Why You Should Care About App Store Permissions
We’re wrapping up our series on security best practices by examining a topic that’s particularly important for mobile document security: App Store Permissions. App permissions are a form of end-user license agreement (EULA), which is a legal contract between a software licensor and the purchaser or user of the application. EULAs are also sometimes informally referred to as “click-through agreements.”
You’ve probably clicked through EULAs before in order to gain permission to use certain software and apps—but have you really thought about what you’re agreeing to, and whether your data stays safe if you grant permissions to app developers? With this in mind, let’s learn more about what App Store Permissions are, and why you should care about them in relation to maintaining security on your mobile device.
Understanding PermissionsWhen you install apps on either an Android or iOS device, you’ll often receive a prompt that verifies whether you want to proceed with launching the app or providing other types of information. For example, you might receive requests for the app developer to send you push notifications, or to access your location or your photo library.
While you may be eager to have the app installed, it’s important to think about the permissions that you’re granting if you choose to accept these pop-up prompts. It’s not always easy to determine exactly what type of permission you’d be allowing since the legalese can be tough to wade through and understand. You should think carefully about whether you want to grant the permission since it may mean that the app will forever have a green light to use your data or whatever you’ve agreed to. The examples below of typical permissions will help you evaluate this question.
Common Types of Permissions
There are a wide variety of permissions that you may see, but here are some of the ones you’ll encounter most frequently:
- Full network access. Most apps need Internet access to function properly—for example, to perform software updates. You need to be sure that you trust the app developer, though, before you grant the permission. Apps from the App Store are generally more reliable than other types of apps since they are thoroughly vetted and screened through a tough admissions policy before gaining a place on the store “shelves.”
- Find/use social media accounts. An app developer may want to gain access to your social media accounts like Facebook and LinkedIn. While providing this access can make it easier for you to connect to your own information in these accounts when using the app, you’re also opening the door to privacy issues with your account data, since you’re providing the app with the ability to access your account information.
- Read storage. An app may request permission to modify, read, or delete storage on your device, which allows for editing and saving files. Keep in mind that by granting permission to access your storage, the app developer can also access your public folders (like photos) on your device.
- Access texts. If you receive a request to read or send your text messages, remember that while this may help the app add convenience to your life by scanning for authorization codes, there are also privacy issues to consider when replacing your device’s SMS functionality.
- Access contacts. Some apps may want to “help” you share content with your various contacts, but you need to decide whether you are willing to share your contact info, which the app might use to auto-fill contact names.
WPS Office Permissions
As we briefly discussed in the first post in this series, WPS Office comes equipped with a permissions system for individual apps permissions that adds another layer of security, whether you are using Android or iOS.
iPhone/iPad handles apps permissions a bit differently than Android does. On iOS, you allow basic permissions (like Internet access) by default simply by installing an app, but you’ll receive requests for permission for the app to use specific features from location and photos to contacts to calendars and more, and you can accept or decline these. On iOS devices, you can manage permissions for a single app via your Settings screen. From there, you should be able to scroll down and see your list of apps at the bottom. You can see the permissions that the app wants just by tapping the app, and then allow or disallow permissions for individual apps.
Android apps must request permission to perform most functions, whether reading your USB storage or gaining access to your location data via GPS. On an Android, you can check app permissions by going to Settings, then Apps. Tap the app you want to check, and look at the bottom of the page to see if specific permissions have been granted. While you can’t turn on and off these options, you do have the choice to uninstall the app (tap Uninstall) and that will remove it from your phone.
At the end of the day, whether you choose to accept or decline app permissions comes down to a basic issue of trust. Like all forms of technology, permissions can be abused, so it’s important that you ensure your apps have come from the App Store or other reputable developer before blindly accepting permissions requests.