Goluk Android app has a ridiculous permissions list - basically full control of your phone

slidinghome

Member
Joined
Jul 23, 2016
Messages
31
Reaction score
3
Country
United States
I was seriously looking at the Goluk T2 Dashcam until I looked at the permissions required to run their Android app. It looks like Goluk wants ALL permissions available and installing it gives he the ability to make phone calls, reroute outgoing calls, send text messages, access all files, retrieve your contacts, record audio, create accounts, modify system settings, monitor your precise location and set passwords. That's just a partial list. I'm not particularly paranoid about app permissions, but in this case the list is alarming.

By contrast the DDpai app has a much shorter list of permissions and the ones listed seem to be genuinely needed. Unfortunately the DDpai Mini 2 doesn't have a removable mount.

WTF does Goluk need all this for? If someone from the company is reading this, you've just lost a sale.

Here's the full list of Goluk's permissions from Google Play:

Version V1.2.6 can access:
Device & app history
  • retrieve running apps
  • read sensitive log data
Cellular data settings
  • change/intercept network settings and traffic
Identity
  • find accounts on the device
  • add or remove accounts
Contacts
  • find accounts on the device
  • read your contacts
Location
  • approximate location (network-based)
  • precise location (GPS and network-based)
SMS
  • read your text messages (SMS or MMS)
  • receive text messages (SMS)
  • send SMS messages
  • edit your text messages (SMS or MMS)
Phone
  • directly call phone numbers
  • modify phone state
  • reroute outgoing calls
  • read call log
  • read phone status and identity
Photos/Media/Files
  • access USB storage filesystem
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Camera
  • take pictures and videos
Microphone
  • record audio
Wi-Fi connection information
  • view Wi-Fi connections
Device ID & call information
  • read phone status and identity
Other
  • access checkin properties
  • power device on or off
  • full license to interact across users
  • close other apps
  • adjust your wallpaper size
  • read Home settings and shortcuts
  • view network connections
  • create accounts and set passwords
  • read battery statistics
  • pair with Bluetooth devices
  • send sticky broadcast
  • change system display settings
  • change network connectivity
  • connect and disconnect from Wi-Fi
  • disable your screen lock
  • expand/collapse status bar
  • full network access
  • close other apps
  • change your audio settings
  • run at startup
  • set wallpaper
  • draw over other apps
  • use accounts on the device
  • control vibration
  • prevent device from sleeping
  • modify system settings
  • install shortcuts
 
Last edited:
I just looked over my app, great points you raised. I just denied a bunch of permissions related to SMS and reading contacts. They were never used according to my logs. The other stuff I just set to ask permission when needed.

They have a bit much but at least it's controllable.
 
At least on most phones it is controllable now, which permissions you allow it to access. I usually deny the ones I don't think it is necessary unless it is required to operate the certain app, though for my Goluk dashcam, I usually use it on the iPhone.
 
Isent that the same with just about any app ?

I was going to put a spirit level app on my phone this summer, but when i saw they all demanded access to just about anything on my phone i said screw it and eyeballed it.

A year or so ago, a TV station here made a free app and put it on the stores, the app had permissions to the whole phone.
So they then used that to record conversations and activate camera and microphone and so on.
They then contacted the people that got the app and asked them.

So you have this app on your phone,
Did you see what you have given the app permission to do.
Here you can see and hear what we have done with the permissions you have given us as the APP maker.
And then in my view they should have asked the same people " why are you so damn stupid"
 
I'm sure all the people that can read Russian feel more confident now
The famous Soviet poet Vladimir Mayakovsky even dedicated the following lines in his poetry:
"I would have learned Russian just for the fact that Lenin spoke!"
smile197.gif
 
people that can read Russian feel more confident now

Da :D

If Lenin was a cause for people to learn Russian, then surely Stalin was the opposite.

The Cyrillic alphabet always freaked the hell out of me, and Russian is a language i have only a little exposure to so its not one of the languages my brain have picked up on.

But i can do for sure is yes - no and cheers, and with that you can get by to a large degree in Russia i think. :)

Just been seeing the WW2 as seen from Russia programs on TV, nothing new to me, but its always nice to see Nazis get their butt kicked. :cool:
 
If Lenin was a cause for people to learn Russian, then surely Stalin was the opposite.
You would know as most Russian would like to see again their leader Stalin...
Just to the west prefer not to know the facts about Russia,
and invent them for the sake of the political conjuncture of the capitalists...
 
I just looked over my app, great points you raised. I just denied a bunch of permissions related to SMS and reading contacts. They were never used according to my logs. The other stuff I just set to ask permission when needed.

They have a bit much but at least it's controllable.

I assume since you're replying to this that you're connected to Goluk.

Your competitors have much more standard and reasonable permissions requirements and what they do ask for is fairly consistent. You might take a look at the permissions required from DDpai, Xaiomi, Joovuu, Blackvue, Thinkware, and Cobra applications.

Beside SMS permissions, why do you need full control of other aspects of the phone? In the US an apps ability to make calls can expose the user to expensive paid services, as can the ability to reroute calls. Nor should there be any reason for your app to create accounts and set passwords, or to access your customer's contact list.

Thanks for responding and looking into this.
 
Last edited:
Xprivacy also allows full control, but apps do not always function properly when restricted.
I've used XPrivacy for a long time and yes, restricting things can sometimes break an app. I also use Android Firewall (available on F-Droid I believe, an app market of open source apps) which allows me to control Android's built-in iptables for wifi, mobile data, etc on a per app basis.

There's also AppOpsXposed and AppSettings available if you have the Xposed framework installed.
 
Beside SMS permissions, why do you need full control of other aspects of the phone? In the US an apps ability to make calls can expose the user to expensive paid services, as can the ability to reroute calls. Nor should there be any reason for your app to create accounts and set passwords, or to access your customer's contact list.

Arms length connection. I review cameras on YouTube. I borrowed a T1 from a friend and just bought the T3 from them at full price. I have at Goluk and I'll link them to this post. I'll be interested to hear what they say.

I should have added that the app shouldn't request that many permissions even if you can block them.
 
There aren't many dash cams that can be mounted behind the mirror in my car. The T2 would have worked perfectly. Checking out their Android app was the last thing I looked at before making a purchase, but that permissions list is too much.

I'd be interested in what they have to say too. Maybe they'll update it to something more reasonable and I'll be able to buy one.
 
Here's their response:

7kHgThT.png
 
The most recent app update seems to have fixed the permission issue.
 
Back
Top