Mobile // Mobile Business
News
12/14/2013
09:06 AM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Yanks Buried Android Privacy Feature

Google removes an undocumented App Ops control panel from its latest release, Android 4.4.2, that had let users choose which app permissions to enable.

Google Barge: 10 Informative Images
Google Barge: 10 Informative Images
(click image for larger view)

Google, in its Android 4.4.2 release a week ago, removed an undocumented, experimental privacy control panel that had been released inadvertently in July as part Android 4.3.

The control panel, called App Ops, allowed Android users to deny the availability of selected permissions in an app. Though it was not accessible to users without some technical knowledge, it was immediately noticed and made available through Android apps that provided shortcuts to the hidden interface.

App Ops turns Android's permission model on its head. Instead of allowing the developer to present a list of requested (and generally necessary) permissions to the user for all-or-nothing approval, the control panel allowed users to disable certain permissions while leaving others in place.

In a blog post Wednesday, Peter Eckersley, technical projects director at the Electronic Frontier Foundation, praised App Ops Launcher, a third-party shortcut app to App Ops, as "a huge advance in Android privacy." He lauded the Android engineers for "giving users more control of the data that others can snatch from their pockets."

[ Android phone acting strange? Better read this: Android Security: 8 Signs Hackers Own Your Smartphone. ]

Upon learning that Google's most recent Android update had eliminated the celebrated feature, Eckersley reported that Google said the feature had been released "accidentally" and had been withdrawn because it could break some apps. "We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it," he said in a second blog post.

When asked to explain the situation, Google declined to comment.

This is not the first time experimental code has come back to haunt Google. In 2010, when it disclosed that it had been inadvertently collecting WiFi payload data through its Street View cars, Alan Eustace, senior vice president of engineering and research, attributed the lapse to experimental WiFi data-gathering code that had been added to a project designed to collect a narrower, less sensitive set of data about WiFi network characteristics. To address the issue, Google conducted an internal review of its procedures "to ensure that our controls are sufficiently robust to address these kinds of problems in the future."

(Source: JD Hancock, Flickr)

Perhaps Google's explanation would be less subject to suspicion if the company said that the unfinished software had been accidentally discovered, rather than accidentally released. That shifts the scenario from inattentive engineers to wily users.

Giving users control over an app's ability to access location data and contact data, to post notifications, to use the camera, and so on might have privacy benefits, but doing so also raises issues about where user rights start interfering with developer rights. Should app users have an easy way to deny, say, location data to a game designed to depend on it, like Google's Ingress, thereby rejecting the take-it-or-leave-it permissions request presented by the app maker? There are other issues, too, such as potential increased support costs when users revoke a necessary permission and then seek assistance to restore their no-longer-functional app.

Google had to confront this issue in AdBlock Plus, which it banned from Google Play for interfering with the functioning of other mobile apps. App alterations, whether they aim to block ads, revoke permissions, inject data, or alter an interface, often can be accomplished by the technically skilled. Usually, this isn't a problem. But when it becomes simple enough for anyone to do, and it presents problems for developers or platform owners, you can expect some friction.

Coincidentally, the software engineers working on Google+ might have already come up with an answer in the form of incremental authentication, a more granular approach to permissions. Android engineers, take note.

Thomas Claburn is editor-at-large for InformationWeek. He has been writing about business and technology since 1996 for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. He is the author of a science fiction novel, Reflecting Fires, and his mobile game Blocfall Free is available for iOS, Android, and Kindle Fire.

