back to article New in Android 4.3: At last we get a grip on privacy-invading crApps

The latest version of Google's Android, 4.3, has a panel controlling access permissions on an app-by-app basis - but only for those users ready to experiment with untested functionality. The App Ops control was found by Android Police and initially required a hack to bring it to life. Now there's an app in the Google Play …

COMMENTS

This topic is closed for new posts.
  1. Khaptain Silver badge

    Google Switch

    Is there also a BIG button which can be used to stop the phone/addressbook/browser/etc from phoning home to Google with user stats.

    1. Bakunin
      Holmes

      Re: Google Switch

      "Is there also a BIG button which can be used to stop the phone/addressbook/browser/etc from phoning home to Google with user stats."

      Yes. You turn of syncing for the Google account.

      1. g e
        Holmes

        Re: Google Switch

        Until you install Facebook, presumably, which will try and grab anything it has half a chance of getting.

      2. Khaptain Silver badge
        Thumb Down

        Re: Google Switch

        @Bakunin

        Are you "absolutely" sure about what you are saying or are you new to the game?

        Will your solution really stop "Wifi" location being sent to Google, directly or indirectly through third part apps.

        Will it also stop GPS location information being sent to google.

        If I were to find a wireshark equivalant, you are saying that, I could be assured that by turning of "syncing for the Google account." no traffic would any longer be sent to google.

        C'mon wake up man, there is far more to google/android than your contact list and porn browsing habits.

        1. Badvok

          Re: Google Switch

          "If I were to find a wireshark equivalant, you are saying that, I could be assured that by turning of "syncing for the Google account." no traffic would any longer be sent to google."

          From Android itself? Only the most paranoid would think otherwise.

          Of course you'd also have to ensure you don't install/use any Google apps, or any 3rd party apps that utilise Google services, or visit any of their sites to keep them totally ignorant of your existance.

        2. Anonymous Coward
          Anonymous Coward

          Re: Google Switch

          Well khaptain, why don't you try it. Set up a brand new device, when asked about sharing location, synching, setting up a google account, using the omnibox etc choose the no (or privacy setting).

          Set up wireshark to sniff the data and then if there is an personal data going to Google you have a lovely big lawsuit that will make you rich.

          Easy, and well worth it!

        3. Bakunin
          Pint

          @Khaptain Re: Google Switch

          "Are you "absolutely" sure about what you are saying or are you new to the game?"

          I wish I was, because if I were to do it all again I'd choose a different game.

          "Will your solution really stop "Wifi" location being sent to Google, directly or ...."

          [snip]

          No it wont. But you already knew the answer to that question before you asked it. I was referring to the points raised in the original question.

          I'll give you the benefit of the doubt that you aren't "new to the game" either. So you should be fully aware that if you're getting a phone from Google/Apple/Microsoft/Rim then that sort of data is leaking. It's also leaking if you have a Sat Nav that's capable of making a network connection or a Satellite/Cable box or using a web service/store or a connected games console. Or as we've seen over recent weeks pretty much anything with a network connection will get you swept into a mass surveillance dragnet.

          But there are options. You can choose to use them or not depending on the cost to your data. If you choose to use them then be aware of what you need to leak and what you can avoid. If you choose not to use them then congratulation to you, that's your call.

          It's Friday, let's have a beer and agree to differ like gentlemen.

      3. Paul 135
        Big Brother

        Re: Google Switch

        Turning off syncing to the Google account won't stop Google calling home through Google Play Services amongst others.

        This hypocritical privacy against everyone but Google really is something that end users should not be dismissing lightly.

    2. Anonymous Coward
      Anonymous Coward

      Re: Google Switch

      It's Linux based so more holes you can drive a malware bus through will undoubtedly be found....

      1. asdf
        Megaphone

        Re: Google Switch

        Lame trolling aside. Straight from the Microsoft whore ZDNet itself.

        "The Trustwave report says the number of critical vulnerabilities, as determined by the Common Vulnerability Scoring System (CVSS) assessment of factors like potential impact and exploitability, identified in the Linux kernel was lower than in Windows last year [2012], with nine in Linux compared to 34 in Windows. The overall seriousness of vulnerabilities was also lower in Linux than Windows, with Linux having an average CVSS score of 7.68 for its vulnerabilities, compared to 8.41 for Microsoft."

