Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Permission System Could Make Android Much Less Secure

Soulskill posted about 4 months ago | from the this-app-is-requesting-permission-to-shock-you-with-a-tazer dept.

Android 249

capedgirardeau writes: An update to the Google Play store now groups app permissions into collections of related permissions, making them much less fine grained and potentially misleading for users. For example, the SMS permissions group would allow an app access to both reading and sending SMS messages. The problem is that once an app has access to the group of permissions, it can make use of any of the allowed actions at any time without ever informing the user. As Google explains: "It's a good idea to review permissions groups before downloading an app. Once you've allowed an app to access a permissions group, the app may use any of the individual permissions that are part of that group. You won't need to manually approve individual permissions updates that belong to a permissions group you've already accepted."

Sorry! There are no comments related to the filter you selected.

How is this a good idea? (5, Insightful)

matthewmok (412065) | about 4 months ago | (#47215223)

I don't think it has to be explained why this is a potential problem. So then, it should be explained why this is such a great idea that the problems it creates are insignificant.

Re:How is this a good idea? (4, Informative)

markkezner (1209776) | about 4 months ago | (#47215281)

This permission grouping is the exact opposite direction that Android permissions should be heading. There are a number of permissions, such as "Read Phone State and Identity" that should be broken up because they aren't even strongly related to each other.

Re:How is this a good idea? (5, Insightful)

Russ1642 (1087959) | about 4 months ago | (#47215425)

They should be moving towards a model where you can individually allow or disallow a permission, even if the app says it requires it. But this would cause chaos for all those apps that require 'full internet access' so they can push ads, collect data, invade your privacy, and molest your children.

Well, no. (5, Insightful)

Anonymous Coward | about 4 months ago | (#47215725)

Google wants companies to actually write apps for the Google Play store. If they give end-users too much power over the permissions, they drive companies out of the Google Play store and over to the Apple store.

On the other hand, Google also wants end-users to actually buy these products. By grouping permissions up, they seem innocuous, so users feel less threatened (even though they should feel more threatened) and will buy the stuff.

From a business perspective, this move makes perfect sense. From an educated geek end-user's perspective, it really sucks. But what are you going to do? The world you want to live in does not exist.

Re:Well, no. (4, Insightful)

epine (68316) | about 4 months ago | (#47216229)

From a business perspective, this move makes perfect sense. From an educated geek end-user's perspective, it really sucks. But what are you going to do?

First of all, I'm not going to purchase any of those fancy apps. I'm going to use my smart phone as for phone calls, photographs, maps, and web browsing. While it's truly a waste of a beautiful technology, it's merely inconvenient not to bother with all those invasive programs.

I consider the new security model worse than not having the apps at all.

Re:Well, no. (1)

Anonymous Coward | about 4 months ago | (#47216455)

Looks like we have no other choice than to buy a second phone to run invasive programs. Hmm, maybe that's what they're hoping will happen?

Re:Well, no. (1)

JeffOwl (2858633) | about 4 months ago | (#47216397)

The world I live in includes fine grained permission controls and even spoofing information so that apps don't crash. Yes, it requires extra work to set up, but I don't mind and even enjoy the tinkering. Yes, that isn't everyone, but I need most of you to stick with the stock business model to keep the ecosystem healthy anyway.

Well, no. (1)

kaladorn (514293) | about 4 months ago | (#47216549)

And they'll stop geeks, some of the potentially most heavy users of their technology, from leveraging them, recommending them, or wanting to develop for them.<br><br>I don't see that the current permission system was preventing anyone developing anything. Have you noticed how many apps are on Google Play? This seems like trying to pursue business that is already being done....

Well, no. (0)

Anonymous Coward | about 4 months ago | (#47216631)

hey drive companies out of the Google Play store and over to the Apple store.

That's not 100% true. App developers will follow the users and users will follow the app developers. It's a herd mentality on both sides and as such is much harder to predict than "companies will just go to apple."

Re:Well, no. (4, Interesting)

Rich0 (548339) | about 4 months ago | (#47216675)

But what are you going to do? The world you want to live in does not exist.

Simple, install XPrivacy. Problem solved. App wants a IMEI? No problem - just give it a random one, or a different one on each boot.

Re:How is this a good idea? (2, Interesting)

Anonymous Coward | about 4 months ago | (#47215869)

So get cyanogenmod. There, you can install an app and revoke permissions later. A simple use is to install "angry birds" (or similiar games) and then revoke the internet permissions. No more ads, the game still works. (It has to, to the game it merely seems like you aren't online at the moment.)

Also, android has a linux kernel, which means iptables-based firewalling works. So go ahead and block ad-servers and such.

Re:How is this a good idea? (1)

tepples (727027) | about 4 months ago | (#47216915)

No more ads, the game still works. (It has to, to the game it merely seems like you aren't online at the moment.)

Until it disables starting the game because the player hasn't connected to the Internet for weeks.

Re:How is this a good idea? (2)

Anonymuous Coward (1185377) | about 4 months ago | (#47216957)

Also, android has a linux kernel, which means iptables-based firewalling works

Not necessarily.

On my phone the kernel was built without iptables support.

I had to beg for the modified kernel sources, wait 3 months to get them, and then waste a lot of time to learn about the stupid idiosyncrasies of 'android is not gnu', just to get that standard linux feature working.

