Android Permissions System Flaws: Google's Recent Changes

Privacy Concerns with Mobile App Data Collection

A significant amount of personal data is being collected by mobile applications. This includes complete contact lists being uploaded to advertising servers.

Furthermore, user locations are being tracked through GPS technology, alongside other potentially intrusive practices.

Limitations of the Android Permission System

The current Android permission system presents a challenge for users seeking to control their privacy.

It typically provides a binary choice – grant all permissions or deny all permissions – which many users simply overlook.

The Removal of App Ops

Previously, the hidden App Ops interface appeared as a potential solution to granular permission control.

This interface allowed for more specific management of app permissions, but it has now been removed by Google.

The absence of App Ops leaves a gap in the ability of Android users to effectively manage and restrict data access by installed applications.

Address books are being fully harvested by apps.
User movements are tracked via GPS.
The Android permission system lacks sufficient granularity.
The App Ops feature, a potential solution, is no longer available.

The Flaws in Android’s Permission System

Upon installing a new application, Android users are presented with a binary decision. They can either grant all requested permissions or forgo the installation entirely. Ideally, if applications only requested necessary permissions, this system would function adequately.

However, in practice, applications frequently request a broader range of permissions than actually required for their operation. Many applications that rely on advertising revenue, for instance, may seek access to your contacts and precise location data.

This overreach allows for the potential collection of sensitive information, such as your complete contact list and real-time location through GPS. Subsequently, this data could be monetized through sale to advertising networks.

Android users have become accustomed to dismissing app permission requests due to their extensive length and the tendency of even well-known applications to demand numerous permissions. Effective management and comprehension of these requests are challenging.

As an illustration, the official Facebook application for Android presently requires nineteen distinct permissions. Installation of this app grants it access to your precise GPS coordinates, contact list, microphone, camera, accounts, call logs, and more.

androids-permissions-system-is-broken-and-google-just-made-it-worse-1.jpg

Even seemingly innocuous free-to-play games often request access to contacts, GPS location, and other potentially private data.

androids-permissions-system-is-broken-and-google-just-made-it-worse-2.jpg

The current system fosters a climate of distrust and encourages users to overlook important security considerations. A more granular permission model is needed to address these concerns.

The Problem with Granularity

The core issue lies in the lack of fine-grained control. Users are unable to selectively grant or deny specific permissions within an application. It’s an all-or-nothing proposition.

This lack of control leads to users either granting excessive permissions or avoiding applications altogether, hindering innovation and limiting functionality. A more nuanced approach is essential for protecting user privacy.

Permissions are often vague and difficult to understand.
Users are frequently unaware of the implications of granting certain permissions.
The system doesn’t adequately explain why an app needs a particular permission.

Ultimately, a revised permission system is crucial for restoring user trust and ensuring a more secure Android ecosystem. Greater transparency and user control are paramount.

A Setback for Android Privacy: The Removal of App Ops

Related: A Comprehensive Guide to Android App Permission Management

With the release of Android 4.3, a concealed functionality known as App Ops was introduced. This feature, while not immediately visible within the standard Android user interface, offered a native method for granular control over app permissions without requiring device rooting.

Users could, for instance, download a game application and subsequently utilize App Ops to restrict its access to sensitive data like contacts or the device’s GPS location.

App Ops effectively empowered Android users with greater authority over their personal information. It signaled a potential shift in Google’s approach to permission handling, particularly as similar features often undergo a period of hidden implementation before full integration into the core Android experience.

The initial appearance of Android user accounts in a hidden state within Android 4.1, prior to their refinement and public release in Android 4.2, serves as a precedent for this development process.

Privacy advocacy groups, such as the Electronic Frontier Foundation (EFF), and dedicated Android enthusiasts expressed optimism regarding the future inclusion of App Ops in subsequent Android versions.

The Disappearance of a Valuable Tool

App Ops remained accessible in Android 4.4. However, with a recent minor update – Android 4.4.2 – Google eliminated user access to this functionality.

Consequently, Android users are now unable to manage application permissions without resorting to device rooting or the installation of custom ROMs.

Google has stated that App Ops was intended solely as an internal tool for Android developers, and never designed for end-user interaction. Some sources suggest that its removal doesn't represent a loss, as it was never officially a user-facing feature.

However, a valuable option has indeed been removed. The initial indications suggested Google was progressing towards enhanced user control over private data, but this recent action reverses that trend, even impacting experienced Android users.

