hardware controls: Take pictures and videos; Control flashlight, control vibrator
Why does Shop Savvy need all these permissions?
- Storage lets the app save lists of things you like to your device so you can pull them up later
- System tools lets the app turn your networking on (if it’s off) because it needs to be able to look up bar codes from data on the web
- Your location lets the app know where you are (both roughly, via the network you’re connected to, and “fine” through the use of the GPS inside your phone) and helps the app tell you how close or far away you can find a product for a better price (and even how to get there from where you are now)
- Network communication lets the app use your network connection to send bar code data and receive responses back
- Hardware controls allow the app to take pictures of bar codes then “buzz” the vibrator motor to let you know a scan was successful
In this case, all the permissions seem to be in order. The app isn’t asking for access to more parts of your phone than you’d expect — once you know a little bit about how the app works.
The What Day Is It, Rebecca Black app asks for Full Internet Access. Why is that? It doesn’t do anything with the ‘net, it just plays back what day of the week it is. In this case, the app has ads included on it, and those ads require an Internet connection to be able to include them inside the app. Some ads require your location to help target ads to where you are, and to gather additional data on you. Yup, that means those “free” apps may not really be free, you’re paying for them somehow. That’s not to say they’re “bad”, it’s just something to be aware of and take into consideration before installing any given app.
Why do permissions keep changing?
Once an app is built and submitted to the Play Store you’d think that their permissions wouldn’t change. That’s true for a good number of apps, but many of the higher profile apps seem to change their permissions all the time.
Some time ago Google added the ability for you to allow apps to “automatically update”. This was honestly one of the best features to come along! Before you had to manually check for updates, and manually install updates for every app that you had installed on your phone or tablet. That’s getting to be over a hundred apps for me! It took a long time, and made us less safe since many times those updates were to close security holes.
Unfortunately that opened a new potential problem: an app developer could release an app with relatively few permissions, then release an update that got access to a lot more permissions and started sending text messages and draining your phone account. Google foresaw that and made sure that any change in permissions required a manual update, just like before. However, unlike before, now the apps with the changing permissions would be the odd-ball. They’d stick out and be more obvious than other apps.
So the “why are they always changing” bit is more about perception than reality. Permissions don’t change more now than they did before (probably just the opposite), but we see them more distinctly now.
Getting to our question, why do permissions change all the time? Apps are dynamic things, they’re never really a “finished product”. Developers continually make improvements, add and remove features, and continually fix bugs. As they’re doing all this, the permissions they used to need may no longer be used, and permissions they didn’t need before may be required to made a new feature work.
Generally there’s nothing mischievous about an app adding or removing permissions, but it’s a good idea to keep your eye out for changes and ask yourself “why”. If you can’t easily answer the question yourself, fire an email over to the developer, most are quick to reply.