PrivacyHawk: risk analysis for Android apps
Android's consumer-unfriendly permissions system makes it difficult for users to find out what applications do in the background.
While it is possible to root phones and install applications that provide detailed information about the background tasks an app runs on a device running Android, it is safe to say that most Android users cannot install those apps because their devices are not rooted.
It is difficult to find out if an application connects to Internet servers and even more so when it comes to the data that is transferred in the process.
The new Android application PrivacyHawk analyzes each installed app on a device it is run on to sort each application into risk groups.
The initial scan may take a while. Findings are displayed as buttons once the scan completes that represent risk categories. The application supports several of those including one that is reserved for apps that are outright malicious, one for safe applications and one for apps with moderate risk levels.
A tap on a risk category displays all apps PrivacyHawk rated accordingly. Information are scarce on the first screen but a tap on an application's name displays detailed information about its developer, its permissions, and the servers it connects to when run.
The summary at the top lists important details such as the risk rating of the publisher and the app, the version tested and when that version was published.
The risk summary report lists permissions, data leaks, device takeover and information gathering techniques the app uses. The application may inform you that the tested app sends data to third-party ad networks, that it may have access to your microphone and may record audio, that it may communicate data in non-secure ways, that it may try to disable certain device features, or that it can read low-level system log files.
The same page lists publisher reputation information and risk details which highlight the application's communication on a world map.
The program uses a mix of permissions an application requests with other information it gathers about the application. Since permissions play a big part in the risk assessment, it is clear that applications that require lots of permissions are listed as moderate or even dangerous even though that may not be the case.
PrivacyHawk can only provide information about applications that its parent company, Marble Security, has analyzed and included in a database.
This means that some applications may be filed under unknown as they have not been scanned. This was the case for Firefox Nightly for instance but also Facebook Lite and Lingvist.
PrivacyHawk requires quite the set of permissions itself including several such as "controlling vibration, finding accounts on the device or modifying system settings that seem irrelevant for its main purpose.
It is interesting to note that you can open the analysis of PrivacyHawk using the app. You find the application listed in the safe category but its risk summary highlights some troublesome permissions and features such as sending data to third-party ad-networks, looking up geo-location information, non-secure communication of some data or attempts to write device security settings.
PrivacyHawk can be a useful security app for Android provided that the apps you have installed have already been analyzed by the apps' parent company and that you don't mind the apps' own hunger for permissions.
The application can be an eye-opener as it provides you with detailed information about an applications' permissions and activities on the device that include a list of servers it communicates to.
Never exclusively stated if this app requires the android phone to be rooted or not. Does it have to be?
No it does not require root. I don’t review apps that require root.
This app seems a little risky itself. Do you know of a similar, less risky app, for this purpose?
Android is not as bad as Windoze. Windoze doesn’t let you know what the app is doing.
PrivacyHawk is great..! Now I can see what is really happening on my phone! Marble is run by the founders of IronKey – another world class security company. These guys are security pros!
Hi Martin! Nice article. I was using AppBrain Ad-Detector for something similar. That app seems to be dead as it hasn’t been updated in some time and is missing in features compared to this one.
A privacy app that needs ‘[email protected] me’ permissions.
Not a very review-worthy app.
Please cover the Google I/O news that Android will finally be getting a decent permissions system that will hopefully resolve the atrocious situation we currently find ourselves in. Unless you already have covered this news and I missed it? I know I glanced at it somewhere. Probably Ars Technica. Would be great if quality independent journalists like yourself could afford to cover some of the big conferences in person occasionally. Maybe if your new funding arrangements take off?
Or just use Xprivacy, AFWall+,AppOps or already apps that exists since years now instead of install just another app that has less abilities compared to an traditional AV from “trusted” company’s.