The removal limits user control over app data access.
It eliminates a native, non-rooting permission management solution.
The change contradicts earlier signals of increased privacy features.

This development raises concerns about the future of user privacy on the Android platform.

The Fallacy of Solely Blaming Users

A common viewpoint suggests the core of this issue rests entirely with user accountability. Individuals are presented with a decision during application installation: to proceed or decline. Accepting an app, according to this perspective, shouldn't lead to dismay if contact information is transmitted to remote servers.

Furthermore, users shouldn't be taken aback by location tracking for advertising purposes, surreptitious microphone access, or background processes initiating costly SMS messages. While the latter is less prevalent in contemporary Android iterations, the principle remains.

However, this stance is insufficient. Android’s user base extends far beyond technologically proficient individuals; it encompasses a broad spectrum of “typical” users globally. As the dominant smartphone operating system worldwide, Google bears a responsibility.

This responsibility entails designing Android to empower users with genuine control over their devices. Ownership resides with the smartphone purchaser, not the application creator. User agency is paramount.

Technological design should prioritize accessibility for all, not solely for those with specialized knowledge. Currently, Android hinders users' ability to make informed permission-based choices.

The widespread, unwanted data collection demonstrates a systemic flaw that Android’s developers must address. Attributing blame to the user is a misdirection of responsibility.

This isn’t merely a hypothetical concern. Recent instances include a flashlight application penalized for deceptive practices and unauthorized GPS tracking. Numerous other apps have been discovered uploading complete contact lists without explicit consent.

The Need for Enhanced Control

Users require clearer, more granular control over app permissions.
Transparency regarding data usage is essential.
Default settings should prioritize user privacy.

The current situation demands intervention; the unchecked accumulation of user data is escalating and requires immediate attention. Privacy must be a core design principle.

A Viable Resolution

What, then, constitutes a genuine solution to this issue? The approach adopted by Apple’s iOS provides a clear example. Initially, iPhones and iPads depended solely on Apple’s application review process for determining app capabilities, granting each app maximal permissions. During this period, Android’s permission framework was demonstrably more effective than its Apple counterpart.

At least with Android, users could ascertain an app’s potential actions and make a conscious choice regarding installation.

Related: iOS Also Features App Permissions: And They Are Arguably Superior to Android’s

However, Apple has evolved its system. Responding to feedback, iOS now incorporates an app permission system. When an application seeks access to sensitive information – such as your contacts, GPS location, microphone, or other personal data – it must request permission before initial access. This request is presented within the context of the application’s usage.

Users retain the power to either grant or deny these permissions. An application can be installed and utilized without granting access to any private data. Alternatively, access can be selectively granted, such as allowing GPS location access while denying contact access. The user, not the developer, maintains control over their device and information.

androids-permissions-system-is-broken-and-google-just-made-it-worse-5.jpg

In contrast, Android has remained static, continuing to offer only a binary choice: install or do not install. Consequently, Apple’s iOS now surpasses Android in real-world app permission management, providing tangible control that empowers typical users to make informed decisions.

Android should emulate iOS by enabling users to exercise such granular control. Presenting a lengthy list of 19 permissions during installation, then granting unrestricted device access, is not an optimal approach.

The majority of applications functioned correctly even when constrained by App Ops. Should app developers encounter minor adjustments, that is acceptable. Windows developers faced similar challenges when Microsoft introduced UAC, but the result was a more secure operating system.

The Question of Google's Priorities

While the assertion that App Ops may be excessive for the average user holds some validity, the core issue lies elsewhere. Had Google indicated plans for a more user-friendly interface enabling control over sensitive permissions – such as access to contacts, location, and the microphone – criticism would likely be far less pronounced.

However, Google maintains that App Ops was solely intended for developers and is now being completely removed. This decision appears inconsistent, considering the continued availability of the comprehensive Developer Options menu, replete with features designed exclusively for developers.

It appears Google prioritizes granting app developers broad access to requested permissions over empowering users with control over their own data. This stance raises concerns, particularly given Google’s business model reliant on advertising revenue.

One possibility is that Google favors the interests of advertisers over those of its users. Alternatively, the company may genuinely believe that personal data, including GPS location information and contacts, shouldn't be considered inherently private.

If user data privacy were truly valued, more robust control mechanisms would be readily available.

A sensible course of action for Google would be to reinstate App Ops and refine it for accessibility by all users. This represents a responsible and ethical approach. The Electronic Frontier Foundation (EFF) shares this viewpoint.

Image Credit: Robert Nelson on Flickr

Topics

More