Please feel free to contribute all kinds of security related information (anti-virus, firewall, theft protection but also viruses, data harvester apps...).
The structure of this thread:
1. Common Sense / Permissions
2. Security Software
3. Dangerous Software
1. Common Sense / Permissions
In contrast to what you might be used to from Windows Mobile, Android informs you about the permissions, an app requests, when installing it, either through the Android Market or through an .apk file.
It is important to read these permissions and be reasonably suspicious, when an app requests permissions, that seem inappropriate. But some common sense is also needed to understand that some apps need permissions, you cannot understand immediately.
Here is an example of the permissions, you have to accept before installing an app:
What do these permissions mean?
I will not list all the permissions here, some are self explanatory and for everything else, you can read up on them here.
In general, you can trust Google with all their apps and permissions. Voice Control apps and Siri clones also in general require a lot of permissions, which makes sense, as they should be able to call your contacts, send emails and sms, etc. Install those apps only by developers you trust!
1.1 Permissions you can do nothing about
- Hardware controls, such as disable sleep mode etc.
mostly required by games, that want to keep the display on. Nothing to worry about.
- Write to your sd card
Apps that edit files (e.g. photo editors, office apps, ...), download files (Dropbox, Download all files, Wallpaper or ringtone downloaders, ...) and games, that require additional data to be played (e.g. Gameloft games or other graphics intensive games) need to be able to write files to your sd card, either after you created those files yourself or downloaded files.
- reading imei / phone state
many apps require this permission. while, technically, with a security app, you could disable this permission for the apps, it is not such a bad thing.
this permission is needed to identify the phone. commercial software might determine your valid purchase status through the imei.
the phone state also gives apps the possibility to react to incoming calls and go into standby for the duration of the call.
1.2 Permissions that invade your privacy
- access SMS inbox
necessary for Try 'n' Buy Apps (e.g. Gameloft Games), Apps with in-App purchases, and some apps, that require sim identification (whatsapp, Dailyme...)
For everything else, you should be suspicious.
- access contacts/ call logs
necessary for communication apps with contacts sync (twitter, facebook, skype, ...), also every app which has to do with ringtones (zedge, mp3 ringtone maker, ...) and online games, where you can invite friends to play with you (mostly card and board games and MMOs). Everything else might be a data harvester.
- your current location (network based or gps)
necessary for navigation apps, photography apps and communication apps that allow you to share your location.
Other apps, especially games, should not have this permission.
1.3 Permissions that might cost you money
- make outgoing phone calls
necessary for google apps, voice control apps and name lookup/caller id/phone book apps (for Germany dasTelefonbuch, dasOertliche and klicktel).
This permission should generally not be found in games and small info apps.
- send SMS
necessary for apps with sim activation (Try 'n' Buy Games, apps with in-app purchases, whatsapp, ... (see "access SMS inbox")).
For everything else, when in doubt, google the name of the permission or ask here, what it means and whether the app is trustworthy.
So, what can you do about these permissions?
There are basically 2 options:
1. Don't Install an app that seems suspicious for requesting too much information.
2. Install security software to block certain permissions.