Dear Berry solves your BlackBerry woes

How do I save ICE numbers on BlackBerry 10

Dear Berry solves your encryption woes

How do I encrypt files on BlackBerry 10?

Help, How-To & Tips

Dear Berry: How do I seamlessly switch devices regularly?

Help, How-To & Tips

Dear Berry: How do I change the name of my device?

Help, How-To & Tips

How to add a wallpaper within a BBM chat using BlackBerry 10

Help, How-To & Tips

How to create and manage playlists on BlackBerry 10.2.1

Help, How-To & Tips

Top ten tips and tricks for managing your BlackBerry 10 contacts

Help, How-To & Tips

More BlackBerry 10 Browser tips to help your surf the mobile web like a pro

Help, How-To & Tips

How to instantly view your remaining battery percentage with the BlackBerry Z3

Help, How-To & Tips

How to use custom Quick Settings with the BlackBerry Z3

Help, How-To & Tips

10 Time Saving Tips for the BlackBerry 10 Hub

Help, How-To & Tips

How to hide your number when making a phone call on BlackBerry 10

Help, How-To & Tips

How to take a screenshot on the BlackBerry Z3

Help, How-To & Tips

Dear Berry: How do I save contacts from the local address book to my synced account?

Help, How-To & Tips

How to enable Private Browsing on BlackBerry 10

Help, How-To & Tips

Dear Berry: How do I subscribe to public or private calendars?

Help, How-To & Tips

10 BlackBerry Browser tips that will help you surf the mobile web like a pro

Help, How-To & Tips

How to alter application permissions with BlackBerry 10.2.1

Help, How-To & Tips

Dear Berry: How do I scroll through my photos on BlackBerry 10?

Help, How-To & Tips

How to use your BlackBerry 10 smartphone as a mobile hotspot

< >

Dear Berry: Why does a developer require certain app permissions on BlackBerry 10?

Need advice on how to solve your BlackBerry woes? Dear Berry is here to save the day.

By Dear Berry on 11 Mar 2014 10:23 am EDT
-
loading...
-
loading...
-
loading...

Hello again readers! Dear Berry is here once again with a mailbag full of BlackBerry questions and woes. Today's question comes from ICEMAN9 who asks:

Here's a question that I know many people have. When you are giving permissions to apps, what permissions are you really giving the app (ie. Shared Files, E-Mail/Pin Messages, Device ID, etc.)? What does each of these really mean? Why does the app need to have access to them? Are we compromising our privacy by doing so? I understand that if an app (ie. Maps) needs to access your location, but why do other apps need to if they are not location based?


Dear Iceman9,
 
That is a very important question. Simon Sage compiled a list of what the application permissions mean on BlackBerry 10 which you can review as well as the behaviors that are unacceptable (including what information is collected) which can be found here.
 
You can also find the entire list of permissions and their explanation at this link. However, I will endeavor to create a more detailed list for you. 
 
To answer your questions here is a short list I compiled below though it is not a complete list of all the reasons why a developer requires them.

  • Location​ - Applications that are not location based but require the permission may utilize Ad Services. For example, the recently released application Chive On requires this permission because of the ad service as it is a free application.
  • Shared Files - It allows the app access to the storage on your device, SD card and the cloud. This is used in cases where the application would need to save or access files on your device, such as a camera application. In that case then another permission allowing the camera application would also be included. In the case of Chive On, so that it can save images from the app to your device. In the case of utility applications, it lets them save a backup on your device. For example, SMS Backup uses Shared Files so that it can save the backup of all your text messages onto your device or SD Card and also restore this information. As such it also uses the Text Message permission so that it has access to these messages. It also asks for Email and PIN permissions because it offers the ability to email the backup file and so your device needs the permission enabled to trigger the email popup box.
  • Device ID - again this permission can be used in conjunction with Ad Services. In other instances, some developers make their application locked to a specific pin when purchased for security. This permission allows it to access that information to ensure the application is only running on the device it is supposed to. Also, some developers when creating a beta version of their app for testing will ask you for your PIN so that the testing version will only work on that specific device. This permission allows them to see this information to confirm. However, that is not to say some developers out there do not use this PIN to start sending advertisements for their other apps. In that case, you can contact them or simply delete the app (however, that is very rare lately). Another use for accessing this permission is the ability for the app to know if you have your phone set to 24hr or 12hr clock or timezone. 
  • Connect to BBM/BBM Contact Invites/Profile Updates - These are permissions that simply grant the application the ability post to BlackBerry Messenger. One of the requirements of the Built for BlackBerry program was that it be social and integrate within the system. Being able to share images, documents, updates, posts, etc. in BBM was one of the services offered and that is what these permissions were for. For example, sharing the app with your BBM contacts or updating your status that you purchased it. Another example, is with Blaq and that it allows you to update your BBM status with your tweet. This is how it is able to do so.
  • Calendar - This allows applications to add, view, or delete appointments. A great example of this is Evernote and how it adds reminders and can place items for follow up.
  • Internet - allows the application to send or receive internet data. For example, the banking application Check requires this to be able to use the internet to pull your personal data off their servers.
  • Contacts - Allows this app to access contacts, including viewing, creating, and deleting. For example, there are a plethora of contact backup applications in the storefront. The application ContactsImEx uses this permission to access the contacts to allow for backup on your device or SD card. It also can merge duplicate contacts which is also why it needs this permission and asks for access to the Shared Files permission so that it can access your device to store this backup file.

