tags:

views:

176

answers:

5
+3  Q: 

Whats are the ten most deadly permissions?

I would like to know what would be the top ten most deadly permissions that can be requested by an android. I know it might be a matter of opinion, but supposing that I had the 10 permission listed in by an application, I would definitely know my application did not generate a whole lot of confidence among users. What would be the permissions I would most likely like to avoid asking the user for.

I am aware of permissions like BRICK and SHUTDOWN but since they don't apply to third party devs I would like to know only of permission which can be requested by a third party developer.

PS: need not necessarily be 10. Any number of permissions you believe might lead to the user being weary of application would be nice.

+3  A: 

CALL_PRIVILEGED - call numbers without going through the dialer

SET_ALWAYS_FINISH - controls whether or not applications become finished when put in background. Could lead to some nasty trackers or something.

READ_CONTACTS - could lead to some data stealing for ppl to add to their spammer lists.

Mike  2010-08-09 06:15:09
A: 

I think it depends on what the app is meant to be doing.

Some days ago, for example, I was looking for a task killer app, and I ended not installing any because all the "Task Killers" I saw on the market requested full internet access. Why would they need internet access in order to kill a task? If they wanted internet access in order to display ads then they should say so, but otherwise I take the paranoid approach and I assume it is spyware.

Other than that, I am very protective of my SIM card and contacts.

Marcelo  2010-08-09 07:56:07
I believe adds require internet access.
Mike  2010-08-09 20:29:46
Well so in your case you would rather have the developer explain the reasons all the permissions requested?
Shouvik  2010-08-16 04:01:54
A: 

Any app which uses ACCESS_INTERNET and READ_CONTACTS could be stealing your contacts. However, there are thousands of apps in the market that have these permissions and probably aren't...

fredley  2010-08-09 08:11:19
+1  A: 

Here are some I found that could potentially be very dangerous (not including the ones above :) GET_ACCOUNTS - Allows access to the list of accounts in the Accounts Service MOUNT_FORMAT_FILESYSTEMS - Allows formatting file systems for removable storage. PROCESS_OUTGOING_CALLS - Allows an application to monitor, modify, or abort outgoing calls. READ_SMS - Allows an application to read SMS messages.

SEND_SMS - Allows an application to send SMS messages.

READ_EXTERNAL_STORAGE - Allows an application to read from external storage WRITE_EXTERNAL_STORAGE - Allows an application to write to external storage

And of course the best way to transmit some of this data

INTERNET - Allows applications to open network sockets.

smith324  2010-08-10 12:32:25
A: 

BRICK - Disable a device

Blu Dragon  2010-08-10 21:12:02
not available to 3rd party software developers! :)
Shouvik  2010-08-11 18:07:42

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
Sharepoint Item Level Access & performance
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?