Re:How is this a good idea? (1)

daviee (137644) | about 4 months ago | (#47216285)

1) A user review a long list of permissions and what it means per app, then grants/denies them individually
2) Group things into familiar/simple terms so even a non-technical user can easily see "this doesn't look right"

Re:How is this a good idea? (0)

Anonymous Coward | about 4 months ago | (#47216839)

>They should be moving towards a model where you can individually allow or disallow a permission, even if the app says it requires it.

It's sad that the competition lets you do this, but Android doesn't. Whither BlackBerry.

Re:How is this a good idea? (1)

kaladorn (514293) | about 4 months ago | (#47216527)

I'd agree entirely with that.<br><br>I'm already not sanguine about the permissions apps ask for (and in fact, several security research firms have pointed out the risks). Often times, a well meaning dev will explain that he has to have X permission because google has buried one particular function (not always obviously related) into that permission and that function makes sense for the app. You almost get the feeling the dev is apologetic in many cases and would like to just have a single finer grained permission.<br><br>It's okay to HAVE permission groups, but you should also have very finely grained permissions. Good companies and devs would only use the fine grained ones that did the MINIMUM they needed to do. And one would then not install overly broad permission groups.<br><br>Why is Google putting the work of vetting permission groups and understanding the implications onto end users versus onto themselves and the devs for apps? This smacks of something for lazy devs versus something for consumers.<br><br>And one more thing: How about installation require the minimum number of permissions to make the basic app functions work and additional permissions queried and granted/denied if optional features are enabled?<br><br>I have a lot of apps that want permissions for social media integration and I'm not on that boat and will never use that part of their app. Why do I need to open that security door to install since the rest of their app functions fine without it?<br><br>Mobile development seems to be about as poorly thought out (API wise and design wise) as PC software was in the early days of GUIs.

Helper apps (1)

tepples (727027) | about 4 months ago | (#47216987)

Often times, a well meaning dev will explain that he has to have X permission because google has buried one particular function (not always obviously related) into that permission and that function makes sense for the app. You almost get the feeling the dev is apologetic in many cases and would like to just have a single finer grained permission.

Where I come from, such an explanation has a name: a "privacy policy".

And one more thing: How about installation require the minimum number of permissions to make the basic app functions work and additional permissions queried and granted/denied if optional features are enabled?

If you're talking about a checkbox to turn permissions on and off, the party line is that that would cause apps to crash. Too many existing apps are not designed to catch the SecurityException that the system would throw if the user were to disable a permission.

Otherwise, in Android's current security model, the developer could separate each optional feature into a separate helper app that gets its own set of permissions, and the helper app would perform an action on the main app's behalf. (In Android, different apps from the same publisher can communicate with few restrictions.) For example, a keyboard app like Swype could offer a separate app for each dictionary: one for each language (such as "Swype en español"), one for the names of your contacts ("Swype Knows Your Name"), and one for the names of nearby landmarks ("Swype Local") that needs GPS and Internet. When the user turns on an optional feature that needs a helper app, the app directs to the helper app's Google Play Store page.

Re:How is this a good idea? (3, Funny)

Anonymous Coward | about 4 months ago | (#47215311)

Its a great idea because most people are idiots who click 'Accept' anyway and this will mean less apps break. As for the problems.. what problem.. you wanting privacy is a bigger problem for Google's business.

Re:How is this a good idea? (2, Funny)

bluefoxlucid (723572) | about 4 months ago | (#47215719)

FEWER YOU MOTHERFUCKER!!!!augahutauthasugacoduausaotuhsnaotdsanodfcr

Re:How is this a good idea? (1)

BasilBrush (643681) | about 4 months ago | (#47215407)

You'd have thought Google would have copied the iOS approach to permissions by now.

(Denying a permission doesn't stop the whole app from working if there are things that the app can do without the permission. Permissions are requested from the user when the app first tries to do the restricted thing. They may be accepted or denied, and may be changed at any time in the future.)

Re:How is this a good idea? (2)

0123456 (636235) | about 4 months ago | (#47215683)

Yes, but that would help users block tracking and advertising, so it's a no-no.

The absurd permission demands from simple, crappy applications is why I'd love to see a real alternative to Android that doesn't cost Apple prices.

Re:How is this a good idea? (0)

Anonymous Coward | about 4 months ago | (#47215973)

I'm fine ads. You want free ($) games and apps, you deal with ads. Or pay 99c and support the developer. whatever...

Most apps ask for very invasive permissions, like reading AND WRITING you address book. For social networking apps, that's kinda okay but why would e.g. truck racing game need access to your address book? Or location? Or Camera/Mic?

Re:How is this a good idea? (1)

0123456 (636235) | about 4 months ago | (#47216133)

Duh. So it can sell that information to advertisers to serve targetted ads.

Re:How is this a good idea? (3, Insightful)

Grishnakh (216268) | about 4 months ago | (#47216147)

The absurd permission demands from simple, crappy applications is why I'd love to see a real alternative to Android that doesn't cost Apple prices.

It seems like Cyanogenmod is probably the best alternative available right now.

