In order to better understand the ecosystem of Tunisian Android applications, I have written a few scripts that collect, analyze and then display the permissions required by these Android applications.

A few weeks ago I attended a conference and heard all the complaints from people in suits. They complained about the lack of regulations, and were very vocal with their criticism  the local Tunisian ecosystem and how developers  are overreaching for permissions to collect data in their mobile applications.

Policy Advocacy on Data privacy & Security" @ Elgazala Technopark

Policy Advocacy on Data privacy & Security” @ Elgazala Technopark

I have decided to put their claims to the test, and see if they hold against hard-data.

Step 0: Getting The Data

As every self-respecting developer, I  immediately fired-up a text editor and wrote a thing. I mean, why worry about data you don’t even have yet.

I made a small web application that would allow people to submit links for Android applications in the GooglePlay store.

When the application is submitted I query GooglePlay to get its developer, description, category, and of course its permissions.

When an application is submitted, I also query the store for other applications developed by the same person/company.

Sometimes, GooglePlay will return inconsistent values, I flag those as “API problems”, and at this time while I’m writing these words, I had around 33 of those.

Step 1: But Is It Tunisian ?

Having people submitting applications is great, that way I was able to crowd-source data, and find indie developers I would have never found on my own.

With this project scope limited to Tunisian applications, I needed to limit as much false-positives as possible. That means sacrificing possible applications in favor of accuracy.

Overall, around 5900 applications were submitted or crawled. The algorithm determined that 384 of those are indeed Tunisian.

This property is determined through a series of tests:

I check the application’s Id, name, description and author name. If they contain elements with a distance close to the worlds “Tunis“, “Tunisia“, “Tunisie” and “Tounes“, we can safely say that these are Tunisian applications and/or destined for the Tunisian audience. This will leave out a great number of applications, but I’m willing to live with that.

The processed applications are available in a table or as a JSON string.

Step 2: Data Visualization

Reading 7000 lines of JSON is fun for l33t  people, however charts can make the task a bit simpler for the mere mortals.

This pie-chart shows the number of required permissions per application.


~68% of the applications ask for less than 7 permissions.

~12% of applications ask for more than 10 permissions.

Of course there are always applications that require over 28 permissions such as “Battery Saver” by TUNDROID.

The following bar-chart shows the number of times a permissions is asked for.


As you would expect the most asked for permissions are :

  1. INTERNET (379)

These permissions make a lot of sens for almost all mobile application as most use-cases would require to get/push some data to a server and read/write from the phone.

To have a better understanding of the ecosystem, I have displayed the permissions required by application organized by categories.
bar_categorieThe categories that require most permissions are:

  1. SPORTS (9.2)
  6. TOOLS (7.5)

We can see that applications that offer most “interaction” require most permissions (which isn’t a surprise).

In conclusion..

I don’t understand what all the fuss is about

The data shows no excessive trends as far as I can tell.

Despite some applications that go crazy with their permissions, the general trends are reasonable and mostly appropriate to their categories.

Please feel free to use the data to challenge my conclusion or add more insight. And don’t hesitate to leave a comment.

And as always ….