Ever wonder whether that app you're installing on your Android phone really needs the right to access your contacts, accounts, location, text messages, and phone calls?
Security experts Yekaterina Tsipenyuk O'Neil and Erika Chin reported that when they studied
dozens hundreds of Android apps, they found that 31 percent of them were overprivileged. [corrected 8/11--Ed.]
With such a small sample of apps, that percentage can't be directly projected to the entire market of Android apps. But it does suggest that more than a few apps ask for a foot when all they need is an inch.
What's wrong with giving an app more power than it needs? For one, it may allow the app (or advertisers) to gather unnecessary personal information about you. And should a hacker or malicious software get access to your phone, it may let them do more damage than they otherwise could.
So the next time an Android app you're installing asks for a laundry list of privileges, consider whether it really it needs them all to perform its essential function. If not, don't install it.
This slide from O'Neil and Chin's demo shows the ways in which Android apps can be vulnerable.