Most Permissive vs Least Permissive Messaging Apps on Android

Android Messengers Take Different Approaches to Device Data Access

An analysis of the Android versions of popular messaging apps Messenger, Signal, and Telegram reveals varying levels of access to device and user data, driven by distinct permission sets and configurations.

Varying Levels of Access to Device and User Data

• Messenger, developed by Meta, requests the most permissions overall, totaling 87, with 24 classified as “dangerous.”
• Signal, known for its emphasis on user privacy, has the second-highest number of permissions at 72, with 19 designated as “dangerous.”
• Telegram, however, takes the lowest approach to permissions with a total of 71, including 25 “dangerous” permissions.

Static Analysis Reveals Differences in Risk and Configuration

• The static analysis performed using the Mobile Security Framework (MobSF) revealed that while all three apps pose some level of risk due to the presence of vulnerabilities, Messenger stood out for having the largest number of flagged issues.
• The analysis showed differences in how network traffic is handled, with Telegram allowing cleartext connections by default and Signal utilizing encrypted connections.

Variations in Geographic Distribution of Data Travel

• Messenger primarily exchanges traffic with North America, followed by South America and Europe.
• Telegram’s traffic is mainly centered in Europe, with smaller volumes in the United States, Asia, and Oceania.
• Signal’s traffic is also predominantly located in Europe, with additional connections in the United States and Asia.

These findings underscore the importance of understanding the varying approaches taken by different messaging apps to device data access, highlighting the need for users to carefully consider the trade-offs between convenience and security when selecting their preferred messaging platforms.

About Author

Vaibhav

See author's posts