December 19, 2013 | By Parker Higgins

What Do Your Android Reader Apps Know About You?

When you read a book or an article on your Android device, how much power—and access to your personal data—are you giving the app? A new comparison of 17 of the most popular reader apps, compiled by Matt Bernius, answers that question, and in some cases users may be revealing much more than they think. Nearly a quarter of the apps tested required access to location information; half of them ask for "phone state and identity", which would let them grab people's phone numbers and IMEI numbers; and a couple can retrieve a list of other running apps.

Android apps are required to specify what sort of access to the phone they can use, but these "permissions requests" screens can be opaque, and without a chart like this one, it can be difficult to tell if there are subtle but legitimate reasons why a particular class of app needs a particular type of permission.

chart of Android ebook reader privacy permissions
Click the chart to view it full-size. This chart is another valuable resource for readers looking to bring their privacy into the digital world. We've previously compared the privacy practices of different sources of ebooks.

Unfortunately, Android permissions operate on a "take it or leave it" model. Google briefly included a hidden privacy feature that allowed users to deny certain requested data and access to apps, but has removed it in the latest version of Android. There ways to get the privacy control back if you have a rooted device or install Cyanogenmod. But mainstream Android users are out of luck.

And Google: it's high time you promised to bring App Ops back, with an appropriate plan to expand the interface to work with all the important permission types, and with a plan for app developers to transition to a model with proper privacy controls.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Peru adopts data retention decree: Declares location data no longer protected. https://eff.org/r.l9dp cc: @hiperderecho

Jul 27 @ 3:03pm

Syrian activist and blogger Hussein Ghrer has been freed
https://eff.org/r.81bu

Jul 27 @ 2:24pm

The jailing of journalists in Ethiopia violates international human rights law. #FreeZone9Bloggers https://eff.org/r.enum

Jul 27 @ 1:19pm
JavaScript license information