How to Deny/Restrict Permissions Without Rooting the Phone?

[Chubaka]

How to deny/restrict permissions without rooting the phone?

I noticed that there are applications (such as "Permissions Denied") which enable you to deny some (or all) permissions to particular apps you've installed. Issue is that all of these require phone rooting (which is a no-no as it voids phone's warranty).

My question would be, is it possible to deny permissions to apps without rooting? If yes, could you please provide links to apps that can do that (or other solutions).

Thanks

P.S. I've read a bit about the "TISSA (Taming Information-Stealing Smartphone Applications)", but I'm not is that an app or something else, as I couldn't locate it.

[Ads]

Android.net is the premier Android Forum on the internet.

[Droid-Xer]

No, you can only deny permissions on a rooted phone. Moving to appropriate section

[alostpacket]

Yep as Droid-Xer said only can do it on a rooted phone and even then it's a dodgy process -- when you deny an app a permission it expects, it may cause some stability problems with just crashing the apps instead. This is why you see a lot of complaints and mediocre ratings about the apps that can deny permissions.

Basically what happens is:

- A programmer would make a call to something that needs a permission, get denied.

- The programmer would not have planned for getting denied (by using a try/catch code block to catch the error).

- So intead the whole app will crash/force close.

[furbearingmammal]

What are you worried about these permissions seeing?

[Chubaka]

Droid-Xer / alostpacket - thought so; to bad. Thanks.

[Chubaka]

What are you worried about these permissions seeing?

Well there is a vast number of possible permissions. It's not only what application can see, but also do. Depends on the particular permission. A lot of applications ask for some permissions they actually don't need in order to perform the function the developer claims it's designed for.

[SLAG IT!]

My suggestion would be either we accept the developers app that requires those permissions or we can make ones that do not require them.

[furbearingmammal]

If the app asks for permissions that in no way can be explained away by what it does there's a good chance it's malware and you shouldn't install it.

Most of the time the permissions are ad- or content-related.

[Droid-Xer]

Some apps require way too many permissions. Look at the app Elixir. Thats way too much. And ya it can cause instability issues like alostpacket said.

[jbay]

If the app asks for permissions that in no way can be explained away by what it does there's a good chance it's malware and you shouldn't install it.

Most of the time the permissions are ad- or content-related.

Out of curiosity, which apps do you have on your phone?

The problem is that almost every app asks for permissions that can be explained away, but with no certain way of knowing what they're actually using those permisisons for.

For example, Netflix is obviously not malware. But it wants to be able to read phone status and identity, including my phone number and the remote number connected by a call. Almost every app requires this permission for various legitimate reasons including tracking device ID, pausing when a phone call is coming in, and the whole Android 1.5 thing. That explains why they need this permission, but there's no way to tell whether they're going to do anything more sinister as well, and no way for me to prevent them from doing so.

If I want to install Firefox, I need to let it access my precise GPS data, and let it take pictures and videos with my camera. Why? Because maybe for some uses of Firefox it will need that, like if I visit a maps website or something. But that doesn't mean it needs it to run Firefox, just for some rare occurrences. There's no way for me to selectively approve permissions that I think are fair though; it's all or nothing. Firefox can use the camera at any time without my confirmation, so it can be recording my surroundings wherever I am, and it knows where I am. If I'm at work, maybe for one of Google's competitors (they'll know by GPS which building I'm in) and I have my phone out to text someone, Firefox could be video-recording my coworkers as they enter their network password. I trust Firefox because it's open-source and if they were really trying to track my GPS data, someone would notice it in the source code. But I don't trust every app. History has shown there's plenty of companies willing to act in an unscrupulous way, like when Sony put a rootkit on their music CDs.

I don't want to give apps carte blanche to my phone. They all seem to ask for it though, expecting me to just "trust" them not to be malware and not to abuse the permissions that I'm giving them. Because they know that users will not be suspicious (after all, every app asks for these permissions), and there's no basis for negotiating or approving permissions.

As a result, I've had my phone 5 months and installed just one app on it so far. I always want to install an app, and then I get to the permissions screen and I say to myself "no, I don't think it should have access to this". So I don't install it. And maybe I'm the only customer they're losing for this reason, but I think if more people were aware of how broad those permissions are, or what could actually happen if someone did take advantage of them. And given how free and trusting the Android community seems to be about saying yes to permissions, I bet there are lots of apps out there that are already abusing access to that data and just haven't been found out yet.

I'm frankly shocked that people are so passively trusting about signing away their device's security.