Re:How is this a good idea? (1)

Anonymous Coward | about 4 months ago | (#47215515)

An informed populace is one that is less likely to install data miner software. To better advertise to its userbase, Google needs more of those dataminers installed on more Androids. Therefore, it is a good idea (for Google) to reduce the clarity of the permissions information. If successful, this may lead to a future build that simply installs applications without mentioning the permissions required, or, eventually, without even waiting for user input in the first place.

Whew (5, Funny)

Anonymous Coward | about 4 months ago | (#47215225)

Makes me glad I run a Windows 8.1 phone.

Re:Whew (4, Insightful)

GuyverDH (232921) | about 4 months ago | (#47215369)

Alert! Alert! Sarcasm overuse detected!! (at least I hope that's the case).

Re:Whew (4, Funny)

rogoshen1 (2922505) | about 4 months ago | (#47215789)

Hey! I also use a windows phone. And the truth is, without any apps available to install (period), my privacy is still intact.

Re:Whew (0)

Agent0013 (828350) | about 4 months ago | (#47216885)

Did you really think the OS itself, written by Microsoft, isn't invading your privacy?

Oh wait, I see you have been modded +5 Funny, now I see that this is a joke! Whew!

Re:Whew (1)

Anonymous Coward | about 4 months ago | (#47216155)

You mean you run THE Windows 8.1 phone...

AppOps (0)

Anonymous Coward | about 4 months ago | (#47215227)

Hey, Google. If you're going to jack with play store permissions, at least give us back AppOps.

Or, I'll just...you know....run it myself.

cyanogenmod? (2)

DoofusOfDeath (636671) | about 4 months ago | (#47215235)

So this is a bit off-topic, but probably the right time to ask...

I've been increasingly concerned with my lack of control over my Android (Verizon) phone. This current issue lies in the same area as my earlier worries.

Is this the kind of problem that cyanogenmod addresses? I didn't have the time, or ability to live with a broken phone, to try it out earlier. But I'm about to stop traveling so much, so I'm wondering if it's time to give cyanogenmod a try.

Re:cyanogenmod? (4, Informative)

wbr1 (2538558) | about 4 months ago | (#47215337)

No. Rooting will allow you to remove unwanted apps that are locked on by the manufacture or carrier, as well as give you access to the entire file system.
Using an alternate rom (ie cyanogenmod) will allow you to use different android versions, with different (or no add on) UI. These are things like touchwiz or HTC Sense. The permisions system for apps remains the same. Also, cyanogenmod and other ROMS may not support all your hardware or be stable (but then again some carrier builds are not that great either).

There are programs that when rooted will allow you to block access of apps to certain subsystems, giving finer grained control, but it is not automatic, you have to go in and do it yourself, and that is regardless of the ROM/android version.

Re:cyanogenmod? (1)

DoofusOfDeath (636671) | about 4 months ago | (#47215393)

Thanks. But is it safe to say that with Cyanogenmod, it's at least possible to install an app / tweak that will refuse to let apps use certain subsystems (such as GPS) if I so choose, whereas I have no such control with the carrier-supplied Android version?

Re:cyanogenmod? (5, Informative)

Anonymous Coward | about 4 months ago | (#47215435)

Yes. It absolutely IS possible. Cyanogen calls it Privacy Guard, and I have it enabled by default, such that anything I install from Play automatically gets blocked unless I go in and enable something specific.

Re:cyanogenmod? (1)

wbr1 (2538558) | about 4 months ago | (#47215519)

Good info. I haven't used cyanogenmod for some time, so I was not aware that was baked in. I used to use an app on my rooted devices (regardless of android build) for it, but now I am just picky about what apps I actually install.

Re:cyanogenmod? (1)

Anonymous Coward | about 4 months ago | (#47215575)

Like I said, CM is just the one I prefer. I know OMNI bakes it in, too (at least up to the AOSP4.4.2) and many others probably do as well.

Re:cyanogenmod? (3, Informative)

Anonymous Coward | about 4 months ago | (#47215403)

I've done a lot of custom ROM installations, and many of them to support AppOps to expose these granular permissions. Cyanogen has actually expanded upon this functionality.

Re:cyanogenmod? (1)

rwise2112 (648849) | about 4 months ago | (#47216393)

No. Rooting will allow you to remove unwanted apps that are locked on by the manufacture or carrier, as well as give you access to the entire file system. Using an alternate rom (ie cyanogenmod) will allow you to use different android versions, with different (or no add on) UI. These are things like touchwiz or HTC Sense. The permisions system for apps remains the same. Also, cyanogenmod and other ROMS may not support all your hardware or be stable (but then again some carrier builds are not that great either).

There are programs that when rooted will allow you to block access of apps to certain subsystems, giving finer grained control, but it is not automatic, you have to go in and do it yourself, and that is regardless of the ROM/android version.

Once you are rooted, on any ROM, you can install XPrivacy or PDroid to completely control application access to your data.

Re:cyanogenmod? (4, Informative)

c (8461) | about 4 months ago | (#47215693)

Is this the kind of problem that cyanogenmod addresses?

With limits, yes.

CM's privacy guard allows you to block apps from getting at your address book or SMS and such. It also allows you to control things like camera/microphone access. And you can even disable background apps and notifications (for example, I have Facebook pretty much tuned so it can't do anything more than it can in a web browser).

