When you read a book or an article on your Android device, how much power — and access to your personal data — are you giving the app?
A new comparison of 17 of the most popular reader apps, compiled by Matt Bernius, answers that question, and in some cases users may be revealing much more than they think. Nearly a quarter of the apps tested required access to location information; half of them ask for “phone state and identity”, which would let them grab people’s phone numbers and IMEI numbers; and a couple can retrieve a list of other running apps.
Android apps are required to specify what sort of access to the phone they can use, but these “permissions requests” screens can be opaque, and without a chart like this one, it can be difficult to tell if there are subtle but legitimate reasons why a particular class of app needs a particular type of permission.
Click the chart to view it full-size. This chart is another valuable resource for readers looking to bring their privacy into the digital world. We’ve previously compared the privacy practices of different sources of ebooks.
Unfortunately, Android permissions operate on a “take it or leave it” model. Google briefly included a hidden privacy feature that allowed users to deny certain requested data and access to apps, but has removed it in the latest version of Android. There ways to get the privacy control back if you have a rooted device or install Cyanogenmod. But mainstream Android users are out of luck.
And Google: it’s high time you promised to bring App Ops back, with an appropriate plan to expand the interface to work with all the important permission types, and with a plan for app developers to transition to a model with proper privacy controls.