Slashdot Mirror
Google Cuts Android Privacy Feature, Says Release Was Unintentional
An anonymous reader writes "Peter Eckersley at the EFF reports that the 'App Ops' privacy feature added to Android in 4.3 has been removed as of 4.4.2. The feature allowed users to easily manage the permission settings for installed apps. Thus, users could enjoy the features of whatever app they liked, while preventing the app from, for example, reporting location data. Eckersley writes, 'When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1 The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.'"
One of Android's selling points has always been it's open nature, and the fact that it's not as locked down as iOS. This seems like it's taking a step in the direction of locking down the OS for the user, and unlocking it for everyone else...
I thought I read that they just pulled it out and into its own app, so that you'd have to seek out this feature. They wanted to keep folks who didn't know exactly what they were doing to stumble upon this and mess up their phones.
It's possible that this feature got through Q&A without noticing or telling which got through the cracks. They bigger you are, they more complex "papers and bureaucrary becomes thus more mistakes are bound to happen...like this. I won't judge them for this mistake but people will judge them by how they fix this mistake and how fast can it be fixed. Everyone can make mistakes but it takes skills to learn from it. Let's hope Google can learn from it.
PC Gaming enthousiast that gives comments, opinions and reviews on Games. I'm just having fun with games while doing let
Gives granular control of app permissions. Requires Root, but it's worth it. I figured this change was never going to be permanent because it messes with Google's (and app developers') revenue stream.
See also: "See No Evil", "Speak No Evil", and "Hear No Evil".
> it could break some of the apps policed by it.
Is that not the entire point?
+----------------- | What is the question!
I grew fed up with android years ago. What kind of calculator app requires weekly updates? Dumbphones FTW
You don't *have* to update. Once I find a fully working app, I never update it. What would be the point, since it already works?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
It always irked me when you install an Android app it often produces a big long list of the things the app can access, some of which you don't want it to, but you can't pick'n'choose the access permissions, it''s all or nothing.
That's just plain wrong.
And for Google to release an app which can allow you to set the access permissions of apps, and then withdraw it is even wronger (yes I know that's not a real word), even if changing some of the access permissions breaks the app there's the issue that many apps don't actually need to access everything on your Android device to run.
https://developers.google.com/android/nexus/images
"If any question why we died, Tell them because our fathers lied."
I wonder how many more overt measures that can be easily interpreted as pro-surveillance pro-advertising need google take, before the masses turn to alternatives like cyanogenmod etc.
I opted out of the whole smart-phone schtick a few months ago. I had an iPhone. I loved the feature that enabled me to disable certain apps from reporting certain things that I couldn't see why anyone in their right mind would want. If I was currently using an Android phone, this would make me toss it.
Politics; n. : A religion whereby man is god.
Settings -> Cellular Data -> Use Cellular Data for
I've been waiting for this for... forever. But not just [Enable]/[Disable], I also want [Produce random fake data] and [Produce data generated by external app hereby selected]. So that I can write or load an app that feeds intelligent but fake info to the others.
Non-Linux Penguins ?
Who is surprised?
That data is Google's entire business.
Current Android API's do not allow an app to query to see if a requested permission was not granted very easily
Why isn't it just a case of trying something and catching a SecurityException?
Especially the ones that slurp user data and send it back to the mothership, then whoever the mothership sells it to. I definitely see why they think it was not a good idea.
I grew fed up with android years ago. What kind of calculator app requires weekly updates? Dumbphones FTW
You'll be laughing on the other side of your face if we switch our number system to duodecimal or balanced ternary!
Better battery consumption? Optimization? There are lots of reason to update an application.
4.3 doesn't work with several brands of Bluetooth keyboard that use a Broadcom chipset. It recognizes them as a "non-alphabetic keyboard". But if you have root to install a 4.3 ROM, you probably have root to work around this 4.3 problem.
All that'd mean is that the cut scene of an enemy force launching the missiles, which the game shows if there are no saved games (that is, on first run), would play again. No file system permissions means your game wouldn't be able to save the player's progress anyway.
Enough said, really...
First of all, there was NO UI to activate this feature. The only access was through third-party apps that allow you to launch arbitrary activities (for those not familiar with Android, think application windows) in other apps.