One notable thing CM doesn't do is allow you to prevent Internet access for apps. I read that this is to prevent someone from downloading an add-supported app and then cutting it off from its ad networks. I order to do that sort of thing, you usually need to root and install a firewall or some other ad blocker.

Quite frankly, if you've got a phone that's out of warranty or no longer getting vendor updates, installing CM is worth looking into. It's a bit of a pain in the ass the first time (at least it was for my devices), but after that it's pretty smooth sailing.

you should be able to... (3, Informative)

alrudd1287 (1288914) | about 4 months ago | (#47215261)

cripple apps by denying parts of their permission request. right now its all or nothing

Re:you should be able to... (4, Informative)

DoofusOfDeath (636671) | about 4 months ago | (#47215303)

cripple apps by denying parts of their permission request. right now its all or nothing

Funny, I was expecting this crowd to have fantasies of crippling those apps' developers.

I mean seriously, $(app vendor), your app does not need access to my location and/or phone calls in order for me to do $(menial computation X).

Re:you should be able to... (2)

PRMan (959735) | about 4 months ago | (#47215859)

But the marketing department put it in the Agile Tracker and the PM told me I'd be fired if I didn't move that box....

Re:you should be able to... (1)

RavenLrD20k (311488) | about 4 months ago | (#47215969)

In fairness, while Location is completely optional and generally unnecessary unless the app is designed for the user to make use of the location data, it is generally a good practice for apps to watch for phone calls just so if there's one that comes in while you're performing $(menial computation X), the app state can be saved to storage and the app suspended so if Dalvik decides it needs to free up the memory resources in the middle of your call there's still a way for the app to recover where it was in its calculations. The reason you want your app monitoring the phone system instead of trusting that OnPause() is going to get called when a phone call comes in is simply that you cannot trust that the Phone App will not cause Dalvik to simply destroy the app instance without allowing calls to OnPause() or even OnStop(). This is especially true on lower end phones that don't necessarily have the memory to spare to run apps in the background when the phone, a memory hog in itself, activates.

Re:you should be able to... (1)

lgw (121541) | about 4 months ago | (#47216189)

the app state can be saved to storage and the app suspended

What is this, the 90s? Your app should always be in a "saved" state, or at least a safe one. From consumer apps to backend transaction process, it should always be OK if you suddenly lose power. 20 years ago, I/O performance was so wretched that you just couldn't do this, but today there's no excuse.

Re:you should be able to... (1)

Jeff Flanagan (2981883) | about 4 months ago | (#47216253)

>Funny, I was expecting this crowd to have fantasies of crippling those apps' developers.

There is a lot of insanity and paranoia at /., But I haven't ever seen calls to cripple anyone.


>I mean seriously, $(app vendor), your app does not need access to my location and/or phone calls in order for me to do $(menial computation X)

No it doesn't have to, but a developer has the right to require whatever permissions they want in return for their (probably priced at $0) work. The user has the right to accept or reject those terms. This just got more complicated, but everyone still has their rights.

Re:you should be able to... (1)

Anonymous Coward | about 4 months ago | (#47215415)

iPhone has been doing this for years.

Don't want to allow location services to that movie times app you have? Fine, the app still runs perfectly but you just have to manually input a zip code to do local searching.
Don't want to allow Facebook access to your photo library? Great, everything else works, but you can't upload/download photos.

I've never understood this all-or-nothing approach on Android, it's really one of the few areas where Apple is absolutely better.

Re:you should be able to... (1, Insightful)

kaladorn (514293) | about 4 months ago | (#47216637)

Want to backup your Notes? Oh wait, that's a hidden db and you need a @me.com email address...<br><br>It isn't a permission per se but Apple has a lot of their own lock-in in how they do things.

Ugh... (0)

Anonymous Coward | about 4 months ago | (#47215273)

Wish Google would go to the same "ask first" permissions model as everyone else. This is one possible reason why Android keeps getting a rep for malware.

The Xposed framework helps, but as of Android 4.4.3, it can't be used due to recent SELinux code changes.

Adding flaws to flaws (1)

wbr1 (2538558) | about 4 months ago | (#47215297)

The system was already flawed in that normal users could not lock out permissions from specific apps. In addition, not many pay attention to the permissions used by an app anyway.

If users aren't paying attention (I do, my flashligh widged and scientific calculator do not need SMS or contact access thank you), then no amount of tweaking by adding or removing complexity will help.

As much as I hate walled gardens, I guess the hope is that the play store is well curated enough to remove most significant threats.

Re: Adding flaws to flaws (0)

Anonymous Coward | about 4 months ago | (#47216903)

The PlayStore isn't curated at all.
The automatic malware detection system 'Bouncer' is useless and detects less than 30% of all the malware. There IS malware in the PlayStore.

I want silent denial (5, Interesting)

Anonymous Coward | about 4 months ago | (#47215315)

One feature I really want on my cell is the ability to tell the app that I've given it all the permissions it is asking for, but behind the scenes remove that ability from the app. This is especially for apps like games that ask for all permissions, but only really need a few. I should be able to accept the game onto my system and then after adjusting the app's permissions, it would receive garbage contact details, garbage friend details, garbage location data, garbage file listings, messages go to /dev/null, etc.

