Android clampdown on calls and texts access trashes bunch of apps Android looks a little less open now that Google has begun to enforce draconian new rules on accessing a phone's call and text logs. Developers have been forced to remove features or in some cases change the fundamental nature of the application. One example is BlackBerry's Hub, an email client which also aggregated …
I think Google is becoming more like Apple with their store. But as long as I can install "any APK" so long as I enable that on the device, it's less of a problem. It's just that the user will be prompted with a "scare message" during the install.
Android's sandbox for user applications is a bit irritating, more so NOW. A more 'open' platform would be much easier to work with, but then would expose users to being duped and spied upon. However, when you have to go through the list of applications on someone's phone (friend, relative, BYOD) and specifically DENY access to the phone's location (or in this case, SMS and call logs) for a GAME or ART application, which has NOTHING to do with the capability they claim to "need", then it's kind of obvious why Google did this.
I don't like it because it sets a precedent, requires "permission" to do what you've been doing all along, etc.. I thought the 'permissions' stuff in the 'manifesto' was supposed to take care of this, make sure the end-user knows what the application is trying to, etc. but apparently NOT any more...
Conclusion: Google things users are REALLY STUPID now, just like Apple.
I agree to an extent but being forced to use an iPhone having changed employers I can see advantages.
One of the problems in Android is that an application will often stop working if you prevent it knowing your location, even if it's something as simple as a magnifying glass app. I haven't seen that kind of thing on iPhone, perhaps it's a lack of experience but I know it's a pain on my Android phones.
The real solution is for apps to be reviewed so they only ask for what they really need and for what is reasonable for them to have but Google doesn't seem to want to take the time and effort to do this, hence the mess we have now.
What mess exactly? The one clickbaiters like The Register told you about?
I don't have any of those problems you describe, not ever. If I limit location access in an app, it doesn't know my location. Apple doesn't have this level of finegrained access control, which is why your apps work, they also know your location.....
if you prevent it knowing your location, even if it's something as simple as a magnifying glass app.
And why would a magnifying glass need to know your location? Not come across that myself and I do restrict permissions on a lot of apps, but it would also be against GDPR for such an app to ask for permissions that it doesn't explicitly need for the task.
They could allow more permissions for a fee, that fee would cover the cost of having someone at Google verifying that the permission is of course needed.
So a free app with not specific permission is still hosted for free, but one more demanding app need some investment from the developer.
I have the latest version of Hub installed on my BlackBerry KeyOne and all of my calls and texts are integrated into the inbox along with my email, Facebook and Twitter.
Perhaps Hub behaves differently if it runs on another vendor's phone?
Yes it does and as the Hub was the thing that kept me being reasonable happy with Android, I am hopping mad. There is no Blackberry branded reasonably compact waterproof phone.
Curse you Google and all your works. May a trolleybus grow inside you and drive around inside your guts with passengers in hobnailed boots getting on and off at every stop, till you sort this one out. You messed up with Inbox, so even if you did produce an own brand Hub replacement I bet you'd cancel it two years down the line.
Or rather the ability for a call recording app to connect the audio file to a call details.
Thus -at a stroke- removing my main reason for pushing all comms onto my mobile. If only Linux VOIP ware wasn't so shit at recording :(
I feel sorry for the guys who wrote my call recorder: https://nllapps.com/apps/acr - it was a really nice example of what an app can be, now pretty much obsolete. It's one of a few apps I actually paid for.
But that only works if you actually have a recorder on you at all times, and it requires your recorder to allow you to relay audio to it from your side and the other side while continuing to let you hear the call and not causing interference. You can't just buy any recorder and plug it in, and short of putting every call on speakerphone and having a recorder nearby, it is nearly impossible to have the records. An application negates all those problems.
