When we deny/ block certain permissions to apps, how does Android (or iOS) enforce this?
There are two ways of enforcing this setting:
1. System tells the app not to ask for the permission because the user has denied it.
2. App keeps trying to access the particular permission, and the system continuously blocks it.
For example, if we deny location permission to an app, does the app no longer request location access, or does it keep trying to access location and system keeps blocking it?
If method 1 is how it works (and I doubt it), it would be great for performance and battery life.
If method 2 is how it works (and I think this is how it works), then the app would likely continue to drain battery even more than what it would if the permission was granted.
Can someone explain how this works?
Thanks.
TheMystic said:
When we deny/ block certain permissions to apps, how does Android (or iOS) enforce this?
There are two ways of enforcing this setting:
1. System tells the app not to ask for the permission because the user has denied it.
2. App keeps trying to access the particular permission, and the system continuously blocks it.
For example, if we deny location permission to an app, does the app no longer request location access, or does it keep trying to access location and system keeps blocking it?
If method 1 is how it works (and I doubt it), it would be great for performance and battery life.
If method 2 is how it works (and I think this is how it works), then the app would likely continue to drain battery even more than what it would if the permission was granted.
Can someone explain how this works?
Thanks.
Click to expand...
Click to collapse
The first one if it's update to support the current SDK. App comunicate a request system-level (permission) and ask you to choose.
Granting / revoking permissions is done at app's level and controlled / noted by Android OS:
Permissions on Android | Android Developers
developer.android.com
Keep in mind that once an app has permission to use something, it can do so whenever it wants. While an app might have a legitimate reason for accessing your location, it could also check your location in the background every so often and send that data to advertisers - what will drain battery, of course.
Related
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Toriko said:
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Click to expand...
Click to collapse
are you a thief?? :laugh:
Most of the permissions are for ads bases on location
Batcom2
xxXismakillXxx said:
are you a thief?? :laugh:
Click to expand...
Click to collapse
No, but I'm thinking about it. Seriously, have you ever wonder why you get web searches, translations and other services for free and yet the companies that handle the sites are billionaires? Because they sell your personal data and your commercial preferences to other companies without your permission. Think about it when you post your personal data on the web.
zelendel said:
Most of the permissions are for ads bases on location
Batcom2
Click to expand...
Click to collapse
I'm not so sure about that. However if I buy an ad free app , there shouldn't be any ads. And why an alarm clock need my phone id and can access my call log? It's fishy.
Toriko said:
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Click to expand...
Click to collapse
Rule of thumb: Every app that asks for unique device numbers, location and a backchannel does so because it contains advertisement. Advertisers simply love to track customers and find out as much as possible about them in order to deliver ads that actually result in a sale (contrary to popular belief, they don't do that just to annoy the crap out of everyone).
Personally, I don't use LBE privacy guard. I haven't seen the source and that pretty much means it is as much a blackbox as the apps, it is suppose to protect me from. For me, rooting and installing a firewall to simply block the backchannel does the trick.
If u filter out apps for their permissions, u will have nothing but the system apps left on the phone! even I used to check permissions b4 downloading at the beginning. Then as I downloaded a lot of apps i was lazy enough to give a dang to wat permissions the app wants! just see through the comments (reviews) to know if there are any issues with the app! That's it.! And nowadays the app developer tries to explain the reason for each permission the app asks for. So sooner all apps are gonna be explaining their permissions! (hopefully)
zelendel said:
Most of the permissions are for ads bases on location
Batcom2
Click to expand...
Click to collapse
This is true although some use it to collect app usage information for the purpose of improving the app. Unfortunately, it can be difficult to determine exactly why a particular permission is requested.
onyxbits said:
Personally, I don't use LBE privacy guard. I haven't seen the source and that pretty much means it is as much a blackbox as the apps, it is suppose to protect me from. For me, rooting and installing a firewall to simply block the backchannel does the trick.
Click to expand...
Click to collapse
Installing a firewall won't solve the problem, because you can't stop apps that need connection : together with the access to the net they send your data. LBE allows the access for the app but block the transmission of your id together with other data.
Anyway LBE also works as a firewall. There's another app that works the same way (Pdroid) but supports only Gingerbread.
I just upgraded my SM-G920I to Marshmallow and now the Theme Store wants Telephone and Contacts permissions. It won't launch unless I give it. Why would the app require such a permission? Galaxy Apps is also demanding access to Contacts. Anybody has any clue?
You could say the same about a lot of apps.
If you haven't discovered it yet, you can now fine control app permissions in MM. Perhaps allow them, get what you want, and revoke them?
I've revoked permissions for so many things on so many apps and everything is still working as it was before... It says a lot
Revoking later means app gets what it wants. If such is the state there is no point in granular permissions. The whole idea was centered around improving privacy and user control.
What are the best ways to monitor what permissions apps use? I know xprivacy monitors permission usage in real time, app ops seems to track actual permission usage and you can check the manifest to see what's asked for (but not used) what are the other methods?
nutpants said:
What are the best ways to monitor what permissions apps use? I know xprivacy monitors permission usage in real time, app ops seems to track actual permission usage and you can check the manifest to see what's asked for (but not used) what are the other methods?