IT groups need data analytics software that's visual and accessible. Vendors are getting the message. Also in the State Of Analytics issue of InformationWeek: SAP CEO envisions a younger, greener, cloudier company (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
StephanieGina
50%
50%
StephanieGina,
User Rank: Apprentice
12/27/2013 | 10:46:18 AM
Stopped downloading any apps...
I will not download any app that requires access to my contacts, location, etc., etc,. etc., when it has absolutely no reason to do so.  Sadly I upgraded and lost this control feature which did not seem to affect any app I removed contacts and location from.  Given this deplorable state of privacy and control over my own device, the Play Store is quickly becoming my "dead zone" and will remain so until this feature is restored.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
12/24/2013 | 2:53:59 AM
Re : Google Yanks Buried Android Privacy Feature
Expanding on the argument of literate users, come control should be provided to users regarding specific permissions. It would also expose apps taking unnecessary permissionse.g. a game requesting access to contacts information or call log.It would put users in control of their privacy and that is how it should be done.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
12/24/2013 | 2:53:54 AM
Re : Google Yanks Buried Android Privacy Feature
Smart phone users are not that stupid as has been assumed. When a user is installing apps like Facebook, he/she knows that it needs internet access. If he didn't, why would he or she bother to install it in the first place?When users install apps from Play store, they know what those apps are used for. If I install some app and know its functioning, there is no sense of my blocking a permission that is necessary for app's working.
asksqn
50%
50%
asksqn,
User Rank: Ninja
12/16/2013 | 9:38:15 PM
User privacy v. security
So it comes down to Droid users having to choose between privacy or security. Google needs to do the right thing and give users both instead forcing a choice otherwise all bets are off when it comes to competing with Apple.
cbabcock
50%
50%
cbabcock,
User Rank: Strategist
12/16/2013 | 6:15:24 PM
"Accidental" release not reassuring to privacy advocates
A feature that gives users some control over permissions granted to Andoid apps. What a great idea for privacy. Google released it "accidentally" and now pulls it back? Was this accident discovered after some developers started standing Google's privacy model on its head? This incident doesn't resolve anything, but that's just it. You kind of assume the worst when it comes to Google on privacy.
chrisp114
50%
50%
chrisp114,
User Rank: Apprentice
12/16/2013 | 4:28:49 PM
Leave google now!
Google should be shut down and their management should be thrown in prison for life. Every site should be privacy-based, by law. I like these companies (because of their great privacy): DuckDuckGo, Ravetree, and HushMail. Use them. Tell everyone about them. The more people that use privacy-based sites, the better they will become. We have to support them if we want to win the war on privacy.
samicksha
50%
50%
samicksha,
User Rank: Strategist
12/16/2013 | 4:30:22 AM
Re: CyanogenMod has had this feature for years!
Any one here with more information on Sandbox as i guess android application run in an isolated area of the system that does not have access to the rest of the system's resources, unless access permissions are explicitly granted by the user when the application is installed.
anon2815144809
50%
50%
anon2815144809,
User Rank: Apprentice
12/15/2013 | 2:49:14 AM
Google Yanks Buried Android Privacy Feature
And geeks put it right back.  Its a great feature I use it to control my apps. A firewall of sorts, they should of made it available to all.
danielcawrey
100%
0%
danielcawrey,
User Rank: Ninja
12/14/2013 | 5:06:04 PM
Re: CyanogenMod has had this feature for years!
As an Android user, I personally would prefer to have more granularity in terms of privacy on some of these third party apps. Like the article points out, when an Android user downloads an app from Google Play, a splash screen appears telling the user what permissions the app must use, all in one list. You either take it or leave it. 

I would rather be able to control these things through a console, which is what is described here. I think location, in particular, is something I am concerned about. 
pwhenderson
100%
0%
pwhenderson,
User Rank: Apprentice
12/14/2013 | 4:55:43 PM
Last straw
I've towed the Google line for more than a decade.  Androids self starting, speed eating apps, contacts accessing apps have always been a scourge.  I have been greatly enjoying app opps permission manager for a few weeks now.  Im devastated that I no longer have that ability.  I didn't know the consequences of updating.  I wish I hadn't.  So you all know, I also cannot turn off my gps now - perma on.  I'll be changing op systems now.  It's been a long time coming.  Time I've wasted watching Google evolve into big brother.  
Page 1 / 2   >   >>
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.