I was also a user of ACR. My Android device is asking me regularly to update to the latest major version but I'm putting it off as long as I can so that I can still use ACR. There's absolutely no reason for them to block call recording. I'm sure I remember reading ACR's blog something about Google citing privacy compliance, but that's nonsense. It's perfectly legal for me to record any calls I want in the UK without asking permission of the person I'm talking to, so long as it's for personal use, which it is.
"...so long as it's for personal use..."
It doesn't matter if it's for personal use or not - call recording is acceptable/legal period. Even in those jurisdictions where it is apparently proscribed there is little can be done to stop or enforce it making the whole regulation useless.
The release of the recording is another matter however. If there is a clear public interest need then any blow-back is likely to fail. The other scenario is where a dispute arises between private parties (perhaps in court) and even then the recording can be rendered as a written transcript to circumvent this, if need be.
Otherwise everything you said is on the ball and we thoroughly agree. Having either 3rd party or native call recording deprecated is a complete pain and a major red herring in terms of security/privacy.
It's just another example of the dumbing down of Android and it seems the 'smart' part of the phone is being lobotomised. Maybe it's time to get our old S60 out again...
call recording is acceptable/legal period. Even in those jurisdictions where it is apparently proscribed there is little can be done to stop or enforce it
New to logic, are you?
If it's proscribed by law, it's not legal. That's what "legal" means. It doesn't matter whether the law is enforceable.
(Personally, I don't care about call recording one way or another. Poor thinking, on the other hand, annoys me quite a bit.)
This post has been deleted by its author
There's really no need for the snark...
The point is that laws which are unenforceable in practice are effectively useless i.e. not laws in reality. Such legislation is often rendered void by judiciaries when put to the test - in democracies at least. It's the difference between de jure and de facto.
Sounds like this will just about make Android unusable in many Enterprise situations because rule number one is that the user talks only to the app and never to any system dialogue. So if the app can't control and configure connectivity then you're basically screwed. For example, high-security areas where the user first logs in via a tethered USB connection and then the app is sent today's PSK and VPN credentials for the WiFi network.
"I guess you can still install apps from outside the playstore which can access these features"
Yes, and in some ways the 'new method' (individual approval of each application NOT certified by 'Google Play') is better than the old one (wildcard enabling of any application install from outside of 'Google Play') though I have had to jump through hoops a bit to get it to work so far.
But this might not be possible if the Android OS is updated to simply exclude ANYTHING that wants access to 'certain features' (from permission flags in the 'manifesto' let's say, similar to now) when those feature requests are on 'a list' and there's no cert or other 'permission mark' from the Play store's signage info to allow it....
I also don't know what affect this will have on any legacy home-brewed and locally signed APKs, which [for now] can be made available via a web page or be directly copied into the Android's file system via USB. Enterprise applications needing access "to everything" might STILL be possible, doing it this way. (edit: someone else calls this 'side loading' I guess; not a term I'd used before, might have seen it, didn't stick)
Google is (wishful thinking?) *trying* to protect end-users from themselves, without becoming TOO much like Apple with _THEIR_ store (bans because "Apple just don't like it"). Well, I hope so. And apparently it's a reaction to rogue applications. No surprise, but little excuse for THIS kind of "solution".
Google could offer a better method, using something similar to 'Firebase' for authorization keys (let's say) that are verified at install time from the Google Play store. That's not ideal, but at least it would help to control the "rogue" behavior by adding some extra 'permission steps' and not outright BANNING functionality.
And, it COULD get worse... they could become 'Apple'. Or even MORE like them.
For some reason it reminds me of Firefox making changes from 56 to 57...
Android apps have routinely taken permissions to run round inside our phones, looking at anything they want and sending it home.
Still, better permissions controls could at least allow in-phone access to text messages and such - with a block on transmit - which would still impact users for desktop phone interfaces, but it's be an improvement.
But perhaps Google might be wary of anything that might be turned to switch off their slurp.