        1. h3

          Re: Google Switch

          That is comparing the latest Linux kernel with all versions of Windows.

          Should be comparing 2012 server core with a decent version of Linux. (RHEL6 or whatever).

          1. asdf

            Re: Google Switch

            Why? Unlike Windows pretty much the same Linux kernel code runs from embedded to mainframe and HPC clusters (plus or minus various bits but core the same). Linux still runs on a lot more platforms and in more roles so its fair to compare the two.

    3. Craigness
      Facepalm

      Re: Google Switch

      If you don't want Google to know anything about you then don't sign into the phone with your Google account. That part of the setup is optional.

  2. David Hicks
    Thumb Up

    Excellent

    I believe this feature has been available in a few root-only apps and in Cyanogenmod for a little while, it's nice to see it get into mainline android.

    There are a variety of apps that are useful that want way too many permissions. Skype is a major offender in this area. Being able to deny it some of what it wants is a good thing.

    1. Suburban Inmate

      agree about sky pee

      bloody thing lobbed all my mostly old or net only contacts in to my address book. hence with this fresh CyanogenMod install I haven't put on either facetard or sky pee.

    2. Homer 1

      Re: Excellent

      Yes, it's called XPrivacy.

  3. Anonymous Coward
    Anonymous Coward

    I can just see all of the down-rates in the Google Play store from people who deny access to something and then the app doesn't work.

    1. Circadian
      FAIL

      ...and that's a problem because... ...?

      Maybe it would encourage better programming techniques - learn how to fail gracefully.

      It would also serve as a notice of an application that requires far too many permissions to do the job that it said it was going to do, but is instead doing other "stuff" that wasn't menioned in the puff-piece trying to attract users.

  4. Anonymous Coward 15

    And this is different to Permissions Denied how?

    1. Paul Shirley
      Unhappy

      ...does it run on unrooted phones?

      1. Paul 135

        Permissions Denied is still better for root users as the "App ops" settings at present require the app to try and access the setting before you can disable it (not much good for an app trying to steal your contact sayt etc. !)

  5. lansalot

    close, but...

    Would love to see a fake-feature too. ie, some apps request access to my call log? Sure.. here, have a fake one.

    App wants to read my SMSs? Here, have some test ones. My location is absolutely required or the apps crashes? I'm in Times Square, honest.

    That way, compatibility remains, and privacy is enjoyed.

    1. Paul Shirley

      Re: close, but...

      Yes, been waiting on that for some time. Denying permissions breaks far too many apps and the blockers I've tried (both add on and built into firmware) have been unreliable in any case.

    2. Piro Silver badge

      Re: close, but...

      100% agreed. Needs to always be user defined, though, or software developers will set routines to query and fall over if fed known bogus data.

    3. Piro Silver badge
      Thumb Up

      Re: close, but...

      100% agreed. Needs to always be user defined, though, or software developers will set routines to query and fall over if fed known bogus data.

    4. cybersaur
      Go

      Re: close, but...

      This is how the Cyanogenmod granular control works. It supplies dummy data to the apps.

    5. h3

      Re: close, but...

      There was a patch for Cyanogen mod that did exactly that but they wouldn't add it. (That is something I certainly want).

  6. Aoyagi Aichou

    Huh

    And I was told that Android has had permission control for applications for a while. Was I lied to by so many independent people? That would probably make them fandroids.

    Permission control is a must have for me if I'm to give the device any sensitive data...

    1. Boothy

      Re: Huh

      Permission control for applications has been there since year dot. This is just a more granular method.

      At the moment (unless using 3rd party tools on a rooted device) it's basically a case of granting access to everything the app asks for, or not installing it if you don't like the permissions it asks for.

      The new process allows you to say yes to all, and then go in and turn off access to specific items.

      For example, why does the Facebook app need to be able to make phone calls, or be listed as a System Tool which gives it a lot of potential control over your phone. The point being of course it doesn't, not unless you use those features that rely on these permissions, So if you don't use those features, you should be able to switch of access to those areas.

      1. Aoyagi Aichou
        Thumb Up

        Re: Huh

        Thank you for the clarification, I appreciate it. (I didn't want to dig through the ton of ballast to get the information I wanted, heh).

