> "I wanted to install a led flashlight app a couple days ago. The one with 10 million downloads wants access to my phone book, internet, browser, etc. WTF! This is a LED flashlight app and it has an install base of 10 million, why on earth does it need access to the internet and phone book?! Arg, there is a total disconnect between useful apps and privacy! I do not know what the answer is, but the current system really grinds my gears!"
> "Imagine if you wanted to use the ls, cd, grep, tar, pwd, top, etc commands on unix and an "ad" would pop up, or maybe you would see it connecting to the internet. These are utilities too. Is this acceptable behavior?"
What I don't get about app permissions is that it's all or nothing. You see these apps and they require access to just about everything. As if I'm going to install that? Not.
However, it should be that an app asks for permissions and as a user I can tick or untick each individual permission. I.e. does this or that weather app really need access to my contacts? Nope. So why can't just untick that permission?
Permissions on apps seem to be pretty much broken.
Since Android 4.3 you can deny (individual) permissions for apps using App ops (There are apps that let you check which app's are using a permission and deny them the permission).
I Know it makes dev's life difficult but the capability does exist since Android 4.3.
What would be neat is a way to "virtualize" permissions. Example: An app asks for GPS. You don't want to give out your location but you still want to use the app. So you lie to the app about your location while still sending your real location to your other apps.
No, you don't. In fact, you couldn't even tell an app that it doesn't have permission, because then the stupid flashlight app will do something like, "let me see your location, otherwise i can only be 50% bright!" Obviously the writers of the app want that info.
Instead, it thinks it has a GPS, but you've decided to tell it that, for example, its "GPS" will always be e.g. times square or perhaps something a bit more realistic, but not real.
Eh. I get what you're saying but I think there's some terrible downsides to this approach. For example, what if the app is supposed to direct you to the nearest hospital, and the user denies its location permissions and then forgets and reopens it later or something? If the app doesn't know whether it has permission (or, worse, thinks it's getting accurate data when it's not), it would be impossible to program reliable error functionality.
If developers try to coerce you into giving extra permissions, hopefully the average user will be smart about it and just delete the app. At any rate, your solution definitely sounds like throwing the baby out with the bathwater.
I've rooted my Android phone and I've been using LBE Privacy Guard that basically lets you do just what you describe.
I actually just a got a new phone (Nexus 5), and the app is crashing on open right now, I imagine because I'm using KitKat or something like that. But that's besides the point.
It doesn't have to be that way. In BlackBerry phones, the app access is very granular, e.g. I can choose to run Google Maps but deny the app's access to my location.
Dear play store: let me search by permissions. Or to sort by low-permissions. When I want a flashlight app, I want to be able to search for things that only use the camera system.
I appreciate that Android lets developers and users do what they want and lets Users know what the applications have permission to do, but if you have to snoop at every application's specific details to find this out, it's not really good for those of us who care about such things.
A big problem is some of the permissions have terrible names - stuff like "read phone state and identity" - what freaking user is going to know what that means?
I recently switched from iOS to Android, and the two readily available app stores on my device(Google Play and Amazon)are little more than a cross between a digital flea market and the wild west.
Google would do well to copy Apple's approach to app store curation and locking down their OS so that shenanigans like this can't be pulled off.
I sure hope Google doesn't copy Apple's approach, because the openness of the platform and the relaxed rules of Google Play is what drove me to use Android in the first place, even though my first two smartphones where an iPhone 3G and then a 3GS, which are now paper holders.
Apple's curated approach wasn't allowing me to find and install an app for a very simple need - completely blocking calls and SMS from certain phone numbers, without those numbers even showing up in the logs. My iPhone couldn't do tethering either, because it's an on/off switch accessible to your mobile career and my mobile career was charging an extra 4 EUR/month for it.
Also, people don't freaking read and we can pretend that it's somehow our problem, but what's so hard at looking at the list of required dependency and reading:
- wants access to your location
- wants to read your contacts list
What's so hard about asking yourself - why the hell would a flashlight app or screensaver want to know my location or my contacts list or whatever? Are people so dumb that we need to disallow them from hurting themselves?
Android is not perfect and the permissions system could sure use some work. It would have been awesome if you could disallow certain permissions, but still install the app, in which case the app would simply not receive your location, or it would receive a blank contacts list and so on.
Also, people don't freaking read and we can pretend that it's somehow our
problem, but what's so hard at looking at the list of required dependency
and reading:
- wants access to your location
- wants to read your contacts list
The problem with this is these apps poison the whole marketplace. If I'm going to buy a car, I'm not going to buy it from somewhere where half the cars, perhaps the popular, good-looking ones, phone home to advertisers and track my location for profit and where it is my job to read all the paperwork to check which ones do and which ones don't.
The reason why the App Store has been so attractive to developers is that it has engaged users who know the downside of installing random app Foo is not high. If we train users to be wary of apps, it will not be good for hones developers of good quality apps either.
Err, the reason why the App Store has been attractive to developers is because it's a distribution channel that generated money, period.
> If we train users to be wary of apps, it will not be good for honest developers
So what you're saying is that users would learn to not trust implicitly random strangers making promises in exchange for cash and that would somehow harm honest developers? Like how in the world did you reach that conclusion?
Dude, selling an app on the web or in an app store is no different than selling something in the real world. You find some initial customers, if your product is good those customers will give you reviews, they'll tell other people and so on. Trust is something you earn. I don't see where the problem is for "honest developers", I really don't.
>> Err, the reason why the App Store has been attractive to developers is because it's a distribution channel that generated money, period.
I agree. My point is that a large part of why this is true is that users have learned that installing random software from the App Store is mostly harmless. This is in stark contrast to the situation on Windows (desktop) and Android (mobile).
>> Dude, ...
Thanks.
>> selling an app on the web is no different than selling something in the real world. You find some initial customers, if your product is good those customers will give you reviews, they'll tell other people and so on. Trust is something you earn. I don't see where the problem is for "honest developers", I really don't.
Selling an app on the web is different because the user doesn't know who you are. In real life, they can make assessments about your scaminess based on a whole host of (possible irrelevant) factors: is your shop clean and tidy? Is it in a dodgy part of town or on the main high street? This makes them feel more comfortable trying your thing out.
On the Internet, no one knows you're a dog. Or worse, a contact-list sucking, location-tracking, SMS-scanning scammer.
So what you're saying is that there's a business opportunity here, to build an app that provides "quality reviews" of other apps and alerts users when an app they are considering (or have installed) is suspicious.
> What's so hard about asking yourself - why the hell would a flashlight app or screensaver want to know my location or my contacts list or whatever? Are people so dumb that we need to disallow them from hurting themselves?
The problem is you are trained to completely ignore permissions. After installing your first 5 apps which all come with a billion permissions and you have no idea what they mean or why they are used, you really stop caring.
The problem is one of education. Schools should teach classes on protecting your online privacy, because Google or Apple in the end only care about their bottom line and "curation" only works to consumers' benefit as long as it's in these companies' interest.
You said "after installing your first 5 apps". Well, I never got past 1, because I never installed an app that asks for unjustified permissions. I also have a non-technical wife that is usually not interested in technical stuff, but if I want to teach her something and I choose the proper words, such that she can understand, then she listens - that's how I taught her to use BCC when emailing multiple people, or to be wary of browser SSL security errors, or to tighten her privacy settings on Facebook, or indeed, to read the permissions required by apps on her Android.
Education is the answer, in combination with smarter controls (e.g. optional permissions), instead of making the world a worse place for those of us that can read just fine.
Education is great. In sufficient volume and with a low enough ranking on the "do I have time/inclination for this?" scale, people decide they've had enough and opt to put up with the consequences of not having it.
Indeed curation works for Apple insofar as it's in their interest. It's in their interest because people, overwhelmed with other things to deal with in a mere 16 hours a day, choose (among other reasons) to function in the "walled garden" where such crap behavior is screened out and they don't have to worry about it. The Android ecosystem isn't, for most people, appreciably different from the iOS ecosystem; a major differentiator is curation, which while having some downsides, on the whole leads to a better experience of getting to useful apps rather than having to wade well-educated thru a swamp of gratuitous permissions abuse.
Sure, one could learn the risks of pre-loaded crapware so prevalent on new Windows computers and learn (it's easy!) how to wipe everything & do a clean OS install to get rid of it ... or get a Mac, which doesn't include any crapware. It's a persuasive option for many people. Likewise Android vs iOS app stores: learn the details of dealing with problems, or just go where you don't have to deal with those problems.
