Was it a mistake to include it in the first place, or to
remove it after it was "accidentally released"? In this article (http://www.theverge.com/2013/12/13/5207892/eff-criticizes-google-for-android-app-ops-removal)
the Electronic Frontier Foundation (EFF) criticizes Google for the removal of a
hidden permissions management tool from the latest builds of Android. App Ops
was first introduced in the Android 4.3 releases and continued into the Android
4.4 release. But now in 4.4.2 App Ops has disappeared.
Wait, what is App Ops? You know when you are about to
download an app from the Google Play store and you are prompted to accept a
variety of permissions that the app is requesting like, access to your network,
your contacts, your phone calls? App Ops is (was) a tool that let you review
and change the app permissions after the app had been installed on your device.
The reality is that most apps do not need all the
permissions they ask for. This is the
biggest Android security issue today and is exactly what the EFF says – apps
that are in Google Play are compromising your personal data and your privacy.
This may be counter to the scare tactics of the AV vendors, but viruses are not
a big issue on Android for the typical user (e.g. those who do not side-load
nefarious apps from dodgy websites).
There have been a number of attempts at restricting
permissions, including extensions to SE Android promoted by the NSA. App Ops
allows a device owner to rethink their decision to allow access and
"un-approve" certain permissions without having to delete the entire
app. But like earlier solutions, App Ops could break some apps by removing
permissions that the app needed, or because the app did not gracefully handle
the lack of permissions. And this is Google's argument for removing App Ops.
(Similar to why SE Android is running mostly in permissive mode, but that is
another topic.)
So, do you read the permissions, or do you simply say
"ok" and start downloading your app? Unfortunately, most users click
“ok”. And most do not even read what permissions are requested. And most do not understand the potential
implications of granting such permissions.
And this where we differ with the EFF. We do not need a
solution for a small group of power users and privacy geeks (like us at Graphite
Software). If most users ignore the permissions in the first place, then what
makes you think they can/will navigate App Ops?
Our product, Secure Spaces, allows you to put apps into
“Spaces” or different buckets, or different rooms – whatever physical analogy
works best for you. Each Space is isolated from the other. The user can broadly
control the permissions on the Space, rather than per app. If your contacts are
not in the Space with Angry Birds, then the game can’t access your contacts.
Simple. We need simple.