To make the mobile phone safer, you must first know the permissions requested by the APP!

To make the mobile phone safer, you must first know the permissions requested by the APP!

Arxan Technologies, a Security protection solution enterprise, recently released the State of Application Security Annual Report. The report points out that smartphone users have an extremely unbalanced relationship between their understanding of application security and the actual number of vulnerabilities in the software. In fact, many software is not as secure as users think. The reason lies in two words: permission. In our previous articles, we also mentioned the permission issue. It is precisely because of the existence of various permissions that the APP can start and interact with itself that the Android system is getting more and more stuck, this is why "Permissions" have security risks.

This is the case when Google services (the complete Android system) can be fully used abroad, not to mention the "Chaotic" Android Market in China. However, it cannot be denied that the "transformation" of Android systems by Chinese manufacturers has largely compensated for the security problems caused by Google's service defects. The full-featured Security Center is built into the mobile ROM to ensure cell phone security. However, after all, the market is a wizard of interests, and it is difficult for some mobile phone manufacturers to ensure that their apps (including apps for strategic cooperation or investors) are the same as those of other apps, there are "Law enforcement efforts" that are equally treated ".

Even so, it does not mean that consumers can only sit down and wait for privacy leaks, so security does not exist. In fact, the security issues of mobile phone software are ultimately the software's permissions. If only necessary permissions can be obtained to ensure that the software is well-regulated, security will be greatly improved. However, in today's mobile apps, users can obtain more than a dozen permissions and dozens of permissions. A large number of users are confused about what permissions are necessary, what is meaningless? Today, xiaobian will talk to you about the permissions of mobile phone software.

I. Why do mobile phone software require permissions?

When a user installs an APP for the first time and enters the interface, various permissions are required, such as access to the address book, access to text message records, and camera startup. Most of the time, the consumer will agree all the way, just to use the software quickly. (In fact, in most cases, we can only check and cannot manually set the intervention permissions.) However, have you ever wondered why you need these permissions on your mobile phone?

First of all, it should be noted that some mobile phone permissions are required by the software and must be activated by the software. If you need to start the camera when using the QR code scanning function, you need to start the microphone when entering the voice. If the corresponding permissions cannot be transferred, the software functions will be blocked.

Other permission requirements may be related to the software's own interests. For example, some software may not recommend you to tell your friends who are using the same software to access the consumer's communication records and text message records, just to read the text message content, more targeted advertising. Even some unscrupulous developers use the software background to upload information for reselling in order to obtain your privacy.

For example, some software may have permission requirements for automatically connecting to the network. Consumers may wonder why online games do not require such permissions, and the answer is simple: Pre-download to automatically update software, or advertisement push in free software, in all the above cases, you must obtain information through the network.

Of course, the permissions for self-start and resident background are common requirements in most Android mobile apps. Many consumers can hardly even see the notification of permission requirements in plain text, but automatic start is implemented in real time. To a large extent, the auto-start of the Android mobile phone software creates a system freezing problem (hot start is faster than cold start ). However, some rogue software processes occupy a lot of memory and cannot be cleared in the background. Even if you have a large memory, you can't help running this kind of software.

2. Permission requirements for common software

After talking about why the mobile phone software requires permissions, let's take an example to see the detailed permission assignment for common mobile phone software.

The following uses a mobile phone input method as an example to describe more than a dozen permissions, including GPS/WiFi Internet permissions, precise location permissions, camera recording permissions, SMS record reading, and contact record. GPS/WiFi permissions can be used to automatically update the dictionary, take photos and recordings, and set the input method wallpaper and voice input. These permissions can be considered necessary (you can also disable them as needed ). However, does reading text message records and contact records really make sense? To be clear, reading contact records can help you quickly associate a friend's name with the input method to facilitate user input. In actual conversations, how many opportunities does a user have to directly call the other party's name? Therefore, I think that the input method reading the address book is of little significance. As for reading text message records, the input method is not a calendar application that needs to read meeting schedules and other scheduled times. In a sense, it can be regarded as a violation of privacy.

For example, a map software requires accurate location information, location information sharing, and contact reading. As a map software, it is understandable to require accurate online location, but what makes it necessary for map applications to read contacts? I just give an example. In reality, there are many unreasonable permission requirements.

We can see that some unnecessary permissions are prohibited to prevent privacy leaks. However, we cannot prohibit software from using necessary permissions. Like the QR code mentioned above, if the camera is disabled, the function will certainly fail to start. Therefore, identifying what permissions are necessary and what permissions are meaningless is extremely important for security protection.

 

3. How to Avoid permission Disclosure

Faced with the unreasonable permission requirements of mobile phone software, can we choose not to see it as a user? Apparently not. So what exactly do we have to manage software permissions to ensure privacy and security?

1. Regular download Channels

First, the most important thing is to download applications in a regular software store. Whether it's a built-in mobile phone software store or a well-known third-party mobile phone software store, you can avoid downloading it to the cottage to a large extent, bundled ad plug-ins and applications with viruses. Of course, even regular mobile phone software stores are not uncommon. When downloading, you should try to download popular apps, and select apps with a large number of downloads (usually from the official website) to ensure the security of the downloaded software at the source.

2. Set proper permissions before installation/use third-party security software

When the software is downloaded to the mobile phone and starts running, you must carefully check the permissions required by the software and select whether to allow the corresponding permissions. Of course, most of the current mobile ROM comes with the permission monitoring function. Even if you accidentally allow the software to gain privacy permissions during use, you can find and prohibit the software from continuing to gain permissions in the security center. In addition, some third-party security software can also be used to implement this function.

Iv. solution provided by the manufacturer for permission management

As a matter of fact, with the increasing importance of mobile ROM security, mobile phone manufacturers have begun to build a security center in the mobile ROM to ensure all-round security of mobile phones. Of course, instead of passively viewing application permissions and regularly scanning viruses, mobile phone manufacturers are more willing to take the initiative. For example, meizu not only provides comprehensive Private manager functions in Flyme, but also provides active defense and intelligent warning functions to ensure a higher security value.

Of course, some vendors have also designed the Sandbox Model ". For example, the new army in the mobile phone circle-360, which has the sandbox mode in 360OS. The system only allows users to download the payment software in a specific mall. during operation, an independent pure system is built on the mobile phone to ensure the security of the software at the operation level, it also avoids the trouble of manually setting permissions.

Mobile Software Security is a proposition that can never be completed. As long as unscrupulous developers still exist in the market, it is necessary for consumers to improve their mobile phone security by 0.12 million. However, with the continuous advancement of technology, mobile phone security is gradually improving. Presumably, as long as you don't get too lazy when using your mobile phone and have a long eye on the permissions, you don't have to give your full consent at a Glance. You can do a good job of moderate privacy protection. Of course, we should put our hopes on improving the overall mobile phone software market. After all, consumers can be truly assured only when the overall mobile phone software market becomes clean and healthy.