- hiding permissions behind the group names
- auto-updating app with no warning for new permissions
Google explains, "If you have automatic updates enabled, you won't need to review or accept these permissions as long as they are included in a permissions group you already accepted for that app."
Google Play Store and before installation the app is asking for group permissions in left image and actual group permissions are expanded in the right-side image.
Below I have listed some most abused Android app permissions that cyber criminals are exploiting for their personal gain:
- GPS Location and Network-based Location
- Read Phone State and Identity
- Automatically Start at Boot
- Modify/Delete SD Card Contents
- Read/Send SMS Messages
- Read/Modify Contacts