So it was obviously unsupported by Google. The first thing I think of are Chrome's Labs at chrome://flags which carries this warning:
WARNING These experimental features may change, break, or disappear at any time. We make absolutely no guarantees about what may happen if you turn one of these experiments on, and your browser may even spontaneously combust. Jokes aside, your browser may delete all your data, or your security and privacy could be compromised in unexpected ways. Any experiments you enable will be enabled for all users of this browser. Please proceed with caution. Interested in cool new Chrome features? Try our beta channel at chrome.com/beta.
And THOSE are UI-exposed, unlike App Ops. The same warnings would apply to App Ops, if not worse.
Android permissions were built on the assumption that they were all-or-nothing: either the user would install the app and grant all permissions, or the user would deny the permissions and not install the app. It isn't like webpage permissions where the user may decline to allow a page to display desktop notifications or go fullscreen and the page can react to that.
Because apps expect permissions to always succeed, the common approach to making permission-limiting frameworks is to make the app think it still has permission by serving it dummy data, like an empty contacts list, or a blank image purportedly from the camera, so the app still operates.
Google is saying some apps were not compatible, which tells me App Ops still needs work, which explains why they have not formerly released it.
Some people have been using App Ops and now find the UI crashes when you load it, but the underlying feature is still applying the settings. Considering it was an unsupported and experimental feature this is not surprising, and it is not surprising Google removed access. Back when Google Chrome was brand new, occasionally Google would ship Dev builds that would crash on launch for a not insignificant portion of the user base. Such is the risk of alpha software (or in this case, an alpha feature).
It would be great for an App maker to be able to selectively ask for permissions from a user. But letting the user pick and choose what permissions they want ANY app to have creates a giant headache for app makers. Think about all of the permutations you have to test for if a user selectively grants permissions. Think about the intelligence of half the people who use smart phones. A user disables a critical permission, app fails to function, and user rates the app 1 star. And don't tell me its the dumb user's fault, cause you know the app maker is going to have to deal with it regardless.
Settings -> Cellular and then toggle off the apps you don't want using it. For apps you don't want using your location data, you simply deny them when the app runs the first time. If after the fact you want to deny them this permission you go to Settings -> Privacy -> Location Service and again toggle off the apps you don't want to have that permission. And guess what? None of the apps will crash due to these things being turned off.
The saddest part of your post is you probably thought you were going to completely baffle people with the question when these toggles have been part of iOS for years now (if not since the beginning).
It seems to be working great, even with some of Google's own apps. Comes out the same way whether I don't install an app because I don't think a fucking flashlight app should get network and GPS permissions or because that app breaks when it attempts to request them and it doesn't get them. I'm just less likely to install the app if I think the developer was just being lazy and requesting all permissions. Arguably I shouldn't be installing apps from bad developers anyway. Also arguably Google shouldn't be allowing them on their store in the first place (Including some of their own apps which apparently don't actually need all those permissions either.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Why would you bake in the ability to disable things like network access when ad serving is the main source of revenue for app developers? Sounds like shooting the meal ticket to me. Ads are how you pay for content. If you don't like it you can build your own app and release it for free. The rest of us have to eat.
I don't update the OS or apps on both my phone and tablet.
There are reasons not to update as well: additional ads, removal of liked features. When I find an app and version I like I make a copy of the apk. Then if there is an update that I don't like I can always go back to the old version. I've had to do this with the local newspapers application as it has become bloated with ads, and crazy permissions.
You mean not everyone is using XPrivacy already?! Ok, live and learn. Like when I actually first saw an ad in an android phone, mine never shows one.
The app is great in theory, but horrible in implementation. I checked out the App Ops functionality and if you don't know what you are doing you can cripple your phone. The problem is it allows you to change the functionality of system apps and core services by denying them access to the device *oops*.
I definitely think this is a needed feature, but it needs to be implemented at installation of apps from the play store. When an app says "We'll need the following permissions" the user should be able to toggle off each one they dont want the app having access to, then use the traditional permissions manager to modify it in the future.. From the App Ops, I learned that Angry Birds accesses your location when you run it. For what user-supporting function? None... There is no reason why it needs access to my location. My Grocery Store locator? That needs access to my location, but not my contacts.
