Forgot your password?
typodupeerror
Android Privacy Electronic Frontier Foundation Google

Google Cuts Android Privacy Feature, Says Release Was Unintentional 324

Posted by Soulskill
from the pay-no-attention-to-the-droid-behind-the-curtain dept.
An anonymous reader writes "Peter Eckersley at the EFF reports that the 'App Ops' privacy feature added to Android in 4.3 has been removed as of 4.4.2. The feature allowed users to easily manage the permission settings for installed apps. Thus, users could enjoy the features of whatever app they liked, while preventing the app from, for example, reporting location data. Eckersley writes, 'When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1 The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.'"
This discussion has been archived. No new comments can be posted.

Google Cuts Android Privacy Feature, Says Release Was Unintentional

Comments Filter:
  • Ups and Downs (Score:5, Insightful)

    by Akratist (1080775) on Friday December 13, 2013 @09:58AM (#45679451)
    One of Android's selling points has always been it's open nature, and the fact that it's not as locked down as iOS. This seems like it's taking a step in the direction of locking down the OS for the user, and unlocking it for everyone else...
  • by Carrot007 (37198) <Carrot007&thewibblereport,co,uk> on Friday December 13, 2013 @10:04AM (#45679509) Homepage

    > it could break some of the apps policed by it.

    Is that not the entire point?

  • Re:Ups and Downs (Score:5, Insightful)

    by Rosco P. Coltrane (209368) on Friday December 13, 2013 @10:06AM (#45679523)

    Well it's Google, what do you expect...

    If you think Google works for the good of the user, think again.

  • Just plain wrong. (Score:5, Insightful)

    by Anonymous Coward on Friday December 13, 2013 @10:08AM (#45679545)

    It always irked me when you install an Android app it often produces a big long list of the things the app can access, some of which you don't want it to, but you can't pick'n'choose the access permissions, it''s all or nothing.

    That's just plain wrong.

    And for Google to release an app which can allow you to set the access permissions of apps, and then withdraw it is even wronger (yes I know that's not a real word), even if changing some of the access permissions breaks the app there's the issue that many apps don't actually need to access everything on your Android device to run.

  • Eagerly awaited (Score:5, Insightful)

    by dargaud (518470) <slashdot2@gd a r g a ud.net> on Friday December 13, 2013 @10:17AM (#45679637) Homepage
    I've been waiting for this for... forever. But not just [Enable]/[Disable], I also want [Produce random fake data] and [Produce data generated by external app hereby selected]. So that I can write or load an app that feeds intelligent but fake info to the others.
  • by bravecanadian (638315) on Friday December 13, 2013 @10:18AM (#45679653)

    Who is surprised?

    That data is Google's entire business.

  • Re:PDroid (Score:5, Insightful)

    by drinkypoo (153816) <martin.espinoza@gmail.com> on Friday December 13, 2013 @10:35AM (#45679787) Homepage Journal

    Why Android can't just give me root by default, I don't understand. It's MY device, why can't I be the one who decides if I can have root?

    There are security implications for both unlocking and rooting. It's best that they default off.

  • Re:really ? (Score:5, Insightful)

    by Arker (91948) on Friday December 13, 2013 @11:13AM (#45680209) Homepage Journal
    The difference is that this is really critical functionality that should have been built in and tested from day one, but gets pushed way down the priority stack because of googles conflict of interest in the matter. So it's like that situation a little, but not really.
  • Re:really ? (Score:5, Insightful)

    by Bob9113 (14996) on Friday December 13, 2013 @11:17AM (#45680243) Homepage

    I think we will see this feature enabled on later Android versions when they get to finish it and find ways to make old applications not crash when permissions are removed.

    It is already known how to enable it without crashing the applications; return fake data. The cause of the app failure is not returning any data. There is a tool for returning fake data, which I think was briefly included in CyanogenMod. It causes apps that rely on the data for their revenue stream to continue operating without getting their payment (clean, marketable data). It was decided that tricking apps into operating was, in one way of thinking, using the software without the informed consent of the programmer -- something akin to misappropration -- and so it was removed.

    You may not agree with that perspective, but it is the issue that Google is wrestling with: Should they facilitate the ability to prevent apps from knowing that they are not getting the clean data that they currently take as payment for producing the app?

    In my opinion, our current standards for acquiring such data are extremely shady, relying heavily on a consumer base that is deeply misinformed of the extent of the surveillance and the risks the data stores pose. Where the balance of good lies between surveillance and countermeasures is hard to tell; it could be that subverting the datastream is pro-social in the long run -- but that is not the side on which Google's bread is buttered. They have a strong motive to see things from the app developers / watchers / revenue stream point of view. A great deal of money flows to Google from informed, uninformed, and misinformed consent to surveillance.

  • Re:Ups and Downs (Score:5, Insightful)

    by erikkemperman (252014) on Friday December 13, 2013 @11:26AM (#45680325)

    The open nature is also being drastically eroded by moving more and more stuff into the Google Play Services. So while the platform is still technically open source, all the interesting things are moved into a separate, closed, layer.

    Slowly but surely, android is closing up.

  • Re:Ups and Downs (Score:2, Insightful)

    by LordLimecat (1103839) on Friday December 13, 2013 @11:38AM (#45680451)

    It bugs me to see the crap google gets when they are the least abusive of all big companies by just about any measure, and actually HAVE fought for the user on several occasions (China, warrantless data requests, posting takedowns to Chilling Effects / working with the EFF).