My own gripe regarding this is that they pushed through recent changes to wifi on the back of complaints that if an application can view the available wifi networks it can use that to pinpoint the phone's location. This a Bad Thing. So how do they fix it? By mandating that it also prompts for location permission, with a warning perhaps? Nope. Instead, if you want an application to be able view available networks, you have to give the permission to use location, but also physically turn on GPS location for all applicatons. You can then go and individually disable location access for individual applications, but if you want to view wifi networks, say to do something only if you are on the home wifi, then you can't turn off GPS, or it prompts again and won't work until you turn GPS back on again - event though the application is not using GPS. At least on my phone anyway.
Maybe I'm a cynic, but it kind of seems to me to be engineered to get those users who have chosen to have GPS turned off, to turn it back on so Google can track them, whilst claiming that it is to stop rogue applications from doing so.
I think on Android 8 you can individually control which applications have location ability... because I remember turning it OFF for one (a game/art application - yeah why did THAT need location data?), and the application complained. I suggested to the phone's owner that it be left OFF, "do not show this again" etc..
So there may be a way of dealing with it on newer phones, but 8 isn't the newest, so who knows any more...
stopping applications from doing things is good when you DO NOT WANT them to do it. but if the application needs access, and you don't blindly say "ok" to everything, then you lose whatever functionality you really wanted.
And that's the point.
It's YOUR phone, so YOU should be in charge of it.
...So now they're being stopped ( hopefully).
There are definitely plenty of apps that make dubious requests for permissions of all kinds and for sure a lot of them will be trying to slurp sensitive data. It's always been one of our worries that this takes place without our understanding and being of limited knowledge, seems difficult too difficult to keep track on.
That said, rather than just issue a blanket ban (the software engineers' response to almost all problems they don't know how to deal with), it would help if there was a general policy for apps to behave along the lines of: "Can I have permission? No? Ok I'll just do my best without it and stop whining..."
For certain there are plenty of apps that will fall foul of this approach but it would help in many cases at least. Otherwise it seems helpful to open source everything or at least insist Google Play offers some kind of privacy accreditation?
The real trouble is that the Android permissions model, while better than nothing, is crap. Google has resisted calls to make it better because, as various people have suggested, that interferes with their income stream.
I spent significant effort de-Googling one of my phones a couple of years ago, but hardware failures have forced me to replace phones a couple of times since,1 and de-Googling is such a pain (and requires rooting first) that I haven't gotten around to it again.
With that phone, though, I found I got along very well with no Google Play Services or Google Apps. The only thing that I broke was the calendar; strangely enough, I couldn't find a simple calendar app on FDroid that didn't require the Google Calendar service. (Lazy devs, man.) I was going to write my own - it's just a damn day-of-week calculator, a small data store to hold appointments, and a trivial UI - but then the phone died.
1Strangely this was not a problem with my feature-phones or with my Symbian smartphone. But the "bigger-thinner-more-cameras" market pressure is not good for build quality.
Do you really think Google & Apple are any different? They're both Inbredistani companies that have one interest - themselves. If your messages are sitting in someone else's app that means it's harder for Google to leach them behind your back. Control your own connectivity on your own phone that you paid good money for? To make a hollow laughing.
And as far as waving through BlackBerry.. Really? Google helping a competitor? Pigs might fly*.
As for the broken promises I suspect the app problems are more incompetence than intent. Google might have blocked or removed certain processes and activities usually related to the banned procedures - and caught out ppl who've shoehorned them to do something else.
Don't expect much help - Google can't even manage a dark theme for the play store... After God knows how many years of asking?
*/ the one with the coffman cartridges please.. Guess which hole?
Something else that seems to have fallen foul of Google Play Store regulations are wake locks. For example OSMand 3.3.3 removed wake locks in order to comply. This severely affects usability because it's no longer possible for the app to wake the screen when giving navigation instructions. Can't find the rule itself and there are presumably good reasons for it, but annoying all the same.
