Installing an application on an iPhone is a bit different than installing an application on an Android based system. With the iPhone you go to the App Store, select your application (and pay if required) then download and install it. For the Android based phones you go to the Android Market, select your application, download it and then you must approve of the access to your phone that the application will have. For non-technical people this may seem like a waste of time, but in fact it gives you some really interesting information. Let’s take the application MotoSpeak as an example. Motospeak is an application that works with the Motorola h17txt Bluetooth headset. Using the headset and the MotoSpeak app when you receive a text message it will speak the text to you and send an SMS telling the sender that you will reply later… even if you won’t be replying.
Upon choosing to install MotoSpeak a screen comes up and advises that the application has access to the following:
Your personal information – read contact data, write contact data
Services that cost you money – directly call phone numbers, send SMS messages
Your messages – read SMS or MMS, receive MMS, receive SMS, receive WAP
Network communication – Create Bluetooth connections, full internet access
Your accounts – act as an account authenticator, manage the accounts list
Phone calls – read phone state and identity
These permissions make sense for what the application needs to do, however if Motorola wanted to, they could abuse the permissions. How? Look at the combination of permissions. Although I am confident that Motorola didn’t program MotoSpeak to do the following, by installing the application I have allowed enough access for Motorola to copy all of my contacts and send them SMS messages saying anything they want to say. Motorola could send themselves my entire contact list with email addresses and phone numbers. Just because you know why an application needs permissions, it does not mean that that application was not written to also abuse those permissions. This is one of the reasons that you should have a fairly good reason to trust a developer before you install an application.
Let’s take a look at another application. Tapsnake is no longer available on the Android Market because it is spyware. If you looked at the permissions before downloading you would see that it is able to access your GPS, and use the internet, among other things. There is no reason that a game likes this needs those permissions and the reason it wanted them is that it secretly was broadcasting the user’s location to a server. The description of the game didn’t mention the spying, but understanding that there is no way such a game should be requiring such permissions means that you can make the educated decision not to install the application.
I randomly searched on androlib.com and selected a game called Pacific Wings. I didn’t install it or even download it, but I did look at the permissions. The game only asks for one permission, the ability to use the Internet. I sent an email to the developer asking why such a game needed Internet access? The developer responded back “The internet-permission is needed for the in-game-ads (to keep the game free). This is a legitimate way to distribute games, however do expect ads that take you to malicious sites to be appearing.
The Android security model is really very cool, however most people will not understand or pay attention to what permissions they grant the apps they download. If people generally did pay attention then I believe the platform would be approximately as safe as the iPhone, but they don’t and it takes very little to get an app onto the market. As a result there will be a lot of security problems for the Android based phones.
Director of Technical Education
Author ESET Research, We Live Security