Articles and reports instigating that it is dangerous.
There are many articles and reports out there about the safety of Android apps without explaining the principle of danger.
This is just a part of the match-pumping business that has been going on since before the advent of smartphones. In other words, they are designed to incite people to buy some kind of countermeasure to the danger.
Here, we will explain why there is no need to fear any Android app that is or may be malicious.
Apps themselves cannot misbehave on their own.
In fact, Android, unlike earlier Windows-like operating systems, does not allow apps to do anything bad on their own.
In the case of old-fashioned Windows applications, once they are installed and running, they can do whatever they like. They can tamper with files at will, they can communicate with the outside world at will, and if there is a camera or microphone, they can use it.
*But note that, to complicate things, the traditional Windows applications we are talking about here are different from the “smartphone-ified” Windows “apps” of today.
At any rate, it was easy to create something malicious in a traditional Windows application. Once they could get the user to run it, they could do whatever they want.
This is not the case with Android apps. Even if they let the user run it, they cannot do anything bad on their own.
The reason why some Android apps can do bad things is because “you allow it”.
Some of these “permissions” are automatically granted just by installing the application, while others must be explicitly granted by the user after installation.
Unlike traditional Windows and other applications that, once executed, allow them to do whatever they want, Android apps, once executed, do not allow them to do anything unless you give them permission to do so.
There are many different types of permissions in Android, but let’s consider, for example, network access and microphone access.
If some malicious app wants to spy on you, it needs both of these permissions. While the app is running, it can pick up sound as it pleases and deliver it to a recording device across the network without your permission. Conversely, however, if you do not grant this permission, this malicious app cannot do anything.
The “eavesdropping” app must be given two permissions: network access and microphone access.
In other words, no matter how malicious app is installed, it cannot accomplish its purpose without permissions. The types of permission include the following
- Access the network
- Use the microphone
- Use the camera
- Obtain location information
- Access files on the phone
- Accessing the address book
- Accessing the calendar
There are many other things, however, that can be permited just by installing an app, one of which is network access.
However, with no other permissions, being able to only have network access would mean almost nothing (to a malicious app). At best, it will say on the screen, “This is a banking application. Please enter your account number and password.”
It does not make any sense to have network access without any other permissions.
User Input and Authorization Types
For example, if you grant two permissions, location and network access, the app can always report back to “headquarters” where you are.
This may sound scary, however, this alone does not mean anything. Because the app does not know who you are.
Even if it constantly reported your location to “headquarters,” it wouldn’t mean anything because it doesn’t know who you are.
So the app may ask you to enter some kind of information, such as a phone number, to try to identify you, so it can determine who you are to some extent.
So it is not only a question of the type of permission you have given, but also whether you have given it other important information.
If you don’t give them your privacy information, it means nothing.
Viewing and Changing Permissions
To see what permissions you have granted to your app, you can open the settings and withdraw the permissions there.
The following is for GrapheneOS, which is based on Android 13. It may differ slightly from other environments.
Let’s select Signal. If you don’t see it here, just “Show All Apps” and it will appear.
*Signal is an instant messenger alternative to LINE and Facebook Messenger. With the other two, all information is sent to the operator, but with Signal, it is completely encrypted and only the parties involved can see the contents. In addition, voice and video calls can be made just like the other two, and we strongly recommend that users of LINE and Messenger migrate to Signal.
If you are a LINE or Facebook Messenger user, we strongly recommend that you switch to Signal or another fully encrypted messenger where the content can only be read by the other side. As a side note, the same goes for Gmail; Google can eavesdrop.
We don’t need camera permissions, so we’ll revoke them.
Since we will only use voice calls, we will not allow the camera.
From the view of human nature as fundamentally depraved
Thus, granting various privileges (to a malicious app) does not necessarily make it immediately dangerous.
Ultimately, we can only judge a combination of factors: what privileges we grant, what information we input into the app, and how trustworthy the creator of the app is.
The safety or danger of an app cannot be judged uniformly. A combination of various factors must be judged as a whole.
People often say, “There are dangerous apps like this,” but this does not explain at all the natural logic that because you have granted authorization to a malicious app, it becomes dangerous because you have been tricked into entering important information.
To use an analogy, it is like saying, “Oleore scams（**） are dangerous, so let’s get rid of our phones”.
Be careful not to be fooled by the scare reports on the street
** Scam to make you send money by pretending to be your child over the phone.