...sent a message about this a while back. The app still functions pretty much as before but it can't be controlled remotely by SMS.
However what the Cerberus developers are doing are suggesting we go to their site, retrieve and sideload a non-store version of their app that retains the SMS integration.
Once again an apparent security improvement leads to a less secure environment.
I've been hit. The app I have spent 12 months developing (very part time on my own) to use for the emergency services will be unlikely to get accepted on the Play Store now.
Even though it needs SMS permissions to function (it is the primary function of the app) it won't be the default SMS app and would probably not be able to send SMS replies which makes it useless (unless sideloaded).
What a PITA.
Don't forget, Apple has removed applications "they do not like" from their store. It's like censorship.
Apparently in 2017, an iOS application for use in China was removed because it helped users to get around 'the great firewall' - apps from the New York Times, no less - that's ONE example, many others exist. Doing a search shows that applications have been removed "for not being updated in a while". Come on, if you get it right the FIRST time, WHY does something need UPDATING? 'At a whim' may be an understatement.
And I really don't like it when "big data" or manufacturers start DELIBERATELY limiting what you can do with your OWN device...
Show me software that "got it right the first time" and then I'll accept your premise. If you have that mythical perfect software, and people are still buying it, why wouldn't you simply increment the version number by 0.01, add a blurb claiming "fixed an obscure bug a few users reported" and send it to Apple for review? Surely an hour's work doing that would be worth continuing to get App Store revenue?
They get rid of those apps because they have been abandoned by their developer, and aren't getting updates to cope with changes in iOS, hardware, etc. If they still have a high rating from all the people who bought it years ago, people will be fooled into thinking it is still good.
Aah, the pitfalls of an open system.
On what planet is Android open? I can't even load my own version of it on "my" own phone unless I make sure I spend more to get one of the very few models that offer an unlocked bootloader any more. Even then there's 100MB+ of closed crappy firmware, drivers, etc. that can't be replaced.
The pitfalls of a TiVoized, centrally controlled system perhaps....worst of both worlds since Google gets to claim they don't have responsibility (guess what, locked loaders mean you DO have responsibility on e.g. the Pixel, let's dish out some GDPR fines until you get that through your thick corporate skulls....)
I'd be interested to know which devices are apparently exempt, as my BlackBerry Priv certain isn't. Confused the hell out of me when my phone updated a week or two ago and I suddenly spotted things had changed. Really annoying as the old Hub was easily the most useful app I had, I'd long decided if my next phone wasn't BB that the first app I'd be purchasing would be the hub.
Here's the thing: every damn app writer wanted every bit of information you have. They are greedy bastards. For example, why would ANY childrens app need access to their text/contacts? Yet ( I have to approve every app that gets in stalled), about half of all children's apps are seeking access to their texts, their contacts, their pictures even when those apps do not do ANYTHING that needs them. Everybody wants to BE facebook or sell information to facebook. (I am not making this up... 25% of ALL apps report to Facebook.) So they attempt to gather all of the data on your phone that they can, even when their app uses none of it, in order to broker the information to data warehouses.
If all they're doing is forking stuff, that's not "development' really. More like "re-branding".
I'd hope they'd at least have the intelligence to change the object names from "com.example.whatever" to something THEY own... and if they can do THAT much, they can ALSO modify the 'manifesto' to have the correct permissions in it.
Lol! And of course, why wouldn't they be trying to deliberately milk every piece of information out of your kid to sell? I somehow think it's deliberate. These things are bloated slow the machine down and jam up limited memory space. 5+ low permission paid apps, or one honking spyware enabled app is the same space. You might even have the case of evey one dollar they get out of data mining your privacy, they are costing you a hundred dollars+ in damages which you could sue them first in a class action.. If you are rich, that could be 100k-1million+. Bring the app market back into proper way to make a living.
well, like the title says, "when enough apps abuse it" - but not ALL app authors want to invade privacy. But too many apparently do, so that they can make something "free" and still monetize it.
