Nivedit Majumdar Nivedit Majumdar

Contextual Data Privacy- App Permissions

App permissions are a basic functionality which might be more important than one would think, and in this article, I talk about how the presence of Context in App Permissions would enhance security like never before. Permission to access data and sensors is the fundamental of how context aware apps sense the user’s world.

Editor’s note: Android being the front runner for context aware apps with more variety of APIs to access user data and long running background tasks, there is too much user data at risk. Good to see Android adopting the iOS way of permissions to enhance user privacy. Hope the learning curve will be smooth for Android users, otherwise leading to apps running with insufficient functionality.

LAYING THE FOUNDATION

emberify_smartphone_market_share_os_2013_2015_q2_Data
(Data Source: IDC)

Android has been the leader as far as market share is concerned, with over 82.8% of the market being populated by Android devices. Moreover, with the ease of app development on this platform, and the added advantage of the application development tools and the OS itself being open source, app developers are finding more avenues for development out here.

Another valid statistic along these very lines would be the overall distribution of the various versions of the Android OS. This might not seem relevant just as of now, but it does have some importance, as I will be expanding upon very soon.

emberify_android_os_Distribution_feb_2015
(Data Source: Statista)

So yes, now that we’re done with the OS distributions and the market share, how does all this play a role in app permissions?

ENTER MARSHMALLOW

With the latest version of Android – Marshmallow – there have been a few vital additions to the platform. A key change in this regard is the ability of the user to restrict applications from using different resource : through a simple setting called the ‘App Permissions’ setting.

What this essentially does is limit the resources at the disposal of certain applications. The case earlier (for versions dating back from Lollipop) was that every user would be shown the list of resources the app would be using during installation, and the user couldn’t really change the permissions – it was an all or nothing principle in essence. But with the new version, apps notify users on the fly, as and when they are using certain resources.

emberify_app_permissions

Say for example an application makes use of the camera and WiFi. The user can intuitively take control of what resources are being used by the application, and can also monitor the activities of the same. Moreover, if the user doesn’t want a particular app to make use of a specific resource, that can be changed very easily, as shown with the Instant App here.

emberify_instant_app_permissions

THE KEY APP PERMISSIONS

A smartphone comes bundled with a large amount of resources, and applications are designed keeping in mind which resource to use at what time. App permissions usually notify the user which resources will be used by the app, and there are some resources which are of primary importance.

1. LOCATION

Unless it is a social networking application, or a camera or a navigation app, no application would really require the location resource. Earlier, when applications utilised the location feature, they would use it either as an approximate network based mode, or a precise GPS mode. Unless they’re responsible for geotagging ot navigation, they would be used for generating location based ads. Security constraint: Apps would directly access your location, and could even share it without the user being aware.

2. COMMUNICATION

SMS, MMS and Internet resources can be maliciously used by applications to send illegitimate SMSes or access extra data with the user being none the wiser.

3. PERSONAL DATA

Finally, the most important of all the app permissions. Some apps come with the ability to track the user’s personal data in the form of contacts, the IMEI number or even the browser cookies. Think of it as phishing, but in a more personal way.

THE RELEVANCE – SECURITY

Now here’s the real crux, why is this relevant? I mean, applications would be installed anyway, and in the earlier versions the user would actually have the benefit of installing apps without having to think about why the app uses which resource.

The answer is quite simple, really. If the user doesn’t want an app to use the camera, the user should be given the control to deny the app from using it. In stock Android, doing this procedure would require a root, since they were merely declarations, not requests. But with Android Marshmallow, this is an inbuilt feature.

But if you ask me, the real relevance lies in security. There have been reports recently of phones that are being imported from China coming with malicious applications preinstalled. This usually occurs when the buyer buys the phone off a third party reseller, and the seller thus has the option of installing some applications which would invariably compromise upon the privacy of the user by accessing the data freely.

The onus is on improving the security measures, and protecting the privacy and data of the user. These factors play a major role when seen from the perspective of the Quantified Self movement, where data is being generated in large volumes and hacking into the data would indeed showcase a large amount of personal information.

A CONTEXTUAL APPROACH

The need of the hour would be for applications to decipher what resource they would need to use on the fly, as and when the user needs the application to. That would ensure a smoother and more intelligent experience in an application utilising resources of the smartphone, and would also improve upon the security aspect.

This would also create a powerful ecosystem wherein applications, while having the ability to utilise multiple resources, don’t always use them. It would be improving the efficiency in terms of both the hardware (battery life, processor speeds) and the software (number of threads running simultaneously). Overall, app permissions in Android is going to be big, and in this world where data is generated at unbelievable volumes, would actually be beneficial to both end users and app developers alike.

Sign up for our monthly mailing list