Facebook is in the middle of an undeniable data privacy related quagmire. The social media company has now been accused of secretly collecting call and message details of Android users through messenger and Facebook Lite app. In its defence, Facebook argued that none of the data was collected without users’ consent and that they agreed to it when they granted these apps the permission to access their contact details.
Google requires all app developers to clearly request the specific permission an app requires before they can access the system data and the phone’s hardware. Like in this case, the Facebook Messenger asked users that it requires access to messages and contact apps to deliver a better experience across Facebook.
There have been several cases in which app permissions have been misused by app developers and users’ privacy has been compromised. A study by German Technical University of Braunschweig, published in May 2017, found 234 apps which were misusing the permission to access the microphone to listen to high-frequency ultrasonic signals embedded in TV and web advertisements. The signals were inaudible to humans but could be detected by the apps. They were used to determine which advertisements were being watched and which were not. Another study, carried out by Virginia Polytechnic Institute and published in April 2017, found thousands of apps leaking sensitive personal information to other apps which have been denied those permissions by the users.
Where to get details on app permissions
Android users can see all the permissions an app requires, even before downloading them, on the Google Play Store. All apps are required to give the permission they are going to ask along with a detailed break-up of the requests in Permission Details section on the landing page of the app on the Play Store.
How to regulate app permissions
Until a few years ago, Android users could only see what an app could access on their smartphone, and could not revoke these permissions even if they wanted to. This was addressed by Google in 2015 with the fill out of Android 6.0, also known as Marshmallow.
This gave users the control they didn’t have over the apps. Users can manually decide which permissions to grant and which to deny. So if users don’t want to share their location with Facebook or their contacts with Twitter, they can restrict them anytime they want in Settings -> Apps ->App Permissions.
Users can also review permissions in Settings-> Permissions instead of going through every app manually. Here they can see all the system files and sensors such as location, microphone, storage, body sensors and SMS along with the names of apps which are interested in accessing them.
Sometimes apps request new permissions after an update through a pop-up window. Users should keep an eye on such permissions too every time an app gets a major update.
More careful examination required
Users need to review the permissions an app requires more carefully to see if the permission is needed for the functioning of the app. If they feel the request is unwanted, they can block them. If the app insists on having the permissions again and again and interferes with the experience, users should uninstall them completely. For instance, a calling or Messenger or audio recording app asking for access to microphone is understandable, but if a video streaming app or an e-commerce app asks for similar permissions, users should be wary.
Google is against app developers asking for permissions which are not necessary for the working of the app. It also requires them to request permissions in context of the relevant features as they need them instead of overwhelming users with all the permission requests at the same time. This makes it a lot easier for users to understand the need for such permissions.
Google also insists app developers to be more transparent on how they are handling user data, what data they are collecting and who are they sharing them with for legal reasons. Users can report any such violations by app developers in Google Play Help page->Report Content Issues and Violations.