This system worked fairly well. If an app changed its permission needs, you’d be notified, and could choose whether to accept the update. With the most recent Play Store update, however, users are not told about certain permission changes if they don’t result in the addition of permissions to a new group. Given the sheer breadth of permissions a group now covers, this effectively leaves Android with only 13 permissions. An application can quietly update itself in future, to grant itself access to further permissions within a group, with the user left none the wiser.
Once an app is granted an individual permission within a group, that application has the ability to add any other permissions from the group in a future update, without users being notified of the change.
Oh Google.
Optimist view: Google I/O will bring changes to the permission system wherein the above makes sense. Pessimist view: Google is monumentally stupid.
I’m not an optimist.
I was annoyed when I saw this change, too.
The permissions system was one of Android’s strengths – I don’t understand why they would want to dumb it down. I understand if they want to provide a simplified interface for users who don’t want to be bothered, but they should have left a way for “power” users to get to the details if they want to.
Oh well, this will probably drive me to a custom ROM. It is only laziness that has held me back so far, and this may be the final straw.
How would a custom ROM help you with a GAPPS issue? The change is in the Play Store, not the ROM.
Well, privacy guard from cyanogenmod works pretty well.
A per app setting that that causes the OS to return bogus data when ever the app asks for personal information.
So facebook wants my contacts, sure, I’ll give it my “contacts”.
Obviously, this only works for some permissions and not others. So its not perfect. In earlier versions, it did have the ability to deny permissions to apps, but it caused a lot of crashes with apps. Removing a permission is harsh and apps aren’t written with the possibility of getting denied a permission it requires.
Ah, I have seen that in the settings screen on various custom ROMs (currently using Mahdi). I’ll have to check my other phone at home, as it seems familiar, and wondering if the LG version of Android on the G2 includes something similar.
It doesn’t really fix the problem, though, as it’s a Google Apps issue at the core. Just kind of works around it for some situations.
I use a custom rom (based on CM11 nightlies) but with google apps flashed for google play store.
If there was an alternative for google maps, google hangouts, skype and facebook messager, I wouldn’t need to flash google store and framework.
I know whatsapp lets you download the apk directly from their website.
There’s an app on F-Droid called GApps browser that lets you run the web versions of all of those (except the Play Store) in a sandbox.
I am just waiting for the Google IO to decide if my next phone should still be an Android or if I will add a WP 8.1 device to my handset collection.
Currently WP is starting to look better.
Edited 2014-06-10 21:20 UTC
I’ve found Windows Phone to be the best balance for me; it’s fast, fluid, and sandboxed like iOS, and the hardware is excellent pretty much across the board. There’s enough variety in the hardware to suit any Android user.
There are downsides; not every major app is out there, and the mobile IE browser isn’t as good as Chrome. It does have Instagram and Tumblr now, so if you’re so inclined you can be a hipster all day long.
I’ve found that it carries 99% of all the functionality I need out of a mobile computer, and is fast and beautiful to look at. Honestly, the only apps I miss from Android are Ingress and Hangouts, and I have a 3G tablet for that.
I was wondering how long it would be before the paid Microsoft advertisements appeared.
Well, to be honest, Microsoft hasn’t ponied up nearly as much as Apple has when I talk about my Mac mini, nor Google when I mention my Motorola Photon Q and ZTE Optik tablet. In fact, now that I think about it, Lenovo owes me a chunk of change for mentioning how much I like both my M91p workstation and my wife’s IdeaPad laptop. Speaking of laptops, my Sony Vaio hasn’t earned me squat, thanks for nothing Sony!
And don’t get me started on Be, Inc. They haven’t paid me a dime in over 13 years, even though I sing the praises of BeOS on a weekly basis!
Oh please… The guys been registered on this site for nearly 10 years and has commented over 2100 times. He posts about all kinds of stuff…
Its called an opinion. People have them. Sometimes they don’t even charge for it
/Tinfoil hat
This may be how Google get new apps onto devices that can do things like turn on mic’s, etc that if people knew about would feel like huge invasion of privacy.
5 new permissions added by Google
—————————————————-
1. Create Denial of Service attacks for any nearby iPhone.
2. Take everything you do in Facebook and secretly post in on Google+.
3. Make farting noises when you bend over.
4. Completely wipe you device if you start to sing, “Let it go…”
5. Every once in a while, let Google do evil.
It makes limited sense if they decide on increasing users ability to control permission by adding more. A permission that used to part of one, but is now part of a new one, could be upgraded by the app. But this seems like a really poor way of allowing that.
