Linked by Thom Holwerda on Tue 10th Jun 2014 19:52 UTC
Google

This system worked fairly well. If an app changed its permission needs, you’d be notified, and could choose whether to accept the update. With the most recent Play Store update, however, users are not told about certain permission changes if they don’t result in the addition of permissions to a new group. Given the sheer breadth of permissions a group now covers, this effectively leaves Android with only 13 permissions. An application can quietly update itself in future, to grant itself access to further permissions within a group, with the user left none the wiser.

Once an app is granted an individual permission within a group, that application has the ability to add any other permissions from the group in a future update, without users being notified of the change.

Oh Google.

Optimist view: Google I/O will bring changes to the permission system wherein the above makes sense. Pessimist view: Google is monumentally stupid.

I'm not an optimist.

Thread beginning with comment 590517
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: It really doesn't matter
by fabrica64 on Wed 11th Jun 2014 11:22 UTC in reply to "RE[3]: It really doesn't matter"
fabrica64
Member since:
2013-09-19

If a user clicks yes to every dialog in the Play Store, they will also click yes to every dialog that pops up during use.

So no, it is not.

If a user is presented with a long list of permissions to accept it's more likely to say yes than when asked specific questions like "Do you want to give access to Facebook App to your SMS?"

And, even if a user has said yes to everything, in iOS is simple to disable access to something. In Androind I don't even know if it is possible without the use of additional apps

I think implementation is important for security, and that's what has prevented widespread cryptography on the web, no simple implementation

Edited 2014-06-11 11:24 UTC

Reply Parent Score: 2

darknexus Member since:
2008-07-15

And, even if a user has said yes to everything, in iOS is simple to disable access to something. In Androind I don't even know if it is possible without the use of additional apps

This has been my main gripe with Android's permission system since day one. Yes, you are told permissions an app will access, but you either accept or deny all of them and you do this at install time. Deny the permissions, the app doesn't get installed. Want a VOIP app to be able to access your microphone but not your contacts? Too bad. The app says it wants the kitchen sink, you give it the sink or you don't get to use the app and you don't usually get told when the app gets to access any of the permissions you've given it (location being the one exception in certain situations).
I don't think iOS has got it completely right either, but at least you get notified the first time an app wants access to something and can revoke it later at any time. That's more than vanilla Android's got, and it's at least somewhat useful for limiting access. On the other hand, iOS has few permissions compared to Android and you don't get told when an app is going to, for example, access the network. Android's permissions overview is useless if you want to control what an app does, but at least if you read them you might learn broadly what an app is going to do and can abort the installation if it seems suspicious.

Reply Parent Score: 3

Alfman Member since:
2011-01-28

darknexus,

This has been my main gripe with Android's permission system since day one. Yes, you are told permissions an app will access, but you either accept or deny all of them and you do this at install time. Deny the permissions, the app doesn't get installed.


Google's interests don't align with those of user privacy. My theory is that this was done deliberately by google so that users could not block permissions on google's own apps. Want the google bundle? All or nothing permissions.

It's par for the course really, apple and microsoft have been all about taking away control too, just in different ways.

Reply Parent Score: 2