There's already an Xposed Framework Module that brings back App Ops on Android 4.4.2. The xPrivacy module is also an alternative.
There are a ton of apps I won't install, because they want to be able to make calls, see my call history, my contacts, get precise location, etc. Right now, it's an all-or-nothing approach. Either accept all of that, or don't install. More often than not, I don't install.
Listen up Google:
When you install or update an app, and it shows the permissions for the app, every single one, right there in the install/update popup for the app, should have the on/off slider, and let the user determine what permissions to give the app.
If this inconveniences the developer, too bad. Because as it is, I don't install those apps in the first place.
I have been quite disappointed that this isn't available. If CM has something like this, then I might just go to CM for all my devices.
Don't steal. The government hates competition.
By far the most annoying permission is abused by developers on every OS I've tried: Launch at boot. Of Course, YOUR app is so very important that it HAS to use time and resources just so it can be ready at all times. Get over yourselves: I'll launch it when I want it. I'd be WAY happy to just be able to deny that one permission on Android.
On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
AFAIK, there is no iOS equivalent of CryogenicMod ;-)
Why would you bake in the ability to disable things like network access when ad serving is the main source of revenue for app developers?
Because Google screwed up early on. When Android launched, Google Checkout (now Google Wallet) was available in too few countries. Paid apps would not appear in the Android Market (now Google Play Store) application, and in the web, they would appear as "Not available in your country". So in order to get any sort of international user base for an application, the developer had to distribute it without charge. This led to a culture where users expect free apps. Apple, on the other hand, never launched the iPhone or iPad in a country until it had payment working in that country.
That is why I always check the change logs before manually updating any app.
Without launching at boot, how would an application designed to connect to an Internet service notify you of things relevant to your account on that service? For example, if an app store doesn't launch at boot, then you won't get notified about security updates to your existing apps until you happen to look for new apps, which might not be for weeks.
The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through.
I think Obi-Wan felt something like this when Alderaan was destroyed.
It must have been something you assimilated. . . .
The AOSP has the code for this, and many distros integrated that feature, for example CyanogenMOD.
I can confirm this. CyanogenMod 11 nightlies (Android 4.4.2) contain the AppOps code and the available launcher continues to work.
It wasn't a feature. It wasn't "released". It didn't debut in 4.3.
It was in the code for testing only, and never meant to be used outside of Google.
There is almost nothing about this summary that is correct.
But hey; good fodder for the haters to start crying "Foul!" about an OS they don't use....
It's still better than iOS because you still have more choice. For instance, if you wish, you can run aosp without Google apps and only install other FOSS apps. It's what I do... mostly.
If it ain't broke, don't fix it.
Clearly, some apps do need to launch and boot. In the example you listed, the launch could be "daily" instead of "at boot"
Even "daily" might not be enough for a messaging app that needs to check whether you received new e-mail or whatever since you last booted your device, or an online trading app that needs to check whether you've been outbid on your auctions since you last booted your device.
Who's to say the app doesn't actually leave the location reporting turned on regardless of that setting?
Well it's not possible to override your setting unless you root your phone.
Of course the only way to granularly adjust permissions now is to root the phone... hmm.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Don't like a permission? Don't install the app.
Fuck You.
Sorry if that sounds rude. But I am just echoing what YOU are saying to 99% of Android users. How many non-technical people do you know that still cannot comprehend the difference between storage and memory in a device? And yet those people are supposed to look through a long laundry list of incomprehensible technical terms and make a judgment if it's worth downloading any given application?
This is exactly the attitude that led to the dark days of insecure PC's and virus/malware that we are still trying to recover from.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
[ Could this privacy / security downgrade be NSA inspired? Could Apple's products be next to follow? ]
1. Turn OFF all Android 4.4.2 devices - [ Could be inconvenient, particularly for phones & phablets. ]
2. Don't allow any other devices to [Auto-]Update to 4.4.2
3. Find -older- devices to replace those Turned OFF (in Step 1) - [ Could be costly, if you don't have old devices on-hand. ]
4. Remove installed [Google-] apps' updates.
5. Wait for Goggle to notice [hopefully, FAR] FEWER 4.4.2 systems online (assuming they can't switch them back On...)
and to decide to -lift- their game, before we have to -seriously- consider migrating to Apple...