Click to expand...
Click to collapse
You should have xposed framework/magisk modules installed
download xprivacy, and set it to limit all
whenever an app asks for permission , xprivacy will pop up and ask whether to grant or deny
does consume some battery though
SD Maid (app control)
Do you recommend being rooted or not?
Hi there,
I am a newbie with Android and smart phones.
As an old-school tech, from Windows 3.0 to Gnu/Linux, I want for long time avoid all GAFAM stuff and keep a bit of privacy and security.
I came across the Exodus site and try to find app with zero tracker and minimum permission.
Do you care about that?
Do you use FOSS apps?
Do you have a list of usual apps that fulfill your need AND privacy?
Any help, advise, list of apps (browser, messaging, files management, maintenance, ...) are welcome.
Thank you
IMHO it doesn't matter where you fetch apps from: F-Droid, Google Play Store, etc.pp.
Apps typically request normal premissions and dangerous permissoins.
Dangerous persmissions are
READ_CALENDAR
WRITE_CALENDAR
CAMERA
READ_CONTACTS
WRITE_CONTACTS
GET_ACCOUNTS
ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
RECORD_AUDIO
READ_PHONE_STATE
READ_PHONE_NUMBERS
CALL_PHONE
ANSWER_PHONE_CALLS
READ_CALL_LOG
WRITE_CALL_LOG
ADD_VOICEMAIL
USE_SIP
PROCESS_OUTGOING_CALLS
BODY_SENSORS
SEND_SMS
RECEIVE_SMS
READ_SMS
RECEIVE_WAP_PUSH
RECEIVE_MMS
READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE
and only become activated if user clicks ALLOW to them: so it's on user what permissions can be used by an app.
So-called normal permissions get allowed by default without any user interaction.
jwoegerbauer said:
and only become activated if user clicks ALLOW to them: so it's on user what permissions can be used by an app.
So-called normal permissions get allowed by default without any user interaction.
Click to expand...
Click to collapse
I you sure only normal permissions get allowed by default without any user interaction? and where can I separately allow or deny them? Is there a place where all these permissions are explained and what I'll block in the app when denied?
What about tracker? Is it possible to deactivate them?
I think trackers are more intrusive than permissions. Am I right?
MrNice said:
I you sure only normal permissions get allowed by default without any user interaction? and where can I separately allow or deny them? Is there a place where all these permissions are explained and what I'll block in the app when denied?
What about tracker? Is it possible to deactivate them?
I think trackers are more intrusive than permissions. Am I right?
Click to expand...
Click to collapse
Yes, only normal permissions get allowed by default, the apps will ask for the rest of them and you can deny them if you want. Also the only way to disable trackers is with aurora appwarden or trackercontrol, but sometimes the apps with disabled trackers could crash.
@MrNice
an app only can track you if it has the related Android permission granted to do so.
The Penguin said:
Also the only way to disable trackers is with aurora appwarden or trackercontrol,
Click to expand...
Click to collapse
jwoegerbauer said:
an app only can track you if it has the related Android permission granted to do so.
Click to expand...
Click to collapse
Hummm, for me, these 2 sentences look like an oxymoron.
Could you explain?
My last 2 cents here:
An app doesn't have trackers, it only has granted permissions, but an app may behave as tracker - where it doesn't matter whatever it will track - if it got granted the related permissions.
Have a nice day.
I use Karma Firewall to log/see what's accessing the internet and block it if needed.
Many don't need internet access to be functional.
Some of the worst offenders I uninstalled.
Gookill is the worst offender, I keep Google play Services and Playstore disabled 99% of the time.
Some freeware apps are perfect. They do nothing except what they're suppose to do and never attempt internet access; keepers.
Hello Everybody,
I would like to ask a question about Android Apps permissions:
If I deny one permission for a particular App, does that mean the App has zero access to the denied permission?
Or is there a possibility for the App to bypass the permission restriction and access the user Data anyway?
Is our Data really safe and respected by Apps whe we deny certain App permissions?
I would like to have a good understanding about the accuracy of Android Apps permission restrictions.
Please let me know.
Thank you
What permissions an app has is determined by app's developer. These are by default granted, but can get revoked by user - what may lead to fact that app no longer works.
Each app runs in a sandboxed VM therefore basically it only has access to the data tied to it, means app A can never access app's B data. User data like photos, musics, videos etc.pp typically can get accessed by all apps because they aren't specific to an app.
jwoegerbauer said:
What permissions an app has is determined by app's developer. These are by default granted, but can get revoked by user - what may lead to fact that app no longer works.
Each app runs in a sandboxed VM therefore basically it only has access to the data tied to it, means app A can never access app's B data. User data like photos, musics, videos etc.pp typically can get accessed by all apps because they aren't specific to an app.
Click to expand...
Click to collapse
Thank you for taking some of your time to explain this to me. I appreciate it.