On Android, newly installed apps ask for a number of permissions when you run them for the first time. Many times, the permissions requested are essential for the app to function properly. However, some of these permissions are sensitive and could potentially lead to malicious activities like malware injection. To put the matter into perspective, a report has revealed that some apps in the Play Store’s top 50 may be asking for more permissions than necessary.
Apps in the Play Store’s top 50 that request the most “dangerous permissions”
According to Cybernews, the Android app that asks for the most “dangerous” permissions in the Play Store’s top 50 is MyJio. MyJio is the app that Jio customers in India use to manage their accounts. However, it also offers payment services, access to entertainment (music, video, and games), and more. The research found that MyJio asks for 29 dangerous permissions, including “location, activity recognition, radios, camera, microphone, calendar and file access.”
Next on the list is WhatsApp, which requests access to 26 dangerous permissions. In this case, the app’s features directly justify several of the permissions. WhatsApp is a messaging app with support for video calling, voice notes, geolocation sending, and more. Then there’s “Truecaller: Caller ID & Block,” which requests access to an especially sensitive permission that allows it to manage calls. This is because you can set Truecaller as your call dialer.
Google Messages and WhatsApp for Business tie for fourth place with 26 dangerous permissions. Rounding out the top five is Facebook, which requires approval for 22 dangerous permissions. Interestingly, a set of Meta apps, including Instagram, Facebook Lite, and Messenger, hold the next spot, each requesting 19 dangerous permissions.
The report shows that games are the apps that usually require the least dangerous permissions. Among Us, another of the Play Store’s top 50 apps, does not request any dangerous permissions. Titles like Candy Crush Saga, 8 Ball Pool, and others only require one or two dangerous permissions.
“Dangerous permissions” access is often necessary, but be careful
Cybernews defines as “dangerous” not only the permissions that allow access to internal storage, location, or key components of the device (such as the mic and camera) but also notification access. Malicious apps could use such permission to “bombard users with unwanted ads, phishing links, or even misinformation,” says security researcher Mantas Kasiliauskis. Still, access to notifications is the most requested permission among the Play Store’s top 50 apps. The second most requested permission is access to internal storage (read or write).
The report suggests that users check the permissions enabled for their apps and revoke those they consider unnecessary. Fortunately, modern versions of Android offer one-time-use access for key permissions like location, camera, and microphone. As an alternative to the “allow everything” permission, there is also a “limited access” permission for internal storage access. In the tech world, common sense remains a valuable tool for staying safe.