{"id":318,"date":"2022-11-08T07:53:34","date_gmt":"2022-11-08T07:53:34","guid":{"rendered":"https:\/\/bevigil.com\/blog\/?p=318"},"modified":"2022-11-15T10:38:54","modified_gmt":"2022-11-15T10:38:54","slug":"how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach","status":"publish","type":"post","link":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/","title":{"rendered":"<strong>How to Assess the Criticality of Android App Permissions: A Hands-on Approach<\/strong>"},"content":{"rendered":"<p>With a market share of 72%, Android is the most widely used mobile operating system. The consistent increase in Android users has accelerated the development of apps considerably. Therefore, Android, with over 2.5 billion active users spanning over 190 countries, is a prime target for threat actors as well.<\/p>\n<p><a href=\"https:\/\/bevigil.com\/\">BeVigil<\/a> is the world&#8217;s first security search engine for mobile apps. The analysis of more than 1 million Android apps indexed by BeVigil, allows us to identify the critical security issues that plague some of the most popular Android apps. One of the key issues involves apps requesting permissions that may not be necessary for their proper functioning.<\/p>\n<p>In our <a href=\"https:\/\/bevigil.com\/blog\/dangerous-android-permissions-to-look-out-for-in-your-apps\/\">previous blog<\/a>, we explored what Android permissions are, how they can be (mis)used to orchestrate espionage campaigns and defraud users, and the dangerous permissions requested by popular apps.<\/p>\n<p>In this blog, we show you how to identify if any app that you downloaded is requesting dangerous permissions. This is especially important because most people tend to <strong>accept <\/strong>all the permissions without knowing what exactly they are consenting to, how the information is being (mis)used, and what\u2019s at stake. So much so that certain permissions can allow an app to compromise your privacy.<\/p>\n<h2><strong>How Prevalent are Dangerous Permissions?<\/strong><\/h2>\n<p>BeVigil shows that:<\/p>\n<ul>\n<li>26% of educational apps access your microphone<\/li>\n<li>21% of medical apps access your microphone<\/li>\n<li>39% of finance apps access your camera<\/li>\n<li>17% of finance apps have the read contact permission<\/li>\n<li>46% of book apps have precise location access<\/li>\n<\/ul>\n<blockquote><p>Also read\u00a0<a href=\"https:\/\/bevigil.com\/blog\/dangerous-android-permissions-to-look-out-for-in-your-apps\/\">Dangerous Android Permissions To Look Out For In Your Apps<\/a><\/p><\/blockquote>\n<h1><a id=\"post-318-_sgzq0q4hpj0r\"><\/a>Does your App Ask for These Permissions?<\/h1>\n<p>Before you download any app, or if an app is already installed on your phone, check if it accesses your camera, contacts, or messages, even when it is not required for the app to function. Using BeVigil, you can do this in 3 simple steps.<\/p>\n<h3><strong>Step 1: Select the App <\/strong><\/h3>\n<p>On https:\/\/bevigil.com\/search, enter the app you want to scan into the search bar. Then select the relevant option from the dropdown menu. For example let\u2019s select YouTube, which has over 10 billion downloads, to see what permissions it requests at the time of installation. (<a href=\"#post-318-3s5em4eruru4\"><strong>Figure 1<\/strong><\/a>)<\/p>\n<p>Note: If the app you want to check is not listed on BeVigil, you can add the app\u2019s App Store link at <a href=\"https:\/\/bevigil.com\/scan-app\">https:\/\/bevigil.com\/scan-app<\/a>. And in a few seconds, the app will be available for analysis. App developers can also upload their apps via this link to assess their app\u2019s risk score.<\/p>\n<figure id=\"attachment_319\" aria-describedby=\"caption-attachment-319\" style=\"width: 1640px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-319\" src=\"http:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-1.png\" alt=\"Figure 1: Using BeVigil for Android App Permission Assessment\" width=\"1650\" height=\"836\" srcset=\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-1.png 1650w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-1-300x152.png 300w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-1-1024x519.png 1024w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-1-768x389.png 768w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-1-1536x778.png 1536w\" sizes=\"(max-width: 1650px) 100vw, 1650px\" \/><figcaption id=\"caption-attachment-319\" class=\"wp-caption-text\">Figure 1: Using BeVigil for Android App Permission Assessment<\/figcaption><\/figure>\n<h3><a id=\"post-318-_1n8to3mn1fsh\"><\/a><strong>Step 2: Check the security rating<\/strong><\/h3>\n<p>The search will pull up a security analysis of the Youtube app, along with the overall security rating (or risk score). In YouTube\u2019s case, the security rating is 6.5 (average) on a scale of 1 to 10, where 0 is the lowest score and 10 is the highest. On the same page, you can also get the issue summary of the app. (<a href=\"#post-318-ev63mf64gnn\"><strong>Figure 2<\/strong><\/a>)<\/p>\n<p>Note: If you are an app developer, you should <a href=\"https:\/\/bevigil.com\/login\">sign up for an account<\/a> to explore additional features (it\u2019s <em>easy and free<\/em>) such as what course of action can be taken to improve the security rating of your application.