This past weekend, I was feeling so good about my decision to leave America and head for the achingly beautiful hills of Nice that I bought myself an S8+.
Now as followers of Leaving Amerika know by now, Nice is not my ultimate destination.
That place is called Gouna.
It is on the coast of the Red Sea in Egypt. It is an affordable bastion of privilege, a retirement haven for about 20,000 well off punters, who are betting on the continued stability of the Egyptian state. And it is really affordable, given the current exchange rate of the US dollar to the Egyptian pound.
Having decided to frolic in gorgeous touristy Gouna until the current turmoil in the US abates, I asked myself, er, what are you going to do in Gouna, exactly?
I looked at my gleaming new S8+, and thought: wouldn’t it be convenient if there were a sorta concierge Gouna app?
So I tapped my way to Google’s Play Store, and shazam, there it was: the app that would keep me plugged in to what was going on in Gouna, aside from reading Gouna News of course, which, alas, is appless.
Eager and excited to see what this app had to offer, I tapped on the download button.
Then this happened.
Why on earth would an app that presumably offers restaurant promos and news of local events and possibly discounts in hotel booking need permission to access all this highly sensitive information off my phone?
The truth is, it most likely doesn’t.
What the purpose of this app seems to be is to offer some sort of carrot (great deals in Gouna!) with the terrible stick of compromising my personal privacy.
And not just mine, but that of anyone whom I have listed in my Contacts.
The Gouna app also wanted to be able to read all my messages. It wanted access to all my pictures and tunes. It wanted to track my movements.
It even wanted to know extraordinary low-level technical things, like highly detailed information about my phone, such as various serial numbers, that, in theory, would enable anyone who had access to this information subject me to ransom demands or simply shut down my gorgeous new phone by informing Samsung that the device was stolen.
Let’s switch gears for a second.
Everyone knows that America takes a cavalier view of individual privacy. For example, if you vote in an American election, your name, party affiliation, and home address can be published anonymously on the Internet, for anyone who might wish to see.
This is perhaps one reason the rich in this country purchase their homes through LLCs.
Add the fact that data brokers cull all sort of government and private data banks to amass frightening dossiers on you (phone numbers, email addys, age, family member lists, income level, possessions, job history, listing of where you have lived, marital status, arrest record, court appearances, and so on).
That Americans in general are willing to mortgage their privacy in return for the promise of a few points off some product deal is breath-taking.
Which brings us back to the El Gouna Android app.
Think about it:
What are the unintended consequences of granting such an app these privileges?
Are you in fact willing to let some unknown party monitor your location, possibly spy on your friends, open them and yourself to constant harassment via SMS and email and pop-up ads, and, more darkly, allow nameless entities to spy on you in real-time via access to the microphone and camera on your phone? It sounds extreme, but these permissions would allow much of that.
In the era of annoyware and ransomware and the annihilation of online privacy by predatory actors such concerns do not make you a Cassandra.
So, next time you’re poised to gleefully tap on Accept, before downloading an Android app, think about what you are about to do.
Your overseas privacy may depend on it.
NB: The dev team responsible for this app was recently contacted via an indirect channel. The query asked why were these permissions needed for this app. There was no response to the query, although 4 developers read the query. Consequently, my advice is do not download the El Gouna app. It’s too bad, as I was interested in determining if this app was a full blown native app with legitimate and useful functionality, or a simply a shell, possibly spyware app, that makes use of the WebView short cut.
In general, if you have a device that is running Android 6 or above, you can now turn off some (but not all) permissions for apps that you have downloaded.
You can also (in addition to researching the voluminous articles on the subject of Android security that are available on the Net!) perform the following simple task on your smartphone: