I recently switched from iOS to Android, and the two readily available app stores on my device(Google Play and Amazon)are little more than a cross between a digital flea market and the wild west.
Google would do well to copy Apple's approach to app store curation and locking down their OS so that shenanigans like this can't be pulled off.
I sure hope Google doesn't copy Apple's approach, because the openness of the platform and the relaxed rules of Google Play is what drove me to use Android in the first place, even though my first two smartphones where an iPhone 3G and then a 3GS, which are now paper holders.
Apple's curated approach wasn't allowing me to find and install an app for a very simple need - completely blocking calls and SMS from certain phone numbers, without those numbers even showing up in the logs. My iPhone couldn't do tethering either, because it's an on/off switch accessible to your mobile career and my mobile career was charging an extra 4 EUR/month for it.
Also, people don't freaking read and we can pretend that it's somehow our problem, but what's so hard at looking at the list of required dependency and reading:
- wants access to your location
- wants to read your contacts list
What's so hard about asking yourself - why the hell would a flashlight app or screensaver want to know my location or my contacts list or whatever? Are people so dumb that we need to disallow them from hurting themselves?
Android is not perfect and the permissions system could sure use some work. It would have been awesome if you could disallow certain permissions, but still install the app, in which case the app would simply not receive your location, or it would receive a blank contacts list and so on.
Also, people don't freaking read and we can pretend that it's somehow our
problem, but what's so hard at looking at the list of required dependency
and reading:
- wants access to your location
- wants to read your contacts list
The problem with this is these apps poison the whole marketplace. If I'm going to buy a car, I'm not going to buy it from somewhere where half the cars, perhaps the popular, good-looking ones, phone home to advertisers and track my location for profit and where it is my job to read all the paperwork to check which ones do and which ones don't.
The reason why the App Store has been so attractive to developers is that it has engaged users who know the downside of installing random app Foo is not high. If we train users to be wary of apps, it will not be good for hones developers of good quality apps either.
Err, the reason why the App Store has been attractive to developers is because it's a distribution channel that generated money, period.
> If we train users to be wary of apps, it will not be good for honest developers
So what you're saying is that users would learn to not trust implicitly random strangers making promises in exchange for cash and that would somehow harm honest developers? Like how in the world did you reach that conclusion?
Dude, selling an app on the web or in an app store is no different than selling something in the real world. You find some initial customers, if your product is good those customers will give you reviews, they'll tell other people and so on. Trust is something you earn. I don't see where the problem is for "honest developers", I really don't.
>> Err, the reason why the App Store has been attractive to developers is because it's a distribution channel that generated money, period.
I agree. My point is that a large part of why this is true is that users have learned that installing random software from the App Store is mostly harmless. This is in stark contrast to the situation on Windows (desktop) and Android (mobile).
>> Dude, ...
Thanks.
>> selling an app on the web is no different than selling something in the real world. You find some initial customers, if your product is good those customers will give you reviews, they'll tell other people and so on. Trust is something you earn. I don't see where the problem is for "honest developers", I really don't.
Selling an app on the web is different because the user doesn't know who you are. In real life, they can make assessments about your scaminess based on a whole host of (possible irrelevant) factors: is your shop clean and tidy? Is it in a dodgy part of town or on the main high street? This makes them feel more comfortable trying your thing out.
On the Internet, no one knows you're a dog. Or worse, a contact-list sucking, location-tracking, SMS-scanning scammer.
So what you're saying is that there's a business opportunity here, to build an app that provides "quality reviews" of other apps and alerts users when an app they are considering (or have installed) is suspicious.
> What's so hard about asking yourself - why the hell would a flashlight app or screensaver want to know my location or my contacts list or whatever? Are people so dumb that we need to disallow them from hurting themselves?
The problem is you are trained to completely ignore permissions. After installing your first 5 apps which all come with a billion permissions and you have no idea what they mean or why they are used, you really stop caring.
The problem is one of education. Schools should teach classes on protecting your online privacy, because Google or Apple in the end only care about their bottom line and "curation" only works to consumers' benefit as long as it's in these companies' interest.
You said "after installing your first 5 apps". Well, I never got past 1, because I never installed an app that asks for unjustified permissions. I also have a non-technical wife that is usually not interested in technical stuff, but if I want to teach her something and I choose the proper words, such that she can understand, then she listens - that's how I taught her to use BCC when emailing multiple people, or to be wary of browser SSL security errors, or to tighten her privacy settings on Facebook, or indeed, to read the permissions required by apps on her Android.
Education is the answer, in combination with smarter controls (e.g. optional permissions), instead of making the world a worse place for those of us that can read just fine.
Education is great. In sufficient volume and with a low enough ranking on the "do I have time/inclination for this?" scale, people decide they've had enough and opt to put up with the consequences of not having it.
Indeed curation works for Apple insofar as it's in their interest. It's in their interest because people, overwhelmed with other things to deal with in a mere 16 hours a day, choose (among other reasons) to function in the "walled garden" where such crap behavior is screened out and they don't have to worry about it. The Android ecosystem isn't, for most people, appreciably different from the iOS ecosystem; a major differentiator is curation, which while having some downsides, on the whole leads to a better experience of getting to useful apps rather than having to wade well-educated thru a swamp of gratuitous permissions abuse.
Sure, one could learn the risks of pre-loaded crapware so prevalent on new Windows computers and learn (it's easy!) how to wipe everything & do a clean OS install to get rid of it ... or get a Mac, which doesn't include any crapware. It's a persuasive option for many people. Likewise Android vs iOS app stores: learn the details of dealing with problems, or just go where you don't have to deal with those problems.
> It would have been awesome if you could disallow certain permissions, but still install the app, in which case the app would simply not receive your location, or it would receive a blank contacts list and so on.
There's an activity to manage apps permissions, although it's not exposed and a little bit funky [1]. There's an app on the play store whose sole purpose is to launch the activity [2].
One of the issues is that to a lot of people some of the reasons apps need particular permissions is pretty opaque. especially when requested up front. While with flashlights it might be obvious, with even slightly more complex apps it leads to a culture of 'fuck it'.
What would help this would be "exclude by permission" in Play store search, so you can easily find which of the dozens of flashlight apps doesn't require extra permissions.
Apple already locked down app access to personal data (like contacts) in iOS 6. In iOS 7 they are just going further (eg. now a dialog also pops up for access to camera and mic)
The main difference is that Android has this all-or-nothing approach (accept giving the app all these permissions, or don't use the app at all), while iOS asks you for each permission individually, and you can use an app without granting it specific permissions. (eg. the weather app -- disallow access to location, and you can still type in place names manually)
The funny thing here is, Android had no choice to do it properly, because the respective "ask the user" mechanisms in Java, though present, are patented by Oracle, and the Android developers had to find an alternative mechanism to prevent infringement.
OTOH, maybe they did it this way so you can't prevent ad-driven apps from accessing all the fine data about you.
Citation please? Popping up a dialog isn't something Java-specific. I don't believe MS would license those patents to implement UAC either. This just sounds really improbable.
With the technology we have, saying that one of the biggest software companies in the world just 'had no choice' but to implement something in a particular way is crazy.
I recently switched from iOS to Android, and the two readily available app stores on my device(Google Play and Amazon)are little more than a cross between a digital flea market and the wild west.
Google would do well to copy Apple's approach to app store curation and locking down their OS so that shenanigans like this can't be pulled off.