Cybernews analyzed 50 of the most popular apps on Google Play Store to find out what permissions the apps are requesting and what happens if you give permissions to those apps. Giving permissions to apps on your phone means that these apps can easily access your data, even your private data too. Some apps do not ask for some dangerous permissions, but some apps do.
An app in India, The MyJio: For Everything Jio app, is a popular telecom and digital services app which asks for permissions in almost all categories like location, radios, microphone, calendar, file access, camera and others. There are a total of 29 permissions that the app needs. WhatsApp is the second dangerous app in terms of permissions it asks, 26 to be precise. Other Android apps including Truecaller, Google Messages, WhatsApp Business, Facebook and Instagram also need most permissions to work on your phone.
If we talk about apps which require least dangerous permissions, a multiplayer game called 'Among Us' takes the crown with zero dangerous permissions required. Some other gaming apps like 8 Ball Pool and Candy Crush Saga also require only one or two safe permissions. But this doesn't mean that these apps are completely safe.
The study also found out which types of permissions apps ask users the most. The top permissions apps require is the permission to post notifications. Even though this permission may not seem harmful, it can exploit users in several ways. When users give permission about posting notifications to these apps, they can be exposed to unwanted ads, phishing attacks and even misinformation. In 2023, one of the US Senators wrote in a letter that app notifications help in government surveillance as they do not travel directly from apps to your phones. These notifications can carry sensitive data and pass through Google’s Firebase Cloud Messaging before going to Android users.
The second most dangerous permission apps require is permission to access storage and this means that if you have an ID picture in your phone, they can easily access it. This permission is most asked by the apps where you need to upload media like photos or videos. Photo editing apps or social media apps need this permission. But malicious actors can use your storage to steal your data or exploit your private information.
Other most requested permissions include access to camera and recording audio with 33 apps asking for them. Camera access is important for some apps to capture and share your photos and recording audio is important for some apps for voice messaging features. Advertising companies and malicious actors can use this data for different purposes. 26 apps analyzed also asked for location permission and the same number of apps required permission to read contacts. Out of 50 apps, 22 apps also needed permission to connect to Bluetooth for interaction with fitness trackers headphones and smart home devices. 22 apps also asked for the phone's state which is critical information as it can access your phone numbers, networks, ongoing calls and ID of your device.
9 out of 50 apps belong to the communication category while 5 belong to social networks. 19 permissions were requested by communication apps on average while 17.2 permissions were needed by social networks on average. Permissions are justified if they are related to action that is going to be performed on the app. But if the permissions aren't quite relevant to the app, then it is dangerous. As communication and social apps have the most features, they also require the most dangerous permissions. But it doesn't mean you have to give them all permissions at once. You can give specific locations later when needed for once too.
19 apps out of 50 analyzed were gaming apps and they asked for four dangerous permissions on average. Most asked permissions by game apps were for posting notifications (16), recording audio (8) and accessing camera (7). Mobile Legends: Bang Bang, PUBG Mobile and My Talking Angela required access to most user data. Some gaming apps also required access to calendars which is questionable because why would a gaming app need information about one's calendar?
Shopping apps required 13.4 average dangerous permissions with AliExpress and Lazada asking for most dangerous permissions. Wish had the least dangerous permissions (7). Almost all shopping apps required access to camera, location, notifications and storage. Other apps like Netflix was the least data hungry app and only needed permissions for access to post notifications, storage, record audio and connect to Bluetooth. Zedge, a wallpaper app, needed access to fine locations among 3 other dangerous permissions.
Cybernews researchers says that even if an app doesn't require any permission, it doesn't mean that it isn't dangerous. Some apps can still stay in the background and have full access to user data. So, it is important that users delete all the unnecessary apps from their smartphones to keep their data safe and decrease the threat of data exposure and privacy risks.
Read next: Research Shows There is an Increase in Requests for User Data from US Government
An app in India, The MyJio: For Everything Jio app, is a popular telecom and digital services app which asks for permissions in almost all categories like location, radios, microphone, calendar, file access, camera and others. There are a total of 29 permissions that the app needs. WhatsApp is the second dangerous app in terms of permissions it asks, 26 to be precise. Other Android apps including Truecaller, Google Messages, WhatsApp Business, Facebook and Instagram also need most permissions to work on your phone.
If we talk about apps which require least dangerous permissions, a multiplayer game called 'Among Us' takes the crown with zero dangerous permissions required. Some other gaming apps like 8 Ball Pool and Candy Crush Saga also require only one or two safe permissions. But this doesn't mean that these apps are completely safe.
The study also found out which types of permissions apps ask users the most. The top permissions apps require is the permission to post notifications. Even though this permission may not seem harmful, it can exploit users in several ways. When users give permission about posting notifications to these apps, they can be exposed to unwanted ads, phishing attacks and even misinformation. In 2023, one of the US Senators wrote in a letter that app notifications help in government surveillance as they do not travel directly from apps to your phones. These notifications can carry sensitive data and pass through Google’s Firebase Cloud Messaging before going to Android users.
The second most dangerous permission apps require is permission to access storage and this means that if you have an ID picture in your phone, they can easily access it. This permission is most asked by the apps where you need to upload media like photos or videos. Photo editing apps or social media apps need this permission. But malicious actors can use your storage to steal your data or exploit your private information.
Other most requested permissions include access to camera and recording audio with 33 apps asking for them. Camera access is important for some apps to capture and share your photos and recording audio is important for some apps for voice messaging features. Advertising companies and malicious actors can use this data for different purposes. 26 apps analyzed also asked for location permission and the same number of apps required permission to read contacts. Out of 50 apps, 22 apps also needed permission to connect to Bluetooth for interaction with fitness trackers headphones and smart home devices. 22 apps also asked for the phone's state which is critical information as it can access your phone numbers, networks, ongoing calls and ID of your device.
9 out of 50 apps belong to the communication category while 5 belong to social networks. 19 permissions were requested by communication apps on average while 17.2 permissions were needed by social networks on average. Permissions are justified if they are related to action that is going to be performed on the app. But if the permissions aren't quite relevant to the app, then it is dangerous. As communication and social apps have the most features, they also require the most dangerous permissions. But it doesn't mean you have to give them all permissions at once. You can give specific locations later when needed for once too.
19 apps out of 50 analyzed were gaming apps and they asked for four dangerous permissions on average. Most asked permissions by game apps were for posting notifications (16), recording audio (8) and accessing camera (7). Mobile Legends: Bang Bang, PUBG Mobile and My Talking Angela required access to most user data. Some gaming apps also required access to calendars which is questionable because why would a gaming app need information about one's calendar?
Shopping apps required 13.4 average dangerous permissions with AliExpress and Lazada asking for most dangerous permissions. Wish had the least dangerous permissions (7). Almost all shopping apps required access to camera, location, notifications and storage. Other apps like Netflix was the least data hungry app and only needed permissions for access to post notifications, storage, record audio and connect to Bluetooth. Zedge, a wallpaper app, needed access to fine locations among 3 other dangerous permissions.
Cybernews researchers says that even if an app doesn't require any permission, it doesn't mean that it isn't dangerous. Some apps can still stay in the background and have full access to user data. So, it is important that users delete all the unnecessary apps from their smartphones to keep their data safe and decrease the threat of data exposure and privacy risks.
Read next: Research Shows There is an Increase in Requests for User Data from US Government