A new report out of Bloomberg claims Google is finally about to give Android users the one feature they’ve been asking for years now: the ability to hand-pick specific permissions to grant an app upon installation. It’s supposed to be just one of the many features coming in Android M, Google’s next major Android release said to debut at this year’s Google I/O.
Privacy is a growing concern amongst mobile users, with some even forgoing installing certain apps because of their lengthy permission requests (Facebook being the first that comes to mind). It’s not entirely clear which permissions you’ll be able to block (all or just some of them?) but basic permissions like photos, location, and contacts were the ones that were named.
Because often times an app needs many of these permissions to function properly, giving users the ability to block each and every permissions but not be the best move. Not everyone understands that. We’re guessing it’ll be something similar to how iOS asks the user to grant apps permission to access their gallery, or camera app in order to function. In either case, giving users more control of their OS is never a bad thing.
This won’t go as well as expected. Because the simple solution by devs will be, “oh, you don’t want to give my app all of the requested permissions? Fine, then it won’t install or run.”
Don’t get me wrong I love the idea. But it is going to have issues.
And let’s assume I am wrong and it can still install or run even if you unselect 5 of 8 possible permissions, users will not know what opting to not give an approval for might result in a process of the app not functioning. I could see this leading to a huge issue for devs as they try to troubleshoot why an app does not work only to find because you opted to not approve 2 needed permissions. Or the downgrading of apps in the Market because you gave it a poor rating because you held back permissions causing functions to not work as expected. So, easier for the dev to just make it all or nothing for permissions to protect themselves.
That, or app devs will be hit with thousands of 1-star reviews after blocking permissions in their apps ends up breaking them. Interested to see how Google will handle this.
Yeah exactly. I was editing my post with that same thought as you were typing yours.
Quite easy to handle, when trying to invoke feature requiring one of those permission, just have a boolean that can check its state, and if false then ask for permission in the app (the last part will require Google to allowed an app for asking for permission inside an app)
But the issue there then is it now convolutes and adds steps and layers to the users process. They said no at the start, that means no. But, now if it is going to self check post install what you gave permissions for and then nag you later in app when a process comes up with something like, “oh, hey, you wanted to do that but you cannot because you opted not to give the permissions to do so so would you like to now?” – things are going to get ugly, bloated (in code for devs and in user experience having to force an interaction).
“things are going to get ugly, bloated (in code for devs and in user experience having to force an interaction).”
No
For devs: depending on how Google implement it, it would only require one more line of code per permission.
UI: a popup like the one you get with Google maps, will be the way to deal with it, or how iOS does it.
I think that’s how it should work honesty. People need to quit with the tin foil head stuff. I understand everyone wants their privacy but it’s not like us Android user are a bunch of gov’t execs or corporate big shots who have information that’s truly detrimental to ourselves or others on our phone. Though what is detrimental is subjective, I doubt many of use have such information and if we do we should he smart enough to passowdd protect or encrypt.
There are reasons for permissions, and though they aren’t always necessary most of the time they are and people should take the time to read and understand why.
Though I understand your point and will agree that at this stage, most of your “info” is out there already anyway via credit card companies for example, I still think it is odd and wrong when I see an app that does the simplest of tasks, and yet it wants access to my call log, contacts, emails, GPS location, and all sorts of info that has nothing to do with what the app offers.
This is why this DOES matter as it stops unscrupulous devs from just sucking up info and selling it that they have no use for and no need to collect and access.
I agree it matters but why not just not install an app that asks for too much? I think this a pretty simple thing here. You don’t like what an app is asking for then don’t install it. I like what Google is possibly going to do but I also see this as being a major head ache for devs. When it can just be a simple do or don’t download.
“I agree it matters but why not just not install an app that asks for too much?” I do exactly that. But now sometimes, there are not a lot of app choices for an app I seek and the best one is the one that asks for a lot, but I need the function so I am compelled to accept to get an app to meet my needs despite my distaste for all that it asks access to.
But then why not ask the converse, “Why ask for permissions your app clearly has no use for?”
Look – this is clearly an issue, which is why Google is on it. This is not a few tinfoil hat people trolling. Giving away permissions and access to details not needed for an app – depending on the app of course – is really out of hand. At times, it appears some app makers go all in and ask for EVERY permission possible just because. That should stop. This can help stop that and maybe help reign in devs willy nilly asking for every permission under the sun.
How do you password protect and encrypt your location?
You should be concerned about apps that track your location when it’s unnecessary for the apps function, as that could only be used for nefarious purposes, there is no legitimate reason to collect that if location isn’t an integral part of the apps’ function. Same with call history, SMS messages, emails, contacts. Why does some random puzzle game developer need a keep a database of your contacts? Answer, he’s up to no good.