    I mean I guess you can cross your fingers and hope that companies like Yahoo and MS dont do things like spill the beans on Chinese dissident bloggers [wikipedia.org] or work with the Chinese gov't to create a bugged version of Skype for China [wikipedia.org], but I wouldnt hold your breath.

    I guess why it irritates me so much is that Google really does seem to try to be the good guy, and they get crap for it because people seem to want to forget what their business model is and give them a hard time for being for-profit. Maybe we should boycott them, THAT will teach them to fight extrajudicial data requests!

  • by LDAPMAN (930041) on Friday December 13, 2013 @12:17PM (#45680837)

    Not all permissions are essential to the operation of the app. Thats the point of being able to selectively choose. Many IOS apps just disable certain functions or niceties when you deny a permission. They can also pop up a nice dialog when you try to do something requiring that permission and ask if you want to turn it back on. An all-or-nothing approach is just stupid and leads to users just blindly accepting what the app asks for.

  • Re:Ups and Downs (Score:0, Insightful)

    by Anonymous Coward on Friday December 13, 2013 @12:20PM (#45680863)

    What did you smoke? They are among the worst. They voluntarily shared user data in China and Russia. They cooperate with the NSA ALL of the time. They data mine their clients (you and I) and they have removed most means to restrict access to personal info. Do you work for Google?

  • Re:Ups and Downs (Score:5, Insightful)

    by oogoliegoogolie (635356) on Friday December 13, 2013 @02:05PM (#45682259)

    Oh jeez, you really need to stop looking at Google through your Android-colored glasses!
    Google was a cool tech company a decade ago when they came up with products that benefited the users, namely an email product that offered 1GB of space free when others gave you 20MB, and of course search. Since then they've morphed from a tech to an advertising and data-mining company, and all of their products reflect this.
    Google:"Do you want to sign up for G+" or "Do you want to use your real name on Youtube?"
    User:clicks NO
    Google:"OK, we'll ask you later"

    Do No Evil hasn't existed at Google for a decade, if it ever did.

  • Re:Ups and Downs (Score:5, Insightful)

    by mounthood (993037) on Friday December 13, 2013 @02:19PM (#45682419)

    It bugs me to see the crap google gets when they are the least abusive of all big companies by just about any measure ....

    They deserve to get crap for *this* and any other positive actions aren't a get-out-of-jail-free card. Until a few years ago the slashdot faq contained this:

    I thought everyone on Slashdot hated the RIAA, the MPAA, and Microsoft. Why do you keep hyping CDs, movies, and Windows games?

    Big corporations are what they are. They sell us cool stuff with one hand and tighten the screws on our freedoms with the other. We hate them every morning and love them every afternoon, and vice versa. This is part of living in the modern world: you take your yin with your yang and try to figure out how to do what's right the best you can. If you think it has to be all one way or the other, that's cool, share your opinions, but don't expect everyone else to think the same.

  • Re:Ups and Downs (Score:4, Insightful)

    by ImprovOmega (744717) on Friday December 13, 2013 @03:09PM (#45682931)
    As long as you can side load apps and the APIs are free for developers it will still be light-years more open than Apple ever allows you to be. Heck, you can't even write an iPhone app unless you're doing it on a Mac with a sanctioned Apple developer license.
  • by bankman (136859) on Friday December 13, 2013 @03:10PM (#45682945) Homepage

    You may be right, but that doesn't diminish the fact that this should have been a feature from the very beginning and that its removal is not a step in the right direction from the user perspective.

    Oh, and yes, I don't use this OS (or any other smartphone for that matter) for precisely this reason, I can't properly contain and manage the installed software on a very privacy sensitive device.

  • Re:Put in an app (Score:4, Insightful)

    by triffid_98 (899609) on Friday December 13, 2013 @03:16PM (#45683003)

    as someone who used the equivalent functionality in CyanogenMod for a while, I can confirm that turning off permissions dynamically in this way requires quite a bit more care than it might appear at first - apps did crash when apparently denied features quite reasonably, even when you might think they'd have to cater for that situation anyway. I'd deny network privileges to an app, and see it crash, even though it would work without problems when the privilege was given but the network was unavailable for technical reasons.

    Speaking as a fellow Cyanogenmod user...

    CASE #1

    Some apps will crash if they can't read your phone contacts (or whatever absurd permission they asked for) and report them to their remote server...and I'm totally fine with that. They said right out they needed X permission and I said no you can't. CASE #2

    A lot of applications (I've no idea what percentage though) ask for permissions that they don't need, presumably on the basis that they might need them in the future and don't want automatic updates to stop (which they will if they suddenly want new permissions) CASE #3

    see CASE #1, except the developers used this super secret coding technique called try{}catch, and the application still works fine.

  • Re:Ups and Downs (Score:4, Insightful)

    by LordLimecat (1103839) on Friday December 13, 2013 @06:06PM (#45684743)

    Oh jeez, you really need to stop looking at Google through your Android-colored glasses!

    Wonderful ad hominem, but I dont actually have an android.

    I also like how you completely didnt address any of my points. Yes, a lot of the stuff Google does with youtube is incredibly obnoxious, as is their insistence on making Google+ work despite the fact that noone really cares. None of that really has anything to do with their corporate stewardship or ethics.

    Calling them "evil" for their youtube commenting policies just shows that you really dont understand what "evil" is referring to. For some people, Google's privacy policy is a lot more vital to their well-being than whether you are forced to use Google+ for youtube comments, and those people are probably really glad that Google actually honors its policies and resists overreach by law enforcement of various countries.

FORTUNE'S FUN FACTS TO KNOW AND TELL: #44 Zebras are colored with dark stripes on a light background.

Working...