Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Cuts Android Privacy Feature, Says Release Was Unintentional

Posted by Soulskill on from the pay-no-attention-to-the-droid-behind-the-curtain dept.

An anonymous reader writes "Peter Eckersley at the EFF reports that the 'App Ops' privacy feature added to Android in 4.3 has been removed as of 4.4.2. The feature allowed users to easily manage the permission settings for installed apps. Thus, users could enjoy the features of whatever app they liked, while preventing the app from, for example, reporting location data. Eckersley writes, 'When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1 The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.'"

31 of 324 comments (clear)

  1. Ups and Downs by Akratist · · Score: 5, Insightful

    One of Android's selling points has always been it's open nature, and the fact that it's not as locked down as iOS. This seems like it's taking a step in the direction of locking down the OS for the user, and unlocking it for everyone else...

    1. Re:Ups and Downs by Rosco+P.+Coltrane · · Score: 5, Insightful

      Well it's Google, what do you expect...

      If you think Google works for the good of the user, think again.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re:Ups and Downs by Chris+Mattern · · Score: 5, Funny

      If you think Google works for the good of the user, think again.

      Only Tron fights for the user.

    3. Re:Ups and Downs by erikkemperman · · Score: 5, Insightful

      The open nature is also being drastically eroded by moving more and more stuff into the Google Play Services. So while the platform is still technically open source, all the interesting things are moved into a separate, closed, layer.

      Slowly but surely, android is closing up.

      --
      Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
    4. Re:Ups and Downs by Anonymous Coward · · Score: 5, Interesting

      That is very true; much of it is moving to closed source. Unfortunately we can't have nice things. We can't have nice things because of Tivoisation ( http://en.wikipedia.org/wiki/Tivoisation ). We can't have nice things because of Samsung trying to "demote" the Google apps in favor of their crapware. We can't have nice things because of hardware vendors and carriers who won't update their devices (forcing Google to move stuff from core into apps that can be updated without intervention). There are a lot of things driving Google into close-sourcing more of the interesting bits of Android. None of those are "because they want to" or "because they are evil". They are, instead, being forced into it due to the evil of others.

    5. Re:Ups and Downs by Mordok-DestroyerOfWo · · Score: 5, Funny

      Zathras used to being beast of burden. Zathras have sad life, probably have sad death, but at least there is symmetry

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
    6. Re:Ups and Downs by oogoliegoogolie · · Score: 5, Insightful

      Oh jeez, you really need to stop looking at Google through your Android-colored glasses!
      Google was a cool tech company a decade ago when they came up with products that benefited the users, namely an email product that offered 1GB of space free when others gave you 20MB, and of course search. Since then they've morphed from a tech to an advertising and data-mining company, and all of their products reflect this.
      Google:"Do you want to sign up for G+" or "Do you want to use your real name on Youtube?"
      User:clicks NO
      Google:"OK, we'll ask you later"

      Do No Evil hasn't existed at Google for a decade, if it ever did.

    7. Re:Ups and Downs by mounthood · · Score: 4, Insightful

      It bugs me to see the crap google gets when they are the least abusive of all big companies by just about any measure ....

      They deserve to get crap for *this* and any other positive actions aren't a get-out-of-jail-free card. Until a few years ago the slashdot faq contained this:

      I thought everyone on Slashdot hated the RIAA, the MPAA, and Microsoft. Why do you keep hyping CDs, movies, and Windows games?

      Big corporations are what they are. They sell us cool stuff with one hand and tighten the screws on our freedoms with the other. We hate them every morning and love them every afternoon, and vice versa. This is part of living in the modern world: you take your yin with your yang and try to figure out how to do what's right the best you can. If you think it has to be all one way or the other, that's cool, share your opinions, but don't expect everyone else to think the same.

      --
      tomorrow who's gonna fuss
    8. Re:Ups and Downs by ImprovOmega · · Score: 3, Insightful

      As long as you can side load apps and the APIs are free for developers it will still be light-years more open than Apple ever allows you to be. Heck, you can't even write an iPhone app unless you're doing it on a Mac with a sanctioned Apple developer license.

    9. Re:Ups and Downs by LordLimecat · · Score: 3, Insightful

      Oh jeez, you really need to stop looking at Google through your Android-colored glasses!

      Wonderful ad hominem, but I dont actually have an android.

      I also like how you completely didnt address any of my points. Yes, a lot of the stuff Google does with youtube is incredibly obnoxious, as is their insistence on making Google+ work despite the fact that noone really cares. None of that really has anything to do with their corporate stewardship or ethics.

      Calling them "evil" for their youtube commenting policies just shows that you really dont understand what "evil" is referring to. For some people, Google's privacy policy is a lot more vital to their well-being than whether you are forced to use Google+ for youtube comments, and those people are probably really glad that Google actually honors its policies and resists overreach by law enforcement of various countries.