There are mods you can get that allow you to block app permissions and the app ran just fine.
Unless the app requested said permission. Then it’ll just force close. For some odd reason, my camera was still being used when I tried to use it in Facebook Messenger and Messenger couldn’t bring up the View Finder because the camera was still being used.
I don’t think developers have ways to *know* which permission was blocked, nor is there a way for them to scan the OS and see.
Yes, I use some. Like ones that block outgoing data calls. But those apps, ones I have seen, cannot control and block all aspects of what a permission can control access to and collection of.
You see, I would think they would for sure “know” which permissions were blocked as the result will go into a database with a Y or N entry (simplified to make the point). Right now, if you deny permissions, an app will not install.
Apps can mark permissions as requested but not required in their manifest. For example an app that wants to be able to send SMS would list “send SMS” in the used features but could mark it as not required so that the app can still install and run on tablets with no SMS capability.
This blog gives a very good explanation what happens when you use App Ops to “block” permissions:
https://commonsware.com/blog/2013/07/26/app-ops-developer-faq.html
The TL;DR of it is, apps should be able to cope with most of the things it does, ie if you block the “read contacts” permission, the OS returns an empty list of contacts, which is exactly the same as if the user doesn’t have any contacts, so the app should be able to deal with that anyways. The only troublesome one is camera, if blocked when the app calls open() on the camera it will get a very generic RuntimeException, which the app could handle, but won’t have anyway of determining if the RuntimeException occurred because the camera is blocked or if something went seriously wrong.
Google can solve this by throwing a warning for each blocked permission required at the time the app needs it; you tap allow, cancel, or get pit-stopped to settings.
the app should have to play by the user’s rule, not the user play by app’s rule. if the app doesn’t allow me to do what i want, i don’t feel the need to keep it, and will go elsewhere. (i buy apps, rather then using a free or freemium version.)
While I applaud this, some users don’t know how much power it is to block permissions. I think something like this needs to be “unlocked”, like Developer Options. Maybe have some way to bring up the menu by tapping the build number of Play Store.
Those who know about permissions can block them, while those who complain that Instagram needs access to your camera can never see this option.
So?user can install app,app WILL WORK,even if you refuse to permit it to grab all your billion$ worth of info?not gona happen ,first thing dev do is block from 1% to 100%
I have no idea what you just said.
Personally hope it’s true. Of course I’ve had this option for a while (root permissions FTW), but would love it to be natively available.
Yes, there’s the risk that people will block things and then wonder why some function doesn’t work, but heck, just flash up a warning the first couple of times you use the function – anyone who can’t learn from that should just go use iOS (which, I should note, already allows per-app blocking of location access, something Android has yet to offer).
Yes, this feature is long, long overdue.
Awesome! For years now I’ve thought that the app permissions screen needed a line-item veto ability. There have been many cases where where I would go to install an app, but cancel because the app was requesting permissions that I didn’t want it to have.
This can be done using XPrivacy Pro http://www.xprivacy.eu/ if you have a rooted phone. XPrivacy handles the permissions better. Instead of blocking, it feeds fake info to the app. As such, the app is not aware that permission are blocked and continues to work properly.
The use of XPrivacy Pro is very simple, whenever the app needs a specific permission, a screen pops up and you decide to allow or not.
Lovely!! I used to use some that actually *blocked* the permission, or so I presume. I think it was something with an “L”, I don’t even remember any more. It was depreciated after Ice Cream Sandwich. LoL!!
This sounds great!! I’ll go look into this!!
You will like XPrivacy Pro I guarantee. This is the ONLY way to fool an app, mostly to prevent them from misbehaving in case the author is nasty enough to want to retaliate to the blocked permission. Please note however to block access to internet, the best is still a Firewall which I recommend Android Firewall Plus https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall
finally! (though we have been able to do something similar with appops) one of the biggest offenders for me is ‘run at startup’. If you are a game, a video, or music app there is absolutely no reason why you need to startup with the os and should stay dormant to i use it.
Called app ops in Jellybean.
The real trick will be how design such a feature so the average android user will know what they are doing. I could see my mom removing all sorts of permissions and then getting mad an app doesn’t work properly.
I like how an iPhone will give a pop-up the first time you use an app that wants to use the GPS, for example. If the facebook app asked me that upon launch, it would be an easy decision. Facebook, of course, takes the opposite approach and turns on “location sharing” by default when using its messenger.
Another killer feature would be family accounts in Play Store, similar to how Apple does it.
Will Marshmallows let me change the damn volume without requiring me to be in an app?