It seems to me the whole way the permissions system in Android (and iOS, but in different ways) are implemented are completely backwards.
Maybe Im being totally naive or not understanding some fundamental issue, but why can’t it be as simple as:
1. There is no longer any prompt to agree with permissions during installs/updates. The app store should prominently display what permissions the app needs, but there is no reason to “agree” to them because…
2. When an app wants to do something that is restricted by a system defined permission – the OS should just ask you if it is ok. Not before you run it, or before you update it, but when the app needs to do it. You either agree or not – if not the app either handles it gracefully (hopefully) or is killed – whatever, point is it doesn’t get to do whatever it was going to do…
3. The prompt for permission should have an option to “remember” when you say yes. If you enable this option, the OS should remember your answer for that particular permission for that version of the app. If the app is updated or its hash signature changes, the preference is forgotten and you get asked again.
Why wouldn’t this work? It is no more of an intrusion to the user than the current system – its just more granular and more importantly gives the user some indication of exactly what apps are doing behind your back (because you will get prompted by the OS when it happens – and it will tell you what privileged operation was about to be performed).
I do get what things like Privacy Guard in CM and XPrivacy do, but I think they go too far. If the app can’t function properly without being able to read my email (when it doesn’t need to) let it break. It is the developers fault – unless they are purposefully being deceitful they should be hounded to fix it. Privacy Guard/XPrivacy are just stop gaps (very useful ones), but they don’t do anything to promote a solution to the problem.
Apps should gracefully deal with not having permissions that are not absolutely required for them to perform their normal function. That is just common sense to me. The current system of “take it or leave it” permission sets just encourages developers to misbehave…
Maybe my approach is dumb or untenable. Whatever – there has to be a way to do this reasonably.
Fix this Google – you are doing evil.
Well, if you multiply every app users run, plus multiple Android devices that a lot of people have, this sounds like a Windows-style UAC nightmare all over again. Better to just do ’em all at once, otherwise I would get seriously annoyed, esp if I’m driving and the app is in hands-free operation… then I’ve got to pull the f-king car over and deal with that. Not cool.
I will say that they should allow power users more control over what permissions they see if desired, but since Google has, for at least the past 2-3 years, joined the rest of the industry in the war on power users, I’m not surprised we don’t have this option.
But as far as I’m concerned, if you’re not the ‘OMFG the NSA is spying on me every minute type’, there’s probably only a handful of permissions you actually care about, and THOSE are the ones that should be prominently displayed to the user. For example, I want to know about ANY app that wants to make phone calls and read keystrokes. But others are much less of a concern for me.
Edited 2014-06-11 01:19 UTC
OP’s solution would be leaps and bounds better for security and privacy while the latter is obviously more friendly to newbies, so why not combine those? During install time you can either just accept the default permissions or you can tick a checkbox for manual permissions, or make it a toggleable thing in settings; et voil~A!, you’ve got both!
What does the NSA have to do with it? It’s the app developers themselves that one has to be cautious of! There are already a good hundreds of examples out there of apps that farm your details, contacts and such out on their own servers for marketing and tracking — not to mention the few devs who were selling the details to telemarketers and malicious hackers. And these apps have all been on Google Play, not from some 3rd-party site or from plain .apks.
Yeah, that’s why I said you should, by default, only show permissions to users that allow apps to do bad things. I’m not intimately familiar with Android permissions, but I doubt EVERY SINGLE ONE of them is a real cause for concern, esp if the app is an alarm clock or something, and doesn’t even request permission to access the network.
That’s not to say that apps which don’t access the network are harmless, but you know what I mean
Edited 2014-06-11 04:04 UTC
What you described is almost exactly how iOS works. The apps ask for permission to access a resource, and then they do, or you deny it and they don’t. The default is to remember your answer, but you can always revoke permission later.
Yes, but the problem with iOS is:
1. The “permissions” are extremely broad – Android has much more granular permissions.
2. It remembers that you allowed a permission even after an application update.
The problem with two is compounded by one – apps can start off performing seemingly benign things (offer suggestions based on your location for instance) and then start performing unwanted actions in later updates without you ever knowing…
To be honest though, what I really want is something I don’t really know how to achieve. I want apps to be required to tell me why they need to perform a privileged operation – and I want there to be a way the OS can enforce this so that apps cannot lie.
