12 Most Abused Android App Permissions
October 22, 2013
Android apps need permissions in order to work. However, cybercriminals can exploit them for their personal gain. Here are some of the most commonly requested permissions, and how they’re abused.
1. Network-based Location
What it’s for: It allows apps to retrieve an approximate location through network-based location sources like cell sites and Wi-Fi. App developers can use it to gain profit from location-based ads.
How it can be abused: Malicious apps use it to launch location-based attacks or malware. For example, cybercriminals can direct Russia-based mobile users to malicious Russian language sites.
Apps that need this permission: location apps, check-in apps
2. GPS Location
What it’s for: It grants apps access to your exact location through the Global Positioning System (GPS) and other location sources like cell sites and Wi-Fi. Like network-based location, GPS location can also be used by app developers to gain profit from location-based ads.
How it can be abused: Malicious apps use it to load location-based attacks or malware.
Apps that need this permission: location apps, check-in apps, social media apps
3. View Network State
What it’s for: It allows apps to check for cellular network connections, including Wi-Fi. Apps require network connectivity to download updates or connect to a server or site.
How it can be abused: Malicious apps use it to spot available network connections so they can perform other routines, like downloading other malware or sending text messages. Malicious apps can switch on these connections without your knowledge, draining your battery and adding to data charges.
Apps that need this permission: location apps, check-in apps, social media apps
4. View Wi-Fi State
How it can be abused: Cybercriminals take advantage of device bugs to steal Wi-Fi passwords and hack into the networks you use.
Apps that need this permission: browser apps, communication apps
5. Retrieve Running Apps
What it’s for: It lets apps identify currently or recently running tasks and the processes running for each one.
How it can be abused: Cybercriminals use this to steal information from other running apps. They can also check for and “kill” security apps.
Apps that need this permission: task killer apps, battery monitoring apps, security apps
6. Full Internet Access
What it’s for: This allows apps to connect to the Internet.
How it can be abused: Malicious apps use the Internet to communicate with their command centers or download updates and additional malware.
Apps that need this permission: browser apps, gaming apps, communication apps, productivity apps
7. Read Phone State and Identity
What it’s for: It lets apps know if you’re taking calls or are connected to a network. It also gives them access to information such as your phone number, International Mobile Equipment Identity (IMEI) number, and other identifying information. Apps often use this to identify users without requiring more sensitive information.
How it can be abused: Information-stealing malicious apps often target device and phone information.
Apps that need this permission: mobile payment apps, gaming apps, audio and video apps
8. Automatically Start at Boot
What it’s for: Apps use this to tell the OS to run the application every time you start your device.
How it can be abused: Malicious apps use this to automatically run at every boot.
Apps that need this permission: task killer apps, battery monitoring apps, security apps
9. Control Vibrator
What it’s for: This gives apps access to your device’s vibrator function.
How it can be abused: Malicious apps use it to stop vibrations, which can alert you of premium service notifications or verification text messages before the malicious app can intercept them.
Apps that need this permission: communication apps, gaming apps
10. Prevent From Sleeping
What it’s for: It keeps the processor from sleeping or the screen from dimming.
How it can be abused: Malicious apps use this to prevent phones from going into sleep mode, so they can continuously run malicious routines in the background. This can also lead to battery drainage.
Apps that need this permission: audio and video apps, gaming apps, browser apps
11. Modify/Delete SD Card Contents
What it’s for: This lets apps write on external storage, like SD cards.
How it can be abused: Cybercriminals use this to store copies of stolen information or save files onto your SD card before sending them to a command center. Malicious apps can also delete photos and other personal files on your SD card.
Apps that need this permission: camera apps, audio and video apps, document apps
12. Send SMS Messages
What it’s for: This allows apps to send text messages.
How it can be abused: Premium service abusers use this to send messages to premium numbers. This leaves you with unexpected charges. Cybercriminals can also use it to communicate to command centers.
Apps that need this permission: communication apps, social media apps
HIDE
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Recent Posts
- Ransomware Spotlight: Ransomhub
- Unleashing Chaos: Real World Threats Hidden in the DevOps Minefield
- From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Attack Surface Management
- AI Assistants in the Future: Security Concerns and Risk Management
- Silent Sabotage: Weaponizing AI Models in Exposed Containers