Skip to main content

Five permissions Android games do not need

 

Five permissions Android games do not need

You can refuse some permissions to greedy games, and they most definitely do not need these five.

Some Android games ask for a bunch of unnecessary permissions. Here are five you shouldn’t give them.

By default, apps on your phone have very limited permissions. To gain access to most of your data — and potentially dangerous Android features — they need your explicit consent. Android does that for security reasons; if permissions have potential for abuse, it’s better if an app doesn’t have them by default.

Apps actually need some permissions to do their jobs. For example, AR games really do require access to the camera. But even legitimate apps often want more than they really need. Here are five permissions that bona fide games definitely don’t need, and of course malware masquerading as a game would love to have.

For this post, we’re using the names of permissions and their paths in the “clean” Android 10. In other versions and on devices from some vendors, they may differ slightly.

Accessibility

What it is. Accessibility comprises a set of Android features that can help enable people, in particular people with disabilities, to use the device. Apps with Accessibility rights can see everything that happens on the screen, and control everything as if they were the user: change settings, perform actions in other apps, and so on.

One example of an app that needs Accessibility permissions is a voice assistant, which uses them to execute voice commands and to read information from the phone out loud. Games do not need this feature set.

What’s the danger? An app with Accessibility access can do almost anything on the device. For example, it can perform online banking transactions, write and read e-mails and other messages, change screen settings, and more. Generally, despite the innocuous-sounding name, this is a very dangerous permission.

Where to check. Settings → Accessibility

Device admin apps

What it is. Device admin apps involve remote control of the device. The permission might be needed if the phone is used for work, for example, and the company’s system administrators require access to it. Generally apps do not need this permission — and you certainly should not grant it to games.

What’s the danger? Armed with admin rights, apps can change the device’s password, lock the screen, delete files, and so on. What’s more, getting rid of a “game” with admin rights won’t be easy; the permission is intended for corporate admin tools that employees should not remove from the phone.

Where to check. Settings → Apps and notifications → Advanced → Special app access → Device admin apps

Install unknown apps

What it is. Permission to install unknown apps means having the ability to download other apps from anywhere, not only from Google Play. Games simply do not need that ability.

What’s the danger? Even if a game isn’t malicious, this permission lets it download “partner apps” to your smartphone or tablet, and those can be very difficult to get rid of later. Moreover, some partner apps might slip you some genuine malware. Don’t give this permission to anything, and download apps only from official sources.

Where to check. Settings → Apps and notifications → Advanced → Special app access → Install unknown apps

Display over other apps

What it is. Permission to display app windows on top of any running apps. Facebook Messenger uses this feature to show the chat icon even when you’re using another program, for example.

What’s the danger? This permission offers minimal benefit to the user, but it can cause significant harm. An unscrupulous game might use it to display banner ads on top of other apps. And if it turns out to be malware in disguise, it can lock the screen and demand ransom, or sneak in a fake form for entering bank card details. Or overlay a fake virtual keyboard atop the real one to read everything you type.

With a clever overlay obscuring the app you think you’re using, criminals can also get your consent to just about anything. In one scenario, an app requests access to, say, Accessibility permissions, and displays a window over it with an innocent message — say, that the content is temporarily inaccessible. This window covers everything except the real OK button in the request. The unsuspecting user taps it, and boom, cybercriminals have Accessibility in the bag.

Where to check. Settings → Apps and notifications → Advanced → Special app access → Display over other apps

SMS

What it is. SMS permissions give an app the ability to read and send SMS, MMS, and WAP Push messages. Games don’t need it, and they can’t even get it unless you make them your default app for handling text messages. But malware pretending to be a game may demand it.

What’s the danger? With access to text messages, apps can subscribe you to paid services by sending messages to short numbers. They can also spam your contacts (on your dime).

Most dangerous of all is that this permission lets apps intercept text messages with one-time confirmation codes from banks, enabling attackers to log in to your personal account and steal your money.

Where to check. Settings → Apps and notifications → App permissions → SMS and Settings → Apps and notifications → Advanced → Default apps

Don’t give games more than they need

Android offers lots more permissions. Here, we’ve just covered those that must never be given to games under any circumstances. But you should treat other permissions with care as well.

When it comes to device security, you can never be too cautious. If some three-in-a-row game wants access to your camera or microphone, just say no. And if a game really does need a permission to work, you can always issue it later.
Labels:

Comments

Post a Comment

Popular posts from this blog

How to secure PayPal

How to secure PayPal By- Aarti Jatan Your online finances need proper protection. Learn how to secure your PayPal account. With hundreds of millions of users around the world, PayPal has long been an international leader in the electronic payments industry. But as we know, money never fails to attract fraud, especially now, with as much of life as possible taking place online. Here is what you need to do to stay safe when sending or receiving money through PayPal. How secure is PayPal? As a matter of fact, PayPal is quite a reliable platform that maintains a high level of security — and keeps improving it. Thus, the company has an official program deploying white hat hackers to unearth vulnerabilities (the so-called bug bounty), under which it has already paid out almost $4 million since 2018. The program also covers several other services owned by PayPal, such as Venmo. PayPal also treats its users’ data responsibly: It did have one reliably reported leak, in 2017, but the leak invol...
Post a Comment
Read more

A DEEP DIVE INTO THE OFFICIAL DOCKER IMAGE FOR PYTHON

  A DEEP DIVE INTO THE OFFICIAL DOCKER IMAGE FOR PYTHON The official Python image for Docker is quite popular, and in fact I recommend one of its variations as a base image . But many people don’t quite understand what it does, which can lead to confusion and brokenness. In this post I will therefore go over how it’s constructed, why it’s useful, how to use it correctly, as well as its limitations. In particular, I’ll be reading through the python:3.8-slim-buster variant, as of August 19, 2020 , and explaining it as I go along. Reading the Dockerfile The base image We start with the base image: FROM debian:buster-slim That is, the base image is Debian GNU/Linux 10, the current stable release of the Debian distribution, also known as Buster because Debian names all their releases after characters from Toy Story. In case you’re wondering, Buster is Andy’s pet dog . So to begin with, this is a Linux distribution that guarantees stability over time, while providing bug fixes. The slim...
Post a Comment
Read more

Five regular checks for SMBs

Five regular checks for SMBs By- Aarti Jatan Five things that, if neglected, can cost SMBs dearly. It is not always economically viable for small and medium-size businesses to maintain a dedicated IT security team, so it often happens that one person is in charge of monitoring the entire infrastructure. Sometimes he or she is not even a permanent, full-time employee. Sure, a good administrator can do a lot, but even a pro might miss something, particularly if issues are mounting and time is short. So, it’s worth establishing a few habits. Here are our Top 5 regular checks. Renew the corporate site security certificate Any website that requests or processes user data must have an SSL certificate. It protects information entered by visitors from being intercepted, and almost all modern browsers  warn  users that sites without an SSL certificate are insecure. That can scare off potential customers. Your website most likely has an SSL certificate, but its validity period is limite...
Post a Comment
Read more