Google is slowly fixing its Play Store problem. We have already seen a cull of lower-quality, higher-risk apps, and we are now seeing ever more on-device monitoring to flag those devices behaving badly. But permission abuse remains a nightmare on Android, with countless apps secretly tracking users behind the scenes.
Now with Black Friday approaching and the holiday shopping season in full flight, a new report warns that “the convenience of getting the best deals with one click might come at the price of your privacy.” Cybernews says it analyzed 71 of Play Store’s “most popular shopping apps… to identify dangerous permissions and determine which ones are the most data-hungry.” The results are yet another serious warning to Android users to check permission requests carefully before casually saying “yes.”
The researchers focused on the 40 so-called “dangerous” permissions as defined by Android. “Dangerous permissions,” Cybernews explains, “also known as runtime permissions, give an app additional access to restricted user data or let it perform actions that could further affect the system and user data.”
This isn’t spyware, this is just regular permission abuse. This isn’t a call to delete these apps, but to check how many you have installed and run a regular check on your phone as to the permissions you have granted, and if popular apps won’t let you disable the more pernicious permissions, then consider deleting them.
“Access to data does not necessarily mean misuse of it, but there are always risks involved,” the team says. “Always exercise extreme caution regarding certain app permissions, as they may allow apps to access their device’s communication features or personal information, such as their location, camera, files, or contacts.”
According to the research, Tata Neu, “an all-in-one shopping and payments platform developed by the India-based Tata Group,” topped the list “demanding 19 intrusive permissions from its users.” Second-placed was Taobao, “a shopping platform owned by China’s Alibaba Group, which requests 18 dangerous permissions.” Third-placed was Lazada, “another shopping platform under the same group, with 17 permissions.”
Typifying the problem, those three apps all “access to the user’s location, camera, and microphone. They can also read contacts on the device, as well as access the calendar and files stored on the device.” If you have granted that level of access to your phone and your data, then you need to be very aware it’s taking place in the background.
Other data collected includes “SMS messages and phone state, which include such sensitive information as the device’s phone number, network status, network operator, IMEI codes, SIM card details, and information about the internet provider.”
It’s rare to find apps that don’t overreach at least to some extent, and “most apps (62) request permission to track users’ precise location, enabling them to pinpoint a user’s position within just a few meters or 10 feet. If abused, such permission could lead to tracking the user’s precise location, leading to significant privacy violations.”
Other permission stretches include 62 accessing the phone’s camera, 54 requesting read/write access to a device’s storage memory, and 37 recording audio, which “might lead to unauthorized surveillance, capturing sensitive conversations and personal information if exploited. It might also be used for unconsented marketing.”
The list goes on an on.
The advice is simple. “Most users tend to grant all permissions automatically, but it’s safer to start with auto-reject and adjust on the go. Pay attention to permissions that seem unnecessary for the app’s intended functionality. You can manage and revoke app permission on your device’s settings on the Android OS by navigating to ‘Application Manager’ or ‘Apps’. If an app seems to be asking for too many permissions, it’s best to avoid using it. If the app is compromised, misusing these permissions could lead to harmful consequences for users.”
There’s a difference between overreaching and more dangerous behaviors. And Google’s new live threat detection, which comes with Android 15, promises to monitor apps’ on-device behavior to flag when permissions might be linked to genuinely malicious activity. Meantime, just make sure you keep a regular check on your phone to see what’s being collected.
