Google Play applications are a real box of surprises. While some demand more than they need to operate, others hide a complex spy machine in their lines of code.

A group of researchers from Comparitech took the job to analyze the 2,500 most used Android apps and found that, at least 1 in 50 requests unnecessary permissions that put the privacy and data of the bearer at risk.

These permissions, which are the new fine print of technology, pave the way for applications to run dangerous scripts and gain access to SMS messages and social media accounts.

On average, a person you have 80 apps on your phone, which means that there is a high probability that at least one of that platoon is covering up malicious software.

Permissions, which are the new fine print in technology. Photo Xinhua

When breaking down the results by application category, the most controversial are those of News (18.6%), Business (16.3%), Sports, Lifestyle, Fitness and Personalization (7%), Dating (4.7%), Social Networks and Delivery (2.3%).

In addition, there are 59 applications – out of a total of 111- who requested access to the SMS and use it in activities that are not related to its functionalitysuch as receiving second factor of safety (2FA) codes, the researchers say.

These excessive permissions could make a third party reads private text conversations, putting the privacy of the user and their network of contacts at risk. Additionally, they could be used to send SMS messages from the user’s device to people on their list.

Closed doors

Giving these applications unlimited freedom to explore SMS is like leaving the door open overnight. The most common dangers are:

In addition to the phone number, You can get the sender’s address from the SMS, the information stored in the contact list, including name, email and the bank accounts you use.

That the applications store the user’s SMS contacts in a database and send them to an incognito number.

Most apps ask for permissions that they don’t need to work.

Check the content the sender’s SMS and phone number. This is to read your text messages and what numbers they come from. It could be used to get 2FA / OTP codes, but also for other purposes.

To verify which extended the scope of their authorizations, the Comparitech researchers used a tool called Quark Engine that analyzes the information saved in the installation APK file.

This software examine the permissions in manifest.xml, a document used by almost all Android apps that declare permissions. The tools examine you for 145 unique approvals.

Unlike other permissions, an Android phone does not natively warn the user when they are about to run a Shell script, a program that provides a user interface to access operating system services.

Many of the Android apps under the magnifying glass. REUTERS

Shell scripts can perform a wide range of actions. These may include change active keyboard, toggle Android settings, retrieve network status and information, manage notifications, alter color schemes and layouts.

Normally this requires root access, but Android supports running some commands without it. A malicious application could perform a wide range of attacks using shell scripts. Even, gives you a deeper autonomy to modify the device and access at the hardware level.

Permissions and recommendations

Google divides Android permissions into two types: installation time and runtime. Although Google intends that developers request only those key permissions for its operation, this is not always the case.

The former are accepted or denied by the user when starting an application for the first time. The others, run-time, must be granted while the application is in progress.

Ideally, keep permissions to a minimum. Google advises developers to design their applications so that they can continue to be used even if you deny an install or runtime permission.

So if the app is well built it should still work. However, do not be afraid to deny a permit. You can always change your mind later.

You can also choose an application that takes care of managing all the permissions such as Permission Manager that, impartially, decides based on the usefulness of each software.

