Android Scientific Calculator App Adds Intrusive Permissions

Android / Mobile / Security / Tech
Attribution -
Image Courtesy Rob Bulmahn

All mobile applications require some sort of permissions in order for the software to operate as intended that’s entirely normal protocol. Developers know what kind of permissions are needed for an app to operate as intended and good developers ask only for those permissions needed and nothing more. But sometimes an app requires permissions that make absolutely no sense for the operation and function of the application — such as the “Scientific Calculator” app on the Google Play store which has 1-5 million installs. According to a reddit user (who has disclosed he is working on a competing app) this calculator app has added new permissions in the form of Caller ID and GPS, neither of which is needed to use a calculator app.

So why would they request so many permissions?

After some thought, it was clearly to generate more revenue which the developers themselves confirmed: “…it helps us fund further development of the app. If you don’t like the feature you can always turn it off in the settings.”

The reddit user continues to point out that had the developer simply started including ads, they’d likely make a livable wage due to their huge install base, but they instead opted for the significantly more intrusive Caller ID system. This may have been a way for the developers to claim that there was no advertising included in their app — technically all of the advertising happens outside of the calculator app itself.

Unfortunately the alternative is much worse. The Caller ID system requires access to nearly every aspect of your phone in order to mine data and show you ads. They say as much on their website:

CIAmedia’s unique ad targeting technology knows which businesses, phone numbers or even local contacts a user is calling. We mix this valuable info with other targeting criteria like gender, age and location.

With this Caller ID advertising package installed, the system will intercept any phone call you make or receive, pulling contact information, location data, and more in order to serve advertising after your call has been completed. When you receive a phone call, you’ll see something like this:

And when you hang up?

Now if we want to get technical, users on Android 6.0 Marshmallow should be able to individually disable the permissions that would allow this advertising platform to run. Unfortunately Marshmallow is still on an embarrassingly small percentage of Android phones (1.2% as of the time of publishing), and there’s no guarantee that the app would continue to function properly if those permissions were disabled.

The author of the original post does obviously have ulterior motives for calling out one of their competitors, and they do take a couple of shots at the developer of the competing app. In their defense, they have taken the time to respond to many questions, comments, and concerns about their own app in the comments of the original post.  It is nonetheless important to have a light directed at the seedy practices of some developers.

Do you have any third-party calculators installed on your Android phone? Does it ask for completely unnecessary permissions? How do you feel about one dev calling out another dev like this? Tell us what you think in the comment section below or on Google+, Facebook, or Twitter.

  Source: reddit
To Top