<\/p>\n<figure id=\"attachment_320\" aria-describedby=\"caption-attachment-320\" style=\"width: 1862px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-320\" src=\"http:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-2.png\" alt=\"Figure 2: Android app issue summary\" width=\"1872\" height=\"851\" srcset=\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-2.png 1872w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-2-300x136.png 300w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-2-1024x466.png 1024w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-2-768x349.png 768w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-2-1536x698.png 1536w\" sizes=\"(max-width: 1872px) 100vw, 1872px\" \/><figcaption id=\"caption-attachment-320\" class=\"wp-caption-text\">Figure 2: Android app issue summary<\/figcaption><\/figure>\n<h3><a id=\"post-318-_i8boelwcphz0\"><\/a><strong>Step 3: Examine the permissions<\/strong><\/h3>\n<p>Clicking on the <strong>Permissions <\/strong>button (on the left menu) will display all the permissions that the app requests. (<a href=\"#post-318-7p07fnmi4j6s\"><strong>Figure 3<\/strong><\/a>)<\/p>\n<p>As we can see, there are 1 <strong>dangerous <\/strong>and 8 <strong>risky <\/strong>permissions that users give consent to during the app installation.<\/p>\n<figure id=\"attachment_321\" aria-describedby=\"caption-attachment-321\" style=\"width: 1850px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-321\" src=\"http:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-3.png\" alt=\"Figure 3: BeVigil showing all the permissions along with their criticality\" width=\"1860\" height=\"842\" srcset=\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-3.png 1860w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-3-300x136.png 300w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-3-1024x464.png 1024w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-3-768x348.png 768w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-3-1536x695.png 1536w\" sizes=\"(max-width: 1860px) 100vw, 1860px\" \/><figcaption id=\"caption-attachment-321\" class=\"wp-caption-text\">Figure 3: BeVigil showing all the permissions along with their criticality<\/figcaption><\/figure>\n<p>BeVigil indicates <strong>SYSTEM_ALERT_WINDOW<\/strong> as dangerous. This permission enables an app to display over any other app without notifying the user. According to a <a href=\"https:\/\/blog.checkpoint.com\/2017\/05\/09\/android-permission-security-flaw\/\">Check Point study<\/a>, 74% of ransomware, 57% of adware, and 14% of banker malware abuse this permission as part of their operation. Threat actors misuse this permission to display fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans.<\/p>\n<p>You can click on a permission to learn more about it (as shown in <a href=\"#post-318-dwp5a84kernv\"><strong>Figure 4<\/strong><\/a>).<\/p>\n<figure id=\"attachment_322\" aria-describedby=\"caption-attachment-322\" style=\"width: 1869px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-322\" src=\"http:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-4.png\" alt=\"Some of the permissions in the risky permission category include:\" width=\"1879\" height=\"890\" srcset=\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-4.png 1879w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-4-300x142.png 300w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-4-1024x485.png 1024w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-4-768x364.png 768w, https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/word-image-318-4-1536x728.png 1536w\" sizes=\"(max-width: 1879px) 100vw, 1879px\" \/><figcaption id=\"caption-attachment-322\" class=\"wp-caption-text\">Some of the permissions in the risky permission category include:<\/figcaption><\/figure>\n<ul>\n<li><strong>ACCESS_FINE_LOCATION<\/strong>: Allows the app to access precise locations.<\/li>\n<li><strong>READ_CONTACTS<\/strong>: Allows the app to read the user&#8217;s contact data.<\/li>\n<li><strong>CAMERA<\/strong>: Allows the app to access the mobile camera.<\/li>\n<\/ul>\n<p>While the app may have some legitimate use cases for these permissions, it is important for users to decide if they want the app to access their data and device functionality.<\/p>\n<h2><a id=\"post-318-_dsdy4cjlgylz\"><\/a>Auto-reset permissions from unused apps<\/h2>\n<p>Google recently introduced an auto-reset permissions feature with Android 11. So if you last used an app a few months ago, the permissions will automatically get reset.<\/p>\n<p>As noted in <a href=\"https:\/\/developer.android.com\/about\/versions\/11\/privacy\/permissions#auto-reset\">the Android documentation<\/a> (reproduced verbatim), \u201cif your app targets Android 11 or higher and isn&#8217;t used for a few months, the system protects user data by automatically resetting the sensitive runtime permissions that the user had granted your app. This action has the same effect as if the user viewed a permission in system settings and changed your app&#8217;s access level to Deny.\u201d<\/p>\n<h2><a id=\"post-318-_jx7dl1spbcu\"><\/a>Conclusion<\/h2>\n<p>In this blog, we saw how to leverage BeVigil to assess the criticality of an Android app and make the right judgment before installing it. We also noted how dangerous permissions could change your system settings, modify your device password, lock your phone, or even permanently delete all the data from your device which could be disastrous.