Usage Data Permission Concerns

Boris_yo

Limp Gawd
Joined
Oct 22, 2011
Messages
198
Hi,

I wanted to measure data upload and download on Android PingTools but was required to give Usage Data Access permission to the app:

Screenshot_20211119-101952_PingTools.jpg

I am wondering if by doing that this app could read data and identify what I do online. Assuming there was malicious app disguised as benevolent app and asked me to give those permissions, would allowing it put my data under risk? Could pickets be read?

Thanks
 

bigstusexy

2[H]4U
Joined
Jan 28, 2002
Messages
3,194
This is where it becomes Dev ops or more of a programming question for an older IT person like me.

Looking at this page: https://developer.android.com/reference/android/app/usage/UsageStatsManager

It says "Provides access to device usage history and statistics." To be honest I didn't understand it all and didn't spend too much time on it but it seems that it responds with information of how much packages on the devices has used the network over a period of time sliced into "buckets" and that's it. I don't think Android allows packet capture period and you have to be rooted to do so (Nope, I'm wrong, seems there are apps that claim to do that)

So in looking at another app that captures packets and this one, it does already have enough permissions to do that - but! In looking into this, it seems that there are required permissions, like the one you're asking about that don't get listed on the Play store page.


For it to do what you're wondering, it's going to need to use a good bit of data and processing power. So I'd watch if it's eating battery and has high network usage. To me though, this seems okay and I might even check it out myself. Usually I think they don't try with actual utilities with value. They'll try with things like a cache cleaner or batter saver, etc. Stuff that seems useful but isn't or totally ridiculous like a "Ram booster"


Again, I'm not a programmer, I didn't dissect this program and probably spent more time writing this than looking into it.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
4,793
Here's my take on this:
  • If you need to do network measurement, use the proper tool--a computer--that can be locked down, virtualized, or any number of ways protected, hardened, etc. Phones and tablets are toys of convenience imo even though they try to crossover into 'real' work scenarios.
  • Phones and tablets are the number one target for scammers, hackers, malware worldwide. Using one for anything where data or anything else could be compromised is like going into gangland wearing a miniskirt and asking if you're going to get raped--well, your chances are much higher than a rural area with no one around.
So can the app be bad? Possible. Can the app do whatever it wants, even without your permission? Absolutely. Is there any real oversight in these apps? Not really. I would be very wary.
 
Top