Google Cuts Android Privacy Feature, Says Release Was Unintentional

An anonymous reader writes "Peter Eckersley at the EFF reports that the 'App Ops' privacy feature added to Android in 4.3 has been removed as of 4.4.2. The feature allowed users to easily manage the permission settings for installed apps. Thus, users could enjoy the features of whatever app they liked, while preventing the app from, for example, reporting location data. Eckersley writes, 'When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1 The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.'"

Ups and Downs

[Akratist]

One of Android's selling points has always been it's open nature, and the fact that it's not as locked down as iOS. This seems like it's taking a step in the direction of locking down the OS for the user, and unlocking it for everyone else...

Re:Ups and Downs

[Rosco+P.+Coltrane]

Well it's Google, what do you expect...

If you think Google works for the good of the user, think again.

Re:Ups and Downs

[Chris+Mattern]

If you think Google works for the good of the user, think again.

Only Tron fights for the user.

Re:Ups and Downs

[erikkemperman]

The open nature is also being drastically eroded by moving more and more stuff into the Google Play Services. So while the platform is still technically open source, all the interesting things are moved into a separate, closed, layer.

Slowly but surely, android is closing up.

Re:Ups and Downs

That is very true; much of it is moving to closed source. Unfortunately we can't have nice things. We can't have nice things because of Tivoisation ( http://en.wikipedia.org/wiki/Tivoisation ). We can't have nice things because of Samsung trying to "demote" the Google apps in favor of their crapware. We can't have nice things because of hardware vendors and carriers who won't update their devices (forcing Google to move stuff from core into apps that can be updated without intervention). There are a lot of things driving Google into close-sourcing more of the interesting bits of Android. None of those are "because they want to" or "because they are evil". They are, instead, being forced into it due to the evil of others.

Re:Ups and Downs

[Mordok-DestroyerOfWo]

Zathras used to being beast of burden. Zathras have sad life, probably have sad death, but at least there is symmetry

Re:Ups and Downs

[oogoliegoogolie]

Oh jeez, you really need to stop looking at Google through your Android-colored glasses!
Google was a cool tech company a decade ago when they came up with products that benefited the users, namely an email product that offered 1GB of space free when others gave you 20MB, and of course search. Since then they've morphed from a tech to an advertising and data-mining company, and all of their products reflect this.
Google:"Do you want to sign up for G+" or "Do you want to use your real name on Youtube?"
User:clicks NO
Google:"OK, we'll ask you later"

Do No Evil hasn't existed at Google for a decade, if it ever did.

PDroid

[JeffOwl]

Gives granular control of app permissions. Requires Root, but it's worth it. I figured this change was never going to be permanent because it messes with Google's (and app developers') revenue stream.

Re:PDroid

[drinkypoo]

Why Android can't just give me root by default, I don't understand. It's MY device, why can't I be the one who decides if I can have root?

There are security implications for both unlocking and rooting. It's best that they default off.

Sounds like it worked

[Carrot007]

> it could break some of the apps policed by it.

Is that not the entire point?

Just plain wrong.

It always irked me when you install an Android app it often produces a big long list of the things the app can access, some of which you don't want it to, but you can't pick'n'choose the access permissions, it''s all or nothing.

That's just plain wrong.

And for Google to release an app which can allow you to set the access permissions of apps, and then withdraw it is even wronger (yes I know that's not a real word), even if changing some of the access permissions breaks the app there's the issue that many apps don't actually need to access everything on your Android device to run.

Re:IOS?

[Desler]

Settings -> Cellular and then toggle off the apps you don't want using it. For apps you don't want using your location data, you simply deny them when the app runs the first time. If after the fact you want to deny them this permission you go to Settings -> Privacy -> Location Service and again toggle off the apps you don't want to have that permission. And guess what? None of the apps will crash due to these things being turned off.

The saddest part of your post is you probably thought you were going to completely baffle people with the question when these toggles have been part of iOS for years now (if not since the beginning).

Re:really ?

[Arker]

The difference is that this is really critical functionality that should have been built in and tested from day one, but gets pushed way down the priority stack because of googles conflict of interest in the matter. So it's like that situation a little, but not really.

Re:really ?

[Bob9113]

I think we will see this feature enabled on later Android versions when they get to finish it and find ways to make old applications not crash when permissions are removed.

It is already known how to enable it without crashing the applications; return fake data. The cause of the app failure is not returning any data. There is a tool for returning fake data, which I think was briefly included in CyanogenMod. It causes apps that rely on the data for their revenue stream to continue operating without getting their payment (clean, marketable data). It was decided that tricking apps into operating was, in one way of thinking, using the software without the informed consent of the programmer -- something akin to misappropration -- and so it was removed.

You may not agree with that perspective, but it is the issue that Google is wrestling with: Should they facilitate the ability to prevent apps from knowing that they are not getting the clean data that they currently take as payment for producing the app?

In my opinion, our current standards for acquiring such data are extremely shady, relying heavily on a consumer base that is deeply misinformed of the extent of the surveillance and the risks the data stores pose. Where the balance of good lies between surveillance and countermeasures is hard to tell; it could be that subverting the datastream is pro-social in the long run -- but that is not the side on which Google's bread is buttered. They have a strong motive to see things from the app developers / watchers / revenue stream point of view. A great deal of money flows to Google from informed, uninformed, and misinformed consent to surveillance.

The summary is utter crap.

[Real1tyCzech]

It wasn't a feature. It wasn't "released". It didn't debut in 4.3.

It was in the code for testing only, and never meant to be used outside of Google.

There is almost nothing about this summary that is correct.

But hey; good fodder for the haters to start crying "Foul!" about an OS they don't use....