How to discover suspicious apps that use multiple dangerous permissions?
The problem with permissions
We have all seen the Android prompt on the screenshot below.
It is displayed whenever an app requests one of the permission groups that Google categorizes as “dangerous permission groups”: BODY SENSORS, CALENDAR, CAMERA, CONTACTS, LOCATION, MICROPHONE, PHONE, SMS, STORAGE.
It is perfectly normal for various apps to require certain permissions to perform their tasks normally (e.g. Skype requiring access to your device’s camera so that you can easily take photos and attach them to your messages), however sometimes an app may request permissions that may seem like an overreach compared to its intended functionality (e.g. a game that lacks voice chat, yet requests access to the device’s microphone).
While such permissions can be requested on-demand -- if and when they are actually necessary (the first time they are used), some developers can sneak additional permissions passed by the user if all of them are requested at once, knowing many of them would allow everything due to being excited and/or impatient.
The Android solution
In version 6 (Marshmallow), Android introduced the option to control individual permissions for each app.
To get to these permissions on Android 6, 7, or 8: open the “Settings” app, and tap “Apps” -> select the app (you may need to tap “See all apps”) -> “Permissions”.
To get to these permissions on Android 9 or 10: open the “Settings” app, and tap “Apps & notifications” -> select the app (you may need to tap “See all apps”) -> “Permissions”.
You will see a list with all permissions that the app uses, and you can enable or disable them.
Although that results in overall better security and is a positive improvement, the built-in functionality is not particularly convenient to use. Android does not provide a quick and graphical overview, and it also isn’t capable of performing advanced filtering to see which, if any, apps use multiple permissions; i.e. if there is a permission overlap among different apps.
The complete solution
Yes, our free Revo Permission Analyzer can not only display all apps that use permissions from one permission group, but also allow you to add multiple permission categories, to filter which apps use all selected permission categories.
In the lower right corner there is a button that will display how many apps use a randomly chosen permission at every launch of Revo Permission Analyzer. Tapping that button will load the permission viewer with that permission pre-selected, and of course also the option to select additional permissions.
Open Revo Permission Analyzer, and tap the “PERMISSION VIEWER” button in the bottom left corner (you can also find it in the main menu).
That will bring up an empty page with all permission categories at the top.
Simply tap each desired permission group. With each subsequently selected group, Revo Permission Analyzer will filter out the apps on the list, and show only those apps that use all of the selected permissions.
You can further improve the app listing by sorting it: tap the menu button (in the upper right corner), and select the desired sorting method.
You can sort the list (reverse-)alphabetically, by risk level, or show user apps first.
Most of the above described steps are illustrated in the video below.
In conclusion
The problem outlined at the beginning of the article may seem trivial but it is actually more common than many people realize.
Google is continuously and commendably working on improving Android’s security, as well as providing users with ways to customize and tweak their device and apps. Unfortunately, the built-in functionality in some cases may turn out to be insufficient, as it is in this particular case.
Revo Permission Analyzer is a free app that takes what Android already offers, and enhances it further, allowing you to have a better overview and control over your apps’ permissions and maintain a higher level of security.