CP
cyberpings
PrivacyMEDIUM

Messaging Apps - Analyzing Permissions on Android Devices

Featured image for Messaging Apps - Analyzing Permissions on Android Devices
HNHelp Net Security
MessengerSignalTelegram
🎯

Basically, some messaging apps ask for more permissions than others, affecting your privacy.

Quick Summary

A new analysis compares Messenger, Signal, and Telegram's permission requests on Android. Telegram has the least permissions, while Messenger has the most. This impacts user privacy significantly.

What Happened

A recent analysis focused on three popular messaging apps—Messenger, Signal, and Telegram—to evaluate their permission requests on Android devices. Each app's approach to permissions significantly impacts user privacy and data security.

Permissions Define Access to Device and User Data

The study revealed that these apps have varying numbers of permissions. Telegram requests the least, with 71 total permissions, including 25 dangerous permissions. Signal follows closely with 72 permissions, of which 19 are dangerous. In contrast, Messenger leads with 87 permissions, including 24 dangerous ones. Notably, Messenger also requests a number of vendor-specific permissions, which are not standard in Android.

Core Messaging Features Rely on Sensitive Permissions

Messaging apps need access to sensitive resources to function effectively. Permissions for contacts, camera, microphone, location, storage, and calendar are essential for core features like voice messages and video calls. While Telegram and Messenger extend their access with system-level permissions, Signal opts for a more conservative approach, avoiding permissions related to phone calls and background location.

Configuration and Network Handling Differences

Using the Mobile Security Framework (MobSF) for static analysis, researchers found that all three apps fall into a medium risk category. However, Messenger had more flagged issues, particularly in the medium-severity range.

One significant difference lies in how each app handles network traffic. Telegram allows cleartext connections by default, making it vulnerable to interception. In contrast, Signal uses encrypted connections, limiting cleartext traffic to necessary certificate checks. Messenger's findings were more varied, including issues like world-writable files that could allow data tampering.

Where Data Travels

The analysis also examined where the data from these apps travels. Messenger primarily exchanges traffic with North America, while Telegram focuses on Europe. Signal also has a strong presence in Europe, with connections in the United States and Asia. This geographical distribution can have implications for data privacy and compliance with regional regulations.

Conclusion

Understanding the permission landscape of these messaging apps is crucial for users concerned about their privacy. While Telegram appears to take the most limited approach, Messenger's extensive permissions raise questions about data security. Users should consider these factors when choosing a messaging app.

🔒 Pro insight: The disparity in permission requests highlights the trade-off between functionality and user privacy across messaging platforms.

Original article from

HNHelp Net Security· Sinisa Markovic
Read Full Article

Share

Related Pings

MEDIUMPrivacy

Digital Trust Erosion - How Logins Impact User Confidence

Sign-up forms and login processes are causing digital trust to erode. With 68% of users reporting issues, understanding these challenges is vital for improving security and user experience. Organizations must address these concerns to build lasting trust.

Help Net Security·
HIGHPrivacy

Apple OHTTP Relay - Exposes User Data Through Third-Party Endpoints

Apple's OHTTP relay for Live Caller ID Lookup routes user data through 14 third-party endpoints across six countries. This lack of transparency affects all iPhones running iOS 18+, raising serious privacy concerns. Users deserve to know how their data is being handled.

Full Disclosure·
HIGHPrivacy

House Democrats Criticize ICE's Use of Paragon Spyware

What Happened Recently, Immigration and Customs Enforcement (ICE) confirmed its use of Paragon spyware, a revelation that sparked outrage among several House Democrats. Acting ICE Director Todd Lyons responded to inquiries from lawmakers, stating that the agency employs this technology to combat fentanyl trafficking, particularly against groups using encrypted communications. However, this explanation did not satisfy the concerned representatives.

CyberScoop·
MEDIUMPrivacy

Jacob Mchangama - Discusses Free Speech and Its Challenges

Jacob Mchangama discusses the state of free speech and its challenges in today's world. He emphasizes the need to protect this essential freedom for democracy. His insights shed light on the importance of advocating for free expression amidst rising concerns.

EFF Deeplinks·
HIGHPrivacy

Identity Security - Rethinking for a Borderless Attack Surface

Identity security is under siege as attackers exploit stolen credentials. Organizations must adapt to protect against these evolving threats effectively. It's crucial to rethink identity management strategies.

SC Media·
HIGHPrivacy

ICE Buys Paragon Spyware for Drug Trafficking Cases

ICE has purchased spyware from Paragon Solutions to combat drug trafficking. This decision raises serious privacy concerns for affected communities, including immigrants and activists. Critics warn of potential abuses and demand accountability from the agency.

TechCrunch Security·