Pipe dream… I know.
Well, Apple/Google etc. could easily implement the first part (simply make it so that apps have to give a reason for requesting special permissions and show that reason to the user), the second part would need to be implemented as a law. Make it a criminal offense to access any private data after lying about what you’re going to do with it. I really think that if our politicians were less dumb or corrupt, there would be a law like that.
Symbian also had a similar ask for permissions scheme, except if the application was signed with specific security level certificates provided by Nokia.
In such cases Nokia was validating the application was safe for the user.
Actually, in such cases it meant the app developer had paid Nokia a sufficient amount of money for a given certificate. Remember, the OVI store didn’t come about until close to the end of Symbian.
You mean Vista UAC?
(or Symbian, there it also asked at every run)
I don’t understand the difference of asking for permission when almost any app in Android request almost any kind of access permission and most of the people just give the app access to everything.
I am not an expert in Android and I’ve used it only few times, but it seems to me it’s not so easy to revoke specific permissions to an app, for example blocking Facebook app to see your SMS while allowing to do other tasks.
Overall I find Android permission system not very useful, similar in effectiveness to Windows UAC
Edited 2014-06-11 00:17 UTC
Android should allow apps to declare user permission profiles.
Each profile would request different set of perms in exchange for different functionality. That would allow to satisfy various user groups with various data protection sensitivities.
Google could heavily promote standard profiles for typical use cases like: no data sharing, id sharing, address sharing, contact sharing, educating end users what balances they bring etc. That would tempt app makers to use those instead of making their own (which users would fear as un-understood).
They really don’t.
As do users of other platforms. It’s a human problem.
Most of apps require more than it’s needed
It is, but implementation do matter. Windows UAC was a terrible solution while iOS “privacy” settings is much more effective and, by result, much more secure.
If a user clicks yes to every dialog in the Play Store, they will also click yes to every dialog that pops up during use.
So no, it is not.
If a user is presented with a long list of permissions to accept it’s more likely to say yes than when asked specific questions like “Do you want to give access to Facebook App to your SMS?”
And, even if a user has said yes to everything, in iOS is simple to disable access to something. In Androind I don’t even know if it is possible without the use of additional apps
I think implementation is important for security, and that’s what has prevented widespread cryptography on the web, no simple implementation
Edited 2014-06-11 11:24 UTC
This has been my main gripe with Android’s permission system since day one. Yes, you are told permissions an app will access, but you either accept or deny all of them and you do this at install time. Deny the permissions, the app doesn’t get installed. Want a VOIP app to be able to access your microphone but not your contacts? Too bad. The app says it wants the kitchen sink, you give it the sink or you don’t get to use the app and you don’t usually get told when the app gets to access any of the permissions you’ve given it (location being the one exception in certain situations).
I don’t think iOS has got it completely right either, but at least you get notified the first time an app wants access to something and can revoke it later at any time. That’s more than vanilla Android’s got, and it’s at least somewhat useful for limiting access. On the other hand, iOS has few permissions compared to Android and you don’t get told when an app is going to, for example, access the network. Android’s permissions overview is useless if you want to control what an app does, but at least if you read them you might learn broadly what an app is going to do and can abort the installation if it seems suspicious.
darknexus,
Google’s interests don’t align with those of user privacy. My theory is that this was done deliberately by google so that users could not block permissions on google’s own apps. Want the google bundle? All or nothing permissions.
It’s par for the course really, apple and microsoft have been all about taking away control too, just in different ways.
Come on, Google. That is a very Facebook thing to do…
Ironically, Facebook has granted the user more fine-grained control over their privacy settings than ever. I noticed the other day that they now allow you to select exactly what kind of info you will allow other people’s apps to get from your account. For example, if a friend of yours is using a photo-sharing app, and they wish to pull in your friend’s list, location info, previous public posts, etc., you can choose whether to allow each of those data points.
Of course, I turn everything off for any app that has requested it in the past.
I like my Moto G, but Im so getting a Windows Phone at the end of this year, I can’t tolerate this crap anymore.
Welcome to the club. Every time I switched to a nice new Android phone, after the short honeymoon I ran back to my old faithful WP device. I still adore Android on tablets, but not on something as mission-critical as a phone.