Android financial management apps require permissions to access many sensors and data on the smartphone. According to a study, probably too much.
Cybernews security researchers examined in depth the permission requests of 50 personal finance management apps for Android: payment apps, investments, crypto platforms, wallets, and others. More than half want access to the phone’s camera, location, storage, contacts and information.
Galaxy S23 8/128 GB at the best price Base price: €959
View more offers
Be careful when giving permission
A third of these apps want permission to record audio, and a fifth want the ability to call or access accounts linked to the device. That’s too much for experts who explain that a well-designed app should only request the permissions necessary for it to function properly.. “Users should always exercise caution when granting permissions to apps and review them carefully during installation or when requested,” they advise.
© Cybernews
More than 8 out of 10 apps want access to the camera. This is understandable: opening an account often requires visual identification of the user and in this case the user has no choice but to authorize the application to use the sensor. However, after the process, the user should disable access to the camera.
78% of apps reviewed ask for permission to access device storage (Applications are usually limited to their sandbox). With the user’s consent, he is able to read, modify and even delete files on the smartphone: photos, videos, documents and all other data are at his mercy.
They are 60% want to know the exact location of the usera request that makes no sense for these types of apps. 54% want access to contacts, which can be explained: you may need to transfer money to a loved one or pay something together. But caution is advised here too: contact cards contain personal information about family members, friends, colleagues, etc.
38% of apps want to listen to you
More than half request access to telephone information — number, network status, operator, incoming call status, etc. — data matched with others can be used to accurately identify the user. 38% say they need access to the microphone, although the use cases are very limited; 26% want to know the accounts (emails, identifiers) associated with the device, which can expose services, communications and other confidential information.
Finally requires a significant number of apps Permission to initiate calls (20%), read SMS (12%), receive SMS (8%) and send SMS (6%). It sends shivers down your spine!
Unfortunately, there is no magic formula as to how you can protect yourself from unsafe apps. The legitimacy of certain permissions, such as camera access, is not at issue when identifying a user when creating an account. However, other authorizations appear completely unnecessary and even endanger confidentiality. You can disable access to data and sensors in Android settings.
Source: Cybernews