Friday, 3 June 2011
The "read phone state and identity" permission should be split
Does Google care about your privacy? Of course not! That's to be expected from a company that lives from advertising. Google makes money from gathering as much information about you as possible. They have no reason to let you control what information you share and what information you keep private.
Of course they need to pretend that they let you choose, because bad publicity is bad for business. That could explain why Android has some privacy features that are really nothing but a bit of window dressing.
The prime suspect is the "read phone state and identity" permission in Android that many apps request when you install them, even when there's no apparent need for this permission other than allowing advertisers such as Google to spy on you.
The phone state and identity permission is a grab bag of permissions:
- See if there's a call going on.
- Read your phone number.
- Read your phone's IMEI number.
- Read the IMSI number of your SIM card.
- Read the unique device ID that Google assigns to your phone.
The first permission is useful and not controversial. Of course a media player should be told that you receive an incoming call so that it can pause playback until you hang up.
But this innocent permission is bundled with a bunch of dangerous permissions. My streaming media player should keep quiet during phone calls, but it doesn't need to know my phone number.
IMEI, IMSI, and device ID may seem innocent at first, but they're not. The phone identy permission is the wet dream of all advertisers and spammers. These numbers can be used to track you, and unlike web browser cookies there's no way to opt out. You can delete cookies, but your device ID is permanently tied to your phone, your IMSI identifies your SIM card and cannot be changed, and altering the IMEI of your phone is illegal in many countries. Combined with permission to go online (which comes in one flavour only: "full internet permission") the potential for abuse is endless.
So this permission should be split. The phone state permission should NOT be bundled with permission to read your phone identity.
The phone identity permission should be tuned too. Permission to read your phone number should be separate from the other permissions.
Unfortunately there's no way to split these permissions yet. Apps like LBE Privacy Guard and Permissions Denied only allow for an all-or-nothing choice. Maybe future versions of these programs will allow us to grant phone state permission but deny access to phone identity, or feed bogus identy information to nosy apps?