The New Way To Buy Software: ‘Permissionware’

The New Way To Buy Software: ‘Permissionware’

We’ve been through the shareware era. We have donationware, subscription software and plain, old buy-it-in-a-box software. But the latest way to “pay” for software is by giving apps permission to access your location, camera and other data on your smartphone.

Daniel Cohen runs RSA’s anti-fraud division. He’s concerned with how adversaries overcome the human elements in systems in order to launch attacks. He says the number one thing people can do to avoid being the victims of fraud is to be vigilant by checking bank statements closely and to pay attention to how banking sites and applications work in order to recognise anomalous performance.

He also suggests using mobile apps for banking rather than banking websites.

“Even if you do it on Android, which is more susceptible to — be careful using the term malware because it’s not real malware – it’s more this permissionware. You install the app. It asks you for all these permissions and you install it and it dos this different stuff.”

Cohen noted that he’s not seeing advanced techniques, such as memory sniffing, on the consumer side of things. So, as long as you don’t give permission to apps running in the background to access your device in unanticipated ways, banking apps should be safe.

The author of this article travelled to Singapore to attend the RSA Conference as a guest of RSA.


  • I was hoping for a little more social commentary on how, in an era of apparently “free” online services, the consumer has become the product.

    And how we have become accustomed to this; knowingly trading our data and privacy to access those “free” services.

    • I honestly don’t mind this that much. From my perspective, worst-case scenarios: identity theft with hackers/malicious devs, gives an in for governments to get personal information. Best-case scenarios: more targeted ads and more pervasive ads, but more cool free stuff that wouldn’t be possible with the old system.

      I guess it depends on where you are, mostly. Live in some totalitarian state, no way would I trust companies to not sell this stuff to dictators and get me killed for saying/thinking the wrong thing. Live in Australia, I expect most of this stuff to just sit in massive server farms until the company goes bust and hope the inevitable failure to wipe every single hard drive when they auction them off just leaves me safe.

      I’m an optimist

  • “…It asks you for all these permissions and you install it and it dos this different stuff.”

    typo 🙂

  • I’m more interested in what they do with my data once I click accept. Some of the information they are requesting permission to access has no relevance to the app I am installing, so clearly all they want it for is data farming. I’m especially suspicious of the ones that when there is an update, I have to accept their request for additional permissions.


  • I’m pretty happy with Google knowing my location, appointments and mail. It makes stuff like Google Now work really well and having everything in the cloud makes transitioning devices a breeze.

    Setting up two factor authentication also makes it pretty hard for someone to break into my account 😀

  • Put all the permissions in the free app you like, I really don’t mind:


    What annoys me the most is when an app is offered for free but the developer fails to add a premium version or in-app purchase so you can turn off all the ads and permissions.

    When an app is offered with a seperate premium version, that’s my preference. When it’s offered with reasonable permissions, and then in-app purchases to disable ads, i’m all over that and I’m happy to pay (ads in apps decrease your smartphone battery life by up to 20%)

    When an app is just offered for free only with ads everywhere and crazy permissions, forget it.

Show more comments

Comments are closed.

Log in to comment on this story!