> It would have been awesome if you could disallow certain permissions, but still install the app, in which case the app would simply not receive your location, or it would receive a blank contacts list and so on.
There's an activity to manage apps permissions, although it's not exposed and a little bit funky [1]. There's an app on the play store whose sole purpose is to launch the activity [2].
One of the issues is that to a lot of people some of the reasons apps need particular permissions is pretty opaque. especially when requested up front. While with flashlights it might be obvious, with even slightly more complex apps it leads to a culture of 'fuck it'.
What would help this would be "exclude by permission" in Play store search, so you can easily find which of the dozens of flashlight apps doesn't require extra permissions.
Apple already locked down app access to personal data (like contacts) in iOS 6. In iOS 7 they are just going further (eg. now a dialog also pops up for access to camera and mic)
The main difference is that Android has this all-or-nothing approach (accept giving the app all these permissions, or don't use the app at all), while iOS asks you for each permission individually, and you can use an app without granting it specific permissions. (eg. the weather app -- disallow access to location, and you can still type in place names manually)
The funny thing here is, Android had no choice to do it properly, because the respective "ask the user" mechanisms in Java, though present, are patented by Oracle, and the Android developers had to find an alternative mechanism to prevent infringement.
OTOH, maybe they did it this way so you can't prevent ad-driven apps from accessing all the fine data about you.
Citation please? Popping up a dialog isn't something Java-specific. I don't believe MS would license those patents to implement UAC either. This just sounds really improbable.
With the technology we have, saying that one of the biggest software companies in the world just 'had no choice' but to implement something in a particular way is crazy.
Those permissions are just like an "EULA" or any other legal writing that the users just skip as fast as they can.
This is why I switched back to IOS, I had really hard time finding apps with permissions that are not ridiculous. Whats worse, most of the people I know just didn't care and used these apps, making em popular and high rated.
IOS as awesome in this regard, after all, my phone is the most privately used device. I think am not a paranoid type but I am not O.K. with somebody out there accessing my location and contacts.
I am actually surprised we don't have big scandals with rough apps spreading all kind of private data all over the internet.
Exactly. Allowing users to deny apps access at runtime rather than install time is the better approach, since apps will usually still do something useful even if you deny them access to your address book or location. Only the dialog and maybe the granularity itself could be improved.
I've been running XPrivacy[1] lately - I really really like it. Extremely granular permissions (down to individual method calls), fakes data so things don't crash, and tells you when permissions were last accessed.
This is really the status quo when it comes to free Android utility apps. Most users skip quickly past the permission when installing, and as a result, you can generally stuff anything you want in there. To compliment this, the app is ad supported and ad networks will pay a premium to target on that. The number of users that notice, care and don't install is insignificant compared to the increase in revenue they see by passing this extra information along.
iOS may be better about notifying users when it comes to accessing location and contact information, but Android has a much more robust system of permissions. Users can see nearly every component of the system the device wants to interact with, determine whether that is satisfactory and choose to install the software or not. Unfortunately most users are more concerned about finding their keys in the dark or hanging a picture straight to care.
- It shows up the alert when the app actually tries to use a resource.
- It lets me use the app without specific permissions. This is something great. I don't grant location permissions to social apps to avoid sharing my location unintentionally. They work just fine.
- The long list of permissions on Google Play store does not really help when the app just wants to be able to pause something when phone rings and that requires absolute access to phone services. That causes a scary list for legitimate apps almost always.
To be fair, Android's way of having them listed makes it possible to assess an app's intention before installing it. That's great and all for me and you, but did not help 50+ million users in this case.
I would love that for Android. I miss the Cyanogenmod ROMs for Gingerbread where you could toggle which requested permissions YOU allowed an app to have.
Also, I've been saying it for a long time, but icons colored according to their security risk would be better than just names with descriptions. We have to make security more convenient.
QuizUp had legitimate user info needed to manage the game (you need a person's FB account and/or email to contact and identify them), the problem is they were transmitting it unencrypted. So permissions didn't make a difference there.
When you start a project in eclipse, I automatically grabs all permissions, whether you use them or not. You actually have to go in and edit the manifest to remove all the permissions you don't use.
This is too much "developers, developers, developers"
If the person can't be bothered to manually edit the permission list (and I think this changed, because I remember having to add a permission when I did an Android test project), then they shouldn't use the resource!