I'm sure if I root my device I could do something like that, but I just wish something like that was built in. {I kinda feel safer in my walled garden, easier to recover from garbage apps.}

Re:I want silent denial (1)

gigne (990887) | about 4 months ago | (#47215353)

This. This is what I want too.

Anyone, does this exist without root?

Re:I want silent denial (1)

PRMan (959735) | about 4 months ago | (#47215871)

This will never exist without root, but it sounds really fun.

Re:I want silent denial (4, Informative)

PRMan (959735) | about 4 months ago | (#47215917)

Actually, somebody posted it below: http://repo.xposed.info/module... [xposed.info]

Then load the XPrivacy module. The thread is here: http://forum.xda-developers.co... [xda-developers.com]

Re:I want silent denial (2)

PRMan (959735) | about 4 months ago | (#47215989)

And here is how it works: https://github.com/M66B/XPriva... [github.com]

Re:I want silent denial (1)

canadiannomad (1745008) | about 4 months ago | (#47216609)

I would love this... Now if only it didn't require rooting the device.

Re:I want silent denial (1)

Kalriath (849904) | about 4 months ago | (#47216149)

He said without root.

Re:I want silent denial (1)

MobyDisk (75490) | about 4 months ago | (#47216003)

This is what Windows does with UAC virtualization. An app wants to write a file to C:\Program Files\MyApp\Data and Windows redirects the file elsewhere. (Although Windows does not have fine-grained permissions like Android)

Re:I want silent denial (0)

Anonymous Coward | about 4 months ago | (#47216399)

My jailbroken iPhone runs an app called "PrivaCY" that does just this. I would be surprised if something like this doesn't exist in the Android extended ecosystem as well.

Re:I want silent denial (0)

Anonymous Coward | about 4 months ago | (#47216495)

Errr...I meant "Protect My Privacy"

New Permissions (4, Interesting)

vandon (233276) | about 4 months ago | (#47215323)

Just finished updating a few apps on my phone.
Adobe Air has a new permission group it requests. However, on the 'here's the permissions Air is requesting' pop-up after you hit the update button, they no longer mark the new permissions with "NEW". So now you have to cancel out of the update and go check each and every app you're going to update to see what the new permissions it's requesting.
Totally stupid move by Google to not even mark the new permissions with 'NEW'

Re:New Permissions (4, Informative)

Pow (107003) | about 4 months ago | (#47215537)

Hint: you can still see the onld screen with new permissions marked as NEW by scrolling all the way down in app description to PERMISSIONS and clicking on"View details".

But I completely agree with you. Totally lame move by Google. I want to see this screen when I press the update button. Config option for advanced users would be sufficient.

Do not want. (2)

khellendros1984 (792761) | about 4 months ago | (#47215341)

I routinely deny apps their updates because I don't like their modified list of permissions. This sounds like it'll make it harder for me to use my phone the way that I want to (which is the reason that I decided against an iOS phone in the first place). Google, you're whittling down my reasons to stay with your devices (or at least with the stock OS).

Xprivacy (4, Informative)

SuperBanana (662181) | about 4 months ago | (#47215357)

Install XposedFramework:
http://repo.xposed.info/module... [xposed.info] ...then the Xprivacy module.

This isn't a great option for many, however, as you need root access. It does give you extremely fine-grained control over permissions, and includes options like randomizing (on each boot) the garbage data returned to apps to keep them happy.

Xposed is great; the GravityBox module, for example, has a ton of interesting and useful functions, like setting your cellular radio to 2G when connected to wifi, a mode to have an increasing ring, a network speed indicator, etc.

While I'm plugging Android software I use: the F-Droid open source repository is full of nice stuff (like AdAway.)

https://f-droid.org/ [f-droid.org]

Dumb idea. (5, Interesting)

gstoddart (321705) | about 4 months ago | (#47215363)

I want to have a settings page where I can go in whenever I want and selectively disable permissions.

This just sounds like more dumbed down version.

And, cynically, I believe that Google is doing this to ensure they can still collect data on you, and the people using their advertising services can continue to do to.

This is why when I download a new app, the first thing I do is try it in airplane mode. If it's not an application which should require access to the interwebs, but tries to access it, it gets deleted.

I must say, I'm disappointed in this. Because I want more control over app permissions, not less.

Re:Dumb idea. (1)

synapse7 (1075571) | about 4 months ago | (#47215505)

Why don't you review the permissions from app settings, gives you a break down on time and what was accessed. Google keyboard that I don't used accessed my contacts 50 minutes ago.

Re:Dumb idea. (0)

Anonymous Coward | about 4 months ago | (#47216583)

Isn't this after the fact the information has long been sent to advertisers?

Re:Dumb idea. (1)

alen (225700) | about 4 months ago | (#47215645)

it's the app developers

free apps they collect and sell the data to you know, make some money

Re:Dumb idea. (1)

Scott64 (1181495) | about 4 months ago | (#47215675)

I have settings like that in the AOKP-based ROM that I use. It's in the settings, it's called "App Ops" (down near "About Phone" and "Accessibility Settings"). It tells me what permissions are currently granted to each app and when that permission was last used. If I don't know why an app needs a certain permission or I don't like that it has it, I just uncheck it.