(Any additional suggestions would be most welcome.)
We had some unopened [backup] devices on-hand, purchased at discount, after release of newer models.
PS We now appreciate Samsung's "slowness" to release system updates... maybe they quietly test each one & wait for tests to indicate no reduction of privacy / security features, before passing them on to us...? I -hope- so, we do -not- know for sure.
So, since reading this news item about 4.4.2, we've had to Power Off & shelve a fleet of Nexus 7's that have just self-updated to 4.4.2.
But we were -lucky- to have [remnants of] an older fleet - made by Samsung - on-hand, that we'd -almost- forgotten about, ie, after noticing Samsung's "slowness" to release Android upgrades. We -had- a dangerous habit of "only the latest will do" but have quickly come to appreciate Samsung...
Now, we wonder if our Korean friends there weren't just doing -tests- for privacy / security downgrades, in Android... and holding back the "latest" versions, until they notice -restoration- of our privacy / security levels. Perhaps a fiction... but... it was really nice to find some Samsung Android 4.1.2 devices near at hand, this morning. :-)
You want Open Source? Cool... Firefox is your friend.
Fast? Try Opera.
Both are our friends, at the moment.
I've had Blackberry apps that refuse to operate after their permissions are removed. Note that they don't crash, they just refuse to work (they ask for the permissions, and if you say no, they close). I would be unsurprised to find a similar outcome on the iOS. I'm generally okay with that, I just wish they'd show their permission requirements before I downloaded them - I don't need a flashlight app that wants to see my contact list.
Sure I'm paranoid, but am I paranoid enough?
I'm sure there are apps that might. I've yet to see any that has though. I even just denied Waze location services and it still created a route and everything for me. It simply just didn't have a GPS lock.
Android has had a good permission manager for years: LBE.
You can do blanket bans, whitelists, etc or drill down into granular permissions for each app. It can also block abusive texts, etc. You do need root.
Da Blog
Better battery consumption? Optimization? There are lots of reason to update an application.
I'd add to that bug fixes for obscure hardware as new bug reports are filed.
But I also agree with a poster above and below - once I have a working app, I skip the upgrades generally.
S Planner apparently has given itself a huge number of permissions, including apparently reading my gmail, and I have no way of un-installing it.
The poorly names "S Planner" was found by my colleagues to be the only Android app which is fully compatible with Outlook Calender. So yeah, it needs to read your e-mail, because Outlook meeting requests/etc are sent via e-mail. (In comparison were also Sony and HTC phones. Google's own Calender is so feature-poor that it is even not preinstalled by default.)
No, I don't like it either (nor use that). But many users are very very happy about it.
(Other than dropping my $700 investment in the garbage).
There are plenty of tutorials on how to root your phone and remove the preinstalled bloatware. With some versions/phones, it is/was even possible without rooting.
Otherwise, I'm using S Planner occasionally as a calender app and it is pretty OK. Also, when investigating some problems with my S3mini I have monitored the whole of the my phone's (wi-fi) traffic with the WireShark for 2 days (~40 hours). There were only few short packets going Samsung way, while there was continuous stream of something Google was loading to/from my phone. (That was causing my phone's battery to go flat within 12 hours. And the reason why I stopped auto-updating Google apps completely. Phone runs soo much better now. Almost 3 days on single charge when idle.)
All hope abandon ye who enter here.
Many offline apps (most notable example is the games) require network connection to load the ads. If you remove the permission to access the network, they wouldn't be able to load and display the ads. Instant (and data traffic saving) win!
Google simply can't allow that.
All hope abandon ye who enter here.
Stressing that Apple can do it better is probably the most effective route to shaming Google into re-enabling this feature - or to getting the code fixed so that it actually works properly.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Uhhhh, well let's see:
a) Android will notify you if there are updates to apps via the apps store processes *ALREADY* running in the background. There's no need for apps to do this individually
b) This can also easily be done when the app is started by the user, just check for updates on startup, don't start up on boot.