  2. Put in an app by Anonymous Coward · · Score: 3, Interesting

    I thought I read that they just pulled it out and into its own app, so that you'd have to seek out this feature. They wanted to keep folks who didn't know exactly what they were doing to stumble upon this and mess up their phones.

    1. Re:Put in an app by triffid_98 · · Score: 3, Insightful

      as someone who used the equivalent functionality in CyanogenMod for a while, I can confirm that turning off permissions dynamically in this way requires quite a bit more care than it might appear at first - apps did crash when apparently denied features quite reasonably, even when you might think they'd have to cater for that situation anyway. I'd deny network privileges to an app, and see it crash, even though it would work without problems when the privilege was given but the network was unavailable for technical reasons.

      Speaking as a fellow Cyanogenmod user...

      CASE #1

      Some apps will crash if they can't read your phone contacts (or whatever absurd permission they asked for) and report them to their remote server...and I'm totally fine with that. They said right out they needed X permission and I said no you can't. CASE #2

      A lot of applications (I've no idea what percentage though) ask for permissions that they don't need, presumably on the basis that they might need them in the future and don't want automatic updates to stop (which they will if they suddenly want new permissions) CASE #3

      see CASE #1, except the developers used this super secret coding technique called try{}catch, and the application still works fine.

  3. PDroid by JeffOwl · · Score: 5, Informative

    Gives granular control of app permissions. Requires Root, but it's worth it. I figured this change was never going to be permanent because it messes with Google's (and app developers') revenue stream.

    1. Re:PDroid by drinkypoo · · Score: 5, Insightful

      Why Android can't just give me root by default, I don't understand. It's MY device, why can't I be the one who decides if I can have root?

      There are security implications for both unlocking and rooting. It's best that they default off.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Sounds like it worked by Carrot007 · · Score: 5, Insightful

    > it could break some of the apps policed by it.

    Is that not the entire point?

    --
    +----------------- | What is the question!
    1. Re:Sounds like it worked by Nerdfest · · Score: 3, Funny

      Did you used to work i the software security division of Adobe?

  5. Just plain wrong. by Anonymous Coward · · Score: 5, Insightful

    It always irked me when you install an Android app it often produces a big long list of the things the app can access, some of which you don't want it to, but you can't pick'n'choose the access permissions, it''s all or nothing.

    That's just plain wrong.

    And for Google to release an app which can allow you to set the access permissions of apps, and then withdraw it is even wronger (yes I know that's not a real word), even if changing some of the access permissions breaks the app there's the issue that many apps don't actually need to access everything on your Android device to run.

    1. Re:Just plain wrong. by LDAPMAN · · Score: 4, Insightful

      Not all permissions are essential to the operation of the app. Thats the point of being able to selectively choose. Many IOS apps just disable certain functions or niceties when you deny a permission. They can also pop up a nice dialog when you try to do something requiring that permission and ask if you want to turn it back on. An all-or-nothing approach is just stupid and leads to users just blindly accepting what the app asks for.

  6. Re:really ? by robmv · · Score: 4, Interesting

    It was never a feature, people access it using a third party application that calls an Activity that is not normally accessible from the OS UI. It is like when people found initial semi-working code of multiple user profiles on Android 4.1, again not accessible to the users, and later releases added the feature when the code was completed and tested. I think we will see this feature enabled on later Android versions when they get to finish it and find ways to make old applications not crash when permissions are removed.

  7. Eagerly awaited by dargaud · · Score: 4, Insightful

    I've been waiting for this for... forever. But not just [Enable]/[Disable], I also want [Produce random fake data] and [Produce data generated by external app hereby selected]. So that I can write or load an app that feeds intelligent but fake info to the others.

    --
    Non-Linux Penguins ?
    1. Re:Eagerly awaited by dido · · Score: 3, Informative

      If you're rooted, you can install the XPosed Framework and the XPrivacy module for it, which will allow you to lie to an app about the permissions it requests. CyanogenMod 10.1 also has such a feature, although the UI is rather clumsy if you ask me.

      --
      Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
  8. Is there anyone here by bravecanadian · · Score: 4, Insightful

    Who is surprised?

    That data is Google's entire business.

  9. Re:IOS? by Desler · · Score: 5, Informative

    Settings -> Cellular and then toggle off the apps you don't want using it. For apps you don't want using your location data, you simply deny them when the app runs the first time. If after the fact you want to deny them this permission you go to Settings -> Privacy -> Location Service and again toggle off the apps you don't want to have that permission. And guess what? None of the apps will crash due to these things being turned off.

    The saddest part of your post is you probably thought you were going to completely baffle people with the question when these toggles have been part of iOS for years now (if not since the beginning).

  10. Re: Meh by Wookact · · Score: 4, Informative

    There are reasons not to update as well: additional ads, removal of liked features. When I find an app and version I like I make a copy of the apk. Then if there is an update that I don't like I can always go back to the old version. I've had to do this with the local newspapers application as it has become bloated with ads, and crazy permissions.

