Mobile App Permissions – How To Keep Your Kids’ Devices Safe

As we learned in the Study: Cyber Crime and Privacy Risks in Free Mobile Apps for Kids, children are a target for cybercriminals via free mobile apps. As a parent you can help make your kids safer by setting up parental controls on all their devices, and by understanding app permissions before letting your child download an app. In this post we’ll cover common examples of app permissions, how to check app permissions on Android and iOS devices, and dangers lurking in invasive app permissions.

Common Examples of App Permissions

When using apps on both iOS and Android devices, you may be prompted to allow certain permissions in order to use the app. For example, if you are using Instagram, you may be prompted to allow the Instagram app to access your device’s camera.  In this scenario, this app permission makes sense because Instagram is centered around photos.

iOS is very clear on the types of permissions that can be used in an app, as outlined in their iOS Security Guide.  As indicated on page 85 of this guide, some of the potential app permissions include: Contacts, Calendars, Microphone, Camera, and Location Services, just to name a few.

Android apps can include similar permissions to iOS such as: Calendar, Camera, and Contacts.  However, potentially malicious Droid apps can also ask for permission to body sensors, SMS, storage, and device admin/root privileges.

You want to be diligent and aware of app permissions as they relate to the specific app.  There is no valid reason that a solitaire app needs to have permission to your SMS history, your contacts, your location, or full device admin privileges in order to run.  If you are prompted to allow these types of permissions on an app, we recommend finding another safer app.

Android App Permissions – Here’s What to Look For

Before downloading an app, ensure you are downloading the app from the Google Play Store and check the “developer notes” for any notated required permissions.  Once you launch an installed app, you will be prompted for the types of permissions the app is requesting.  Just because an app asks for permissions doesn’t mean you need to grant said permissions. 

You can audit each app’s permission on Android devices and toggle them on/off by going to Settings > Apps & Notifications > and selecting the app you’d like to check.

iOS App Permissions – Here’s What To Look For

For iOS users, Apple requires developers to prompt for specific access and permission during the installation process (via pop-up prompts).  You may also be prompted for app permissions after launching the app.  For example, if you download and install the Signal app, after launching the app you will be prompted to allow access to your camera and contacts. 

You can audit iOS app permissions by going to Settings > Privacy and specifying which setting you’d like to check (e.g. Location Services, Contacts, Camera, etc.)

Best Tips For Setting Up App Permissions

Don’t hand the device back to your child until you install the app and open it to review all the permission prompts first. If the app prompts for a permission you are not comfortable granting, click “don’t allow” and check the device settings to make sure the app doesn’t have any inappropriate permissions.

Although there are harmless uses for app permission requests (and some can help apps function in an optimal manner), liberal permissions can also be used to surreptitiously download malware. Use your best judgment and be cautious when allowing apps permission to your devices, as well as your child’s devices.

Always ask yourself if it makes sense for the app to request this information in order to properly be played.

The Value of Understanding App Permissions

Something we learned in the Study: Cyber Crime and Privacy Risks in Free Mobile Apps for Kids, is that often, it’s not the original app your kid is playing that’s the problem, but the secondary applications advertised in download prompts within mainstream free gaming apps that have invasive app permissions. These secondary apps can serve as an entry point for cybercriminals.

“You have to ask yourself,” says Dewing. “Why would a child’s puzzle game need access to your phone contacts and precise geolocation?”

How does that work? Well, free apps (even for kids) often contain advertising. It is not uncommon for the ads in kids’ apps to contain aggressive prompts to download other apps that may be age inappropriate or unlock gates for cybercriminals to access everything from emails to banking apps. Free apps will use deceptive tactics such as offering a “prize” or enticement like “click here for a free life” to prompt the child to click and unknowingly allow the app to take an action. Often this action gives the app additional permissions on the device, or authorizes the download of another program, which can secretly gain access to information on the device and the child’s or parent’s sensitive information.

Learn About The Most Unsafe and Safest Apps For Your Kids

Now you know that mobile apps, specifically invasive app permissions, can be an entry point for cybercriminals to gain access to sensitive data on your kids (and your) devices. You also know how to do an audit of app permissions to help your kids stay safe.  Spending a little extra time to check the app permission in addition to setting up parental controls on your kids’ devices can go a long way to making them safer online. Check out Rubica’s Safety Index of the The 20 Most Popular Free Apps for Kids to get a list of the Most Unsafe and Safest apps for your kids.