Google Play Store App Permissions are Deeply Flawed, Says Report

google_play_featureThe all-or-nothing permissions users are asked to accept for apps from the Google Play Store creates large privacy and security risks, according to a research report by Zscaler.

Zcalers research analysed more than 75,000 apps from the Google Play Store, examining which permissions were most commonly asked for as part of downloading and using apps. Because users are required to accept the entire list of requested permissions to download a given app, users are putting less scrutiny on permissions in order to attain the apps they want.

The report largely focused on the more dangerous permissions, that allow apps to access a users personal information and grant access to functionality on the device. Zcaler considered permissions related to SMS, GPS, phone calls and personal information (including address book and device information) as the highest risk.

According to the report, 68 per cent of apps that request SMS permissions ask for the ability to send SMS messages. As most Android malmare currently involves premium SMS fraud, the report singled this out as particularly concerning.

In addition, 28 per cent of apps with SMS permissions also requested the ability to read SMS. As well as the obvious privacy risks, the growth of apps and services that send codes via SMS for mobile banking or two factor authentication could make this a potential security risk.