Woolworths Android App Has Psycho Permissions

Shoppers were happy when Woolworths added an Android app to its range, but they're less than impressed with the most recent update. Why on earth should a shopping list app have the ability to make calls from your phone and monitor all the other apps running on it?

Permissions requested by the new app include the ability to make calls, monitor other apps running on your system and take photos automatically:

That has led to a host of critical comments in user reviews on the Android Market. The content which the update adds — new health information, improved shopping list functions and the ability to save a recipe — certainly don't seem to justify that kind of widespread access.

We're reaching out to Woolworths for an explanation of why the app is set up this way. In the meantime, we can only echo our earlier advice: if an app makes ridiculous permission requests, don't install it. This falls into that category. Thanks Geoffrey for the tip!

Update: Woolworths has acknowledged the issue and promised a fix.


Comments

    Here it comes....

    well, they do own half of the pokies in australia, hardly a trusted company!

      +1

      Some of the permissions to services are required (as stated in the comment below) but auto photos and permission to dial out? Uh, no.

    Some permissions are needed for some of the weirdest things.. but the 'trusted" developers address the concerns in the description of the app. I think this is a sensible thing and should become best practise for app devs.

    Like "Read Phone State".. it's needed to know whether there is an incoming or outgoing call, for example, so that the app can stop audio or whatever to allow you to take the call... if the dev's simply explained why the permissions were needed, I'm sure there would be less outrage.

    Knowing what other apps are running helps with logging on crashes I know that much.

      Indeed.. let's look at this objectively:

      Storage - Well, you want to keep your saved shoppinglists and favourite items etc

      System Tools (Running Apps) - 3rd party plugins, logging crash reports for conflicting apps using the same resources etc

      Your location - Finding the nearest store to you and/or more easily set a delivery address.

      Direct Call - Call the store directly from the app rather than having to copy and paste the store's number.

      Take Pictures and Videos - Maybe you can take a picture of a barcode on the side of a product?

      Seems perfectly logical to me...

        NO
        NO
        THIS IS LOGIC
        WE CANNOT HAVE THIS HERE

          If this were US Lifehacker, I would agree with your statement :)

        They all seem pretty reasonable when looked at in that light, but unfortunately those permissions also allow for a lot more control, and until Woolworths explains what it is doing that requires these permissions people should err on the side of caution.

        Except that why does a supermarket app need third party plugins or to provide crash reports? Why would you need to call the store (the whole purpose of this is self-serve and getting people away from tying up actual employees). Why "maybe" take photos of barcodes - is it a published feature or not? It may be logical to a developer but to everyone else, steer clear.

          I am not a developer.. just have the ability to see things objectively, offer possible answers based on previous experience with other apps.. oh and I'm not paranoid..

          I'm still not going to download the app without confirmation from Woolworths on what the perms are for.. but the way this article has been slanted and some of the comments, it comes across as sensationalised scare-mongering when there could be, and most likely are, legitimate reasons for having those permissions.

    Maybe the permissions listed by the Google market need to be more specific. When a certain permission covers such a broad range of possibilities of what it could be, it makes it a bit daunting to think what could happen if I installed an app with a vague permission.

      Permissions are already pretty specific. When you create an app you request which permissions you need and this is what google lists on the app store. It is entirely possibly to not even use those permissions but that would be working against them. All good developers will list why they need the permissions and even then you need to trust they aren't using them for anything more.

      I doubt woolworths has good intentions for viewing other apps running. It's probably market research to see if you are using other competitors apps or possible debugging tools. I don't see what's the point of directly needing to make phone calls in this app though.

      Also to finish up it is great that people are becoming more aware of android permissions but I doubt woolworths is going to become malicious and start trying to fuck with your android for malicious purposes. When it comes down to it it's probably research and marketing and you just need to weigh up if that is more important to you if they get those details or you use the app.

    I'm sure the app will be updated after this, I hope LH publishes when such a change occurs as well.

    I'm thankful LH published this one as I was going to install the app shortly

    Did no one listen to Zuckerberg .... all your data belong to us

Join the discussion!

Trending Stories Right Now