May I Have That Permission, Or How Malware Uses Permissions On Android
We are really concerned with a problem of modern smartphone's vulnerabilities and we will continue discussing that topic today. Recently Internet Crime Complaint Center, a special department of FBI published its report on smartphone's related crimes and they put that fact that Android OS is pretty vulnerable to various malicious applications straight. The report states that the most effective way to protect your mobile phone from viruses and other malware is to use the most up-to-date antivirus software and to read permissions that you grant to the app carefully.
So we've prepared the list of the most critical and dangerous permissions, what are they used for and how can an evildoer use them against you. You should know that you can check them not only when installing a new app, but you can also see the permissions you gave to all the apps you've already installed. To do that simply access Settings – Applications – “App Name” - Permissions.
Dialing phone numbers and sending messages
That particular permission lets applications to dial phone numbers without your participation. Malicious apps can use that permission to dial some short numbers with high fees. If the app is asking for that and it has no concern with telephony – try to avoid it. The same goes for Send messages permission.
Access to USB or miroSD card memory
An App with this permission will gain access to all physical memory of your device. It will be able to read, edit, write and delete data from your device. Basically lots of apps are using that permission, but be careful, because it may become dangerous with an unlimited Internet access. In that case your application will be able to upload all your info to the internet.
Bookmarks and search history access
Applications with that kind of permission have an access to your browsing history and your activity on the web. Alternate browsers and some social network apps are using that permission. If a game tries to get it – it is a reason to delete it.
It is a really important permission. It lets applications to read the data from system logs. These logs frequently contain private information and normally, that permission is not required for apps. The only exception is Twitter Plume client, that uses it to provide exact and full reports about occurred errors to the developers.
Read phone state and identity
On the one hand that permission is necessary to make sure that app knows when someone is calling you and it will be set to background mode automatically. On the other hand application will be able to access your IMEI and IMSI identifier of your gadget and let evildoers to track its location. That permission was granted to all applications by default in pre 1.5 Android versions.
Read location (fine GPS location)
That permission is about an access to the GPS data. It is necessary for navigational apps and maps, but if some other application is trying to get that permission – avoid it. It may be used for tracking you.
Read location (coarse network coordinates)
This particular permission works the same as the previous one, but the cell phone tower triangulation is used for obtaining coordinates of the device. Also positioning will be less accurate.
Unlimited Internet access
As it comes from the name – the app with that permission will have a full Internet access. It may download and upload data. That is necessary for lots of applications, but in a combination with other permissions it may become really dangerous and can harm your mobile device.
Installing other applications
That permission grants an app the right to install other application. It is crucial to alternate application markets, such as AndroidPIT App Center or Amazon. For other apps – it is not necessary and you may get a virus installing it.
But we at Jammer-Store Company know that in most cases people are starting to think and care about their device's security when it is already too late. Nobody will care about those permissions until their phones will be infected, but it may lead to some bad results, such as loosing all the money from your account or privacy violation. So it may be useful to have a universal 2G, 3G and 4G jammer to cut of all the communications of your mobile device for a short period, if you believe that it is infected.