“Android 4.3 has a hidden feature! It’s called ‘App Ops’ and it lets you selectively disable some permissions for your apps. Is some misbehaving app constantly pinging your location and draining your battery in a few hours? You can fix that now.” Terrible name, fantastic feature. Also: finally.
ah, this was about time !
I’ve uninstalled so many applications because they use rights I don’t want them to access. The “rights setting” is so much abused nowadays, with many applications feeling normal to track you, log you, get access to your list of contacts, get the right to send overcharged SMS in the background, and so on.
Since 99% of users never try to understand what all this complex thing means, it works too well, and therefore is too large a temptation.
Edited 2013-07-26 09:07 UTC
I have a feeling this feature is taking that long to arrive (it’s not fully there yet) because Google wanted to please app developers more than users.
Now that
* Android is comfortably established as a must-support platform
* Permission-abusing apps/malware is becoming common
* CyanogenMod has shown the way
* Users are becoming more proficient
The feature’s absence was becoming more painfull every day.
Hopefully as this becomes mainstream, apps will learn to not take install-time permissions for granted, and to behave well when one perme is missing.
The risk is that the app might disable itself completely if its money-making permission is disabled, but that seems to be fair game.
CyanogenMod had permission revoking in version 7, but there were a few problems with it:
1) Apps would often crash if it tried to do something that was blocked by the permission it no longer had.
2) App developers weren’t happy that users were able to cut out their revenue stream by denying things like the network permission for simple apps that otherwise didn’t need the internet.
CyanogenMod was actually working on a newer version that would only allow certain permissions that wouldn’t be related to revenue generation to be faked. So it wouldn’t block the permission, it would just return fake data.
From the looks of it Google is thinking on the same lines.
Here’s an idea: Instead of granting an app all permissions when you install it, why not force apps to ask for each permission when the app actually need it?
That way, if an app asks for access to your contacts list , and it makes no sense based on what you try to do in the app, people will probably answer no. The app should also explain why it needs it when asking. iOS works a little bit like this, but with far fewer options when it comes to giving apps access to different things.
1) CyanogenMod gets it. Users are happy.
2) Google gets the CM team to remove it, bragging about fragmentation and stuff, but actually fearing for app developers to fly away. Users feel like they’re being cheated on.
3) Android reaches world domination status. Developers have to embrace the platform and its policies, whether they like it or not.
4) Google brings it back. Users are happy again.
On the first look, Google’s behavior on this topic can be seen as erratic, and not really taking end-users’s will into account.
But if you step back and look at it, they handled the case pretty smartly, and in the end it’s a win for end-users.
Still, let’s wait for implementation details, and see if the whether the feature is for real.
I think CM was redoing this, because it basically didn’t work. When you deny the permission, it would often crash the app. They have a new method, where it would give false or generic information to the app instead. I wonder how the Google version would work.
At the very least, if Google implements it, the app developers have to live with it. If CM does it, they can make the app not work.
It always seemed like a conspicuous absence that a user couldn’t override app permissions, it should have been there since version one. The permissions that apps request on installation should be togglable instead of a readonly list. If it were then app developers would have been able to test permissions from the get go and provide better feedback to the user instead of faulting.
Tackling it on now that the platform is already popular is going to create something of a mess, unfortunately.
From a user perspective maybe, but from a developer perspective it adds a whole new level of debugging and programming. In addition, broad permission control would make ad supported apps impossible among problems. How can you display adds on your app if the user has blocked internet access?
On the other hand, an app wants to be able to add friends to your game so they add the read contacts permission. The user doesn’t want to add friends but has to accept the permission or not play the game.
Clearly there needs to be some limits to permission blocking, and some thought put into it. Otherwise app developers can just force their app to not work at all until these permissions are given. Again this is where CM’s “anonymous” info idea make sense. But it’s not something Google could really do, they have to what’s best for the users and the developers.
You say that like it’s a bad thing
To hell with ads. Either charge for your app, or make it free.
tkeith,
“From a user perspective maybe, but from a developer perspective it adds a whole new level of debugging and programming.”
I would think that having the permissions would encourage better programming practices and make the apps more robust instead of just making assumptions and ignoring exceptions (which is likely what’s happening for the apps that are crashing).
“How can you display adds on your app if the user has blocked internet access?”
This doesn’t justify omitting security controls in the OS.
If developers want to deliberately add restrictions (such as internet access requirements) to their own apps such that they won’t run when a permission isn’t granted, that’s their business. They can explain their case to their users, alternatively they can offer a paid version for a couple bucks to remove the app restrictions.
“Again this is where CM’s ‘anonymous’ info idea make sense.”
From a developer point of view, having lots of fake data is much than letting users opt out and keeping the remaining elective data submissions clean. I encounter this all the time with websites that force users to supply personal information. When users don’t feel it’s warranted they’ll just type in random garbage defeating the point of collecting the data in the first place.
and introduces backward incompatibility to 99% of existing apps. Users of CM declare, they know that they’re doing but letting it on the wild would be a big PITA to both (non-advanced) users and devs seeing their apps break randomly in the field.
Google made an architecture mistake atb and they are not getting away with it that easy.
No more Zynga spyware
From the original post and Thom’s comment: Is some misbehaving app constantly pinging your location and draining your battery in a few hours? You can fix that now.” Terrible name, fantastic feature. Also: finally.
From the Verge: According to the site, the application, which isn’t quite ready for primetime
Cheering too soon?
BB10 has had this from the get go. Was a delightful surprise since BlackBerry never advertised that feature!
Apps such as Permissions Denied, LBE Privacy Guard and PDroid, which restrict permissions of other apps, have been on Google Play for quite a long time now. The problem is that, as other people have noted, a lot of apps actually crash if you restrict their permissions because they assume they have been granted all of them in the first place.
I tried them out and it ends up being like a long drawn out UAT session where you try to work out the maximum number of permissions (and in what combination) can be withdrawn without crashing the app. It also shows how pretty well no error checking/trapping is being done by current apps w.r.t. permissions – hopefully this new feature might actually force them to write more robust code!
I suspect the chances are that most devs will just do a check that all permissions are available on startup and refuse to run if they aren’t! If they do that, then they should at least bring a dialogue explaining why they need each of the permissions they haven’t been granted.