Who actually checks the permissions of applications they're installing? A little while ago a Paypal update stalled because it required extra permissions. This is what happens if an app you have already installed wants more power. I was more than a little surprised with what I found.
It's easy to overlook app permissions. After all, you want something, and if there's no tangible sacrifice attached to it, people don't see the problem.
I do. I run a few servers so security is something that's always in or around my consciousness. The prime tenet of data security is to only give access to things that need it.
The Paypal app can, as it turns out, do a raft of things that include your peripheral hardware. Like magnetic stripe readers, scanning credit cards and ORCing cheques. I've still no idea why it needs SMS/MMS, calendar, location and app inspection access... So answers on a postcard.
That isn't really the point. My first problem comes in that Paypal are normalising applications doing a permission land-grab at install time. Something that was installed to let me do lightweight management of my account (and get notifications) has mutated into this beast.
Now, you can probably trust Paypal; they've only been shown to be moderately evil in the past... But who is to say that will always be true. They could change their Terms and Conditions (if they even need to) and start snooping on you. Or they could get hacked. The Paypal app could be a vehicle for other malicious software to escalate its own privileges. In either case the result is the same. It can track you, it can watch you, it can hear you and it can smuggle data off your phone without you ever realising. You're installing the perfect surveillance monitor.
There is an argument that Android should be marshalling access to privileges better but before I get there, I do think that Paypal should be more considerate about what they're asking users to hand over. It is possible to split an application into plugins and distribute those in separate packages with their own privileges. This could leave the core application svelte, concentrated on core functionality, leaving cranky old users like me with their simple access and giving coffee-shop-hopping Alice and Bob super-quick access to all the features they want to trade for their privacy.
But yes, the wider problem --as comments are highlighting-- comes in how Android allows developers to request permissions. It all has to be done at install and update time. It's all or nothing. If you won't accept it you can't install and if it's already installed, you can't update. You can only ignore the updates (with obvious serious security issues) or remove the application.
If an iOS app wants to use the camera, you're asked when it wants to use the camera. That might seem like Vista's UAC all over again, but that's the call here... And I think Apple have it a million time more right. Android needs to start thinking about permissions in an interactive sense.
Back to Paypal. Given I only use the Paypal app to manage my Paypal account, I decided to uninstall it.
There has been a great discussion following this on Hacker News. Feel free to kick in your two cents there or here.