Re:Dumb idea. (1)

jader3rd (2222716) | about 4 months ago | (#47215851)

And, cynically, I believe that Google is doing this to ensure they can still collect data on you, and the people using their advertising services can continue to do to.

Given that's how Android is profitable for Google why shouldn't they be doing this?

In theory bad, but in reality not so bad (1)

Maxo-Texas (864189) | about 4 months ago | (#47215371)

The fact is, if an application is desired... and isn't abusing the privileges currently...

Then 99.9% of users simply click thru a list of 17 permissions the same as they do for a list with 5 permissions.

s/could/does/ (1)

maliqua (1316471) | about 4 months ago | (#47215381)

fixed that for ya

not straightforward (0)

Anonymous Coward | about 4 months ago | (#47215421)

A whitelist permission system makes sense in theory but has the following problems
- too many permissions confuse the user and have the OPPOSITE effect (they just ignore the permission request). Heck I'm a techie and I admit I don't read the entire SCROLLING list of permissions everytime I install an app!
- not granular enough - the risk of not being granular enough or being too granular.
- unclear what you are granting and borders often aren't solid.

add to this google has not come up with OPTIONAL permissions, where the user can choose to only grant some of them and the program must adjust/check for this.
add to this there's no nontedious way to CHANGE the permissions (AFAIK, happy to be wrong - and no uninstall and then reinstall IS tedious) post install.

It's a mess. I suspect they were hoping to address the confusion/ignoring part, but I agree it seems a bad approach

Re:not straightforward (0)

Anonymous Coward | about 4 months ago | (#47215983)

- too many permissions confuse the user and have the OPPOSITE effect

No problemo. The "common user" just click through - fine. But having a fine-grained permission system means that the specially interested can see what's going on. It only take one to expose an app that does something unwanted. And then everybody else either ditch the app, or download a countermeasure (such as a phone firewall.)

Only a few geeks will look at all details, but they will post reviews where the rest of us can read the summary.

Toxic hellstew (1)

swamp boy (151038) | about 4 months ago | (#47215511)

It might even turn the platform into a toxic hell stew.

Broken permissions (4, Interesting)

ADRA (37398) | about 4 months ago | (#47215527)

Something like 90% of all apps require access to the IMEI of the phone which requires read_phone_state and that pretty much abandons all pretense of security compartmentalization since it can also see who you're calling, when you're talking, etc.. Most applications should only care and use it for a unique ID token. IF they want to fix permissions models:

1. Separate the 'phone unique number' from the phone's call state functions. Must have, end of line. This is just plain retarded form day 1
2. Write in permissions which are optional vs. required. Optional permissions are requested on demand like IOS and can be rejected or permantently accepted. Required permissions must be explicitly allowed when the application is installed
3. Re-introduce AppOps functionality or at the minimum an audit trail of when-last and how often the application attempts a specific permission operation/category
4. Consider second tier permissions model where if you want to include common and generally well understood permissions like read_gps there's no hoops to jump through, but if one wants to read and access the variety of accounts I have on my phone, I want to make damn sure that the company asking for this information has at least passed the stink test.
5. Lastly, I want third parties to be able to flag applications (based on APK signature or through store functionality) as a problem so that even if Google doesn't have the time or resources to police all applications in the sun, I should be allowed to trust a thrird party who can flag programs problems based on any reason they find.
This allows for uses like:
      - Flag applications for parental categories
      - Flag apps as 'ad-enabled'
      - Flag apps that are outright malicious in terms of stealing data/information
      - Flag apps that violate certain country laws
      - Flag apps that are banned based on administrative oversight (for work phones)
Having this barrier mandatory or optional is up for debate as well as the ability to unistall is using a 'master' control password, etc..

Right way to go (1)

Tanuki64 (989726) | about 4 months ago | (#47215599)

For Google. Android is for the masses. The masses are stupid. Therefore the software for the masses must be written for the stupid. The less functions the better. You don't like it? How often in IT related discussions come lines like this: "MeeMeeMeeMee... I just want to use and not study computer science. You are arrogant. Stupid nerds". In the right forum, 80% applaud this crap. So, this is the result. I am certainly not Google, but I write my software the same way.

Re:Right way to go (1)

Anonymous Coward | about 4 months ago | (#47216125)

Wrong.

Android is for the masses - so it must be easy. That does not preclude an "advanced settings" page. Entirely optional to use, but that is where the "nerd" will find the fine-grained permissions system. The "sheep" won't need to go there.

So, the nerds will block spyware and possibly ads. The sheep won't, so megacorps gets most of what they want. Win-win for everybody...

Re:Right way to go (1)

Tanuki64 (989726) | about 4 months ago | (#47216299)

Does not work this way. 'Sheep' don't allow advanced settings. Embarrasses them. Make them feel stupid. But of course it is not them who are stupid, but the software developer. Calling something 'advanced settings' is like putting a sign on: 'Randomly click here. No knowledge or understanding necessary'.

Sorry, not enough nerds there to make a difference. I write my android software myself. If I can. Usually not perfect, usually not so fine eye candy, but sufficient for my needs. And I know that it is 'clean'.

Google - you are doing it wrong (0)

Anonymous Coward | about 4 months ago | (#47215603)

Well, finally time for Cyanogenmod for my fricking mobile.

