This is really the status quo when it comes to free Android utility apps. Most users skip quickly past the permission when installing, and as a result, you can generally stuff anything you want in there. To compliment this, the app is ad supported and ad networks will pay a premium to target on that. The number of users that notice, care and don't install is insignificant compared to the increase in revenue they see by passing this extra information along.
iOS may be better about notifying users when it comes to accessing location and contact information, but Android has a much more robust system of permissions. Users can see nearly every component of the system the device wants to interact with, determine whether that is satisfactory and choose to install the software or not. Unfortunately most users are more concerned about finding their keys in the dark or hanging a picture straight to care.
- It shows up the alert when the app actually tries to use a resource.
- It lets me use the app without specific permissions. This is something great. I don't grant location permissions to social apps to avoid sharing my location unintentionally. They work just fine.
- The long list of permissions on Google Play store does not really help when the app just wants to be able to pause something when phone rings and that requires absolute access to phone services. That causes a scary list for legitimate apps almost always.
To be fair, Android's way of having them listed makes it possible to assess an app's intention before installing it. That's great and all for me and you, but did not help 50+ million users in this case.
I would love that for Android. I miss the Cyanogenmod ROMs for Gingerbread where you could toggle which requested permissions YOU allowed an app to have.
Also, I've been saying it for a long time, but icons colored according to their security risk would be better than just names with descriptions. We have to make security more convenient.
QuizUp had legitimate user info needed to manage the game (you need a person's FB account and/or email to contact and identify them), the problem is they were transmitting it unencrypted. So permissions didn't make a difference there.
When you start a project in eclipse, I automatically grabs all permissions, whether you use them or not. You actually have to go in and edit the manifest to remove all the permissions you don't use.
This is too much "developers, developers, developers"
If the person can't be bothered to manually edit the permission list (and I think this changed, because I remember having to add a permission when I did an Android test project), then they shouldn't use the resource!
But yeah, let's add all permissions to any crappy app.
iOS may be better about notifying users when it comes to accessing location and contact information, but Android has a much more robust system of permissions. Users can see nearly every component of the system the device wants to interact with, determine whether that is satisfactory and choose to install the software or not. Unfortunately most users are more concerned about finding their keys in the dark or hanging a picture straight to care.