        I was under the impression that what you say ("say yes to all, and then go in and turn off access to specific items") was there by default on every stock device without having to root it or anything.

      2. Anonymous Coward
        Anonymous Coward

        Re: Huh

        For example, why does the Facebook app need to be able to make phone calls

        They doubtless want facebook to be the centre of your life and thus you will have all your contact details stored in facebook so that when you want to call someone then they don't want you to exit the FB app and go to the dailer but instead go to the contents section of the FB app, find the name and select the "call this person now" option .... so, the FB app needs to initiate the call.

        1. Boothy

          Re: Huh @ AC 13:12

          That would make sense (almost) if ithere was a direct way to access your friends list with the Facebook app, or it was made more central to it.

          Currently the 'Friends' button in the Facebook app doesn't actually list your friends! Instead it takes to the 'Find Friends' page (same on the web site).

          I don't know about anyone else, but this just seems to be brain dead. Surely one of the main purposes of facebook is to keep in touch with existing friends, and to a much lesser degree, to find new friends on FB.

          Therefore why would an option rarely used in comparison, 'Find Friends' , have a main shortcut button in the front page of the app, and the main 'Friends' list, that is used far more often, is almost hidden away under the 'Apps' list!

      3. dssf

        Re: Huh

        Fb probably is making the phone silently phone home, or they are probably embedding a special packet in their call TO a phone, and when either or either cannot shake hands, they send the user an online prompt about updating his or her contact info and phone. Probably it helps them correlate phones to users and helps them either fudge on reported data and work on heis... Umm, acquiring new, fresh users.

    2. jonathanb Silver badge

      Re: Huh

      At the moment, when you install an app, it will list the permissions the app requires and ask if you are happy to give it to them. So, for example if a unit converter app asks for permissions to access your location and address book, and to make phone calls, you might conclude that it doesn't need those things to convert centimeters to inches and decide not to install the app.

      Alternatively, you might conclude for example that it needs internet access to convert dollars to euros, but it doesn't need the other permissions it is asking for. At the moment, you can't approve internet access and block the other permissions, it is either all or nothing.

  7. frank ly

    " .. users always click "yes" when asked a question .."

    Not me. I've considered several apps that asked for ridiculously uneccessary permissions, then clicked the Cancel/No button. e.g an on-sceeen clock display that wants to access contacts list, send SMS and access the internet.

  8. g e

    I've been asking Google for something like this for ages.

    Glad they finally listened to me, all those emails beginning 'Do you know who I am?' must have finally paid off.

    Irony/Sarcasm icons required.

  9. Boothy
    WTF?

    Why an app, why not on install?

    Rather than using a separate app, wouldn't it be better if the current permissions list on install (or updating if permissions change), just had a tick box next to each option?

    i.e. Install app, it lists x number of permissions as it does now, but each has a tick box, selected by default. Just untick the ones you don't like and continue with the install.

    To change settings afterwards, use the app manger. It already lists the permissions, just add a tick box by each one. Tick on/off as needed.

    1. Badvok

      Re: Why an app, why not on install?

      It probably will be on install when it finally becomes an official feature. My guess is that there'll be a set of required permissions that you have to accept to install and then a number of optional permissions that the app would like but that you can optionally deny (both at install time and later).

  10. Lloyd

    Does it block adverts

    You know like Ad Blocker is supposed to (but falls over constantly)?

    1. Boothy

      Re: Does it block adverts

      I doubt you'll be able to specifically block Ads themselves with this, although you ought to be able to stop Network access, which would stop the Ads.

      But of course that might also break the App itself, depending on if it needs Network access for it's main functions. i.e. something like Rain Alarm needs Network access to be able to download the rain maps, which of course automatically means it can download it's Ads.

      Also authors would probably be able to add code to detect if you've disabled Network access* , and so could disable or otherwise cripple the app in someway.

      * Direct, for example 'ping' an Internet address and see if it responds, or indirect, i.e. have my Ad banners downloaded okay since the app launched?

      1. Jamie Jones Silver badge

        Re: Does it block adverts

        "Also authors would probably be able to add code to detect if you've disabled Network access* , andso could disable or otherwise cripple the app in someway."