Can't Identify "New" Permissions (0)

Anonymous Coward | about 4 months ago | (#47215715)

I had several apps that I refused to upgrade due to several "new" permissions they were asking for in versions newer than I had installed. Now when I look at their permission lists, I can't identify what permissions are "new", or even whether the app is asking for more than the current version has.

This is completely unacceptable, and until this changes, I won't be updating ANY apps. I need to at least be able to identify new permissions, if not specifically allow or disallow specific permissions for each app.

Re:Can't Identify "New" Permissions (1)

ravnous (301936) | about 4 months ago | (#47215773)

Isn't there a little "new" icon next to the new permissions when you go to upgrade?

Re:Can't Identify "New" Permissions (0)

Anonymous Coward | about 4 months ago | (#47215997)

There used to be, before the update to the Google Play store that included these "simplified" permissions. Now there doesn't appear to be any indication of "new" permissions, at least between the version I have installed and the version on the store.

Perhaps they add the "new" tag the first time a version includes them, but as it is now, there is no indication for these apps that I KNOW have different permissions than what is installed.

Clarification (1)

ravnous (301936) | about 4 months ago | (#47215731)

Someone tell me if I'm wrong here, but I just read the Google support page discussing the changes, and here's what I came away with.

Permission groups are new. If you grant permission for an app to have access to the features controlled by that permission group, then the app has access to all of them. Using the SMS example, if a developer requested the SMS group permission, the developer is asking you to allow the app to do all the things listed under that group. That would include reading SMS and sending SMS messages, among other things. If an app requested the SMS group, and you installed the app, even if the app previously only read SMS messages, it still had permission to send them. A future update may also send SMS messages, but you've already approved that action by installing and manually approving the previous version of the app. Where it gets dicey is if a new permission were added to a group. For example, if a delete SMS feature were added to the group, I don't think the Google page discusses whether that new permission would need to be approved.

An app developer can still ask for individual permissions, like reading SMS messages. If a future update wanted the ability to send SMS messages, they would still have to ask and the app would not be auto-updated. Or, if the app developer later decided he/she wants to add the SMS group permission request, that download would require manual approval.

I don't think there's anything nefarious going on here. You just need to be aware of what permissions you're granting an app. If you grant an app permission to send SMS messages (whether it's via an explicit request for that ability, or whether that ability is granted via a permissions group), don't get upset when it does send an SMS, even if that feature isn't baked in until a later update. As far as I can tell, no app is being granted permission to do something you haven't already given it permission to do. Except for internet access.

The internet access permission being demoted to a secondary permission, on the other hand, might be cause for worry.

Re:Clarification (2)

Nethemas the Great (909900) | about 4 months ago | (#47216201)

Nefarious or otherwise, the security permissions were too course grained to begin with. This just makes the problem worse. They might as well flip everything over to 777 and be done with it for as secure as they've now made things. This isn't going to boost user adoption of apps (at least among people with a brain), it's going to make everyone more paranoid and gun shy about pulling the trigger on the "install" button. Call me old fashioned by I'm not terribly thrilled with the idea of conducting my day to day life publicly exposed, naked and vulnerable. While I'm willing to accept dropping my pants for my doctor in the context of a medical exam, I am certainly not inclined to do so for the convenience store clerk on the corner just because I want a bag of Cheetos.

Re:Clarification (1)

Tanuki64 (989726) | about 4 months ago | (#47216817)

This isn't going to boost user adoption of apps (at least among people with a brain),

You can get much money from smart people, if you offer a great product.

You can get little money from totally brainless people, even if your product is total crap.

Too bad that there are so many brainless people compared to the few smart ones, that the latter approach is by far more profitable.

If you want to be successful... target the imbeciles.

Re:Clarification (0)

Anonymous Coward | about 4 months ago | (#47216313)

You forgot that if you grant the SMS group the app can auto-update (say, when it's sold or the dev's computer is compromised) with malware and immediately start sending messages. Before if you only granted it the ability to read, you were freed from that attack vector.

The permissions grouping demonstrably decreases security (see above) and encourages app devs to just broadly grab the right permissions rather than select the ones they actually need.

Re:Clarification (1)

ravnous (301936) | about 4 months ago | (#47216655)

But if the app had the SMS group permission when you installed it, it had the ability to do that already. You haven't granted it any additional permission. If the developer only really wanted the ability to read SMS messages, it should have only asked for that in the first place.

I can definitely buy that app developers may get lazy and ask for more permissions than they need because it's more convenient. Let's say a group had 5 permissions, and an app needed 3 of those. The app developer may get lazy and just ask for the whole group instead of the 3 permissions the app really needed.

If a developer gets lazy and asks for more permission than the app needs, that developer should get raked over the coals in the app reviews, and maybe they'll fix their app.

The human component of asking for permissions (both on the developer's end and on the user's end) may be weakened, but the security model itself is no different with permission groups. As far as I can tell, they're not removing the ability to ask for individual permissions, they're just making it easier to ask for collections of permissions.

Would be happier if (1)

TheCarp (96830) | about 4 months ago | (#47215865)

I would be a lot happier....even with this change.... if they made one other change: allow me to override.

