Snippet: In the age of smartphones, we mainly use our phones for apps – many, many apps. Making voice calls and performing other traditional phone functions come second to using the wealth of apps available. Most of us are aware by now that apps bring with them additional risk – that they can expose us to unwanted prying and data theft.

In the age of smartphones, we mainly use our phones for apps – many, many apps. Making voice calls and performing other traditional phone functions come second to using the wealth of apps available. Most of us are aware by now that apps bring with them additional risk – that they can expose us to unwanted prying and data theft. So, I’d like to look at app permissions a little closer. It’s a topic you probably do not lose much sleep over, but it does impact your security and personal data directly.

The trade-off

Apps can do a plethora of scary-seeming things on our smartphones: access our location, peek at our photo galleries, read our address books, and gather personal information about us and our devices. This would arguably be okay if you fully trusted the apps you use – but can you really? There are millions of app creators out there – some, surely, with less pure intentions than others – and we mostly end up giving them carte blanche to access our information at any time via their software.

So what can we users do to limit any unwanted intrusion into our privacy?.

These days, consumers enjoy greater control over the resources apps can access than was previously the case. If you want to keep your contacts and personal photos safe, you have the power to do so. It’s a trade-off though. To function properly, apps need some information from you. Map and navigation apps are significantly less useful or easy to use if they can’t read your precise location. Photo sharing apps are pointless if they can’t access your galleries or camera. And of course, most apps become useless without Internet access. To benefit from the cool functionality the app promises to deliver, you essentially have to cede some privacy.

Apples and lollipops

How do our phones present this choice? That depends very much on the handset’s operating system.

Android follows the more theoretical approach: you get to see all the permissions the app needs when you install it, but it’s an all-or-nothing choice. Either accept everything the app wants to do with your private information or do not install it at all. Take it or leave it!

In this regime, there are no surprises, and you have the control to agree or disagree to the terms of use. Sounds good in theory, but it’s not very practical. As users of technology, we do not make decisions like lawyers signing contracts. As goal-driven human beings, most of us will accept all the permissions to access the functionality we want. Most of us do not have enough technical knowledge to assess whether an app really needs all of this information to function correctly.

Apple follows a more human approach. It found a way to make permissions management more intuitive for us and more flexible. Users are not faced with a long list of permissions they have to accept on installing an app. At first, any app is capable of only the basics: starting up, accessing the Internet, that kind of thing. Later, when asked to perform specific tasks, the app prompts the user to provide additional permissions. In context, it is easier for us to understand why the app needs this new type of information. Better yet, we can deny the specific permission and still continue to use the app, albeit with limited functionality.

Apple also provides settings to manage individual permissions after installation. Android had a hint of similar functionality for a short while (in the form of a framework called App Ops), but has unfortunately discontinued it. The only way to remove permissions on Android is to uninstall the app.

Android permissions are also very umbrella-like. Sometimes an app needs access to a single resource, but its developer is forced to package that permission in a larger set of access rights, inadvertently enabling the app to access a lot more than is strictly required.

Let’s see where Android goes with its permissions management paradigm. If it moves toward how Apple does things, the smartphone privacy landscape will look a lot better to consumers. Furthermore, making permissions more granular will make the work of developers so much easier. In a world where privacy is becoming a greater concern for everyone, we must find a way to manage what apps can do more effectively and transparently.

Subscribe to our blog.


Altus van Tonder

Co-founder & former VP sales support Europe

An Entersekt co-founder, Altus was instrumental in our early successes in Europe. Although he now works at Backbase, he visits the Entersekt HQ whenever he’s in Stellenbosch, his home town.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.