Understanding app permissions and how they affect your data

You’ve probably seen it before, if only for a brief moment while installing an app or trying to use one of its video or photo features for the first time: a list of permissions the program wants from your device. Depending on the application, you may be asked to approve its access to your contacts, microphone, geolocation, etc. Granting these requests is essential in some cases; for example, mapping services aren’t practical if they don’t know your current location.

Other times, the app may be simply trying to harvest data that can be resold to advertisers. It’s worth carefully reading what each one wants to see and understanding the associated risks to your security.

app permissions

How app permissions can jeopardize your personal data

There are several ways you might unknowingly hand over more data than you intended to an app or a third-party ad network:

  • Approving all of an application’s requested permissions.
  • Signing into an account via a social profile (e.g., Google or Facebook).
  • Connecting different apps and services to those same social networks.

Let’s go through these one by one:

Permission requests

Common permissions can be abused by malware. For example, legitimate Android apps may want access to your phone calls and text messages so they can send two-factor authentication codes when you try to log in. Malicious ones may hijack these same permissions to send expensive premium texts or make pricey calls. On iOS, giving apps the green-light to access your microphone could enable them to hear your conversations and tailor ads accordingly. Instagram is infamous for this technique.

Signing in

Using your Google or Facebook profile to sign in is much quicker and in some ways safer than creating an entirely new account based on your email address. However, it comes with its own risks: The websites you log into get some access to data from your profile. In 2016, the popular mobile game Pokemon Go had an initial flaw allowing the app full access to the Google account of anyone signing in with Google.

Connecting apps and services

The recent revelations about Facebook user data leaked to Cambridge Analytica have highlighted the dangers of connecting third-party services to platforms that contain immense amounts of personal data. Fortunately, you have some control over which apps can see your data. This guide from CNET walks you through the steps of deleting unwanted or unfamiliar connections to your Facebook account.

Be vigilant about what apps you install and the permissions you allow them. You can ensure additional protection through Total Defense Unlimited Internet Security, which helps shield your identity and defend against malware. Learn more on the main product page today.