        I'd suspect there would be an API call to check for granted privs, although a wise app would still ccheck 'manually' if the priv appears granted, as a rooted phone could lie!

        1. Mr Flibble

          Re: Does it block adverts

          The app would be told that there are no network connections, exactly as if the device were in aeroplane mode.

  11. Anonymous Coward
    Anonymous Coward

    I spy with my beady eye permission control beginning with 'ICO'

    You know, it springs to mind that some app developers and their data controllers (i.e. think UK only for a limited scope) are absolutely ripe for a good education/hiding from the ICO*

    *It seems that the ICO believe quite a few developers/data controllers are unaware of their current legal obligations. As a result the ICO are currently preparing formal documentation on this matter. Hopefully 'gimme all ya got' data collection and retention policies for mobile apps won't be around for too much longer (in the UK at least).

  12. Down not across

    Finall

    Finally! As I've mentioned in few threads before , the app permissions has been one of the really annoying things in Android.

    lansalot' s comment about a faked response would be rather nice addition as I can imagine many apps may well crash horribly if their expected permissions aren't available.

    Just have to wait and see if any of my older devices will be offered 4.3 update.

    1. Nick Ryan Silver badge

      Re: Finall

      Cyanogen, or a bundled app that's used with it, has the capability to provide faked responses to apps that do not behave well when they cannot get their desired access.

      Worked very nicely from what I hear and the limited time I played with it.

  13. Paul 135

    This is the biggest news for the 4.3 release and a pity it has been glossed over in most of the coverage.

    If I had have known that this was coming I wouldn't have needed to purchase Permissions Denied last week!

    1. Paul 135

      I correct myself: Permissions Denied is still better as the "App ops" settings require the app to try and access the setting before you can disable it (not much good for an app trying to steal your contact sayt etc. !)

  14. thesykes

    Some good news. Will be trying this out when my Nexus 7 is updated and will be a deciding factor in which phone I get next... no 4.3, no sale.

    I'm one of the few that actually reads the permissions. The last update for Real Racing 3 wanted user account permissions.. for a racing game? Needless to say it remains un-updated. When Facebook Home reared it's ill-fated head, the main FB app added a ridiculous number of permissions, and was promptly uninstalled completely, and I use the web page instead. The FB app has always been intrusive though, I had it on my old rooted phone, and had a permission blocker installed. Even after unticking the options to sync contacts and access location, the blocker showed repeated attempts by the app to access both functions, even when it wasn't being used and was sitting in the background.

    Any app that crashes as a result of no access to location or network isn't worth keeping, as both those can be legitimately unavailable, either due to Airplane mode being on or no GPS chip in cheap tablets etc.

  15. dssf

    Will there be a way to report to the FBI all usa-crossing apps

    Will there be a way to report to the FBI all usa-crossing apps tha try to steal, access, or link to denied content?

    Hell, if companies can report unauthorized access attempts, then so should users be able to. Clog up the FBI and force it to deal with these companies. If the FBI and Homeland Security lbosmcan be appropriated and made to look appropriate when DVDs start the feature film or other content, the users should be able to send warnings to dvelopers who atrempt unauthorized crawling, trawling, and hauling of user content.

    This means nailing in the ass the likes of skype, facebook, kakao, and hundreds of thousands of others that wantonly steal data without clearly asking for case-by-cases access and permission. An off the cuff analogy I can think of would be the random legit door-to-door insurance sales rep stating to some unwittin home occupant "By even LISTENING to me, not just allowing me into your abode, you grant me worldwite, perpetual, non-revocable permission to ransack your home or mind for any data I can find, use it as I see fit-- to perform it, to share it with my tributary partners, tomredevelop it, to use it against you in any conceivable way throughout the universe, and even to SUE YOU if you try to compete with my employer or EVEN me with YOUR OWN content."

    Well, at least that is what it seems is coming down the pike, if not already happening.

  16. Peter Galbavy

    Samsung make something similar available in their own app store but oddly while I can install it on my Note II it doesn't show up for my Note 10.1

  17. Anonymous Coward
    Anonymous Coward

    This is great for the minority of knowledgeable users

    But it doesn't really do anything for the average person, who even if this capability was front and center wouldn't be able to make much use of it.

