As an Android app developer, I try to be very conscious of what permissions I really need and ask the user for. Sometimes this means having to work around something that would be very simple IF I would just ask for and receive a particular permission from the user.

As an Android user, I examine the requested permissions and so far I have yet to allow an app that requires the permission to “READ CONTACTS” or “READ PHONE STATE AND IDENTITY”

So, I guess I miss out on lots of neat apps. Contrary to my ways, I’ve come to the conclusion that most users don’t even care – they just press the “OK” button and off they go to play with their new app. Here’s a few quotes from a good friend of mine:

I have not looked at the permissions…but iPad sell apps by [xyz company]….figured it was okay

I almost never read through the permissions…if you want the app, I figured you had no choice…maybe I better be more careful…”

Consider this – you download a free app that asks for permission to read your contacts – it works, does what it says, you use it when you want to.

Now, let’s think about how this guy makes money – sure he has ads, but I can tell you from personal experience that unless you have an app like Angry Birds that has millions of installs, ad revenue amounts to pennies a day, maybe even dollars a day for some of the more successful apps. Very few are knocking down tens or hundreds of dollars per day.

But hey – since we said it was ok and agreed to allow him to “READ CONTACTS”, he can now rake all these email addresses from everyone’s phone that installed said free app – then when he gets 1000 email addresses, he sells them to the SPAMMERS and makes some money. The email addresses are top quality since they are in someone’s contact list, so they bring a premium price.

I don’t know that this goes on – but I seriously wouldn’t doubt it. And every time we give an app permission to read our contacts, we are in essence, saying “hey, that’s ok, go for it – spammers got to eat too”.

So, please review the permissions the app is asking for and think twice before allowing apps to just do whatever they want.

And for those of you that have me in your Contacts list, I blame you for all the SPAM I receive, lol


ADDED: here’s a decent read about the permissions – scroll down to get a brief explanation of each permissions

http://androidforums.com/android-applications/36936-how-safe-find-trusted-apps-avoid-viruses-guide-those-new-android.html


I believe that this part of Android needs to be changed – a finer granularity for permissions would be nice. As a developer, I personally would have no problem having to state in my Manifest file a separate permission for each and every permission I needed.

It would also be nice if there was a way to control these AFTER the app was installed – like most J2ME phones allow these to be changed at any time to one of three choices “Always Allow”, “Never Allow”, “Ask Each Time”

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Twitter