Leading Health Applications on Android Have Hazardous Permissions

Some of the top health-related Android applications are putting users at inevitable risks, such as identity theft and monitoring, because of their harmful permissions policy. In this post-contemporary digital era, where phone applications have become a necessity to navigate this world, users might ignore the threats that come with them. However, vigilant users and security researchers have caught risks that were hidden in plain sight under the guise of enticing capabilities and refined user interfaces in the permissions given to Android applications.

Android is known for its versatility and flexibility, offering developers to program creative and revolutionary applications. However, with this limitless freedom comes challenges such as protection and maintaining the convenience of users, especially when it comes to their privacy and confidential personal data.

Cybernews researchers explored fifty the permissions of health applications that were related to mental health, blood-sugar management, sleep tracking, meditation, medication reminders, quitting smoking, and fitness. Android OS has designed a complex permission system to safeguard phone users' security and privacy. Granted that many applications require essential permissions for basic functionality, some are hazardous as they give applications access to personal data that opens up the exploitation risks of their confidential information.

Access to location is a hazardous permission, enabling apps to track the user’s exact location using network information and GPS. This is not true for location-based apps and maps but for dangerous applications that can use users' sensitive information for targeted advertising, surveillance, and stalking. Microphone and Camera Access also allows dangerous apps to monitor and spy on users to record their video and audio without their consent. Apps that require Call Log Access and SMS have the potential to retrieve sensitive data such as contact details and authentication codes, as well as enable them to spam calls and phishing.

Some apps require read-and-write external storage permission, which allows them to gain access to confidential data such as personal photos and files. Device Administrator Access gives malicious applications enhanced accessibility to control a few integral parts of the user’s device, and in other cases, complete control. Other apps require read phone state and identity access, which is permission that grants the app user’s unique device ID and phone number. Background Data Usage is another access that most users tend to dismiss, which causes their phone’s battery to drain significantly without them knowing.

Camera access in Android OS grants malicious apps the capability to use the device’s camera for tasks such as recording videos and taking photos without the user’s content, heightening the risks of compromising the user’s privacy. App developers must justify its use for more transparency and place high-security measures to protect user data. The research by Cybernews discovered that 44% of the apps they tested require access to this.

The ‘Read_Extrernal_Storage’ permission grants apps permission to retrieve data from the device’s SD card or any other external storage. It gains unauthorized access to documents and files stored there. App developers must request this permission only when necessary while explaining to the users their purpose to reduce privacy risks. The research revealed that 58% of the apps request this permission, highlighting its prevalence.

Record Audio permission allows apps to use device’s microphones for audio recording, increasing the risks of privacy breaches. The Cybernews research revealed that 12% of apps require this permission for access. The ‘Write_External_Storage’ permission in Android apps requests to add or edit data in the device's external storage. It is dangerous as it risks potential data manipulation. Developers must be transparent about their usage and explain their purpose for its access. 53% of the tested apps were revealed to request access to this. ‘Get_Accounts’ gives apps access to device accounts, including Google accounts and emails. The reason it is dangerous is because it exposes potentially confidential account data. Developers must ensure to explain its clear purpose and grant it selectively. 18% of the tested apps require this permission.

18% of the tested apps require permission to ‘Read_Contacts’, which allows Android apps to access a user’s contact or address book data, including phone numbers, names, and email addresses. It is hazardous due to potential privacy breaches. ‘Read_Phone_State’ is a permission that 18% of the tested apps requested, which allows them to access information about device status and identity such as IMEI, phone number, call state, and SIM card data, opening up to various dangerous privacy breaches.

4% of the tested apps revealed to request ‘Access_Background_Information’ permission, which Android 10 (API level 29) and above introduced, allowing apps to access the device’s location in the background. It is dangerous as it gives access to continuous location tracking without user consent. 30% of the apps requested ‘Access_Coarse_Location,’ which accesses the device's approximate location using cell towers and Wi-Fi, revealing the device's general location. In the research, 28% of the apps require permission to ‘Access_Fine_Location,’ allowing apps to access the device's precise location using GPS. It risks potential exact tracking of the user's device.

In short, developers need to justify and explain the reasons their apps require such permission to put users at ease regarding their sensitive information. Furthermore, it is also crucial for users to carefully review the permissions before installing any application and keep their Android up-to-date to ensure the best security safeguard measures.

Read next: 65% of Gen Z and Millenials Are Concerned About Baby Boomers Impact on the Economy
Previous Post Next Post