  11. Great in Theory by ironicsky · · Score: 3, Interesting

    The app is great in theory, but horrible in implementation. I checked out the App Ops functionality and if you don't know what you are doing you can cripple your phone. The problem is it allows you to change the functionality of system apps and core services by denying them access to the device *oops*.

    I definitely think this is a needed feature, but it needs to be implemented at installation of apps from the play store. When an app says "We'll need the following permissions" the user should be able to toggle off each one they dont want the app having access to, then use the traditional permissions manager to modify it in the future.. From the App Ops, I learned that Angry Birds accesses your location when you run it. For what user-supporting function? None... There is no reason why it needs access to my location. My Grocery Store locator? That needs access to my location, but not my contacts.

  12. Re:really ? by Arker · · Score: 5, Insightful

    The difference is that this is really critical functionality that should have been built in and tested from day one, but gets pushed way down the priority stack because of googles conflict of interest in the matter. So it's like that situation a little, but not really.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
  13. Re:really ? by Bob9113 · · Score: 5, Insightful

    I think we will see this feature enabled on later Android versions when they get to finish it and find ways to make old applications not crash when permissions are removed.

    It is already known how to enable it without crashing the applications; return fake data. The cause of the app failure is not returning any data. There is a tool for returning fake data, which I think was briefly included in CyanogenMod. It causes apps that rely on the data for their revenue stream to continue operating without getting their payment (clean, marketable data). It was decided that tricking apps into operating was, in one way of thinking, using the software without the informed consent of the programmer -- something akin to misappropration -- and so it was removed.

    You may not agree with that perspective, but it is the issue that Google is wrestling with: Should they facilitate the ability to prevent apps from knowing that they are not getting the clean data that they currently take as payment for producing the app?

    In my opinion, our current standards for acquiring such data are extremely shady, relying heavily on a consumer base that is deeply misinformed of the extent of the surveillance and the risks the data stores pose. Where the balance of good lies between surveillance and countermeasures is hard to tell; it could be that subverting the datastream is pro-social in the long run -- but that is not the side on which Google's bread is buttered. They have a strong motive to see things from the app developers / watchers / revenue stream point of view. A great deal of money flows to Google from informed, uninformed, and misinformed consent to surveillance.

    --
    Stop-Prism.org: Opt Out of Surveillance
  14. developer ego by spaceman375 · · Score: 4, Interesting

    By far the most annoying permission is abused by developers on every OS I've tried: Launch at boot. Of Course, YOUR app is so very important that it HAS to use time and resources just so it can be ready at all times. Get over yourselves: I'll launch it when I want it. I'd be WAY happy to just be able to deny that one permission on Android.

    --
    On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
  15. The summary is utter crap. by Real1tyCzech · · Score: 5, Informative

    It wasn't a feature. It wasn't "released". It didn't debut in 4.3.

    It was in the code for testing only, and never meant to be used outside of Google.

    There is almost nothing about this summary that is correct.

    But hey; good fodder for the haters to start crying "Foul!" about an OS they don't use....

    1. Re:The summary is utter crap. by bankman · · Score: 3, Insightful

      You may be right, but that doesn't diminish the fact that this should have been a feature from the very beginning and that its removal is not a step in the right direction from the user perspective.

      Oh, and yes, I don't use this OS (or any other smartphone for that matter) for precisely this reason, I can't properly contain and manage the installed software on a very privacy sensitive device.

      --
      I feel so sig.
  16. Re:really ? by Rob+Riggs · · Score: 4, Interesting

    You may not agree with that perspective, but it is the issue that Google is wrestling with: Should they facilitate the ability to prevent apps from knowing that they are not getting the clean data that they currently take as payment for producing the app?

    In my opinion, our current standards for acquiring such data are extremely shady, relying heavily on a consumer base that is deeply misinformed of the extent of the surveillance and the risks the data stores pose. Where the balance of good lies between surveillance and countermeasures is hard to tell; it could be that subverting the datastream is pro-social in the long run -- but that is not the side on which Google's bread is buttered. They have a strong motive to see things from the app developers / watchers / revenue stream point of view. A great deal of money flows to Google from informed, uninformed, and misinformed consent to surveillance.

    I completely agree. There is another, related problem that Google needs to address. Users have little recourse when app producers renege on the privacy that was initially sold to the user. For example, I paid for WeatherBug Elite simply because it did not require "phone state and identity" when I purchased it. Guess what? A year later they wanted that information for "Elite" too. I can either accept or not upgrade. I don't upgrade. I have a bunch of apps that are not getting updated because the new perms they ask for are ridiculous. If users cannot maintain the privacy that they paid for, what other options exist for them?

    Either privacy has value and must be honored by app producers as part of the sale, or it doesn't and users have the right to block access to private information.

    --
    the growth in cynicism and rebellion has not been without cause