CP
cyberpings
PrivacyMEDIUM

Messaging Apps - Analyzing Permissions on Android Devices

Featured image for Messaging Apps - Analyzing Permissions on Android Devices
HNHelp Net Security·Reporting by Sinisa Markovic
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Ingested:
🎯

Basically, some messaging apps ask for more permissions than others, affecting your privacy.

Quick Summary

A new analysis compares Messenger, Signal, and Telegram's permission requests on Android. Telegram has the least permissions, while Messenger has the most. This impacts user privacy significantly.

What Happened

A recent analysis focused on three popular messaging apps—Messenger, Signal, and Telegram—to evaluate their permission requests on Android devices. Each app's approach to permissions significantly impacts user privacy and data security.

Permissions Define Access to Device and User Data

The study revealed that these apps have varying numbers of permissions. Telegram requests the least, with 71 total permissions, including 25 dangerous permissions. Signal follows closely with 72 permissions, of which 19 are dangerous. In contrast, Messenger leads with 87 permissions, including 24 dangerous ones. Notably, Messenger also requests a number of vendor-specific permissions, which are not standard in Android.

Core Messaging Features Rely on Sensitive Permissions

Messaging apps need access to sensitive resources to function effectively. Permissions for contacts, camera, microphone, location, storage, and calendar are essential for core features like voice messages and video calls. While Telegram and Messenger extend their access with system-level permissions, Signal opts for a more conservative approach, avoiding permissions related to phone calls and background location.

Configuration and Network Handling Differences

Using the Mobile Security Framework (MobSF) for static analysis, researchers found that all three apps fall into a medium risk category. However, Messenger had more flagged issues, particularly in the medium-severity range.

One significant difference lies in how each app handles network traffic. Telegram allows cleartext connections by default, making it vulnerable to interception. In contrast, Signal uses encrypted connections, limiting cleartext traffic to necessary certificate checks. Messenger's findings were more varied, including issues like world-writable files that could allow data tampering.

Where Data Travels

The analysis also examined where the data from these apps travels. Messenger primarily exchanges traffic with North America, while Telegram focuses on Europe. Signal also has a strong presence in Europe, with connections in the United States and Asia. This geographical distribution can have implications for data privacy and compliance with regional regulations.

Conclusion

Understanding the permission landscape of these messaging apps is crucial for users concerned about their privacy. While Telegram appears to take the most limited approach, Messenger's extensive permissions raise questions about data security. Users should consider these factors when choosing a messaging app.

🔒 Pro insight: The disparity in permission requests highlights the trade-off between functionality and user privacy across messaging platforms.

Original article from

HNHelp Net Security· Sinisa Markovic
Read Full Article

Share

Related Pings

MEDIUMPrivacy

Inconsistent Privacy Labels - Users Left in the Dark

Data privacy labels for mobile apps are intended to inform users, but they're currently inconsistent and unclear. This leaves users unsure about how their data is being handled. It's crucial for developers to improve these labels to enhance user trust and security.

Dark Reading·
HIGHPrivacy

LinkedIn - Secretly Scans 6,000+ Chrome Extensions

LinkedIn is scanning over 6,000 Chrome extensions to collect user data, raising significant privacy concerns. This could expose sensitive information about users and their corporate affiliations. Stay informed and protect your privacy.

BleepingComputer·
MEDIUMPrivacy

Blocking Children from Social Media - A Misguided Approach

Governments are trying to protect children from social media with bans. However, these age-based restrictions may cause more privacy issues than they solve. The focus should shift to open conversations and responsible platform design.

Malwarebytes Labs·
HIGHPrivacy

WebinarTV - Secretly Recording Public Zoom Meetings

WebinarTV is recording and publishing public Zoom meetings without consent. This raises serious privacy concerns for participants. Users must be aware of their digital footprint.

Schneier on Security·
MEDIUMPrivacy

Digital Trust Erosion - How Logins Impact User Confidence

Sign-up forms and login processes are causing digital trust to erode. With 68% of users reporting issues, understanding these challenges is vital for improving security and user experience. Organizations must address these concerns to build lasting trust.

Help Net Security·
HIGHPrivacy

Apple OHTTP Relay - Exposes User Data Through Third-Party Endpoints

Apple's OHTTP relay for Live Caller ID Lookup routes user data through 14 third-party endpoints across six countries. This lack of transparency affects all iPhones running iOS 18+, raising serious privacy concerns. Users deserve to know how their data is being handled.

Full Disclosure·