Cybernews Investigation Reveals MyJio App Requests Most Permissions

Data Permissions: A Closer Look

Among the 50 widely-used Android applications analyzed, the MyJio app emerged as the most demanding, seeking a staggering 29 permissions. This multifaceted app provides a range of services, including payments, cloud storage, and TV streaming, yet its extensive requests for permissions raise significant privacy concerns. The permissions span critical areas such as location tracking, activity recognition, and access to the camera and microphone.

Following closely is WhatsApp, which requires 26 permissions, while Google Messages and WhatsApp Business each ask for 23. Social media giants Facebook and Instagram are not far behind, requesting 22 and 19 permissions, respectively. In stark contrast, gaming apps like Among Us stand out for their minimal data requests, requiring none at all, while others like Candy Crush Saga and 8 Ball Pool ask for just 1 or 2 permissions, primarily for notifications.

The Implications of Excessive Permissions

On average, communication apps request nearly 19 permissions, with social apps following closely at 17.2. Shopping applications, such as AliExpress, average 13.4 permissions, often requesting access to the camera and location services, as well as the ability to send notifications and manage storage. While these permissions may seem necessary for functionality, they pose significant risks if misused.

Security researcher Mantas Kasiliauskis highlights the potential for exploitation of notification permissions. “Malicious apps can bombard users with unwanted ads or phishing links, and commercial spyware vendors have previously exploited this system for user tracking,” he explains.

Another critical area of concern is access to external storage. A total of 40 apps request permission to write files, while 34 seek to read from external storage. This access could potentially allow apps to view sensitive files, such as personal photos or documents. Kasiliauskis emphasizes the need for apps to transparently communicate why such access is necessary.

High-Risk Permissions and User Privacy

Camera and audio recording permissions are also prevalent, with 33 apps requesting these capabilities. While essential for functionalities like photo sharing and voice messaging, these permissions can be misused by malicious actors or intrusive advertisers. The “Get accounts” permission, sought by 27 apps, facilitates streamlined sign-ins but has been exploited in the past for account hijacking.

Moreover, over half of the analyzed apps (26) seek to track users’ precise locations, a practice that raises alarms regarding user privacy. Kasiliauskis notes, “While location tracking is vital for services like Google Maps, many apps request this data simply for its value to advertisers.” Similarly, the ability to read contacts, which often contains sensitive personal information, is requested by the same number of apps.

Finally, 22 apps request permission to read the phone state, granting access to critical information about the device and its network interactions. Kasiliauskis warns, “This permission can reveal sensitive details, including phone numbers and ongoing call information.”