A few months ago I obtained some free audio books from a special offer from audible.com. I realised too late that there was a catch, that the books are in a proprietary wrapper and there is no convenient way of playing them without booting Windows and installing their crappy reader. That was a shame because the books I chose are good and I'd love to hear them.

I sighed and got on with my life.

Today on Android Market I thought of those books and sought out Audible for Android. Great, I thought, I can listen to those books now. So I'm about to install. Before installing I'm asked to okay this:


Now arguably the application needs to be able to prevent the phone from sleeping. I could do that myself of course but I suppose it would be convenient to have a button to click inside the reader to disable sleeping.

What it certainly does not need is all that other stuff. Being a book reader it only needs to read files and operate the audio interface.

And so, with another sigh, I've decided not to download it. Possibly one day I'll take the time to convert the books to a form that can be played without this rigmarole, but for now they're just sitting on a Linux partition unplayed.

Why is this company going out of its way to give me reasons to regard it with suspicion and to avoid going back to its website to actually spend money on audio books?

I dont use the app, so not sure how it works, please bear this in mind when reading the following points.

I would expect it to modify your sd card, as this is where it will store the books.

It would also need internet access, to download the books from the net.

It will need to read the phone state, as when you receive a call, you want the audio to stop playing. So you can take the call.

The only one I cant explain (probably because I havent used the app), is why it would need to update your calendar. Since you know more about the app, you may well be aware of some functionality where it adds an entry to your calendar.

To be honest I have been installing apps without paying much attention to the privileges it asks for. I have started to review them, and am surprised how many apps want to know your location (albeit coarse location). This is for non-location related apps.

Theres no issue at all here. Stop being so paranoid!!

Allow this application to access:

Phone calls - read phone state and identity - So the phone can change states to stop the audio, open the phone. apk and allow you to answer an incoming call
Network communication - full internet access, create Bluetooth connections - naturaly considering you need to download the books.
System tools - prevent phone from sleeping - obvious
Your personal information - write calendar data - this im not sure but its possibe the book reader has some kind of function to maybe read out calander appointments?
Storage - modify/delete SD card contents - Again obvious as it needs to download the books to your SD Card.

I might be wrong but aren't some libraries trialling electronic books (through audible?) and may need to check date with calendar before deleting the book on the 'due' date?

Yes, the calendar requirement could be to do with limited time trials of books or something like that.

An audio reader doesn't need internet access. Other tools can be used to download the books, it doesn't need to write anything to my SD card at all and it certainly has absolutely no business accessing the phone identity or opening Bluetooth connections. Whatever excuse the writers might have thought up for the application to write to my calendar, I'm having none of it.

Do some audio readers require these things? Of course, this one does. There are other audio readers that don't, and other ways of opening those files without enduring the loss of privacy and security involved in allowing that application to use my system. I'm patient, I'll keep the files by until I get an opportunity to open them safely.

As usual, a quick Google gives answers to why the app needs these things.

From http://audible.custhelp.com/app/answ...le-for-android


All of those seem reasonable to me, and I would be happy to use the app. I suppose they could do a very cut down version of the app for the really paranoid that leaves out a load of features, but I suspect they wouldn't get many takers.

Then a smart phone isnt for you then, so you should really just get rid of it and use a cheap £30 job.

Of course it needs access to the net. Most people will download the books.
Bluetooth is so it can access your car system if you have one or bluetooth headset.
And of course it needs to write things to the SD card. Where do you think it puts the bookmark information or the books you download? And if you have put books yourself on the SD card, how is the app gonna have access to them if you dont allow it!! If it didnt put it on the SD card,
Phone identity, ive already explained this. What happens if your using the app and someone rings you? Would you prefer the device just hung up on them and you missed the call? I bet you wouldnt!!

Get a grip man and stop being so damn paranoid.

Yeah lol

It would leave out being able to use it period if they removed the SD card contents permission. The reader wouldnt be able to access the books he's put on it lol

Audible.com is a reputable company. However ultimately they want you to purchase audiobooks from them. I don't see a problem allowing this app access the to the Internet etc. TBH.

I think many commenters here are getting a little carried away. An audio book reader is an application that takes information from a file and operates an audio device. It doesn't need to know the date or the time, or where in the world it is. It does not need to know about the internet or Bluetooth. It does not need to write to a file system on a removable drive. It does not need to know what a calendar is, and has no need to use the calendar of a human being as a target for its doodles.

It is thus a reasonable assumption that an application that demands these capacities prior to installation was written by a developer who did not adequately understand the limits of his remit and showed scant regard for the security of the user's personal information.

This particular application stands out because of the extreme discrepancy between its simple task and the extravagance of its demands.

No, but it needs to access the SD card which you store the audio books on. You wont give it permission so exactly how is it going to read them?

How is it going to save your bookmark when you have finished using the reader for the day and want to pick up where you left off later? Magic? No. It needs access to the SD card to do this

You wont give it internet access, so how is it to inform you of updates or allow you to browse its books?

For time limited books, it needs access to the calendar so it knows how long you have had said book for. If your adding your own books then dont fret. It will never use this function.

It needs access to phone change state so if someone rings you the app can suspend itself, the phone app starts allowing you to take the call. Then restart the reader when the call has ended.