<\/p>\n<h2><a id=\"post-318-_f0yz4bcknk4\"><\/a>References<\/h2>\n<ul>\n<li><a href=\"https:\/\/bevigil.com\/blog\/dangerous-android-permissions-to-look-out-for-in-your-apps\/\">Dangerous Android Permissions To Look Out For In Your Apps &#8211; BeVigil Blog<\/a><\/li>\n<li><a href=\"https:\/\/blog.checkpoint.com\/2017\/05\/09\/android-permission-security-flaw\/\">Android Permission Security Flaw &#8211; Check Point Software<\/a><\/li>\n<li><a href=\"https:\/\/developer.android.com\/about\/versions\/11\/privacy\/permissions#auto-reset\">Permissions updates in Android 11 | Android Developers<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>With a market share of 72%, Android is the most widely used mobile operating system. The consistent increase in Android users has accelerated the development of apps considerably. Therefore, Android, with over 2.5 billion active users spanning over 190 countries, is a prime target for threat actors as well. BeVigil is the world&#8217;s first security &#8230; <a title=\"How to Assess the Criticality of Android App Permissions: A Hands-on Approach\" class=\"read-more\" href=\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\" aria-label=\"More on How to Assess the Criticality of Android App Permissions: A Hands-on Approach\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":323,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,32],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Assess the Criticality of Android App Permissions: A Hands-on Approach - BeVigil Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Assess the Criticality of Android App Permissions: A Hands-on Approach - BeVigil Blog\" \/>\n<meta property=\"og:description\" content=\"With a market share of 72%, Android is the most widely used mobile operating system. The consistent increase in Android users has accelerated the development of apps considerably. Therefore, Android, with over 2.5 billion active users spanning over 190 countries, is a prime target for threat actors as well. BeVigil is the world&#8217;s first security ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\" \/>\n<meta property=\"og:site_name\" content=\"BeVigil Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/cloudsek\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-08T07:53:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-15T10:38:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions-1024x1024.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"BeVigil\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cloudsek\" \/>\n<meta name=\"twitter:site\" content=\"@cloudsek\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BeVigil\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\"},\"author\":{\"name\":\"BeVigil\",\"@id\":\"https:\/\/bevigil.com\/blog\/#\/schema\/person\/815673cb0715af9f571f14d6ffc36a87\"},\"headline\":\"How to Assess the Criticality of Android App Permissions: A Hands-on Approach\",\"datePublished\":\"2022-11-08T07:53:34+00:00\",\"dateModified\":\"2022-11-15T10:38:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\"},\"wordCount\":958,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/bevigil.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png\",\"articleSection\":[\"Android Security\",\"Permissions\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\",\"url\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\",\"name\":\"How to Assess the Criticality of Android App Permissions: A Hands-on Approach - BeVigil Blog\",\"isPartOf\":{\"@id\":\"https:\/\/bevigil.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png\",\"datePublished\":\"2022-11-08T07:53:34+00:00\",\"dateModified\":\"2022-11-15T10:38:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage\",\"url\":\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png\",\"contentUrl\":\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png\",\"width\":1664,\"height\":1664,\"caption\":\"Android Permissions\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bevigil.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Assess the Criticality of Android App Permissions: A Hands-on Approach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bevigil.com\/blog\/#website\",\"url\":\"https:\/\/bevigil.com\/blog\/\",\"name\":\"BeVigil Blog\",\"description\":\"Security disclosures, News and Guides\",\"publisher\":{\"@id\":\"https:\/\/bevigil.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bevigil.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/bevigil.com\/blog\/#organization\",\"name\":\"BeVigil Blog\",\"url\":\"https:\/\/bevigil.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bevigil.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/01\/cropped-bevigil-logo.png\",\"contentUrl\":\"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/01\/cropped-bevigil-logo.png\",\"width\":400,\"height\":400,\"caption\":\"BeVigil Blog\"},\"image\":{\"@id\":\"https:\/\/bevigil.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/cloudsek\",\"https:\/\/x.com\/cloudsek\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/bevigil.com\/blog\/#\/schema\/person\/815673cb0715af9f571f14d6ffc36a87\",\"name\":\"BeVigil\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bevigil.