 
I hope this has helped answer your question. For people who are skeptical or uncomfortable over an applications permission you can write to the developer or you can go into Settings > Security & Privacy > Application Permissions and turn off the features you do not want them to access, if available. If the application stops responding then you will know it is required to run. 

In addition, BlackBerry instituted a new program to ensure app security in BlackBerry World. Two new logos will now appear as part of the vetting process to show it was scanned by BlackBerry Guardian and Trend Micro. These programs will analyze and scan applications for potential malicious behavior. If you are nervous about an application accessing your personal information be sure to look for these logos beneath the app description before downloading.

Calling all BlackBerry developers! Fee free to join the conversation and let us know your thoughts or any advice you can offer on this important question in the comments below.

See you next time!

Have a question about BlackBerry etiquette? Need advice on how to cope with your BlackBerry addiction? Dear Berry has you covered and there's no question too big or problem too small. Submit any of your BlackBerry woes by email to dearberry@crackberry.com or on Twitter @DearBerryCB.

Reader comments

Dear Berry: Why does a developer require certain app permissions on BlackBerry 10?

47 Comments

I believe that we can't set the controls on Android the way you can on a native m app. Honestly, these apps make me nervous when they ask for full permissions such as pin, and files. Why do I want my personal files to be read by an app. Do I want my mic and camera to be turned on by the app. No. People may say I am just overreacting. I am not! We have to stand up for our right to freedom, privacy and security. Not to be taken for granted

Posted via CB10

I agree, but sadly it's been the norm and pretty much everyone just agrees with the permissions and allows them, this is pretty bad. If 10 years ago when you opened a webpage if it asked for all these permissions so you can look at cat pictures or play some flash game, would you have agreed to it without reading? Now people don't even read, just hit allow and go on.
Try to use an app to remove permissions from android APK's. If they fail to start, just don't use it.
Think about it, google got so much pressure from big guns, they had to remove App Ops from 4.4, which was basically a true firewall that allowed you to set permissions manually.

Because you can't even do that on Android devices, Android handles permissions differently.

Via my LE Z10.

You would think BlackBerry could have universal android runtime permissions and even specify which apps are granted specific ones...

Z10STL100-3/10.2.1.2141 CB10

Great post and very informative. I have many apps that require certain permissions and I usually deny everything except for certain location based apps and for the most part they all work fine. I suggest that people deny everything and see how it works first. I have only one or two apps that I've granted permissions for everything requested..mind you they're trusted.

Posted via CB10

well, if it doesn't work report it to the application developers as well. i guess testing permission combination is a bummer, but a developer would happily fix any issue. the main problem, is that this is impossible knowing for the application knowing which permissions were granted or not before failing at using it.

Plus some applications absolutely require it.

My app secure antivirus requires file access. Paranoid people deny it all the time and then leave me bad reviews because it doesn't work.

It's an Antivirus. If you block it from your files what do you expect to happen lol...

Posted via CB from my LE

How does this information change when we talk about Android software?

I personally do not want or use Android on my phone, but I hear many do.

One of the gripes I see repeated is the insane amount of permissions some Android crapps require -or they fail to open.
Another is that users do not have the same level of control over permissions we enjoy with software (apps) made specifically for BlackBerry.

CDN BB

My grief, too. Android apps are not under control properly.

Would like to see changes to the runtime, if that's at all possible. Should be. It's Unix / Linux after all.

Zzzzwiped from a Zedevice....

That's the way Android works... all permissions or nothing.

Maybe this post was discretely geared towards the tinfoil hats that can't attach in CB and then go "doh!" because they denied the shared files permission upon install. I'm starting to think we should take the Android approach..

[URL="bbmc:C0001BBF0"]BlackBerry 101 - Help Channel[/URL]

This is a huge problem. Users look at the high level description of a permission, get scared, deny it, then don't understand the basic expected app functionality it prevents.

Another one is permissions needed for "secondary" features, sometimes indirectly. You wouldn't know what an app did with this at install time.

Finally, BB10 lacks a real API for inspecting granted permissions and requesting more (BBOS has both), making the user experience for "asking later" quite crappy.

Posted via CB10

I can tell you that the apps that won't run without permissions are deleted after leaving a very bad review.