    Wouldn't a better solution be for the Play store to insist on reasonable permission limits so some of the abuses talked about by other commenters (clock apps that want to access your contact list, Facebook being listed as a System Tool, etc.) could be stopped for EVERYONE, not just the technically knowledgeable.

    To avoid the cries of "but that's too much like what Apple does in its app store" the apps could be made available in two versions, the direct from vendor version with their settings and the "Play store recommended" version that offers more security.

    1. Charles 9

      Re: This is great for the minority of knowledgeable users

      No, because the develop may not want to play ball and go back to Apple instead. Consider that the developer doesn't HAVE to release for Android.

      1. Anonymous Coward
        Anonymous Coward

        Re: This is great for the minority of knowledgeable users

        WTF are you talking about? First of all, any developers who leave Android because Google offers users an easy way to download apps preset to more secure settings are no big loss to Android. And they sure as hell won't go to Apple, and deal with their more difficult vetting and approval process, which wouldn't allow stupid stuff like a clock app that wants access to your contact list either!

        While it is possible some of these developers taking more permissions than they need are a mistake (using a template from some other app they wrote, perhaps) in some cases it will be because they intend to misuse the permissions. A "free" app that can access your contact list may be making its money by selling your information. A "free" app that can send text messages or place calls can do even worse.

        The 99% of honest, careful and security/privacy conscious developers would not mind at all if the Play store offered a version of their app with more secure settings - in fact, if they did their job right, there would be no alternate version because there would be no unnecessary permissions for their app in the first place.

  18. Anonymous Coward
    Anonymous Coward

    Astonishing, truly "innovative"

    I get to this discussion 50 comments in and there is NOT A SINGLE ONE noting that this so-called innovative control was pretty much there from day one in iOS. Yes, that maligned, not-free, and non - "do no evil" proprietary, locked down scandal to the free world (I'm sarcastically paraphrasing here) that got dissed by all the Android fanboys not only had (and still has) less problems with malware, it also had all this fancy, heralded-as-novelty privacy control framework from day one.

    It's not perfect (it doesn't tell you upfront what it needs), but not only doesn't it force you to accept the whole invasive package at once or refuse to install an app, the install also then steps through all the required permissions individually. And get this - gasp - if you refuse some of them the App will *still* work for as far that is possible without the resource you barred. You can tell TomTom to keeps its fingers off your contacts (but denying it access to location data is, well, duh, of course).

    Would it shock you if I tell you can even change your mind afterwards? I mean, I know it may come as a shock, but hey, you can change your mind! Wow, I mean, just, like, WOW! Mind blowing!!

    /sarcasm

    (I use both platforms, but I figured I'd see just how many downvotes I could get by throwing a reality brick into all this adulation)

  19. IGnatius T Foobar
    Thumb Up

    Android WIN

    Seriously folks, let's not get tied up with the details. This is a BIG WIN. Pretty much any serious user wants this. I'm particularly annoyed with games that send you alerts reminding you to play them. And I'm sure as soon as I have this, I will prohibit nearly every app from running in the background. Android apps are required to know how to save their state when the kernel tells them to go away, so why keep them running? Only things like email sync should be permitted to background, and now we have *absolutely* that functionality.

    Forget the Facebook app. Facebook turns people into idiots and you shouldn't be running that app anyway.

  20. Anonymous Coward
    Anonymous Coward

    Bad documentation

    App descriptions frequently lack the useful information needed to make an informed choice. I've observed it with both the Google play store and Microsoft store for windows phone.

    Eg a route app says it needs permission to read your contacts list. The app might want this so that it can email your location at intervals to a friend of your choice. Or it could want them to spam your friends about this app. but you cant tell from the meagre details given.

  21. UnauthorisedAccess
    Go

    In-app Ads

    Another feature that can go alongside the permissions menu - I'd like to know if an App has and in-app ads.

    An app might tick all the boxes regarding permissions, though if it has in-app ads I'll be removing it and searching for an alternative (paid or unpaid).

  22. RNixon

    Blackberry 10 has this.

    It's one of the things I like about my Q10 - you can allow or deny individual permissions for apps.

    However, it only works for native Blackberry apps, not apps running in the Android sandbox. Alas.

This topic is closed for new posts.

Other stories you might like