But yeah, let's add all permissions to any crappy app.
> In fact, before they could accept or refuse the app's terms of agreement, the FTC said Brightest Flashlight was already collecting and sending information.
Somewhat OT, but I could've sworn Google does this on new Android installs. I updated my Nexus 4 via CM a few days back to 4.3, and as I went into the account settings to turn off Google sync (contacts, Gmail, calendar etc.) I saw the sync icons spinning for all of them. I don't recollect allowing Google to sync any of my data.
Of course I subsequently turned off sync for all Google services.
CyanogenMod ships with a "privacy guard" feature that shuts off any intrusive permissions for an app unless you whitelist it, regardless of what the app claims to want from you.
Definitely used this app for quite sometime. I did notice that it had required a number of permissions, so one day I decided to ditch it out of principle.
For those looking for an alternative, I've been using the Telsa light, and loving it. Highly recommend. The author even outlines the exact permissions that he's using, and why he's using them.
I personally use Nexus Flashlight Widget: Only works with camera flash LEDs and only supports 4.2 or newer, but also only requires "Camera: take pictures and videos" permissions and simply exists as a widget (on/off).
https://play.google.com/store/apps/details?id=com.flashlight...
Look - its just a crappy permissions system in the OS. I'm looking at my app and we have all these scary-sounding perms:
android.permission.WRITE_EXTERNAL_STORAGE ==> needed to write images to external storage
android.permission.ACCESS_NETWORK_STATE ==> pretty much anything that needs to have a working internet connection
android.permission.READ_PHONE_STATE ==> link tracking
android.permission.GET_TASKS ==> crash reporting
android.permission.READ_LOGS ==> also crash reporting but probably doesn't work in 4.3
android.permission.GET_ACCOUNTS ==> Google Cloud Messaging...seriously
android.permission.WAKE_LOCK ==> also GCM
etc.
And when you add ad networks it gets worse. And, they also pay more for gender, location, and age so thats why everyone wants you to sign in with Facebook, etc, because otherwise you can't pay the bills.
I don't know why this is a big deal. Isn't Google already vacuuming up this information from their Android users anyways via "Google Play Services".
(1) When it's free, you're probably not the customer - you're the product. Hard lesson for most people. Pay a little and be the customer.
(2) Every single user was asked for permission to access the information, and they all gave their approval. Give your consent to (1b) because of (1a), and (2) isn't an option.
The article outlines how the company asymetrically broke its own terms of service. So there was no consent under (1). I don't disagree withou you that its better to pay and avoid giving consent in the firstplace, but even then what would be the difference? That's the deeper issue...
For those on a jailbroken iPhone, firewallIP[1] is the best way to control apps' access to the network. Every time a network connection is requested, you get a system popup that controls access to individual destinations, wildcards, whatever.
As long as there's nothing equivalent for Android (after Whispercore was shelved), I'm stuck on IOS.
Sadly not. For example, for an individual app I might want to block access to the analytics services like Flurry but allow access to necessary services.
I you have root in your Android device, there's a nice app called LBE Privacy Guard, which lets you selectively deny specific permissions to specific apps.
If they are included on the device, they're usually meant to enhance the experience of the phone. Also, as of Android 4.0, you can disable system apps if you choose. If the hardware maker really wants to spy on you, I'm sure they could do it without including a flashlight app.
My old Nokia phones had a flashlight mode built in, very quick to activate and use, not as a separate app. Even if it does need to be an app on Android, at least include it in the base or core, as it is such a popular and useful thing to have.
Because Goog wouldnt want to be responsible for burning out a users camera flash. Old school Nokia phones are GOAT and had special tested LED's that obviously wouldn't expire after 20mins of run time.
> "I wanted to install a led flashlight app a couple days ago. The one with 10 million downloads wants access to my phone book, internet, browser, etc. WTF! This is a LED flashlight app and it has an install base of 10 million, why on earth does it need access to the internet and phone book?! Arg, there is a total disconnect between useful apps and privacy! I do not know what the answer is, but the current system really grinds my gears!"
> "Imagine if you wanted to use the ls, cd, grep, tar, pwd, top, etc commands on unix and an "ad" would pop up, or maybe you would see it connecting to the internet. These are utilities too. Is this acceptable behavior?"