How to find Android apps that respect user privacy

382 readers like this.
How to find Android apps that respect user privacy

Norebbo via Flickr (Original: public domain). Modified by CC BY-SA 4.0.

Have you ever downloaded an Android app only to find that it wants access to all your phone's features and all of your data? This experience, while not ubiquitous, is frustratingly common. Even applications in the F-Droid repository are not immune to requesting permission to access things they should not even need to access. For example, there is a Minesweeper application in F-Droid that wants to be able to record audio and video.

Apps requesting unneeded permissions are not always malicious, but it is better to be safe than sorry. Users should be cautious when installing apps that request permissions they should not need. Similarly, developers should make sure that the apps they develop do not request permission to access phone features that they do not need.

Below, I take a look at two projects producing a wide variety of Android apps designed to only request the permissions they require to function. These apps cover a wide range of functions with each app being focused on doing only one task and doing that task well. Users looking for well designed, functional apps with no extra features and no anti-features (i.e., advertisements) should consider checking these apps out. Developers, especially those just getting started with developing for Android, should take a look at the source code for these apps to learn about developing apps with a focus on using minimal permissions and respecting users' privacy.

Privacy Friendly Apps

Privacy Friendly Apps is a project of the Computer Science Department of the Technische Universität Darmstadt's Security - Usability - Society research group (SECUSO). The apps require minimal permissions, do not track the user, and contain no advertising. The apps are open source with some apps released under the GPLv3 and other under the Apache 2.0 license. The source code for all of the apps is available on GitHub and the apps can be found in both the Google Play store and in the F-Droid repository.

Currently, there are twelve apps in SECUSO's Privacy Friendly Apps project:

  • Dice Game—A specialized dice roller designed for playing Yahtzee without physical dice. However, it does not track scores, so a paper score sheet, or some other method of keeping score, is required.
  • Dicer—A dice roller that rolls between one and ten six-sided dice. Dice can be rolled by shaking the phone.
  • Memo Game—An implementation of the traditional memory tile matching game.
  • Notes—A basic note taking app.
  • Pedometer—Keeps track of the number of steps taking by a user and provides nice overviews of activity over the course of a day, week, or month.
  • PIN Mnemonic—A tool for helping users memorize their 4-digit PINs.
  • QR Scanner—Scans QR codes and can save scanned codes to a history so they can be accessed again later.
  • Shopping List—Creates shopping lists and can also track purchases made and provide statistics about spending.
  • Sudoku—An implementation of the Sudoku puzzle game.
  • To-Do List—A to-do list application that support multiple to-do lists and provides a calendar view to show deadlines.
  • Torchlight—A simple utility for using a phone's LED camera flash as a flashlight.
  • Weather—A weather application that can provide weather forecasts for multiple locations.

Simple Mobile Tools

Simple Mobile Tools is exactly what it says it is: "simple mobile tools." The project's website even goes as far as calling the apps "A group of simple, stupid, open source Android apps with customizable widgets, without annoying ads and unnecessary permissions." These apps are mostly replacements for basic utilities already included in stock Android, but are nice enough that users might want to consider using these apps instead. Users of Amazon's Fire OS, which is a non-standard Android variant, might find some of these apps extremely useful because some of them provide more functionality than the stock Fire OS apps and without the heavy integration that permeates Fire OS's user experience.

All of the apps that are part of the Simple Mobile Tools family do exactly what their names imply. The apps are: App Launcher, Calculator, Calendar, Camera, Draw (a very basic drawing app), File Manager, Flashlight, Gallery (for photographs and videos), Music Player, and Notes (a basic note taking application). All of the apps are released under the Apache2 license, and the source code is available on GitHub. The apps can be installed from the Google Play store or the F-Droid repository.


Another one:

Guardian Project ( creates easy to use secure apps, open-source software libraries, and customized mobile devices that can be used around the world by any person looking to protect their communications and personal data from unjust intrusion, interception and monitoring.

I think what's needed is for the "great minds" of technology, both open source and proprietary, to agree to some ground rules about apps, perhaps something like the nutritional information that foods now have. Just like there are efforts to cut out unnecessary sugar and empty calories, there ought to be an effort to police apps for unnecessary privileges.
How does the typical user figure out whether some app that is said to only use certain phone features abides by that?

No app can use any resource it has not been granted access to at installation time.

Just before installation you have the chance to see the rights that the app requires, so that if you don't agree, you can avoid installing it.
Now, the problem we actually face is just the opposite: Often, app authors don't bother defining the minimum set of rights needed to run their app, and just specify an overly broad set. Then, you have no way to understand if that Sudoku game you're about to install needs access to the contents of your memory because
1) the author was lazy
2) this is a spyware that will send your personal info to some big data collecting company.
Of course, common sense would suggest that a Sudoku game should not need to read your phone's memory, but if ALL Sudoku games you can find on Google Play show the same behavior, how can you tell the good ones from the malware?

In reply to by Greg P

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.