Very simple "App X requires A, B, C" Why does that mean I HAVE to grant A,B,C too it? Why can't I say "Give it A,B and run it anyway, yes I, the owner of the device, approve this" I don't see why its all or nothing like some sort of stupid contract

"Well to run our app you must give us access to your SMS messages"
"I don't plan to use those features"
"Then you can't run our app on your hardware"

I mean don't get me wrong, I understand nobody can stop an app developer from making his app break if it doesn't get every permission it wants....but, as the owner of the device....isn't it well.... my problem if I break an app?

Rollup Already? (1)

Luthair (847766) | about 4 months ago | (#47216055)

I thought the Google Play store always showed the top level permission in the list as opposed to the more fine grained ones? Is the only difference that applications will now be able to use anything in the category displayed?

In either case Google does need to ressurect AppInfo, the argument that applications can't handle not being provided a given permission is bogus - I don't believe there are any permissions which do not have an empty value which the application should already be capable of happily consuming.

Most people don't care (2)

hsmith (818216) | about 4 months ago | (#47216093)

So what does it matter? How many people read the finely grained permission pages when installing apps as is? Perhaps this approach will be better because it will condense it into something people will be less likely to "ok" without reading.

Doubtful.

Re:Most people don't care (1)

Joe Gillian (3683399) | about 4 months ago | (#47216465)

It matters because many apps ask for blanket permissions they really don't need. Take Poweramp, a music player app, as an example.

When you install Poweramp, it asks for blanket permission to "read and modify files on this device". To me, that doesn't mean anything. Where's it going to be reading from? What's it going to be modifying? What folders is it allowed to modify? I understand why it needs that kind of access (read to read the music/video files, and write because it has to write config files and album art/metadata if you choose to let it download that), but what if I don't want it accessing anything other than the base Android system files it needs to operate, its own app folder, and my music folder?

Sure, it's got thousands of downloads, but since it's closed source, how do I know it's not secretly stealing all of my files and sending them somewhere, or selling my location data (Poweramp doesn't ask for location data AFAIK but it very well could).

This stuff is important and I wish I had better control over it.

Coming soon... even *simpler* permissions (3, Funny)

QilessQi (2044624) | about 4 months ago | (#47216595)

You're about to install "Angry Birds 7.0". This app wants to...

    1. Do whatever the hell it wants to with your tablet setup, your phone connections, and the Internet
    2. Not tell you about it

[ ] Yes: I'm bending over right now!
[ ] No: uninstall Android, brick my tablet, and post all my downloaded porn to Facebook

While Apple doubles down on privacy... (1)

rsborg (111459) | about 4 months ago | (#47216737)

Looks like Google is doubling down on making it harder for you to stay private. Classy move, Google. You make it easier for me to avoid recommending the Play store and Android altogether.

Please remind me (0)

Anonymous Coward | about 4 months ago | (#47216801)

Why do people like and use Android again? And who are these people?

Exactly the opposite of where it should go.. (2)

epyT-R (613989) | about 4 months ago | (#47216951)

Applications shouldn't be 'asking' for permission. They should just attempt access. The security configuration for each service or resource should have three settings: reject (with api notification), deny (return success but with bogus/user entered data), or allow (work as intended), for each application. The default should be reject, with a first time startup prompt (from the OS, not the app) when the app starts. This way a user retains his dominion over the device and what it does with network IO. For example, he can use an app that demands access to location information when it doesn't really need to. The user should own the android device and applications, not the other way around.

Of course this would break the market and surveillance imperatives of google, app developers, and the state. Fuck them.

Revoke? (0)

Anonymous Coward | about 4 months ago | (#47216985)

Android apps do not "request" permissions, they "demand" permissions.

Your choise is: "Yes, and install", or "No, and don't install".

I should be able to deny certain permissions and install the app anyway.

There is no reason for a flashlight app to demand access to my phonebook, or to read/send SMS - wtf.

A little surprised. (1)

m.dillon (147925) | about 4 months ago | (#47216999)

Google must know by now how bad a light its broken permission system is putting on Android. I can't run half the android apps I want to run on any of my Android devices any more because of the permissions they want. And a lot of the ones that I intentionally do not upgrade no longer work. It's making my three android devices useless and almost worthless.

I'm flabbergasted that there are full-on idiots in the Google command chain who are unwilling to address such a severe and obvious problem. Truly flabbergasted. Has Google gone insane?

I've already stated but I will again... when the iPhone-6 comes out, I'll be moving over to it from my perfectly working but horribly insecure Motorola Razr. At least then I can browse my facebook account from my phone without it sucking up all the stuff I've tried so hard to keep partitioned off of it. As it stands now, I can't even run customized UIs on my Android because the g*d* program insists on advertising on my notifications screen, even though I bought the paid-for version.

At least with iOS I don't have to worry about all this in-the-face crap ruining the experience.

-Matt

Apple's having a good month (1)

maccodemonkey (1438585) | about 4 months ago | (#47217005)

First, and impressive showing at WWDC, and now Google is nerfing their security model to be weaker than iOS's (iOS will notify when a new permission is required as part of an update when the application tries to make use of that permission.)

I think Windows Phone and iOS are both in a good position to start taking some market share from Google. If Google doesn't have a good Google/IO with Android, they may have officially dropped the ball on Android.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?