A recent post on Lifehacker about using social media logins on other sites got me to thinking: what impact do those permissions social media and smartphone apps really mean anyway?
I have always been reluctant to use Facebook’s apps. It seems they want permissions they don’t really need. Why do they need to post on my wall or my friends’ walls for me to get discounts at some store? A friend and colleague who passed away a year or so ago has been posting on Facebook. Well, not him, of course, but a dating site he’d belonged to. I guess when you use their app you have to give them permission to post on your wall (I’m not going to try it as I’m quite happily married and definitely not interested even in “just looking”, thank you very much!). This “pretending to be you is called “impersonation” and we discuss it in Learning Tree course 468, System and Network Security.
When you click on a Facebook app a friend recommends it tells you what permissions it needs. I always read those and, if I really want to use the app, only let it post on my wall and only so I can see it. Likewise when I download an Android app for my phone or Kindle Fire, the store tells me the permissions the app needs. The one that seems to most often when it seems unnecessary is the ability to use the network. Why does a simple local app need that?
Now, I understand the need for apps to do things I might not at first comprehend. And I see why an app on Facebook might want to promote itself on the wall of someone so wonderful as I am, but I don’t want it to post garbage or offensive stuff. Can you imagine an app posting even once “John likes broccoli” on my wall? Ugh!
What we need is an enforceable contract.A set of rules that describes exactly what apps are allowed to do with the permissions granted them. For instance, “App will only post promotions of the app to your wall and never more than twice per calendar month.” We also may need limits to the app’s use of the network on a smartphone. Not everyone has unlimited text or data. An app could use up a data plan with a small limit in no time at all just by sending the user’s use statistics back to the “mothership” every few minutes.
I think such contracts are simple and benefit both sides – users get the apps they need and more will sign up if the rules are clear. What do you think? Does it bother you that apps can pretend to be you and post “I voted for…” posts on your wall that may not be true? Let us know in the comments below.