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5b002b2a9b6222b970f73ce6beab539e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5b002b2a9b6222b970f73ce6beab539e?s=96&d=mm&r=g\",\"caption\":\"BeVigil\"},\"sameAs\":[\"https:\/\/bevigil.com\/\"],\"url\":\"https:\/\/bevigil.com\/blog\/author\/bevigil\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Assess the Criticality of Android App Permissions: A Hands-on Approach - BeVigil Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/","og_locale":"en_US","og_type":"article","og_title":"How to Assess the Criticality of Android App Permissions: A Hands-on Approach - BeVigil Blog","og_description":"With a market share of 72%, Android is the most widely used mobile operating system. The consistent increase in Android users has accelerated the development of apps considerably. Therefore, Android, with over 2.5 billion active users spanning over 190 countries, is a prime target for threat actors as well. BeVigil is the world&#8217;s first security ... Read more","og_url":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/","og_site_name":"BeVigil Blog","article_publisher":"https:\/\/facebook.com\/cloudsek","article_published_time":"2022-11-08T07:53:34+00:00","article_modified_time":"2022-11-15T10:38:54+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions-1024x1024.png","type":"image\/png"}],"author":"BeVigil","twitter_card":"summary_large_image","twitter_creator":"@cloudsek","twitter_site":"@cloudsek","twitter_misc":{"Written by":"BeVigil","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#article","isPartOf":{"@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/"},"author":{"name":"BeVigil","@id":"https:\/\/bevigil.com\/blog\/#\/schema\/person\/815673cb0715af9f571f14d6ffc36a87"},"headline":"How to Assess the Criticality of Android App Permissions: A Hands-on Approach","datePublished":"2022-11-08T07:53:34+00:00","dateModified":"2022-11-15T10:38:54+00:00","mainEntityOfPage":{"@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/"},"wordCount":958,"commentCount":0,"publisher":{"@id":"https:\/\/bevigil.com\/blog\/#organization"},"image":{"@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage"},"thumbnailUrl":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png","articleSection":["Android Security","Permissions"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/","url":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/","name":"How to Assess the Criticality of Android App Permissions: A Hands-on Approach - BeVigil Blog","isPartOf":{"@id":"https:\/\/bevigil.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage"},"image":{"@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage"},"thumbnailUrl":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png","datePublished":"2022-11-08T07:53:34+00:00","dateModified":"2022-11-15T10:38:54+00:00","breadcrumb":{"@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#primaryimage","url":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png","contentUrl":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png","width":1664,"height":1664,"caption":"Android Permissions"},{"@type":"BreadcrumbList","@id":"https:\/\/bevigil.com\/blog\/how-to-assess-the-criticality-of-android-app-permissions-a-hands-on-approach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bevigil.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Assess the Criticality of Android App Permissions: A Hands-on Approach"}]},{"@type":"WebSite","@id":"https:\/\/bevigil.com\/blog\/#website","url":"https:\/\/bevigil.com\/blog\/","name":"BeVigil Blog","description":"Security disclosures, News and Guides","publisher":{"@id":"https:\/\/bevigil.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bevigil.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/bevigil.com\/blog\/#organization","name":"BeVigil Blog","url":"https:\/\/bevigil.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bevigil.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/01\/cropped-bevigil-logo.png","contentUrl":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/01\/cropped-bevigil-logo.png","width":400,"height":400,"caption":"BeVigil Blog"},"image":{"@id":"https:\/\/bevigil.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/cloudsek","https:\/\/x.com\/cloudsek"]},{"@type":"Person","@id":"https:\/\/bevigil.com\/blog\/#\/schema\/person\/815673cb0715af9f571f14d6ffc36a87","name":"BeVigil","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bevigil.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5b002b2a9b6222b970f73ce6beab539e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5b002b2a9b6222b970f73ce6beab539e?s=96&d=mm&r=g","caption":"BeVigil"},"sameAs":["https:\/\/bevigil.com\/"],"url":"https:\/\/bevigil.com\/blog\/author\/bevigil\/"}]}},"jetpack_featured_media_url":"https:\/\/bevigil.com\/blog\/wp-content\/uploads\/2022\/11\/Android-Permissions.png","_links":{"self":[{"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/posts\/318"}],"collection":[{"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/comments?post=318"}],"version-history":[{"count":3,"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/posts\/318\/revisions"}],"predecessor-version":[{"id":328,"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/posts\/318\/revisions\/328"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/media\/323"}],"wp:attachment":[{"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/media?parent=318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/categories?post=318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bevigil.com\/blog\/wp-json\/wp\/v2\/tags?post=318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}