Google Play Store update allows apps to silently gain control of your Device
Google just made a huge change to the way application permissions work on Android devices which has left a potential door open to malicious app developers and hackers.
Google narrows down Android's 145 permissions into 13 broad categories and groups app permissions into 'groups of related permissions', likely for Android users to have an easier time dealing with app permissions.
Unfortunately, the new update has introduced a few potential security and privacy issues, as listed below:
The app developer can then include additional permissions from ‘SMS-related permissions Group’, in a future update, which will not trigger any warning before installation.
If your Android apps update automatically, then malicious developers can gain access to new dangerous permissions without your knowledge by abusing this mechanism, though a smart user could manually view all permissions in a dropdown before installation, but one out of thousands does that.
For example, as you can see in the above screenshots - I am installing FIFA's android app from Google Play Store and before installation the app is asking for group permissions in left image and actual group permissions are expanded in the right-side image.
Similarly, if you install any app with group permissions to read contacts, later that app can secretly gain permission to add or even change calendar entries too.
Below I have listed some most abused Android app permissions that cyber criminals are exploiting for their personal gain: