WordPress phone app security
-
A grandchild recently began blogging on wordpress and invited me to follow, which I did. I was using my desktop computer which has a pretty high level of security.
When I went to install the wordpress app on my smartphone I couldn’t log in. A popup window told me that I needed to grant access to various parts of my phone to proceed.
I don’t like having apps spy on me and I have scrubbed the apps on my phone to take away all permissions not essential to their function; e.g. google maps has access to my location, obviously. I refused to make the changes for wordpress and have deleted it. Why does wordpress need access to anything on my phone to work? Other apps manage well without such access. -
-
Android.
The app gives the message :This app won’t work properly unless you allow Google Play service’s request to access the following: Phone.
To continue, open Settings, then Permissions, and allow all listed items.
When I click Open Settings I come to Google Play Services, which currently has access to a few items and now seems to want all.
I don’t understand the connection between WordPress and Google Play Services.
I also don’t understand why this is requested. I’ve downloaded many apps from Play and have never had to change the settings in Play to make an app work and I’m not about to change that. -
Hi there,
In order for any app to work on Android, the app needs access to certain processes or data on the device. Google Play Services is the part of Android that controls these permissions.
Giving those permissions do not give the WordPress app the ability to spy on you. It just gives the app access to the things it needs to work. Google has very strict approval processes in this regard, and no app is allowed more permissions than what it needs to function, so it’s safe to grant those permissions.
If you don’t want to grant those permissions that is your choice, but then you won’t be able to use the WordPress app on your device.
-
I was looking for help around an unreasonable demand. Instead you provide me with explanations which run counter to my own experience.
I have had the same settings for Google Play for a long time. It has access to very few things on my phone, yet it has never had a problem downloading an app.
I have downloaded many apps which automatically set themselves for permissions I didn’t want, such as access to my contacts list (to which Google Play does not have access). I went in manually, revoked the permissions, and had no problem with the app working.
I have never had an app, once installed, refer back to Google Play in order for it to work. Never has an app told me that I have to change the Google Play permissions in order that the app works. WordPress has a connection with Google Play that I’ve never encountered before.
I agree with your conclusion. I am not going to change my Google Play settings and I am not going to use WordPress. I have already deleted it from my phone.
-
Hi there, I checked with our developers on this.
The WordPress Android app is asking for 3 permissions:
1. Camera (to take pictures, record videos).
2. Write external account (to save pictures/videos from camera, and do some resize/save pictures)
3. Contact. Which is not entirely how it sounds. “Contact” is a permission group, and we only need one permission from that group. The permission we need is “Get Accounts” which allows us to list the user accounts (email addresses). We use that list to autocomplete the username or email fields (during login/signup). Unfortunately Google added that one under “Contact” and it’s understandable to interpret it to list all contacts and send them to our server (which is not the case).
The app will work without any given permission, but some features will be obviously broken.
We uses the Play Services for a few things, and when we request something from the Play Services, it can ask for extra permissions. The features we get from the Play Services:
1. Signin/Signup via Google.
2. Store credentials in “Google Smart Lock” (a Google password manager, shared between Chrome and Android devices).
3. Geo location data when the user wants to set the location on a post, via post settings. Permission is asked, via Google play services, when the user uses the feature for the first time.
This sounds like what you saw, probably related to signin with Google or Google Smart Lock.
Please let us know if you have any more questions!
-
Thank you for your efforts. I gave the permissions through Google Play, even though I’ve never been asked to do that before.
I then used settings to give the permissions to wordpress, because giving them to Google Play didn’t carry over into the wp app.
I then tried to log in and got “hmmm, we cannot find a wordpress.com account connected to this email address.”
That’s the same email address to which you wrote, the same address I used to establish my account.
My frustration tolerance these days isn’t very high. I appreciate that you’ve tried to help. As I wrote before, I’ve never had experience like this (ie, having to change Google Play permissions to log into an app). And, having played along and changed permissions for both Google Play and the wp app, I still can’t get in. I’m going to remove the app and return the GP settings to where they were before, when they worked just fine for me.
Again, thank you for your efforts.
- The topic ‘WordPress phone app security’ is closed to new replies.
WordPress.com Forums 