Why does the app require so many permissions?

[MattAllison]

I would run off and buy the WPCentral app in a hot minute if you could explain to me why the application requires all of the permissions that it does.

Here's the list and my (sarcastic but well-intentioned for the purpose of people thinking about security) questions in specific:

owner identity - isn't my login enough?
photo, music, and video libraries - I love pictures of my kids and the music I listen to but you don't need to.
data services - that's ok
phone dialer - who do I need to call?
movement and directional sensor - are you a mapping application too?
web browser component - that's ok
camera - does the app have a selfie function?
WVGA (480x800) - ok, that makes sense
phone identity - see owner identity
photos library - yes, because photo, music and video library wasn't enough - need those adorable kid pictures!
media playback - perhaps this makes sense...
microphone - good to record me asking questions like "why is this phone recording me?"
Proximity - faceplant sensor?
speech - HAL9000 ready?
HD720P (720x1280) - ok, that makes sense
WXGA (768x1280) - ok, that makes sense

 

[WanderingTraveler]

In one word, ads. For monetization purposes.

Ads require this to have a sense of the identity of the phone, to serve you better ads.
Well, this explains it a lot better than I could.

 

[MattAllison]

I understand that to some degree however I expect much better from a paid application. I seem to remember a conversation thread on one of the articles about the app basically asking why the app wasn't free and the answer was to fund the development of the application. I can completely agree with that, but I have a harder time agreeing to ads and a paid application.

That said, I also firmly believe that responsible sites should try and protect their customers. There may be "value" in providing ad information based on, for example, my music interests but that doesn't explain why an ad would have to use my microphone and phone dialer and other features.

When viewed from a completely paranoid perspective, this is an app that can record my conversations and upload them to a 3rd party while taking pictures of my surroundings. I don't see any form of customer protection inherent in those capabilities and they're not key to the application.

 

[prasath1234]

Even Android ask so much permission. If u want to enjoy anything free u have to give your info in return. That's world.

Sent from my C2305 using WPCentral Forums mobile app

 

[a5cent]

^ I 100% agree with the OP. Having advertising networks require all these permissions makes the permission system a farce. If we're routinely granting these permissions to every app for advertising purposes, and these permissions have absolutely no relationship to the actual features/function of the app, what is stopping us from granting those permissions to an app that actually has dubious motivations? ... nothing... we'll just assume it's more of the same ... and happily grant them access to whatever they want. That's the danger of having a system that condones legal spyware (advertisement networks sniffing around your device). Just like legal spyware, the illegal spyware also wants access to everything, and 95% of consumers have no way of differentiating between the two.

If this continues, I'd say we might as well get rid of the permissions system entirely, as it does nothing but foster a false sense of security.

 

[irtiza_fayaz]

Well, before submitting an App to the store, a developer has to set up the list of permissions required by the app. Most of the boxes are checked by default and often Devs simply choose to ignore the step and go with the default setup. Although I did expect more from the WPcentral team and Jay. :/

 

[Jay Bennett]

So most of these permissions are required by the advertising provider (Microsoft). None of the advertising code is loaded if you pay for the app so you can rest assured about that. But people complained repeatedly that they wanted everything for nothing so we were forced to switch to an advertising provider that gathers a bit more information in exchange for a marginally better monetisation rate. Again, none of that affects you if you pay for the app as I don't even load the Microsoft advertising DLLs. Just remember folks, when something is given to you for free, it's because YOU are the product to be sold.

Seeing as you asked, I'll respond to each permission:

owner identity - Required by MS advertising
photo, music, and video libraries - This is bundled as access to allow you to save images from articles to your phone (and wallpapers). We do not read any of this information
data services - Nice and obvious
phone dialer - Required by MS advertising
movement and directional sensor - I'll review this one because I can't remember why it went in, I think it was for shake to refresh feature that I then disabled, I'll check
web browser component - Used in sign ups (although I may remove this and just go out to IE)
camera - Again, bundled with the ability to save photos to your library from the old days. I can probably remove this now
WVGA (480x800) - Easy
phone identity - Required by MS advertising
photos library - Again, bundled as part of the ability to save photos to media library
media playback - Podcast capability
microphone - We have speech recognition capability
Proximity - Can't remember why this one was added so I'll review it
speech - The app responds to voice commands, hence speech
HD720P (720x1280) - Easy
WXGA (768x1280) - Easy

 

[MattAllison]

Thanks Jay! Having clear justification for this type of thing is part of me selecting an application. There is still some level of inherent trust in getting an application from somebody ("generate BitCoins" is still not a visible permission to watch for :smile, but I frequently see applications requesting permissions that don't seem justified based on the application (e.g. use for proximity/speech/microphone not listed in features).

Also, I'm more willing to pay for an app that respects privacy over advertising.

 

[NachiketS]

Take a look at this

 

[lcw731]

Even Android ask so much permission. If u want to enjoy anything free u have to give your info in return. That's world.

Sent from my C2305 using WPCentral Forums mobile app

Except it isn't free, it's a paid app. I'll use ad supported stops to test out an app, but if I decide to keep it I'll buy it, then there is no need to have adds targeted at me. Why does flashlight+

Need my location in the paid form?

Sent from my RM-820_nam_att_100 using Tapatalk

 

[jay64]

The permission thing is poorly implemented by msft. battery app needs location services - really ? Give me a break. And that is because msft demands it, not developer. telling you that you can refuse permissions does not mean much if you then cannot even download the app, let alone run it. Double talk by msft at best. As to paid apps, apparently your not paying for privacy, as there is none. Msft and oogle virtually indistinguishable in this regard.

 

[realwarder]

photos library - Again, bundled as part of the ability to save photos to media library

Did you know that prompting users to save files does not require this access. This is a common misunderstanding of these permissions.

User prompted actions for saving and reading can happen without these. These permissions enables hidden non-user prompted access to this data which is the concern....

Try it please Jay.

I really wish sites like WPC would push app privacy and help WP be the most privacy aware platform. Hold app developers accountable.