Android Privacy Part 2: App Ops & Google Play Improvements

Let me start out by saying I like my Android phones. I like developing for Android even with all the inherent version support issues, etc etc. So, in my previous post I brought up privacy issues related to installing Android apps along with a suggested fix. That post was inspired by a major change in Android v4.4.2 that removed “App Ops,” even though I didn’t mention it by name. The removal of that functionality is now a very visibility topic thanks to a number of high–profile bloggers such as the Electronic Frontier Foundation (EFF) who also have taken exception to this change.

In a nutshell, App Ops or its equivalent, would allow you to manually toggle individual application permissions on and off.  You can search for articles on what App Ops is, or read my previous post on what it should be.

I’d take the issue of “control over what applications can access” even one step further and propose that it’s well past time that Google should begin reviewing Android app submissions similar to what Apple does for the App Store.  Seriously. In combination with App Ops, or similar functionality, this could only help reduce the amount of nefarious practices, content, viruses, Trojans and more. Case-in-point: for the first this September, Kaspersky Labs reported a particularly sophisticated Trojan virus along with distribution mechanisms specially gift wrapped just for Android users. And, then again in November they announced an Android-specific financial phishing Trojan aimed at stealing banking usernames and passwords.

To get an idea of what is allowed on Google Play all you need to do is compare Apple’s App Review Guidelines with Google Play Policies and Guidelines. For example, searching the related Android Developer Content Policy for the term “review”, it only shows up once, and that is in regards to serving up advertisements.

My hope is that Google takes heed and makes some necessary and timely changes so that we can all continue to enjoy our Android devices safely and securely.

Important fix needed for Android app permissions

I believe there is a significant flaw in how permissions are set when you install Android apps. You get two options – Accept all or nothing. For readers not familiar with how Android app permissions work, there is a configuration file for each app that sets permissions for that app only. Permissions are needed for any functionality that affects how the app accesses things like sensors (e.g. GPS), SD Cards and the internet. These permissions do not affect any other app on the phone.

I propose an important change should be implemented at the operating system level — You should be able to accept or deny each privilege at installation time. This would make it an opt-in approach rather than an opt-out. Sure, some of you will say there are apps that can help you do that afterwards, but for tens of millions of consumers that’s not good enough. The vast majority of consumers simply don’t do take advantage of that for a variety of reasons, so having the option to accept/deny up front is the best way to go.

Yes, there is a good chance that many (most?) users would still simply accept all. However, I think increasing numbers of users would become aware that they can opt out of certain things and take advantage of the convenience and the potential for added security that this approach provides.

Developers and companies that build Android apps will probably yell loudly that this will affect how their apps work. Note that there are no technical reasons as to why this wouldn’t work. If someone checks “don’t allow internet access”, we developers can gracefully disable parts of the application and provide notifications when users attempt to access the internet. If someone disallows geolocation, then we do the same thing. Users can always opt back in if they need to. If some vendors take the approach that if you opt-out of certain things then the entire app will be disabled, then so be it. I personally would be wary of installing an app that did that.

Take the example of the screenshot below. This is the installation screen from a very popular sports app. I wonder why does it need access to my phone calls, my Accounts, or even contents of my USB storage? It doesn’t even provide an option to move the app to USB and there are no capabilities in the app (that I’m aware of) related to making phone calls. I would love to be able to opt out of these.

Android permissions