Every application you install on your smartphone comes with a set of permissions – a list of things it would like to access. This includes things like your camera, microphone, location, contact list, photos, calendar and more. While these functions allow your apps to do amazing things, they can also compromise your privacy. These permissions are usually established when you install the app or first use it. Many of us don’t even give this a thought and just click “yeah, sure, whatever” (I’m pretty sure that’s what the button says). But have you ever stopped to question these requests? For example, should you really grant a Sudoku app access to your contact list? Or a dating app access to all your photos? It’s not uncommon for apps to request way more access than they truly need – maybe to enable some social features you don’t care about or perhaps even to gather intel on you that they might sell to third parties (like marketing companies).
Software developer Felix Krause recently published an article on how permissions in iOS apps (iPhone, iPad) can be easily abused, allowing them to take pictures or video with the front or rear camera, record audio, and even use facial recognition. Of course, you had to have given this app permission to do these things at some point. Maybe it even made sense for that application to have those permissions. But the point he’s making is that these apps can use those permissions for more than the obvious purpose. Furthermore, there may be no obvious way to know when the app is accessing these things.
Need to Know Basis Only
The bottom line is that you should only grant permissions that make sense for the given app’s real purpose, and that you should restrict those permissions as much as possible. For many iOS apps, you can grant permission to these sensitive functions and data only when the application is in use (it’s the foremost app, the one you can see). When the application is not in use (in the background), their access is cut off (or at least severely restricted). For example: why would you want to grant Google Maps access to your location when you’re not actually using it? What else might Google use that location data for? (You know that Google is an advertising company, right?)
Privacy Over Permission
Obviously, for Google Maps to work, it needs your location. And many other apps have a valid need for access to your camera, microphone, photos and so on. But you should question every one of those permissions and dial them back to the bare minimum.
This is fairly straightforward on Apple devices. You simply go to Settings, and then Privacy. There you will find the various privacy-related functions and features, and by clicking on each one you can see which applications can access them. You can then select “always”, “never” or (in some cases) “while using”. Dial them back as far as you can – you can always change it later if you find it’s necessary. This article has some more info, if you need more help. On the whole, Apple does a good job giving users power over their privacy.
Android apps were notorious for being all-or-nothing with requested permissions. However, in Android Marshmallow, Google allowed for finer-grain control. Android 6 gave users the ability to revoke permissions after initial install. The Android interface is often customized by the phone manufacturers and cell phone providers, so it’s harder to give blanket instructions on how to change app permissions on any Android phone. Generally, you go to Settings, then Apps. When you open any individual app and look at App Info, you should find the app’s permission settings. For more info, you can see this article or this one straight from Google.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!