Personally, I would like to post some free stuff in order to demonstrate my skills, "see I wrote that". Helps when getting new contracts, sometimes.
That's definitely a problem. The solution is to look at those apps and hit them hard if they don't need the data. Remove them from the play store, ban their developers, add the applications to play protect, ... The solution is not to take a feature that they abused and break it for everyone. If I find that a Linux malware has been using the root account, the solution is not to delete sudo.
Yes, absolutely. That's what Cerberus (mentioned in the article) are recommending to their subscribers to return the SMS functionality.
Sadly of course as more people get used to the idea of sideloading so the security profile of the device/os goes down with it as people start getting tricked into sideloading random shit that they have no way to trust, exactly what the closed app stores are supposed to be helping to avoid.
What about things like TKConfig?
Whose purpose is to send texts to numbers in your contact list to simplify/control/automate GSM-controlled devices?
That doesn't appear to be under their excluded categories, yet seems more than a reasonable use of such.
Hey Google, rather than a blanket ban, it's almost like you could present a warning that an app wants to send to a "new" number that it hasn't before, or read your contact list, or ... well things that are trivial to implement in the OS.
But that would mean getting people to actually update their Android, I assume, and most of the manufacturers you deal with absolutely 100% couldn't care less about that? I wonder if that's where the problem might lie, rather than app developers who specifically state that their apps may send texts?
Guess we needed that Ubuntu Phone ecosystem after all. Too bad most phones sold outside Asia and the EU come with crap locked bootloaders (and too bad Ubuntu Phone itself was kinda crap).
With Google running the show and locked bootloaders stopping OS replacement, Android is NOT open. It's a walled garden with a back door propped open, but if I can't replace the OS it is NOT open like the PC ecosystem was in the '90s. Time to stop propagating the "open" myth.
* Yeah, I got hit by this "feature". It basically disabled my VoIP app and is trying to push me into uploading my data to Google. Pigs will fly when I let that happen, so my phone is now less useful. (yes, the loader is unlocked, but the app developer removed the functionality, so unless an open app is created that can add it back in, fixing the OS won't fix the problem).
We need to kill the myth that android has any of the good features of open source. AOSP has a few of those features, but not all that many. Google Android drops almost all of this and takes major components and replaces them with closed-source blobs. That doesn't have to be a problem, but Google's methods made it one and it's really annoying hearing people laud it as open when it most assuredly is not.
And nobody tell me about how Android means that Linux is winning or provides us with a wonderful Linux system. I will fight you.
And nobody tell me about how Android means that Linux is winning or provides us with a wonderful Linux system. I will fight you.
It would be like saying Linux won because it was on every TiVo/Netflix box (with a suitably locked bootloader) while all desktops were locked (again via the bootloader) to run Windows. Very strange definition of "winning".
I still wonder if Torvalds thinks it was a good idea to keep the kernel GPLv2. Right now it sure looks like corporates took Linux, said "this is for us and us only", and are busy making sure they are the only ones that can change, compile, and run a kernel. You know, the entire reason most of us got into FOSS in the first place??
There are a number of reasons why moving the Linux kernel to GPL v3 might be a good thing, but keeping it as v2 has a bigger one: namely, changing it to v3 is flat-out illegal. Far too much of the code is strictly v2 instead of v2+; you'd either need to convince a large number of people to relicense or rewrite that code. The former route will certainly see a good number of refusals and people who just plain can't be reached; the latter would be a rather large undertaking that would introduce bugs in stable subsystems and take resources that could be better directed to active development.
I actually thought Ubuntu Touch was pretty good.
The only thing that it didn't have was a large number of apps, and this was really because it did not achieve any market penetration.
I would actually like to get a tablet to run it now, but unfortunately, the devices that it was certified to run on are no longer available, and I'm not actually sure I still have the skil or patience to port it to another device myself.
