Application permissions



  • I have made some work based on exodus’s permissions DB ( permission requested by apps )
    it is accessible there : http://exodify.org/stats/index.html

    Its a mess with lots of unused, unnecessary, mispelled permissions.

    I have started some classification, its WIP. described further below.

    but there are a lot more info that could be useful to gather from manifest and I hope those could be fetched at some point.

    There are today

    • 103 apps with zero permission.
    • the biggest number of permissions requested by a single app : 229
    • 6684 differents permissions :
      – 3821 linked google notification
      – 1023 yet to be classified and looked into
      – 519 that are android permissions
      – 265 that are bogus map related permissions
      – 217 using layer notification
      – 190 linked to icon badges
      – 180 using amazon notification
      – 173 that are google permissions
      – 100 linked to notification from https://www.urbanairship.com/ ?
      – 43 that are amazon permissions
      – 78 linked to accentage beacon,
      – 70 that are samsung permissions
      – 5 alternative billing

    Most requested perms

    • “android.permission.INTERNET” : 6413,
    • “android.permission.ACCESS_NETWORK_STATE” : 6128,
    • “android.permission.WRITE_EXTERNAL_STORAGE” : 5016,
    • “android.permission.WAKE_LOCK” : 4908,
    • “com.google.android.c2dm.permission.RECEIVE” : 4076,
    • “android.permission.VIBRATE” : 3260,
    • “android.permission.ACCESS_WIFI_STATE” : 3201,
    • “android.permission.READ_EXTERNAL_STORAGE” : 2980,
    • “android.permission.ACCESS_FINE_LOCATION” : 2751,
    • “android.permission.RECEIVE_BOOT_COMPLETED” : 2696,
    • “android.permission.ACCESS_COARSE_LOCATION” : 2425,
    • “android.permission.READ_PHONE_STATE” : 2235,
    • “android.permission.CAMERA” : 2090,
    • “android.permission.GET_ACCOUNTS” : 2048,
    • “com.android.vending.BILLING” : 1774,
    • “android.permission.BLUETOOTH” : 1066,
    • “android.permission.READ_CONTACTS” : 1055,
    • “android.permission.RECORD_AUDIO” : 968,
    • “com.google.android.providers.gsf.permission.READ_GSERVICES” : 906,
    • “android.permission.SYSTEM_ALERT_WINDOW” : 867,
    • “android.permission.GET_TASKS” : 857,
    • “android.permission.CHANGE_WIFI_STATE” : 851,
    • “android.permission.MODIFY_AUDIO_SETTINGS” : 850,
    • “android.permission.BLUETOOTH_ADMIN” : 773,
    • “android.permission.USE_CREDENTIALS” : 697,
    • “android.permission.WRITE_SETTINGS” : 623,
    • “android.permission.BROADCAST_STICKY” : 527,
    • “android.permission.MANAGE_ACCOUNTS” : 513,
    • “android.permission.CALL_PHONE” : 499,
    • “android.permission.AUTHENTICATE_ACCOUNTS” : 494,
    • “android.permission.FLASHLIGHT” : 432,
    • “android.permission.CHANGE_NETWORK_STATE” : 410,
    • “android.permission.WRITE_SYNC_SETTINGS” : 407,
    • “android.permission.READ_SYNC_SETTINGS” : 390,
    • “android.permission.USE_FINGERPRINT” : 355,
    • “android.permission.NFC” : 343,
    • “android.permission.RECEIVE_SMS” : 330,
    • “android.permission.READ_CALENDAR” : 318,
    • “android.permission.READ_LOGS” : 310,
    • “android.permission.WRITE_CALENDAR” : 304,
    • “android.permission.WRITE_CONTACTS” : 303,

    Privacy wise those are the problematic ones (WIP there are more)

