Today is Safer Internet Day, so it’s a good time to think about how we can all be safer while online.
When talking about online safety, we typically think of being more secure and having our privacy maintained and respected. We have always been concerned by the design of Android’s Permissions system and its limitations. Unfortunately, the original Permissions design has always been an all-or-nothing proposition for users, without requiring any sort of accountability from the app’s developers. This creates a situation similar to the typical application’s License Agreement, where people don’t even bother reading it and simply blindly accept its terms so they can move along.
Unfortunately, this has terrible consequences for our online safety.
The Problem With Android Permissions
Android permissions are a good idea: They deny an application’s access to potentially sensitive resources (e.g. the microphone, network access, file system) without the user’s explicit agreement. As users, we encounter permissions when we install an app. Before Android completes an installation, it displays a list of each permission that the app needs to work, and it asks us to agree to grant them. For example, here’s the monstrous list of permissions that the Facebook app requests:
The problem is that it’s all or nothing. You can either grant the app all the permissions it requests on your Android device, or you can choose not to install the app. This is problematic for the following reasons:
- There’s no middle ground. Users can’t grant some permissions and deny others.
- There’s no way to know why an app needs a certain permission.
Privacy is the issue here. Privacy advocates often point to Facebook and worry about how much access it has to our private information. The long list of permissions that it requires does not help that reputation. But it’s much worse. What about a little-known app developer whose products ask for permissions that simply don’t make sense. Why does a flashlight application need access to your phone’s microphone and location? Are we being spied on? There’s really no way to find out.
Why is There No Developer Accountability?
But there’s a flip side to this. Let’s suppose that the flashlight app developer discovered that many parents were using it as a night light for their kids. So they build a special feature into the app. If the app hears no movement for 5 minutes, it assumes that the child has gone to sleep and it can turn the light off. If later it detects movement, then it automatically turns the light back on. How can the app detect movement? Simple, it can listen with the microphone. This is a reasonable and not so far-fetched use case for why a flashlight app might need the microphone permission.
The problem here is that the developer has no standard way to convey this information to the potential user. This is unfortunate, because many people will simply discount the app as spyware without knowing the full story. If the developers could provide more information, users could make much better decisions about their privacy.
Fortunately, all this changes in Android 6. Apps that specifically target Android 6 still retain the concept of requesting permissions, but this is implemented differently. Instead of asking the user to agree to a set of permissions at install time (and then never mentioning them again), Android 6 apps ask for their permissions on a need-to-use basis. So if an app has some functionality that requires using the camera but the user never uses that functionality, then that user never needs to agree to that permission.
An important part of this mechanism is that the app developer has control over what the user sees when prompted to grant permission. That means that the developer can provide the user with as much information as necessary to know why the permission is requested.
The user can also deny the use of some permission for an app, while still being able to use the (possibly limited) app. Apps must be able to function when some of their permissions are denied, although it may result in some reduced functionality.
This is a terrific change of direction from an online privacy point of view. Unfortunately, Android 6 is still only a small portion of the entire Android installed base, and while this will change over time, we believe that more should be done to help the majority of Android users today.
What RouterCheck is Doing
As a security application, RouterCheck is committed to the highest levels of security and privacy. We believe that being open with our users about what RouterCheck does and doesn’t do enables them to make good decisions.
At RouterCheck, we plan ahead, and our app is now completely compliant with Android 6. Users who run RouterCheck on an Android device can choose which permissions to grant to RouterCheck without worrying that it will crash the app.
But we go much further than that. We have published a page on our website called Understanding Android Permissions, which explains how we use each Android permission that we request (and then we link to this page from our download page on Google Play). For each permission that RouterCheck uses, we disclose the following information:
- The name of the permission being used
- Exactly what RouterCheck will access if that permission is granted
- Why RouterCheck needs access to the resource that’s protected by that permission
- What will happen if RouterCheck is denied access to that permission
We believe that this sort of information empowers our users to make better decisions and helps them understand how we use the information that we access.
For example, we want to query the device’s location. You may wonder: “Why does a home networking security app need to know where I am?” That’s a valid question, and we have a good answer. Our short answer is that we use location information to detect patterns of hacker attacks that are based on user’s geography. To see the complete answer, check out our Permissions page.
We hope that other app developers see what we’ve done and adopt it for their apps too. Providing our users with full disclosure should be the expected norm, not something that only happens on occasion.
Ideally, we would like to see a place on an app’s Google Play download page to either provide this information or a link to a page with this information. This will make it easier for users to find and access the information that they need.
We are suggesting these recommendation, because they would not disrupt the current state of Google Play or the Android world.
On this Safer Internet Day, please take some time to think about how we can make the Android world safer for everyone.