You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
The kids had fitness trackers bought for Christmas that required the JYouPro app to be installed just to get the time right on them. No option to do it on the device alone.
The app asked for access to contacts and text messages - there's messaging on the device. It seemed a bit much but I said OK.
Subsequently, I've had time to look at reviews and it all seems a bit dodgy.
As I use my phone for contactless payments, I'm now worried I've exposed myself to having my data and other details robbed.
The app's been uninstalled and the trackers are going back.
Worrying too much?
Is this on Android? It seems unlikely that there’s a legit reason for the app to require access to contacts / messages, but perhaps it come under the same umbrella as allowing Bluetooth connections or something. Or perhaps it’s a bug in the software or some lazy programming but I wouldn’t grant access. More likely the app is just harvesting some data from you for ‘free’.
That said, it shouldn’t give the app access to anything else, unless it’s using some new exploit (if that were the case, someone would have probably uncovered it by now). So your bank details should be safe.
As a slight aside, we should all be mindful of granting permissions like this (including to online apps that use Facebook login etc). Companies that occultly harvest data like this in exchange for a service are definitely something to push back against IMO.
As long as the app isn't harmful itself, why not just not allow the permissions and use it to set the time. Then uninstall.
If it shows text messages on the watch and allows you to respond then it needs access to SMS.
Garmin Connect has a hefty permissions list, including SMS.
You can leave the app installed and just turn the app permissions off, it may not work as expected, but you have that control.
As Superficial alluded to:
If granting an app access to send text messages also exposed your Google Pay data then that would be a very serious security failure of the "front page headlines" variety. Whether that specific app is dodgy with your contacts data in other ways I couldn't say, but I'd be reasonably confident that you haven't just bought someone in Hangzhou a new yacht.