Why you should be cautious about giving web and mobile applications too many permissions.
Consider you pay by credit card at a restaurant; you’re sharing your credit card information with them and you’re probably happy to do so. If the restaurant then asks for your date of birth, home address, and permission to use your card whenever they like, you’d probably hesitate. Yet people do this all the time on the web without thinking twice.
Here I’ll try to show how we can unwittingly give away too much, why this might be bad, and how to spot when things aren’t quite right.
This kind of problem occurs all over the web but it is most prevalent with social networks and smart phones like iPhone and Android. To be fair this type of sharing is often quite useful and is sometimes essential. However, many app developers go for the easy option and ask for a standard set of permissions when really they only need very few.
If you don’t like the look of the permissions that a website or application is asking for ask yourself a few quick questions; do you really need this app or can I achieve the same goal without it? do you know and trust the developers? would I trust a stranger with this much information or control? Don’t always be so hasty to click the Accept or OK button.
Below are some examples of (IMO) application developers asking for more than they need or deserve…
What bothers me most here is the last permission; “Access my friends’ information – Online Presence” which effectively means that even if you’ve never played this game but one of your friends has, a company that you’ve had no dealings with and maybe never heard of will know when you’re on-line. Does that seem right?
Much like the Facebook update I don’t think that anyone other than me should be able to change my personal details or change settings, certainly ones that will drain my battery in a matter of hours if left enabled. I’d also like to know why Skype (and indeed Facebook) think they need any level of access to any accounts other than their own.
If you’re thinking “but surely we can trust these big companies right?” remember, this is Facebook that has repeatedly compromised your privacy by releasing new tools, opting you in by default and not telling you, or this is Skype that is now owned by Microsoft who have patented eavesdropping technology, or this is a website or application developer that has no previous reputation.
It’s not all doom and gloom. Some developers actually seem to care about their customers and their privacy.