While some permissions can already count as concerns themselves, thats the more true for certain combinations of them.
That a web browser requires to access the Internet is quite obvious and clear. Same can be said for accessing contacts by an app to manage your contacts. But if an app has access to both, it also could upload your complete contact list to some dubious server on the net. That might be wanted (cloud backup, synchronization with the company server) or not.
What makes sense with our contact management app, might look different in other places: Why a calculator app wants to access the Internet might be explained by its "financing model" (load and display ads). But if it wants to access our contacts, the developer should explicitly explain why – a reasonable requirement is not obviously recognizable (age calculation? number of contacts per month? anagrams? value of the name in "ASCII currency"?).
Clearly determining which combinations are "clean" for what app, is nothing to be done automatically on a platform like this. So if there are concerns signalized for an app, this doesn't necessarily mean "Woah! This is an evil app!". It only shows potential trouble that app might cause, as it has the powers to do so. In many cases, it's not even the code of the app itself raising those issues, but the (selection of) ad module(s) the app is using …
Which combinations of permissions are considered “concerns” on this site?
|accounts||Might transmit account information||INTERNET & ( GET_ACCOUNTS | READ_GSERVICE | AUTHENTICATE_ACCOUNTS | USE_CREDENTIALS )||Has access to information on accounts configured on the device, and the possibility to transfer those to the internet. Malicious apps might use this to create user profiles.|
|appinfo||Might transmit information on apps||INTERNET & ( GET_TASKS )||Can access information on installed apps, and transmit those to the Internet. Malicious apps might use this to check for vulnerabilities.|
|cost||Might cause costs||SEND_SMS | CALL_PHONE | MODIFY_PHONE_STATE | PROCESS_OUTGOING_CALLS | CHANGE_BACKGROUND_DATA_SETTING | WRITE_APN_SETTINGS||Might cause cost, e.g. by initiating calls, sending SMS, or change settings of the mobile network connection.|
|eat_info||Might intercept information||RECEIVE_MMS | RECEIVE_SMS||Might intercept information in a way that the user never receives it – e.g. SMS with mobile TANs, or confirmations of costly subscriptions. Malicious apps can use this to hide their trails.|
|ident||Might transmit identification data||INTERNET & ( READ_PHONE_STATE )||Has access to identifiers such as device ID (IMSI/IMEI), and the possibility to transmit this information to “other servers”. Ad modules love this, as this way they can track their targets.|
|location||Might transmit your location||INTERNET & ( ACCESS_COARSE_LOCATION | ACCESS_FINE_LOCATION | ACESS_LOCATION_EXTRA_COMMANDS )||Access to location data (exact GPS or coarse network-based), together with the Internet permission, make it easy to create location profiles: where is our target at what time, and how often? Not just interesting to ad modules.|
|messages||Might transmit message contents||INTERNET & ( READ_ATTACHMENT | READ_CONTENT_PROVIDER | READ_GMAIL | READ_SMS )||Can read message content (SMS, Mails) and has access to the Internet: potentially the former could end up somewhere in the latter, making possible results something ranging from nasty to highly embarrasing.|
|network||Can change network connections||BLUETOOTH_ADMIN | CHANGE_NETWORK_STATE | CHANGE_WIFI_STATE | CHANGE_WIMAX_STATE||Can manipulate network connections (establish or disconnect WiFi/WiMax, authorize unknown Bluetooth devices). Nothing “high risky”, but definitely worth a second look.|
|network_access||Can access networks||BLUETOOTH | INTERNET||Access to a network also enables an app to transfer data it can access to other hosts/servers. As this affects more than 75% of all apps requiring e.g. Internet access for advertizements, it is mostly considered “normal”.|
|personal||Might transmit personal data||INTERNET & ( READ_CALENDAR | READ_CALL_LOG | READ_CONTACTS | READ_HISTORY_BOOKMARKS | READ_OWNER_DATA | READ_PROFILE | READ_SOCIAL_STREAM | READ_USER_DICTIONARY )||Has access to personal data (e.g. contacts, calendar, call logs, bookmarks) and the Internet. With a malicious app there's the risk of your entire contact list ending up on a server of some hacker group, or even Facebook (oops).|
|place_spam||Might place spam||INSTALL_SHORTCUT | SET_WALLPAPER||The requested permissions enable this app to place spam, e.g. as your wallpaper, or some shortcut on your homescreen. Doesn‘t sound dramatic, but in the past so much playstore icon proved to be a shortcut to something completely different …|
|recording||Might transmit audio/video data||INTERNET & ( CAMERA | RECORD_AUDIO )||Here we’ve got potential to have our Android device transformed into a perfect spy-tool for the dev: a malicious app could record from microphone or camera, and send the recordings to some server in the Internet. Sounds a little paranoid, admitted; but with a big data flat you might not even notice.|
|security||Can change security settings||DISABLE_KEYGUARD||This app could work around security measure, and e.g. disable the screen lock – so everybody and his little sister might access your device.|
|write_messages||Can write messages||WRITE_GMAIL | WRITE_SMS||Can write messages (SMS or Mails) on behalf of the user, and might even be able to get them sent (chances are not that low some other process automatically takes over the last part).|
How are “concerns” displayed on this site?
This is done in different ways.
First, all calculated “concerns” for an app are displayed along with its other details – complete, without considering whether requested permissions are obviously necessary for the app in question to do its job. What's obvious to you is not necessarily obvious to everyone – but everyone should have the chance to balance potential risks for himself. And even if a given permission is needed for the app's task, it still could be abused for “other tasks” – potentially.
Second, the app lists have a little box next to each app with the number of permissions requested. This box gets a red border, if those would make up “critical concerns”. Simple network access (in above table listed as
network_access) is ignored here: Thanks to our “beloved ads” we'd end up with more than three third of “red-ified boxes” otherwise, and of course we want to avoid that kind of overstimulation. Additionally, for many categories there are “white-lists” in place: Taking e.g. a navigation app, it's rather the norm it needs to access Internet (maps) and your location, so the “concern
location” shouldn't trigger a “red box” here.