Risk: Google Streamlines Android Updates

Thursday, June 12, 2014 @ 05:06 PM gHale

Google made changes to the way new app permissions end up disclosed to users, or as it turns out, not disclosed to users.

There will be no warnings of a new permission if it is in the same category as an old one previously accepted.

Android Ransomware Locks Phone
iPhone Hack Attack Spreading
Infections Double with Ransomware Strain
Trojan Focuses on Click Fraud

The change came in with the new version of the Play store app, and has apparently made to streamline the installing of updates and to avoid confusing users.

With this update, a user who has previously permitted an app to access the device’s coarse GPS location will not receive notification when the new version of the app starts collecting information about the device’s fine location, as both permissions belong to the same category.

Similarly, an app that initially only had the permission to read the call log could now end up updated to initiate phone calls without the user’s knowledge. Or if it originally had permission to read the contents of the SD card, it can now update to write to it.

If a user does not agree with these new updates, he or she can turn off auto-updates for specific apps by opening the Play Store app, touching the app’s icon, selecting “My Apps”, selecting the app, and unchecking the box next to “Auto-update” in the Menu.

A second move of Google’s was to make the “full Internet access” permission disappear from the primary permissions screen and get automatic approval.

“These days, apps typically access the Internet,” Google said, adding Google Play’s app review systems already check all apps for abuse of these access permissions.

Leave a Reply

You must be logged in to post a comment.