Shame on Google

Last night the redneck and I were sitting on the front porch enjoying the evening sky and we noticed a very bright light in the south western hemisphere just over the tops of the trees. It was moving slowly across the horizon and we wondered what it could be. Well don’t you know, there are ANDROID apps that you can download onto your phone that you can POINT up at he sky and it will SHOW you the constellation that you are looking at! How cool is that? So I started to research what apps were out there for pay and for free download. I read a few reviews, peeked at a couple forums and went to download the Google SKYMAP on my Galaxy 5.

As I read the permissions that the app needed, I paused, wrinkled my brow and began my blog in my mind. Why does a camera app need to test access to protected storage? Dang, that doesn’t even sound good. Moreover why would it need to know anything about the phone calls that I make? Houston, we have a problem.

Of course, its not just Google. And the particular app that I’m going to pick on is certainly not the most egregious out there. But its a good annotated example and you know I like flashy mouse over images so if for no other reason I am going to use Google SkyMaps as my pick peeve of the moment.

Do you ever READ the permissions on your Android apps when you press the GREEN ACCEPT button? Do you ever wonder if the provider really NEEDS those permissions? Well as a former DIT in higher education, my brain is wired to wonder. Why would a flashlight app need access to my contact list? Why does a ringtone need to MAKE PHONE CALLS?! Why does this FREE racing game want to know MY GPS?

So I did a bit more digging and actually found the following “explanation” on a google-sky-map forum, presumably by one of the google developers who worked on creating skymap. Who knows if its true, and I’m sure he’s now in the google witness protection program and this link will soon be self destruct.

But when asked WHY does google sky need so many permissions the programmers response was:

“It doesn’t really. I think the only one that is meaningful is “not allow the phone to go to sleep”, although that might not be the case any more.

Back when we first released Sky Map, the permissions model was pretty coarse. I think we just used the defaults. Over time, Android split things into multiple settings. It required some amount of effort, both technical and bureaucratic, to change them, and we figured that it wasn’t worth the effort.”

I was a technical bureaucrat for years, I’m not going to argue the point that its not true about the efforts of change management. But as long as there are other options out there, even if I have to pay a buck or two, I’m going to install an app that doesn’t require as many android permissions.

And that’s basically my rule of thumb. I ask myself:

Do I really need this app?
Do I trust the publisher?
Have I read the reviews?
Do I understand why its asking for these permissions?
Is there an alternative application that asks for LESS?

If you don’t know? Don’t download.

Its pretty much that simple. But how do you KNOW? What do some of the security and privacy settings even mean? Well, if you are curious there’s a wonderful thread on everything you ever wanted to know about androids that does a good job at digging in the dog pile of settings and permissions as well as letting you know which ones may pose a serious risk. Android permissions explained, security tips, and avoiding malware

Too technical? Lifehacker has a wonderful brief on the topic? Why Does This Android App Need So Many Permissions? Which actually includes some apps that you can download that will modify the permissions and either stop or alert you to phishy behavior.

And if you want to go back and CHECK to see what permissions the apps you have already installed have on your android, its easy to do.

Tap the Menu button
Select Settings
Look for the Application Manager (on my menu I had to select the MORE tab first)
Then select the app that you want to check an scroll all the way down to see the PERMISSIONS list.

I went through and deleted a few apps that I either no longer needed, or I simply didn’t want them to have such deep hooks to my personal life. Oh and if you don’t CARE who sees your chit, you should probably REMOVE YOUR FRIENDS from your address books and social networks that DO. Because once you open yourself up to the world, we get exposed too.