Application Permissions
   HOME

TheInfoList



Click Here for Items Related To - Application Permissions
OR:
Application Permissions on:   [Wikipedia]   [Google]   [Amazon]

Permissions are a means of controlling and regulating access to specific system- and device-level functions by software. Typically, types of permissions cover functions that may have privacy implications, such as the ability to access a device's hardware features (including the camera and microphone), and personal data (such as storage devices, contacts lists, and the user's present geographical location). Permissions are typically declared in an application's manifest, and certain permissions must be specifically granted at runtime by the user—who may revoke the permission at any time. Permission systems are common on mobile operating systems, where permissions needed by specific apps must be disclosed via the platform's app store.


Mobile devices

On mobile operating systems for
smartphone A smartphone is a mobile phone with advanced computing capabilities. It typically has a touchscreen interface, allowing users to access a wide range of applications and services, such as web browsing, email, and social media, as well as multi ...
s and tablets, typical types of permissions regulate: * Access to storage and personal information, such as
contacts Contact lenses, or simply contacts, are thin lenses placed directly on the surface of the eyes. Contact lenses are ocular prosthetic devices used by over 150 million people worldwide, and they can be worn to correct vision or for cosmetic ...
, calendar appointments, etc. *
Location tracking A positioning system is a system for determining the position of an object in space. Positioning system technologies exist ranging from interplanetary coverage with meter accuracy to workspace and laboratory coverage with sub-millimeter accuracy. ...
. * Access to the device's internal
camera A camera is an instrument used to capture and store images and videos, either digitally via an electronic image sensor, or chemically via a light-sensitive material such as photographic film. As a pivotal technology in the fields of photograp ...
and/or
microphone A microphone, colloquially called a mic (), or mike, is a transducer that converts sound into an electrical signal. Microphones are used in many applications such as telephones, hearing aids, public address systems for concert halls and publi ...
. * Access to
biometric Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used t ...
sensors, including
fingerprint reader Fingerprint scanners are a type of biometric security device that identify an individual by identifying the structure of their fingerprints. They are used in police stations, security industries, smartphones, and other mobile devices. Fingerpr ...
s and other health sensors.. *
Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
access. * Access to communications interfaces (including their hardware identifiers and signal strength where applicable, and requests to enable them), such as
Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is li ...
,
Wi-Fi Wi-Fi () is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for Wireless LAN, local area networking of devices and Internet access, allowing nearby digital devices to exchange data by ...
,
NFC NFC usually refers to: * Near-field communication, a set of communication protocols for electronic devices * National Football Conference, part of US National Football League NFC may also refer to: Psychology * Need for cognition, in psychol ...
, and others. * Making and receiving
phone call A telephone call, phone call, voice call, or simply a call, is the effective use of a connection over a telephone network between the calling party and the called party. Telephone calls are the form of human communication that was first enabl ...
s. * Sending and reading
text messages Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile phones, tablet computers, smartwatches, desktop computer, des ...
* The ability to perform
in-app purchase Microtransaction (mtx) refers to a business model where users can purchase in-game virtual goods with micropayments. Microtransactions are often used in free-to-play games to provide a revenue source for the developers. While microtransactions ...
s. * The ability to "overlay" themselves within other apps. * Installing, deleting and otherwise managing applications. * Authentication tokens (e.g.,
OAuth OAuth (short for open authorization) is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. Th ...
tokens) from web services stored in system storage for sharing between apps. Prior to Android 6.0 "Marshmallow", permissions were automatically granted to apps at runtime, and they were presented upon installation in
Google Play Store Google Play, also known as the Google Play Store, Play Store, or sometimes the Android Store (and was formerly Android Market), is a digital distribution service operated and developed by Google. It serves as the official app store for certifie ...
. Since Marshmallow, certain permissions now require the app to request permission at runtime by the user. These permissions may also be revoked at any time via Android's settings menu. Usage of permissions on Android are sometimes abused by app developers to gather
personal information Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely used in the United States, but the phrase it abbreviates has fou ...
and deliver advertising; in particular, apps for using a phone's camera flash as a
flashlight A flashlight (US English) or electric torch (Commonwealth English), usually shortened to torch, is a portable hand-held electric lamp. Formerly, the light source typically was a miniature incandescent light bulb, but these have been displaced ...
(which have grown largely redundant due to the integration of such functionality at the system level on later versions of Android) have been known to require a large array of unnecessary permissions beyond what is actually needed for the stated functionality. According to a 2024 study conducted by
NordVPN NordVPN is a Lithuanian VPN service founded in 2012. NordVPN is developed by Nord Security (formerly Nordsec Ltd), a cybersecurity software company that was initially supported by Tesonet, a Lithuanian startup accelerator and business incubat ...
, 58% of mobile apps request access to sensitive data such as location and storage, while 55% of these apps request permissions primarily for advertising purposes. This trend highlights growing concerns about how mobile apps access personal information, often beyond what is necessary for the app’s core functionality. iOS imposes a similar requirement for permissions to be granted at runtime, with particular controls offered for enabling of Bluetooth, Wi-Fi, and location tracking.


WebPermissions

WebPermissions is a permission system for
web browsers A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scree ...
. When a
web application A web application (or web app) is application software that is created with web technologies and runs via a web browser. Web applications emerged during the late 1990s and allowed for the server to dynamically build a response to the request, ...
needs some data behind permission, it must request it first. When it does it, a user sees a window asking him to make a choice. The choice is remembered, but can be cleared lately. Currently the following resources are controlled: * geolocation * desktop notifications * service workers * sensors ** audio capturing devices, like
sound card A sound card (also known as an audio card) is an internal expansion card that provides input and output of audio signals to and from a computer under the control of computer programs. The term ''sound card'' is also applied to external audio ...
s, and their model names and characteristics ** video capturing devices, like
camera A camera is an instrument used to capture and store images and videos, either digitally via an electronic image sensor, or chemically via a light-sensitive material such as photographic film. As a pivotal technology in the fields of photograp ...
s, and their identifiers and characteristics


Analysis

The permission-based access control model assigns access privileges for certain data objects to application. This is a derivative of the discretionary access control model. The access permissions are usually granted in the context of a specific user on a specific device. Permissions are granted permanently with few automatic restrictions. In some cases permissions are implemented in 'all-or-nothing' approach: a user either has to grant all the required permissions to access the application or the user can not access the application. There is still a lack of transparency when the permission is used by a program or application to access the data protected by the permission access control mechanism. Even if a user can revoke a permission, the app can
blackmail Blackmail is a criminal act of coercion using a threat. As a criminal offense, blackmail is defined in various ways in common law jurisdictions. In the United States, blackmail is generally defined as a crime of information, involving a thr ...
a user by refusing to operate, for example by just crashing or asking user to grant the permission again in order to access the application. The permission mechanism has been widely criticized by researchers for several reasons, including; * Intransparency of personal data extraction and surveillance, including the creation of a false sense of security; * End-user fatigue of micro-managing access permissions leading to a fatalistic acceptance of surveillance and intransparency; * Massive data extraction and personal
surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing, or directing. This can include observation from a distance by means of electronic equipment, such as ...
carried out once the permissions are granted. Some apps, such as XPrivacy and Mockdroid spoof data in order to act as a measure for privacy. Further transparency methods include longitudinal behavioural profiling and multiple-source privacy analysis of app data access.


References

{{reflist Computer security models Application software