Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Google app store changes Tim Henwood
4 July 2014

app broom edit

Google Play recently made a change to the way it handles permissions when you download a new app. Permissions, in app speak, show you what parts of your Android phone the app will have access to. Whether it’s data - like your phone numbers; or hardware - like being able to play sound through your speakers, or access your GPS location, these permissions are generally necessary to help the app run.

A good app developer should tell you what they need each permission for so that you’re confident they’re not skulking about behind your screen sucking up personal information.

The new change from Google has some benefits, but also brings some new challenges for the security-conscious user.

In the past, app permissions could be difficult to decipher. You had to do some research to work out just what was being asked for. Google’s made it a lot easier to see what things do, and what effects a permission might have, by grouping permissions into categories. 

Unfortunately, in eliminating complexity they’ve removed some granular control from the user.

Say you download a new camera app. You’d expect it to take photos, so you’re happy to say ‘yes’ when it asks for access to the “Camera/Microphone” bucket of permissions. If they’re a good developer, they should tell you why they need access to that group of permissions, and what specific permissions within that bucket they need to use.

But if the maker of that app decided to be mischievous and listen in to what you were saying while out being snap-happy, they could tweak the app by updating it to take advantage of the microphone. It’s in the same permissions category as the camera, so Google Play won’t ask you to grant it any extra permissions when the app maker sends you their update – you’ve already told Google you’re happy for the app to use camera and microphone permissions.

This is why it’s really important to pay attention to what you’re downloading. You can also check what existing individual permissions your apps have by going into your settings. If you’re not comfortable with this new approach, we’d advise turning off automatic updates.

App developers have an obligation under the Privacy Act to only collect what personal information they need, and to look after what they have. If you think an app is pushing it the boundaries, stop using it and do a quick internet search. If they’re dodgy, chances are someone else has had the same issues as you.

Think about getting in touch with our office if you think your information has been inappropriately accessed. Even if the app is from an overseas company, if there’s a privacy or information commissioner in their area we can usually raise it with them.

Google also has a reporting tool built into Google Play, so be sure to flag apps as inappropriate if they are abusing access to permissions.

Next week we’ll be launching a short guide for developers, setting out what we think are the best ways to communicate with users and build privacy-aware apps.

[Image by Chris Slane - www.slane.co.nz]





No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.