The latest version of the Play Store hit the scene a little over a week ago and introduced a tweak to the way permissions are displayed at install time, and it left some people feeling a little...uncertain. Gone is the ugly wall of poorly spaced, semi-specific permissions. The replacement is a short set of simplified categories, each with crisp-looking icons and buttons that reveal a brief description when tapped. Google filtered through roughly 145 permissions and narrowed them down to a dozen groups, plus one bucket for anything that remains. The list can be found here.
Unfortunately, this relatively simple revision has introduced a few potential security and privacy issues. The first concern is one of simply hiding more serious permissions in innocently named groups. For example, the rights to reroute outgoing calls and modify the call history log are found in the "Phone" category.
The real problem becomes visible with app updates through the Play Store. When new permissions are added, there are no outwardly visible signs that anything has changed so long as no new categories are added. For example, an app that had already been authorized to read the call log can add permissions to make calls without intervention, and there will be no warning when it comes time to download the update. In the past, app updates clearly identified new permissions and prompted users to authorize each update before it could be downloaded.
Note: Installing or updating apps using an apk on the device (or another app store) will still display the standard permissions screen, which displays the full list without modifications.
http://www.androidpolice.com/2014/0...cious-developers-to-silently-add-permissions/
Unfortunately, this relatively simple revision has introduced a few potential security and privacy issues. The first concern is one of simply hiding more serious permissions in innocently named groups. For example, the rights to reroute outgoing calls and modify the call history log are found in the "Phone" category.
The real problem becomes visible with app updates through the Play Store. When new permissions are added, there are no outwardly visible signs that anything has changed so long as no new categories are added. For example, an app that had already been authorized to read the call log can add permissions to make calls without intervention, and there will be no warning when it comes time to download the update. In the past, app updates clearly identified new permissions and prompted users to authorize each update before it could be downloaded.
Note: Installing or updating apps using an apk on the device (or another app store) will still display the standard permissions screen, which displays the full list without modifications.
http://www.androidpolice.com/2014/0...cious-developers-to-silently-add-permissions/