    • “android.permission.ACCESS_FINE_LOCATION” : 2751,
    • “android.permission.RECEIVE_BOOT_COMPLETED” : 2696,
    • “android.permission.ACCESS_COARSE_LOCATION” : 2425,
    • “android.permission.READ_PHONE_STATE” : 2235,
    • “android.permission.CAMERA” : 2090,
    • “android.permission.GET_ACCOUNTS” : 2048,
    • “android.permission.BLUETOOTH” : 1066,
    • “android.permission.READ_CONTACTS” : 1055,
    • “android.permission.RECORD_AUDIO” : 968,
    • “com.google.android.providers.gsf.permission.READ_GSERVICES” : 906,
    • “android.permission.GET_TASKS” : 857,
    • “android.permission.BLUETOOTH_ADMIN” : 773,
    • “android.permission.USE_CREDENTIALS” : 697,
    • “android.permission.WRITE_SETTINGS” : 623,
    • “android.permission.BROADCAST_STICKY” : 527,
    • “android.permission.MANAGE_ACCOUNTS” : 513,
    • “android.permission.CALL_PHONE” : 499,
    • “android.permission.AUTHENTICATE_ACCOUNTS” : 494,
    • “android.permission.CHANGE_NETWORK_STATE” : 410,
    • “android.permission.WRITE_SYNC_SETTINGS” : 407,
    • “android.permission.READ_SYNC_SETTINGS” : 390,
    • “android.permission.USE_FINGERPRINT” : 355,
    • “android.permission.NFC” : 343,
    • “android.permission.RECEIVE_SMS” : 330,
    • “android.permission.READ_CALENDAR” : 318,
    • “android.permission.READ_LOGS” : 310,
    • “android.permission.WRITE_CALENDAR” : 304,
    • “android.permission.WRITE_CONTACTS” : 303,
      (more)

  • administrators

    Whaou!
    229 permissions for a single apps!
    Btw great job. May be you could made a more “modern” presentation on your web page they tweet about it and we will retweet.

    If you need help for presentation may be we can help (but as you know we aren’t htlm/css experts)



  • thanks, Right now my goal is not about ‘presenting’ but more study some stuff, discuss finding, digg further in some area and ‘give’ back the data.

    maybe some data could find some place on exodify and will have clean presentation, but really for any mid term usage, it should be integrated back to EP where it really belongs.

    anyhow, if somehow someone is making any usage of those json, i will ensure some backward compatibilty and possible a more automatic update.



  • ========================================
    apps_1to5 : number of app containing 1 to 5 trackers
    totaldwd : sum of dwd number per app. sum(app.nbdwd)
    total_trackers : the number of instances trackers sum(app.nbdwd*nbtracker)
    apps_6to10 : number of app containing 6 to 10 trackers
    apps_Zero : number of app containing 0 known tracker
    apps_11to20 : number of app containing 11 to 20 trackers
    apps_21+ : number of app containing 20+
    trackers_found : different isntance of tracker found
    totalVendors : number of unique vendors (many are still duplicate as name are not exact match)
    nbapps : number of app rewied
    percentCoverageGoogle : percentage of app containing at least 1 google tracker
    percentCoverageFacebook percentage of app containing at least 1 facebook tracker
    percentCoverageGoogleVirgin percentage of app containing at least 1 google tracker (removing zero app tracker)
    percentCoverageFacebookVirgin percentage of app containing at least 1 facebook tracker (removing zero app tracker)
    appsWithGoogle number of app containing at least 1 google tracker
    appsWithFacebook number of app containing at least 1 facebook tracker

    trackers_by_dwd.json ( sorted by totaldwd)
    trackers_by_nbapps.json

    per tracker instance:
    totaldwd sum(app.nbapps) for each app containing this trackers
    nbapps number of app containing this trackers

    ======================================
    trackers_by_efficency.json
    efficiency : nbdwd / nbapps

    ======================================
    apps_per_toxicity.json
    toxicity : nbtrackersinapp * nbdwd

    ======================================
    creators_by_toxicity.json
    sum(app.toxicy) for each creators