I have loaded a few applications on my Magic phone, and this has allowed me to test some of the security features from the end user’s point of view. When I install an application, the screen displays a few warnings, indicating the privileges/permissions requested by the application.
Let’s consider a small example, based on Google’s own My Tracks application. Here is what it says:
Permissions
This application can access the following on your phone:
- Network communication. Full Internet access
- Your location. Coarse (network-based) location, fine (GPS) location
- Your Google accounts. Google Docs, Google Maps, Google Spreadsheets
- System tools. Prevent phone from sleeping
In addition, there is a “Show all …” button. In that particular case, it only shows one permission:
- Your Google accounts. Discover known accounts, view configured accounts
The real question is here to figure out if this information is sufficient to take an informed decision.
Before we can answer that, we need the description of the application. Here is a short one, straight from their site:
My Tracks is an application for your Android phone that enables you to record GPS tracks and view live statistics – such as time, speed, distance, and elevation – while hiking, biking, running or participating in other outdoor activities. Once recorded, you can share your tracks, upload them to Google Spreadsheets and visualize them on Google My Maps.
Now, the permissions match the description fairly well, if we consider the limitations that are inherent to such permissions. Here is what struck me:
- Giving access to my Google accounts doesn’t give me much information. Can this application copy all documents from my Google Spreadsheets account? Probably yes. Can it change my personal information on that account? I hope not.
- I know which permissions this application, but not how it combines it. Posting bike rides on my personal pages is fine, but I have also allowed this application to post on Internet information about my location, together with my name (I am using my real name on Google, maybe that it is a bad idea).
- Some of the text is not that easy to understand. The last permission, about discovering and viewing Google accounts, is not all that clear to me, and I must not be the only one in that case.
In the end, the permissions are rather well explained, and the shortcomings I have explained are not in any case specific to Android. Full program analysis would be the only way to get more information, and even then, it is very good to detect all information flows. At least, the way in which I authorize things (once at start-up) is much simpler than MIDP’s runtime interactivity, and makes me feel better than my iPod Touch’s opacity (apart from location information, there aren’t many user notifications).
On a completely different area (at least apparently), I have traveled in a foreign country with my new phone. This got me quite worried, because my speakers at work keep warning me that my phone communicates all the time over Internet. I definitely wanted to avoid enormous roaming charges, so I searched a bit. I found a piece of information that told me that, by default, data roaming is disabled in order to avoid roaming charges. When I arrived in Madrid, this was confirmed by a SMS from my operator warning me that data roaming was disabled.
All nice? No. I also read that applications can request a permission that allows them to force data roaming active. I looked at the Android documentation, but I couldn’t find any details on this. The most detailed statement comes from T-Mobile, as reported by Engadget:
Some third party applications available for download on Android Market require access to the internet and have the ability to turn on data roaming when in use. Customers are informed whether an application will use this feature prior to downloading, but should also be aware when traveling outside the country.
This one definitely made me nervous. I would have loved to read the exact text that corresponds to that permission …
More Android/Magic news to come soon.
No Comments