Google removes vital privacy feature from android

[cheezy321]

https://www.eff.org/deeplinks/2013/...cy-features-android-shortly-after-adding-them

Yesterday, we published a blog post lauding an extremely important app privacy feature that was added in Android 4.3. That feature allows users to install apps while preventing the app from collecting sensitive data like the user's location or address book.
The App Ops interface removed in Android 4.4.2The App Ops interface removed in Android 4.4.2

After we published the post, several people contacted us to say that the feature had actually been removed in Android 4.4.2, which was released earlier this week. Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone.

When asked for comment, Google told us that the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it. We are suspicious of this explanation, and do not think that it in any way justifies removing the feature rather than improving it.1

The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.

A moment ago, it looked as though Google cared about this massive privacy problem. Now we have our doubts. The only way to dispel them, frankly, is for Google to urgently reenable the App Ops interface, as well as adding some polish and completing the fundamental pieces that it is missing:

Android users should be able to disable all collection of trackable identifiers by an app with a single switch, including data like phone numbers, IMEIs, information about the user's accounts.
There should be a way to disable an app's network access entirely. It is clear that a large fraction of apps (including flashlights, wallpapers, UI skins, many games) simply don't need network access and, as we saw last week, are prone to abuse it.
The App Ops interface needs to be smoothed out an properly integrated into the main OS user interface, including the Settings->Apps menus and the Play Store. There are numerous ways to make App Ops work for developers. Pick one, and deploy it.

In the mean time, we're not sure what to say to Android users. If app privacy is especially important to you — if, for instance, you want to be able to install an app like Shazam or Skype or Brightest Flashlight without giving it permission to know your location — we would have to advise you not to accept the update to 4.4.2. But this is also a catastrophic situation, because the update to Android 4.4.2 contains fixes to security and denial-of-service bugs. So, for the time being, users will need to chose between either privacy or security on the Android devices, but not both.

Google, the right thing to do here is obvious.

What does everyone think about this? I think their response that it should have never been released in the first place is odd.

 

[stlc8tr]

If you're rooted, you can re-enabled this framework.

http://www.xda-developers.com/andro...your-control-of-your-application-permissions/

 

[FeuerFrei]

If I'd known this at the time, I would never have upgraded my first-gen Nexus 7 to 4.4.2.

 

[Graze]

If I'd known this at the time, I would never have upgraded my first-gen Nexus 7 to 4.4.2.

If Google claimed this was not meant to be released then they probably have not immediate date plans to release this.
You would have had to upgrade anyway, if it makes you feel better.

 

[Jodell88]

What does everyone think about this? I think their response that it should have never been released in the first place is odd.

If it wasn't ready, it wasn't ready. Are you gonna create a thread that ART isn't enabled by default?

 

[lothar]

If you're rooted, you can re-enabled this framework.

http://www.xda-developers.com/andro...your-control-of-your-application-permissions/

This.
/problem not found.

 

[thedosbox]

This.
/problem not found.

Um, not everyone wants to/is able to root. I'm technically capable of doing it, but do not due to work policy.

 

[tamm]

Well marketing is everything right can`t knock an flashlight app that requires my location to function. #wtf

Google...the next facebook in regards to tailor made advertising.

 

[zaydq]

I think everyone forgets how Google started. It was a search engine that generated revenue through endorsements and advertisements.

They aren't going to shoot themselves in the foot. Advertising and marketing is a huge part of their revenue stream. They weren't always a phone software giant.

 

[tamm]

^ True. You can hate the player you gotta hate the game (lol). But I think we as users of Google should have a choice on whether we want to participate or not (and the solution isn`t well you can just not use their products).

 

[Mopetar]

Not a big deal. The people who were most likely to use it, let alone know about it, are largely the same group with rooted devices, in which case they can re-enable it as others have already pointed out.

 

[khha4113]

Um, not everyone wants to/is able to root. I'm technically capable of doing it, but do not due to work policy.

If you don't want to root then it's not for you since it was intentionally hidden in last version, and it was enabled only by 3rd party app.

 

[tamm]

So shouldn`t customers be able to control their privacy requirements without a need for a hidden app or rooting?

 

[thedosbox]

So shouldn`t customers be able to control their privacy requirements without a need for a hidden app or rooting?

Precisely.

 

[Graze]

So shouldn`t customers be able to control their privacy requirements without a need for a hidden app or rooting?

If its not ready for prime time then its not ready. if some 3rd party app enabled it mean in the first place it was not an official feature and people need to chill about them removing.

 

[tamm]

If its not ready for prime time then its not ready. if some 3rd party app enabled it mean in the first place it was not an official feature and people need to chill about them removing.

That is a good point. However it still raises an eye about the user end privacy and which future release will Google properly address said growing concerns.

 

[JeffMD]

Well right now they are testing how apps behave when expected permissions are forcefully blocked. We may NEVER see it enabled. If you don't like the permissions an app is given, don't install it.

 

[MotionMan]

If you're not paying for it, then you're the product.

Such privacy feature switches should be mandatory for paid apps (or those mainly supported by in-app purchases) and optional for free apps.

If you want privacy, then you have to pay for it.

MotionMan

 

[tamm]

As a counterpoint and follow-up question, does Apple do the same? I know my idevices have a privacy setting, but idk if its the same as whats being talked about here

 

[swanysto]

My phone says my android version is 4.1.2. Does this affect me, or is my version ancient enough to be safe?

 

[teejee]

So shouldn`t customers be able to control their privacy requirements without a need for a hidden app or rooting?

Of course, that's why it is clearly stated what permission an app needs before you install it. So you can skip any app that feels suspicious. You can also view the permissions later for each app in the settings.
So you have full control with Android. No need to worry.

 

[A5]

My phone says my android version is 4.1.2. Does this affect me, or is my version ancient enough to be safe?

The feature was accidentally shipped with 4.2 and has now been removed in 4.4. This has no effect on you.

 

[cheezy321]

As a counterpoint and follow-up question, does Apple do the same? I know my idevices have a privacy setting, but idk if its the same as whats being talked about here

The privacy settings are done differently in iOS vs. android. On iOS they ask you before the app accesses a certain part of your device and it does each one individually.

For example, if you download a flashlight app on android you have to approve all of the app access settings initially (location information, contacts, etc)

If you download that same flashlight app you will be asked to approve each access individually for the lifetime of the app. So if you open the flashlight app and it wants you location info, iOS will ask you if that is ok. If it then wants access to your contacts, you will be asked specifically about that and can deny it access while still using the app.

 

[Commodus]

Apple's approach makes the most sense to me. You may not get advance notice of what will happen, but you'll know the immediate context of why an app wants permission -- a social networking app wants to import your contacts, or a song recognition app needs your microphone to start listening. Bundling all the permissions at the download or installation stages, as Android does, simply guarantees that many users won't pay attention.

On that note, Microsoft has an interesting balance between the two in Windows Phone: it'll ask when you install an app, but it does so for specific features ("do you want this app to access your location?").

 

[sweenish]

OP could be a tabloid writer.