I could write you a reader app right now, but if you wont let it have access to change states and the SD Card then it will simply sit there looking pretty and you wont be able to use it.

That app does not stand out. If you care to look at the apps you have installed now i think you will find they all do that. In fact, you had better not until you understand whats going on or you might have a heart attack!!

When an app shows you what permissions it needs, its only showing you what it MAY need. If your not using it to browse its books then it will never use the internet unless it needs to update.

If after reading this you still dont understand, either get rid of the smartphone as its clearly not for you. Also get rid of your PC as those permissions Android shows you, well your PC does them all and more without telling you. You can also download an App called 'Droidwall' which is a firewall to block certain apps from accessing the internet if your that paranoid.

The SD-card permission this application needs, I'm sure we're all agreed, is to read the contents. The permission it claims to need, and won't get, is write. You mention lots of different things that both you and I know are not in the least involved in reading from a file and operating a sound production mechanism, and you repeat your read versus write error with the calendar.

I don't know whether you have specifically developed software for Android, but if not it's understandable that you think a bookmark mechanism needs to write information to the SD-card. It would also explain why you think the application needs to take special action during a call.

You appear to think that operating a personal computer connected to the internet necessitates using software that adopts the same extravagant and insecure approach adopted by this application. It does not. In fact, safely operating any kind of computer is only possible if you're aware of the security issues and how to limit them. Those who adopt a position of impotence end up with insecure systems because that is what they expect.

And those who are overly paranoid end up with no apps, using their £500 phone for texting and calling only.

You have to find a balance. People have already given you very justifiable reasons for Audible needing those permissions, you may not agree with them, but I would bet money that there's more people out there who like the benefits those permissions offer while using the software.

And that's what it comes down to. Market. If more people were of your mindset, the company would have to rethink things, as they wouldn't be selling much of their product. But it's just not the case.

tonysidaway - I admire your dedication to security, but you really do have to trade some of that in a reasonable way for features.

Lets take the example of the SD card write and Internet access as they are very simple and obvious. There is a feature in the app that you can download audiobooks from the Internet within the app and save them the SD card.

You say you want an audio book reader. That is fine. But this app is an audio book reader, an audio book shop, an audio book downloader, it can play books through bluetooth, etc. That is why it needs these permissions. In my opinion, if it didn't do all this it would be a pretty poor app.

Whilst I'm not casting any direct aspersions against any poster, this does seem to be a little paranoid. The next step is wearing a foil hat so that the CIA can't read your thoughts.

^ That above describes my phone, although it wasn't £500 more like £80 on special offer from Carphone Warehouse lol. (Samsung GTi5800).

Audible are a very well known, and as far as I'm aware reputable, company. The majority of people who are concerned about their privacy will look at the reasons shown in a previous post where they justify exactly why they need the various permissions for the features they've included, and think those are reasonable, and that's the audience that Audible are targetting. They're not going to bother targetting their app to a miniscule percentage of smartphone users who are super-paranoid about their privacy.

Companies that develop software and services and apps want to appeal to the majority, and I agree with goomba, it would be a pretty poor app without the included features, and one which the majority of people would dismiss!

I'm a little surprised at this response, which seems to be shared by nearly everybody on the thread. In short, Android's security model makes it easier for me to do what I and many other computer experts do when evaluating new software for security. As consultants this is what we have done routinely on behalf of clients large and small.

Android simply makes it easier for the system, the application developer and the user to collaborate in minimizing risks. A user who performs that evaluation step and rejects an application that appears to be asking for more than it needs isn't being overly paranoid. He or she is using the system as it is designed to be used.

You would prefer the audio book to continue playing while you took the call? I think you may be alone in that.

But by minimizing risks as much as you want them to, they'd also be reducing functionality. What's the point of that?

As people have pointed out, the permissions you don't agree with, have very valid uses. Uses that other people like.

Maybe you should look for another app, one that doesn't have all the added features of Audible. And therefore doesn't need as much control of the phone.

Jesus, its like pulling teeth!!

Yes i make custom roms for Android, i dont write apps but i could do if needed i guess!

Once again, where do you think the bookmark data is going to go if you wont allow it to write to the SD Card?

How is the phone going to change states to allow the call t come through if you wont allow it access?

How are you going to be notified of updates to the app if you wont allow it access?

Androids security system is sound. In fact, at least it tells you what it needs access to. No other phone OS does that as far as i know and your still complaining!!

Come on, these are basic things to understand. I think your actually starting to take the piss slightly now if im honest.

I read the permissions list for every app I install. If I think the permissions are unreasonable for the features that the app includes then I won't install, but what you seem to be ignoring most steadfastly is that Audible HAVE justified every single permission they've requested based on the features in the app. By saying you don't want to accept those permissions you are also saying that you don't want the features that are in this app. By that rationale, this app isn't for you!

If it was a calculator app from an unknown software company wanting all these permissions I would be suspicious and uninstall it. But this is from a reputable company and has functionality that does legitimately need those permissions.

Perhaps OP, you're better off giving up on apps and sticking with audio books as simple unprotected mp3 files that will play in the stock music player. Thing is you'd probably have to go onto some pretty dodgy websites to get those

Better yet, stick to a book. I don't think they will try to take over your phone or track you. Just make sure you pay cash for it if you buy it and definitely don't borrow it from a library. All that data in other people's hands - scary!