Now let’s take a look at some of the categories that apps might ask for access to. The consequences of granting access can be very damaging.
- SMS permissions.
If you allow a new app to access SMS, that new utility will be able to access MMS messaging systems as well as any SMS app you have on your phone, not just the one default SMS tool that comes with the Android operating system. Furthermore, an app with permission to access SMS will be able to read all of the messages you have stored in your SMS apps. It will also be able to intercept and read (and possibly alter) incoming messages and it will even be allowed to send out SMS messages from your phone.
- Phone call permissions.
The permission to access any communication service on your phone is a gift to any malware that wants to replicate itself by sending out Trojan programs to your Contacts list. If the worm can send those infections out from your Phone number, the hacker that wrote the original virus saves a lot of money and also hides his identity.
A malicious money-making app with permission to access your phone’s call functions can rack up your bill and make a ton of money for its owner by making repeated calls to premium numbers owned by the hacker.
- Camera permissions.
Apps that have the permission to access your camera can take screenshots of your activities, take photos and videos of you and your friends, and send those image and video files back to the writer of the app. Similarly, if an app has access to your microphone, any recording tool on your phone can be manipulated to record you without your knowledge.
- Location permissions.
The location feature on your phone can tell burglars when you are away from your home and can tell the owners of location-restricted websites and services that you are outside of their operating area so they can block you.
- Operating system and storage permissions.
Giving an app permission to access your storage allows data thieves to steal your information. It also opens the door to ransomware that can encrypt all of the files on your device and make them inaccessible until you pay for the decryption key.
Allowing an app to gain control of system settings could mean you lose access to your phone.
Turn off location services completely
On Android, the only way you can turn off access permissions is on a per app basis, as described above. This is the case with all categories except for the Location services of your phone. These can be turned off completely.
Turning off location services defeats geo-restricted websites that try to block your access from other countries. You can bypass their restrictions by using a VPN. However, many sites also check your location in the operating system and that defeats that masking action of the VPN because it gives away your real location.
The strategy of turning off location services completely doesn’t always work to get you into overseas websites. For example, even if you have a VPN operating, the YouTube TV site won’t give you access unless it can also check your phone’s location. You also lose the benefit of being able to track your progress along a route in a web map service.
However, if you want to turn off the location services on your Android phone, go to the Settings screen, scroll down to the Personal section, and tap on Location.
Android location 1
Click on the slider at the top of the Location screen.
Android location 2
Android permission problems
An example of a malware nightmare that will ruin your phone if you allow it to access the system is the Loapi Trojan, which Kaspersky Labs spotted towards the end of 2017. This malware is advertised as an antivirus utility or an adult content app. Once it is installed, the app will constantly demand permission to access the system. It will repeat the demand over and over again until you tap on Allow. You restart your phone to try to turn the app off, but that won’t work. When your phone starts up again, the first thing you will see is that demand for access.
The Loapi Trojan has a wide range of malicious functions. These include launching DDoS attacks on command on other internet connected devices, cryptocurrency mining, and frantic web page access to bump up income from recorded visits. The design of the Trojan enables its controller to load up new attacks on your phone at will. So this is a backdoor that will allow a constant stream of attacks to download onto your phone.
When investigating this Trojan, Kaspersky Labs loaded it onto a smartphone. Within two days, the excessive processing caused by the virus caused the device’s battery to bloat and the phone’s cover to warp. Basically, if you unintentionally download Loapi, you might as well throw your phone away.
The Trojan’s antivirus sweep will detect other antivirus programs running on your phone and alert you to allow removal of those programs, which Loapi falsely labels as malware. Again, the app will not take Deny for an answer. The prompt to allow removal of those programs will not stop until you tap on Allow.
If you have Loapi on your phone, you might try all of the steps outlined in this guide to remove its permissions. However, the defense mechanisms of this malware suite will lock the phone and shut down the settings screens, making it impossible for you to revoke its access rights. This vicious app is just one example of malware that will render your phone unusable.