Google's draconian management of the Play Store is far worse than just this.
Your entire company can be permanently banned, with no recourse, because an employee has a friend who got their developer account banned.
Since Google is very quick to hand out bans for innocent developers, this is a relatively common occurrence.
Google refuses to provide a channel with which to make a meaningful appeal, and if you create a new account it will be banned (but only after they take your money, of course).
Google has created an environment where you cannot risk collaborating with other developers because it could permanently destroy your career along with your company. The first screening process for any Android development job will soon be, "do you know anyone whose developer account was banned?"
Frankly, it's hard to believe but you'll find plenty of evidence on the r/androiddev subreddit. Google has literally killed off at least several small businesses along with many innocent independent developers.
I will admit I haven't updated my code for a while(last updated for Marshmallow & databinding v1) for an app I wrote which I side load onto my tablet/phone that only I use which I use to wrap my head around a new programming environments or recommended 'best practices' as I know the problem domain quite well and its only a small db app, only useful to me which I have rewritten many many times. The original incarnation was written in Access v1, then through all incarnations of VB & Delphi, Visual Studio (.net, WinForms, WPF, TIFKAM), Objective C for iOS and various flavours of Android Studio - thinks next school holidays must rewrite for 'Pie' using Kotlin & Jetpack). Anyway, with that update I only wanted to store both the app & data on the sdcard, the number of other stupid permissions I had to include, and boilerplate handlers, so that this could happen; and stop the phone/tablet crashisng when I was using the app and the phone rang or received a text or a push notification for the app that I forgot to turn it off for was ridiculous, and because I asked for permission x also need permission y etc.
If I had been an user trying to download it, and looked at the required permissions I would have asked WTF does it need all these for & not downloaded it . I hope things have changed.
if Google just gave users the ability to stop individual apps from phoning home.
Who cares what data an app can access if it can't export the data back to it's mothership?
Of course this would keep apps from monetizing user data for targeted ads so this easy fix is not an option for Google.
Reading through the list of changes looks like Facebooks API will lose a lot of it's functionality and almost seems like the changes are being made (at least in part) because of the many investigations taking place.
I think these changes are are for the better but they should give users the chance to override (with all the appropriate warnings) to let custom apps do what they need to do as others have said.
Maybe I'm not seeing the big issue here due to the fact that I deleted any and all social media accounts when I saw that developers and phone manufacturers were accessing it long before the scandal was reported in the news.
All those companies listed in BlackBerry's "Hub" are now blocked by my network settings.
Draconian, Draconian! Google forcing people to share their contacts with unrelated programs was Draconian, this is the opposite, for us!
But look at that permissions list I asked them to put in. Lots of permissions, but not really. Each of those permissions allow them to access far too much, and just no permissions to OK has too Mich, like full network access. You read down there like an 1984's big brothers shopping list. Why does a screen saver need access to your call logs, storage, microphone etc etc. This is not the fine practical auto control I asked them. They should only be allowing permissions that specifically target expected legitimate functionality, or they get chucked off the playstore. The user should verify each, and the program may explain why its needed and provide an unobtrusive alert light and behind the scenes system for the user to enable or getting authentic Detailed easily understandable reasons why needed, and what each does, or get chucked of the playstore, and if they ask again for permission except when somebody dies something that requires it, they get chucked off the play store, and their whole company staff has to register, to detect if they are going else where to try it under a new company, and chuck them off the play store.
I think the developer access change discussed here has finally crashed my favorite app Phone2Location Pro, which was showing me all the calls and texts for a given contact listed together. The list was displayed based on most recent contact, so if caller X called today and caller Y texted yesterday, I would see X and then Y listed as recent contact history, and could click on either to see all activity with that contact, with the ability to launch a new call or SMS from that screen, or save or block a contact.
VERY ESSENTIAL to the way I work. Google has a problem with this? Is there a way to get this function back from any app?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
