Linked by Thom Holwerda on Fri 13th Dec 2013 15:40 UTC

Yesterday, we published a blog post lauding an extremely important app privacy feature that was added in Android 4.3. That feature allows users to install apps while preventing the app from collecting sensitive data like the user's location or address book.

After we published the post, several people contacted us to say that the feature had actually been removed in Android 4.4.2, which was released earlier this week. Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone.

If there's one thing that needs some serious love in Android, it's the application permissions. I carefully look at them every time I install an application, but I'm guessing most people don't. While there's only so much stupidity technology can solve, Android's application permissions are, indeed, quite overwhelming at times. I'm not a particular fan of modal dialogs every time an application needs permission for something (the iOS way) either, so I'm not sure how this can be addressed in a user-friendly way.

App Ops seemed like a decent compromise that allowed for lots of finetuning of permissions, per application. Luckily, I'm using a custom ROM that re-enables it, Google be damned. Google claims App Ops may break some applications - well, that's not really any of my concern. If an application breaks because I do not give it permission to find out if I'm on the toilet or not - there's always an uninstall button.

So, Google better have some serious improvement in mind for application permissions, or they're just making sure regular users don't get into the habit of blocking Google's data collection. I hope the former, but I'm reasonably sure it's the latter.

Thread beginning with comment 578610
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by Nelson
by Nelson on Fri 13th Dec 2013 18:31 UTC in reply to "RE[3]: Comment by Nelson"
Member since:

API returns an error, app can't use functionality.

Reply Parent Score: 4

RE[5]: Comment by Nelson
by Alfman on Fri 13th Dec 2013 21:39 in reply to "RE[4]: Comment by Nelson"
Alfman Member since:

"API returns an error, app can't use functionality."

Absolutely, unfortunately the old all/nothing policy would have made this difficult for most developers to test. I still think it's a bridge that must be crossed, better to do it sooner than later.

It's not really such a complicated software engineering problem... I'd create a new app flag somewhere to enable/disable permission exceptions. New applications would throw exceptions by default for the developer to handle, old applications might return dummy data instead so they could continue running without breaking and without revealing private information which a user has opted out of sharing.

Edited 2013-12-13 21:47 UTC

Reply Parent Score: 3

RE[6]: Comment by Nelson
by Nelson on Fri 13th Dec 2013 21:59 in reply to "RE[5]: Comment by Nelson"
Nelson Member since:

I think its as simple as a manifest flag indicating call site grants vs install site grants for permissions.

If the permissions are a no opt at install time the the API will never throw an exception because it'll always have the permissions.

If its the new, better granular mode then then the developer must know to check for unhandled exceptions.

A great side effect of this is that it allows revoking granted permissions after the fact, should, say a report come out saying XYZ app is shady.

Reply Parent Score: 4

RE[5]: Comment by Nelson
by Bill Shooter of Bul on Fri 13th Dec 2013 22:39 in reply to "RE[4]: Comment by Nelson"
Bill Shooter of Bul Member since:

I meant as a user, what happens if you decline?

Do most app writers just shutdown the app? Or do they gracefully allow you to continue using the ap, despite the fact that you declined its request to look at your contacts to spam all of them with an app related spamvertizement?

Do most apps ask everytime you want to perform the action it requests the permission, or are they typically configurable from a menu in the app/operating system?

It would be best to combine both methods, for the app to tell you upfront the permissions it will ask for, and for the app to ask when it wants to use something that will require that permission.

For now, I enjoy the Cyanogenmod method of configuring privacy settings in the OS. If you deny an app a privileged, it doesn't know you denied it so it can't exact its revenge.

Reply Parent Score: 4