Linked by Thom Holwerda on Fri 13th Dec 2013 15:40 UTC
Google

Yesterday, we published a blog post lauding an extremely important app privacy feature that was added in Android 4.3. That feature allows users to install apps while preventing the app from collecting sensitive data like the user's location or address book.

After we published the post, several people contacted us to say that the feature had actually been removed in Android 4.4.2, which was released earlier this week. Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone.

If there's one thing that needs some serious love in Android, it's the application permissions. I carefully look at them every time I install an application, but I'm guessing most people don't. While there's only so much stupidity technology can solve, Android's application permissions are, indeed, quite overwhelming at times. I'm not a particular fan of modal dialogs every time an application needs permission for something (the iOS way) either, so I'm not sure how this can be addressed in a user-friendly way.

App Ops seemed like a decent compromise that allowed for lots of finetuning of permissions, per application. Luckily, I'm using a custom ROM that re-enables it, Google be damned. Google claims App Ops may break some applications - well, that's not really any of my concern. If an application breaks because I do not give it permission to find out if I'm on the toilet or not - there's always an uninstall button.

So, Google better have some serious improvement in mind for application permissions, or they're just making sure regular users don't get into the habit of blocking Google's data collection. I hope the former, but I'm reasonably sure it's the latter.

Thread beginning with comment 578606
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by Nelson
by darknexus on Fri 13th Dec 2013 18:01 UTC in reply to "RE[2]: Comment by Nelson"
darknexus
Member since:
2008-07-15

Well, the warnings in WP are specific - "Needs location information," "Needs access to your address book."

Each one is different, short, and actually explains what is actually going on in a single line of text, while UAC prompts are none of these things.

Doesn't change users' behavior, unfortunately. Give them a click-through and they'll click through it to get what they want.

Reply Parent Score: 5

RE[4]: Comment by Nelson
by Nelson on Fri 13th Dec 2013 18:35 in reply to "RE[3]: Comment by Nelson"
Nelson Member since:
2005-11-29

It is easier to determine whether or not an app actually needs a permission once you've used it. If a calculator app is asking to upload all of your contacts, the user has already interacted with and come away with a reasonable expectation of what the app should be able to do.

It also like the poster below me mentioned allows for granularity in the permission model. From the start the API is designed to fail fast if the capabilities aren't declared in the manifest and explicitly authorized by the user.

App developers code with this in mind which means that apps don't blow up when specific permissions are denied.

Reply Parent Score: 3

RE[5]: Comment by Nelson
by JAlexoid on Mon 16th Dec 2013 17:14 in reply to "RE[4]: Comment by Nelson"
JAlexoid Member since:
2009-05-19

If a calculator app is asking to upload all of your contacts

Except that apps don't ask for such permissions. They ask for very generic sounding things... like read your Camera Roll(or was it access pictures?) or Read your Contacts. It would be very stupid of the data pirates to actually tell you that they are uploading your data anywhere.

Reply Parent Score: 4

RE[4]: Comment by Nelson
by Vanders on Fri 13th Dec 2013 20:08 in reply to "RE[3]: Comment by Nelson"
Vanders Member since:
2005-07-06

Doesn't change users' behavior, unfortunately. Give them a click-through and they'll click through it to get what they want.

No, but to be fair it's no better on Android: when people install applications via. the Play store, most people never read the security notice and just click the "Yeah, whatever, give me the app" button.

Reply Parent Score: 4