This system worked fairly well. If an app changed its permission needs, you’d be notified, and could choose whether to accept the update. With the most recent Play Store update, however, users are not told about certain permission changes if they don’t result in the addition of permissions to a new group. Given the sheer breadth of permissions a group now covers, this effectively leaves Android with only 13 permissions. An application can quietly update itself in future, to grant itself access to further permissions within a group, with the user left none the wiser.
Once an app is granted an individual permission within a group, that application has the ability to add any other permissions from the group in a future update, without users being notified of the change.
Optimist view: Google I/O will bring changes to the permission system wherein the above makes sense. Pessimist view: Google is monumentally stupid.
I'm not an optimist.
To view parent comment, click here.
To read all comments associated with this story, please click here.