Privacy Advisory and 'Read sensitive log' Permission

I am running avast! Mobile Security 1.0.1282 on a Galaxy S (Android 2.3.3). I noticed an application that has ‘Your personal information / read sensitive log data’ permissions. Based on what I have read, this allows the application to access the Android system log. Privacy Advisor does not report on this permission. Have I misinterpreted what this permission does? If not, are there plans to add checks for this permission to Privacy Advisor?

By the way, great application!

My interpretation was that Privacy Advisor tells you what apps. have permission to read your personal information on your device. If I am incorrect, perhaps someone from Avast can inform us better on this.

The Android log is a place where all applications write some (usually debug) stuff. It should be used by developers only since it shouldn’t contain any stuff that provides anything useful to the user. Therefore the log might contain some privacy-related information, but in my opinion it should not (I really don’t know why any application should write phone numbers, messages, GPS coordinates and stuff like that to the log).

So it is really questionable whether we should include this permission to our Privacy Advisor or not.

Filip

Filip, according to https://plus.google.com/116531573955215493775/posts/Kqu7Uf38tih#116531573955215493775/posts/Kqu7Uf38tih, Ami Fischman found Google account e-mail addresses, names of installed applications, URLs opened by applications, geographic locations, Google Reader feed URLs and WiFi scan results in the log of a Nexus S. The problem is that we do not know what information might be included in the log, which I think makes it important to audit applications that request system log access.

I think that easier would be just not to use the applications that post sensitive data to log since that kinda means they are written in a bad way :slight_smile: But OK, we will think about adding the permission to the Privacy Advisor.

Filip

Filip, that would be great!

I am not sure how that application slipped in. I may have been sleeping when I accepted the permissions, or Android Market/Android 2.3.3 may have changed how the ‘Read sensitive log data’ permission was phrased. The permission popped up when I recently wanted to upgrade the application but that turned out to be misleading - the permission had been there for a while.

The developer claims he only accesses the system log to help diagnose problems. A quick web search identified a number of other applications going the same direction.

Many apps. allow for this private information that you mention, and you wonder why they need some of this data. I seriously doubt all of it is for troubleshooting. The was an app on the Marketplace for users to selectively choose which permissions to allow within an app. once downloaded, but it was recently pulled out of the Marketplace because they found it also allowed malware in, but the devs. are working on a fix.

Like “PDroid Better Privacy” mentioned in your signature? Too bad it was never ported to ICS or JB.