Marvel wants to know my what? Top 10 games on Google Play and their permission requests.

I was never good at titles, so here’s a long-winded one for you all. In this article, I will go over the permissions that the top 10 free games on Google Play as of April 29 2015 asks for.

Maybe a bit of background is in order. When you download a game on the app store, you are signing a contract. That list of arbitrary symbols showing up is actually a contract and you bind yourself to the contents of that contract. If you click those symbols, you get a paragraph of text outlining an example of what you are giving the application permission to do.

So, let’s get to digging, today’s top 10 games are

Clear Vision 3-Sniper Shooter

Made by: DPFLASHES STUDIOS

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Access to the ID and phone number of the user.
  • Access to numbers calling and called by the device
  • Status of active calls

The first one could be explained by the in-app purchases, but this gives access to so much more. The rest could be to allow the app to “sleep” while you are getting a call, but it gives access to just about everything regarding your identity.

To sum up, if you want to play this game, you have to give DPFLASHES STUDIOS the ability to see your payment info and personal details.

Does Not Commute

by: Mediocre

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers

Again, this is most likely due to the in-app purchases, but could potentially be used to gain access to your payment information.

RealStrategy II: Fire

by: Dolfory

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Information on all apps currently running
  • Information on all apps installed and removed
  • Access to browser history
  • Access to browser bookmarks
  • Permission to send and retrieve SMS and/or MMS (with associatedcharges)
  • Access to files on the device, including but not limited to photos, videos and audio on both internal and external storage
  • Status and identity of all devices connected through WiFi
  • Access to the ID and phone number of the user.
  • Access to numbers calling and called by the device
  • Status of active calls

Oh my, this one is a shady one. It could all have a perfectly innocent explanation, but really, look at this list. You could claim that the payment info would only be used in the in-app store, but why would they need to read your texts? Or have the ability to send texts to others and charge you for it? They could want access to your bookmarks to add a bookmark to their site for you, but is that really worth giving them access to your entire history of both Google Play and your browser? They could want to know if you’re merely connected to the WiFi, but the same permission could be used to identify every single device connected to the same network. In most cases that would be all your phones, tablets, computers, TV-boxes, game systems, modern stereos, media hubs and smart TVs.

Armed Heroes International

by: GameUs

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Information on all apps currently running
  • Information on all apps installed and removed
  • Access to browser history
  • Access to browser bookmarks
  • Permission to send and retrieve SMS and/or MMS (with associatedcharges)
  • Access to files on the device, including but not limited to photos, videos and audio on both internal and external storage
  • Status and identity of all devices connected through WiFi
  • Access to the ID and phone number of the user.
  • Access to numbers calling and called by the device
  • Status of active calls
  • Access to your current location information through either GPS or triangulation
  • Access to your device’s camera without notification
  • Access to your device’s microphone without notification

This one takes it all one step further and will potentially bug you, even when you’re not actively using the device. I have researched this one and found no reason whatsoever for most of these permissions.

There is nothing in this game that utilizes the camera, location, microphone, ID of your phone, storage on the device, bookmarks, or status and identity of other apps. These seems to just be there to gather information about you, your surroundings and your devices.

Criminal Case

by: Pretty Simple

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Information on all apps currently running
  • Information on all apps installed and removed
  • Access to browser history
  • Access to browser bookmarks
  • Access to files on the device, including but not limited to photos, videos and audio on both internal and external storage
  • Status and identity of all devices connected through WiFi
  • Access to the ID and phone number of the user.
  • Access to numbers calling and called by the device
  • Status of active calls

Not as bad as some of the others, but still pretty bad. This simple “hidden object” type game will not be using your identity, the identity of your device, any files on your device or WiFi in any manner, yet it asks for permission to use them all. In the review section I also saw complaints that it would not shut off when users got a call, so the game itself doesn’t even use the access to call information, yet they ask for these permissions when you install it, which means the application has code to use it somewhere.

aa

by: General Adaptive Apps Pty Ltd

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Information on all apps currently running
  • Information on all apps installed and removed
  • Access to browser history
  • Access to browser bookmarks

Endorsed by the Google Play team, described as the “Hello World” app for Android and simplistic, yet they require access to your identity and your wallet.

Donut Quest

by: First Burst

Asks for:

  • Access to files on the device, including but not limited to photos, videos and audio on both internal and external storage
  • Status and identity of all devices connected through WiFi
  • Access to the ID and phone number of the user.
  • Access to numbers calling and called by the device
  • Status of active calls

The 7th game on the list is the first one to not ask for access to your wallet directly. This Candy Crush-clone does however ask for your identity, the identity of your device and all devices connected to the same WiFi as yours as well as information on everyone in your contact list. The game’s only feature that requires internet access is their ad system, there’s not even a score board, so why they would need all that ID is beyond me.

Crossy Road

by: Yodo1 Games

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Access to files on the device, including but not limited to photos, videos and audio on both internal and external storage
  • Status and identity of all devices connected through WiFi
  • Access to the ID and phone number of the user.
  • Access to numbers calling and called by the device
  • Status of active calls

And we are back to requests for payment info again, as well as a host of identifying marks. The fact that they managed to put in-app purchases in a Frogger clone is a topic for another article, but apparently they need to know the brand of your TV in order for you to jump across a pixelated road. Might be worth mentioning that this is another Editor’s Choice, meaning the Google Play team really liked it.

8 Ball Pool

by: Miniclip.com

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Information on all apps currently running
  • Information on all apps installed and removed
  • Access to browser history
  • Access to browser bookmarks
  • Access to your identity from other accounts, such as Facebook and/or Google
  • Permission to send and retrieve SMS and/or MMS (with associatedcharges)
  • Access to files on the device, including but not limited to photos, videos and audio on both internal and external storage
  • Status and identity of all devices connected through WiFi
  • Access to the ID and phone number of the user.
  • Access to numbers calling and called by the device
  • Status of active calls

This is pool! That’s it, regular 8-ball, just like you can play on the publisher’s website. Except, here they want to know your credit card number, what apps you have installed, what apps you didn’t like, what you watched on Youtube, if you’ve been on naughty sites, what you downloaded from those sites, what sites you’ve bookmarked, what your name is on Facebook and Twitter, read your sexting, browse your photos, find out the brand of laptop you have, your number, your mom’s number and how often she calls you.

Also, this is another Editor’s Choice. Do I see a pattern here?

Candy Crush Soda Saga

by: King

Asks for:

  • Access to the user’s payment information, including but not limited to credit card and/or account numbers
  • Access to your identity from other accounts, such as Facebook and/or Google
  • Status and identity of all devices connected through WiFi
  • Access to all your contacts and your own contact information

King is in a league of their own. They’ve managed to refine the info they take in to only ask for the permissions they really need. Unfortunately for you, that information happens to be everything needed to see who you are, who your friends are, where you are and how to get to you.

It might be important to note that just because they ask for the permission, doesn’t mean they intend to use ALL information they COULD take, but the fact that they ask for that particular permission means that they DO have code in the game that uses it.

If they ask for “in-app purchases”, they have code that uses your credit details in some way. It gives them the ability to check all your credit details, but they don’t necessarily do more than charge you for what you decide to purchase.

If they ask for “Identity”, they have code that uses your identity in some way. It might be that the game could be connected to Twitter or Facebook for social sharing, but it does give them access to ALL your identity information.

I do realize this article does feel a bit “tinfoil hat”-esque, but do note that there is no real regulation on the App Market. Nobody checks up on the publishers, as long as they ask and you agree, anything goes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s