Posted via CB10

See and this is an example of a narrow minded approach (sorry!)

Again, take secure antivirus. It scans files for viruses. When you block file access, it can't scan files.

According to you - your response is to penalize a developer for that.

Posted via CB from my LE

As a developer, we ask for minimum permission only where they are necessary.

For Example in one of our apps, TrackMyStuff, it will required Share Permission, since it has feature Export to CSV for write file.

Another point we want to share is:
If developer are using Invocation FrameWork ( to launch integration apps) i.e. in TrackMyStuff (StuffToDo module) are integrate with Phone, Calendar, Text Messages and Email, Remember etc..,
then there's no need for Permission on those. Sometimes, developer just check all of the permissions which are not neccessary in these cases.

Also for sending data to the internet, sometimes app i.e. like TrackMyStuff is using Google Charts so it does need to access to internet, but make sure they are telling you in the Privacy Policy.

Users should look at the app Privacy Policy and also look at app features to see it make sense to give access or not.

Here are our point of view sum up:

App Features - Access (Yes/No)

Take picture (i.e. receipt) - Camera (yes)
Call Email app (no reading, pre-compose email) - Email (no)
Call Text (no reading, pre-compose text) - Text Message (no)
Call Remember (no reading, pre-compose task) - Remember (no)
Call Calendar (no reading, pre-compose calendar) - Calendar (no)
Call Contact (select contact) - Contact (yes)
Share Files (write file export csv, backup) - Share Files (yes)

There should be more levels of fine-grained permissions, if that's not too complicated.

Standard, as it is now, and Advanced for the tinfoil hatters among us.

I would have no worries giving something write permissions for a folder , but not necessarily read permissions for everything. There are better examples, but you get the idea.

Zzzzwiped from a Zedevice....

I believe in a basic idea: don't open any doors that you do not have to. I refuse all permissions until I know it is required and is a trustworthy app. I even get the slightest inkling something seems funny I don't install the app. It's not like I use too many unheard of apps in the first place.

If you got Android apps running on your device you don't even need a choice for deny permission. Its default so be thankful BlackBerry gives you a choice lol

Posted via CB10

In many cases, asking for PIN permissions may simply be in order to enable analytics:

https://developer.blackberry.com/native/documentation/cascades/device_pl...

It's important for users to not paint all developers with the same brush just because there are some unethical developers out there. It's highly likely that the developer simply wants to be able to provide a better experience to users without burdening with them for requests for feedback, by using analytics, vs. them wanting to do anything sinister with personally identifiable information.

Good post, now I don't wear a tinfoil hat and mostly trust the apps I have, giving most of them the permissions they ask for. What I'd like to know is, is there a way to watch for and know if there is abuse going on.?

Posted via CB10

This is a huge issue that I believe needs to be addressed by BlackBerry. App developers must come clean to their users BEFORE a purchase is made in BB World. There should be no surprises when the app requests a plethora of permissions at installation, after the customer has purchased the app. This is very unfair to the end user.

Thanks to the CrackBerry team for giving this some attention. It needs to be resolved.

Great topic.

In terms of BB apps I always enable as little as possible out of the box and then flip permissions on if I find something isn't working as expected. Since installing 10.2.1 I've installed a few Android apps and uninstalled all of them because I don't feel comfortable with the inability to restrict permissions. Maybe that's just me...

I have downloaded a number of Apps wanting all permissions when I cannot see any reason for it. I just deleted them as I felt it was just information gathering.
I wish developers were made to explain why they need a permission which seems unlikely.

Posted via CB10

This is an increasingly important discussion. Anybody thinking otherwise is living in the past. In fact, I would love to see a monthly CB or Mobile Nation article addressing various aspects of mobile privacy/security. Nobody calls another a tin hat for locking their house or car, right?

Developer voices are a critical part of this conversation. There are legit reasons for certain requests. We also need guidance on decisions. The tradeoff might seem low risk and worth it to one person, whereas another just can't go there because of data they have on their device. If BlackBerry wants to play the "security" card, they can set themselves apart by guiding non-technical consumers through these choices. For me, it seems the permissions are too "all or nothing". Couldn't there be finer gradations so developers can have what they need without the consumer throwing the door wide open? And there needs to be a chart showing all this info before we buy!

Posted via CB from "Z" best

Agree with the above. GBs of data is being wasted by apps that do not inform the user before download that they do not work without permissions, some of which seem, or are, intrusive.

Fine tuning of permissions is needed indeed. I recently installed a shopping list app that has a log in to keep lists but the app still needed permission to access device identifying information and all the other crap as well. So, instant delete.

This is a call to all blackberry users. When an app is asking for permissions its doesn't or shouldn't need, leave a poor rating for the app but explain why in the review. This way we might be able to get devs in line and coding in a more respectful way. It's our right to use our voice, let's do so!

