Linked by Thom Holwerda on Fri 13th Dec 2013 15:40 UTC
Google

Yesterday, we published a blog post lauding an extremely important app privacy feature that was added in Android 4.3. That feature allows users to install apps while preventing the app from collecting sensitive data like the user's location or address book.

After we published the post, several people contacted us to say that the feature had actually been removed in Android 4.4.2, which was released earlier this week. Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone.

If there's one thing that needs some serious love in Android, it's the application permissions. I carefully look at them every time I install an application, but I'm guessing most people don't. While there's only so much stupidity technology can solve, Android's application permissions are, indeed, quite overwhelming at times. I'm not a particular fan of modal dialogs every time an application needs permission for something (the iOS way) either, so I'm not sure how this can be addressed in a user-friendly way.

App Ops seemed like a decent compromise that allowed for lots of finetuning of permissions, per application. Luckily, I'm using a custom ROM that re-enables it, Google be damned. Google claims App Ops may break some applications - well, that's not really any of my concern. If an application breaks because I do not give it permission to find out if I'm on the toilet or not - there's always an uninstall button.

So, Google better have some serious improvement in mind for application permissions, or they're just making sure regular users don't get into the habit of blocking Google's data collection. I hope the former, but I'm reasonably sure it's the latter.

Permalink for comment 578683
To read all comments associated with this story, please click here.
As a developer
by olejon on Sat 14th Dec 2013 20:23 UTC
olejon
Member since:
2012-08-12

As an Android developer I understand Google's choice. Android apps today expect all permissions to work when the app has been installed, and close to zero apps have implemented a way to deal with a denied permission post-installation. If I develop an app that uses a specific permission, and forget to declare that permission in the app's manifest, it will crash when trying to use it. The same will happen if one disable a permission through App Ops in most apps when the permission is needed.

I would like Google to do something about the situation. Some of the more privacy-sensitive permissions could be asked when needed, iOS-style, like location, access to contacts, messages, call state, photos and of course sending messages and making calls. Permissions like access to network, should be allowed at install.

Until developers have updated apps to the new regime, Google should implement App Ops so that if the user disables a permission, the system provides dummy data, like telling the app that the user has no contacts if the app wants to read the contact list, or that the user is on the South Pole if the app asks for location...

Edited 2013-12-14 20:24 UTC

Reply Score: 2