The excess permissions in Android Apps – Adobe Reader, Dragon, Evernote, Groupon, Hipmunk, LinkedIn

Via Sebastian Porst circa 2012-04-27.

Each one deserves treatment on its own

  • Adobe Reader: Full Internet Access (+Adobe)
  • AppAware: Retrieve running applications (+AppAware)
  • Dragon, Fly! Free: Modify/delete USB storage contents
  • Evernote: Read calendar events, plus confidential information (+Evernote)
  • Groupon: Automatically start at boot + Modify/delete USB storage contents (+Groupon)
  • Hipmunk: Read calendar events, plus confidential information (+Hipmunk)
  • LinkedIn: Read contacts, calendar events, plus confidential information (+LinkedIn)
  • Uber: Read contacts, Take pictures and videos without confirmation,
  • Xing: Read contacts, Your Accounts, Take pictures and videos without confirmation, Control Near Field Communication

These apps don’t work on your behalf.  As such, all of these earn the coveted Poisonous App.  Avoid.

  • There’s some argument that perhaps a travel scheduling app needs to see your calendar.  Maybe.
  • But why a social networking app needs to see your calendar+confidential is unclear.

Jeannie (like Siri) is fantastically dangerous

Jeannie (Like Siri)

This means that any elements on any calendar that is visible to you (shared with you) is totally public.  It can be, and you consent to have this indexed and displayed to the world irrevocably.  For this, the app receives the coveted Poisonous App appelation.  Avoid.

Who are these people and why would they even want to hold that sort of data?  Temporarily?  Ever?

From the permissions page on Play Store.

Your personal information

read your contacts
Allows the app to read data about your contacts stored on your tablet, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge. Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.
read calendar events plus confidential information
Allows the app to read all calendar events stored on your tablet, including those of friends or co-workers. This may allow the app to share or save your calendar data, regardless of confidentiality or sensitivity. Allows the app to read all calendar events stored on your phone, including those of friends or co-workers. This may allow the app to share or save your calendar data, regardless of confidentiality or sensitivity.
add or modify calendar events and send email to guests without owners’ knowledge
Allows the app to add, remove, change events that you can modify on your tablet, including those of friends or co-workers. This may allow the app to send messages that appear to come from calendar owners, or modify events without the owners’ knowledge. Allows the app to add, remove, change events that you can modify on your phone, including those of friends or co-workers. This may allow the app to send messages that appear to come from calendar owners, or modify events without the owners’ knowledge.

Actuality