I would love to be able telling why i ask these permissions, when these are requested ( i try commenting in app description or help) but also to color them by how mandatory they are for the application (red required, orange only needed for important feature, green only needed for minor feature or something alike even though at the end of the day the user decides what is important/minor to him ).

Yes, fine tuning is nice. Maybe if Android apps could be fine tuned, it would attract additional BB10 users. However, the big issue is not so much the permissions, but what the developer does with them. Clearly a flashlight doesn't need your address book. But will another app that seeming is ok to use the address book use it for good instead of evil? The funny thing is iPhones don't really tell you what permissions are granted. You can turn off location service by app, but that's it. At least Androids tell you what is going on.

As a developer I leave all permissions off and try everything I can to leave them off. For example you don't need to know if the user has selected 12 or 24 hour time. There is an API call that will take a date/time and print it the way the user wants.

I've seen developers claim they need device id permission so that they can find out the model and from that figure out the screen size. But the screen sizes is available from other sources.

As mentioned before, using the features built into the OS like invocation and sharing removes the need for a lot of permissions and gives the user a better experience.

Posted via CB10

Request feature for momentics: static analysis of the code (used apis) for permission presetting ormat least diagnose in the bar descriptor...
i find it a test headache to cover permission settings, and testing on simulator only is not a good indicator, i'm even not sure that not asking a permission can work in an os version and not in another...

It's ones thing to let an app access my shared media (or whatever permission) to make it work. Obviously it needs it to save, but it's another thing when some of these apps (ie. angry bird) have been caught giving this information away to third parties like NSA

Posted via CB10

Don't recommend looking for the logos in description to show that they are safe.

Those logos are pure marketing and are on EVERY app page. Such a waste of space.

Posted via CB10

This is an important issue that gets ignored a LOT of the time. However, the article above misses giving a full response to some questions. On device ID, do they just get the alphanumeric phone ID so they can track you everywhere you go for data mining, or do they also get your cell number so they can also get your name to enrich their data?

The article also says "For people who are skeptical or uncomfortable over an applications permission you can write to the developer or you can go into Settings > Security & Privacy > Application Permissions and turn off the features you do not want them to access, if available. If the application stops responding then you will know it is required to run."

We are actually discussing this in a thread right now, regarding apps that grey out those very permissions.

http://forums.crackberry.com/blackberry-10-os-f269/permissions-abuse-881...
"Apps often require enabling permissions unrelated to the core needs of the app. Luckily, the better ones allow you to selectively turn them off. A few have the options grayed out - is there a brute force method do so and if not, why have not BB done so in the OS?"

As an example, I just installed the Kobo reader app for BB10 from BB world, and it has greyed out internet, shared files and device identifying info with the dots on the right and the word ON. So is my only option deleting it if I don't want them to be able to access everything??

I don't think you are a tinfoil hat wearer just because you dislike the idea of an app getting access to your entire documents folder and everything on the SD card, along with device ID & internet. Yes, some are honest mistakes or developers not planning anything unpleasant. But if an app forces you to accept, you have no way to know if it "phones home" with any personal data or not.

As is, I'm very glad BB10 lets me turn off GPS globally, since many apps want access with NO need other than selling you out. Yes, free apps need to be paid for somehow, but they can use non targeted ads like online. Apps I PAY for have no rights to my personal data!

My main beef with all this application permissions stuff is that they always say "add, modify or delete your _____". I want to be able to give the app permission to save files to it's own folder, and modify/delete those files from its own folder, but have zero access to any of my other files. I want to be able to give an app permission to add/modify/delete its own calendar entries, but I sure as hell don't want to give it permission to modify/delete calendar entries made outside the app. I want to be able to give an app permission to initiate an outbound email, but I damn sure as hell don't want to give it permission to delete anything the hell it wants from my mailboxes!

The settings as they currently exist are too broad. We have to trust that the app isn't buggy and isn't going to accidentally delete gobs of stuff it shouldn't even be touching. And for the most part we don't even have a clear picture as to why certain permissions are needed. When requesting permission it should be a requirement that it always state "this is needed so the app can _____" and let me decide if I even want to use that feature of the app.

And while I'm bitching --- it should be a requirement that the app code checks that permission is enabled, and tell you it cannot perform the requested operation due to needing XYZ permission --- not just mysteriously break.

I, like many others, deny everything and if the app doesn't work, and doesn't tell me what it wants/needs, and why, it gets deleted. It's not tin-foil-hatty -- it's just good business sense. No app is important enough to risk my essential core data.

And double-while-I'm-bitching, I should be able to specify one-time permissions. If Windows can detect an "app" needing permission to do something, and ask me if I want to allow it always, or "just this once", then why can't my supposedly-more-secure-than-Windows Blackberry do the same????