Google tightens up the third-party app permissions

0
32

After shutting down Google plus as a response to privacy concerns, Google has now announced that it is taking steps to limit access to user data across all applications.  Google is implementing changes to its developer tools that will give users much more control over privacy permissions for their account data.
Users will get permission requests one at a time for various services, a user has to approve each one of those separately. This means that a user could grant access to Drive, for instance, but turn down Gmail or Calendar Permissions.
Besides this, Google is also limiting access for Android apps that ask for call and SMS permission. It will only let those apps access SMS and call data that the user has selected as default for making calls or text messages.
The changes will start reaching new users in October and should extend to existing users in early 2019.
Read More:
https://techcrunch.com/2018/10/08/heres-how-google-is-revamping-gmail-and-android-security/
https://www.zdnet.com/article/google-restricts-which-android-apps-can-request-call-log-and-sms-permissions/
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes:
It is a very good step taken by Google as it will prevent apps from forcefully making a user accept permissions. It will not be binary now like before and users will be able to install applications even when they do not want to comply with all the permissions but it will be of no use if users do not see what permissions an app is requesting which is still the case with a lot of non-tech users especially children and elderly people.
On the other hand, this changes the game for hackers and phishers as previously a user had to allow all the permissions if he/she wanted to install an application and hackers would hide unwanted permissions inside a legitimate looking app. It would be interesting to see what new techniques will hackers come up with in order to trick the users now.
For users, this still doesn’t mean that legitimate looking apps cannot steal your data. Apps can simply, not start if all permissions are not accepted which might force them to get trapped so, it is suggested that any app that is asking permission one does not want to give and doesn’t start unless that permission is given, one should uninstall the application immediately.
As general good practices users should take the necessary precaution mentioned below:

  • Always check what all permission the app requires the users to allow before installation. Stay cautious with permissions that don’t seem legitimate, for instance, if a calculator app wants to access your call logs or messages it is clear that the app wants unnecessary permission and can be malicious. Trust your gut!
  • Don’t download apps from unknown sources, they can be infected with data-stealing malware hidden behind a genuine looking app. Stay away from pirated apps
  • Do not enter your confidential details like your bank account details etc on any application other than the one that the data belongs to your bank app.
  • For added security, set your app store settings to “Do not allow third-party app downloads from untrusted sites.”
  • Make sure that the application is verified by “Google Play Protect” else avoid downloading the app even from the play store.
  • Check reviews and ratings given by others users who have installed the application. If the ratings are unsatisfactory it is not preferable to download the app.
  • Check the number of downloads, if the number of downloads is less than 50k, it may be risky to download the app.
  • Check the app for spelling errors, grammatical errors or logos that appear to be poorly designed. These may point to malicious or simply ill-managed apps.
  • If there is an invalid email address and no official website then it is likely that it is a fake app.
  • If the application contains lots of advertising or pop-ups then it’s better to uninstall the app as it may be designed for phishing purposes
  • Its always good to have a reputed antivirus/antimalware app in your smart-device as it will keep protected from most attacks.
  • Finally, THINK BEFORE YOU CLICK!

Comments from Prabesh Choudhary, Director at Cryptus Cyber Security Pvt Ltd, an organisation that provides Cyber Security Services, Corporate Trainings to the govt. & Private organisations

This is beneficial for the Users accessing services, But it will affect the millions of startup companies getting benefited by this privileges from google.
These changes were made after the security flaw in third-party apps. Earlier, the users were not aware of the third-party apps privileges but in this change, they will be aware of the apps requirements. Google has planned to make the permissions’ part more transparent to avoid any confusion for the users, and give the better experience and now consumers will get more easy control over what data they want to share with each app. Instead giving all permissions in a single screen, apps will have to show you every requested permission, one at a time.
These changes will be implemented on new users in October month while the existing users will be facing the changes in the starting of 2019.

LEAVE A REPLY

Please enter your comment!
Please enter your name here