With the advancement in technology, we come across a lot of features, we come
across a lot of flaws and we also come across lot of threats arising out of it.
Smartphones and apps had made our lives so much easier but we also can't deny
the fact that apps can also be malicious or sometimes dangerous when it's not
coming from any authentic source. And without even looking at it, we grant them
all the permissions it needs. Think about it again, we try to keep us safe
physically, but what about our online safety? What about our privacy? What about
our data security?
We often ignore all of these thinking that these things do no harm to us. It's
just an app, it's just a smartphone after all. We probably spend a lot of time
using these apps like accessing the news, playing music, watching movies, social
networking, gaming, capturing moments and the list go on. Every once in a while
though, it's worth to make sure that these apps are not going beyond their limit
that is, collecting more data about us and controlling more of our devices than
we'd like.
The term "App Permissions" means the permission that we give to any app on our
smartphone or on any other device in order to run it. The little popups on
screen as soon as we install and run any app for the first time from the play
store or the app store is the permission we are talking about. We must be aware
what are the mistakes that we knowingly or unknowingly make while using our
smartphones, by installing any third-party software or by giving all the
permission to any app blindly, without looking once, continuously tapping
'Allow' option till the time that popup fades. We often think it's a waste of
time and it seems irritating sometimes.
For example, Google Chrome requires permission to access device gallery, file
manager, camera, location GPS, contacts and much more. Till Android
v5.0(Lollipop) we were not given any direct popups for permissions, the app gets
the permissions automatically as soon as we install that app. It was until the
time of android version 6.0 (Marshmallow) when google realized that permission
pop up is required and user must have the freedom to give or not to give that
particular permission to that app. And after android 6.0 it's still a feature
now also as we are currently running on Android v10.
There was a time when there wasn't any smartphone existed and hence there was no
existence of any kind of apps since there was no platform to run it. But since
the internet evolved, new technologies came to be invented and implemented and
there was innovation. If we look back 14 to 15 years back from the current time,
we can see that there were no such smartphones existed, so there wasn't any app
either that requires the user's permission to run it.
But, it was this time in the year 2007 when Apple launched it's very first
iphone which was basically a touch screen smartphone that has all the features
of camera, connectivity, internet, media, and all other stuffs and 'IOS' that is
iphone's operating system came into existence. And on the other hand google also
thought that why we stay behind them. Hence google also went ahead and launched
it's very first operating system to the world names as 'Android OS'.
Before these two operating system we did had other operating systems like
Symbian, Java, Blackberry OS. But those OS were not open source and hence cannot
be used by any companies for their smartphones. These OS were used by companies
like Nokia, Blackberry and HTC.
Now we had operating system and these two, that is, Android and IOS were the two
operating systems that is widely used in numerous smartphones since the
beginning. Android, being an open source software based on Linux OS, can be used
by any manufacturer free of cost. But on the other hand, IOS was not open source
hence it was not available for any other smartphones except that Apple's very
own iphones and ipads.
Looking at this data, it is evident that the coding and programming of Android
source code can be altered by any smartphone manufacturing company, by means of
their own custom skin. For example "“ One UI used by Samsung in their
smartphones and tablets, earlier it was TouchWiz UI. Xiaomi uses MIUI. OnePlus
has its own Oxygen OS. Vivo use FunTouch OS. Oppo has Color OS, and much more.
There are a lot of custom OS modifications of android. Hence companies can
modify them as per their want.
We are not experts in programming as a layman and we can't actually say what are
the things that the companies had altered in the original Google's Android
Operating System in order to make their own custom user interface. No doubt IOS
is much more secure than Android OS simply because its source code is not open
and is not available to anyone except Apple itself.
Usually what the human tendency is that these apps don't display or don't
exactly explain why that particular permission is required in order to run that
app. Hence, the user goes on clicking accept button every time the permission
was asked. Just like we do on a computer while installing any software, simply
by agreeing to terms and conditions tick box.
By skipping these permissions, by not bothering why this is required, we are, in
some way or the other, giving away our precious data or we are simply giving
away the control of our device and the data to those app developers. We don't
know what the coding of that app is, we don't know what bugs, bots are
programmed there in that app that can extract our data from our device without
our permission and without our knowledge. This can definitely lead to data
breaches and it's just a matter of seconds, the moment we click, is when our
data gets stored in their databases.
Most of the apps have the tendency to store their data even when the app is
uninstalled. The data may be kept in a hidden folder present on our device and
we may not be aware of that. Those files can still access our data which is
absolutely a risk. It keeps hidden inside our file manager. For instance, I
installed a game on my Smartphone, and while running it asks for a lot of
permissions. I went ahead and granted permissions that the app asked for.
So, I clicked on "agree" button. There were permissions like - "Modify or
delete the contents of your storage", it is required because the game stores
some data, whether cache data, or any save game or any other modification needs
to be stored on the file manager. Game also download other DLC updates which is
also stored in the file manager itself. "
Retrieve running apps", means
the game uses third party login sources like Facebook, twitter, google play
games and others as well for authentication and login purpose.
"Network access" is needed because some games need an active internet
connection to connect to the game server in order to play it. Some of the games
like clash of clans, call of duty mobile, Battlegrounds Mobile India requires an
internet connection in order to run it.
Hence this permission was also justified. "Read call logs, read your contacts"
is the option that made me think. I denied that permission. This is because it's
just a game and that app in my view has nothing to do with my contact list and
call log data. These are the minute thigs that are required to be noticed by any
user. It's not a waste of 1min, but it ensures our privacy. So, this needs to be
taken care of. Malicious apps are likely to exploit the permissions that you
give them. Just like virus spread, these apps have the capability to clone or
multiply. They can even plant bots that can extract data from our device without
us knowing it.
Now when it comes to clicking and granting permissions, one thing struck in my,
and that is something called as
click wrap and
shrink wrap
licenses that we often use in some way or the other. Not only on smartphones,
but also on laptops and other devices that run some other operating system, may
it be windows or mac, all works the same way when it comes to installing a
software or an app. These two terms come under 'E-Contracts'. Shrink wrap
license means something associated with any physical product. It notifies the
user or the customer that the software or an app belongs to so and so developer
or it's copyrighted and must not be pirated further.
While on the other hand, as shrink-wrap licenses rose in popularity, Click-wrap
licenses came into light. It is essentially a license agreement that a user
agrees to digitally, usually by clicking on a
I accept button that will
be activated right then when we install some new software on our computer. This
act of clicking this button serves as an understanding of the agreement that the
user had agreed for the terms and conditions provided. An example of a
click-wrap license is the example of agreeing to the terms of service on Google
Chrome by clicking the
I agree to the terms and conditions button.
One such example is one of the biggest data breach of Facebook happened recently
in the year 2018. According to reports, this incident led to the data breach of
around 20 Million Facebook users round the globe. It was the largest in the
company's 14-year history. The attackers misused a feature in Facebook's source
code in order to access the personal data of Facebook users and to take control
of them.
I would like to discuss some of the ways in order to ensure that we as a user
and our data as privacy is secured.
- Never trust any app blindly, may it be coming from an authentic source
or from any trusted app developer.
- Do check each and every permission it asks for
- Check if that permission is actually necessary or not in order to run
that app or if the app is asking for it unnecessarily
- Read terms and conditions of any app carefully before actually
installing it and giving it full control over your device.
At last all I can say is that "Data Breaches don't just violate our privacy.
They even create huge risks for our economy as well as national security". One
always need to be beware where and how their data is being used without their
consent.
Please Drop Your Comments