Tuesday 22 November 2011

Android app permissions

On Android, you're supposed to read and accept the permissions each app requests before you install it. There are several problems with this user requirement. The first and most obvious is permission fatigue. After installing several apps, you start ignoring that button. You don't read the requested permissions and you don't care. This is a human trait that does not go away, and will always be a problem.

The next problem is understanding those permissions. Even if you read them all, do you know what they mean? Are they specific enough to give you a real understanding of what they will do with your phone? Usually not. Also, even if you do read and understand them, they can be misleading. Ad-supported free apps will usually include a request for "Full internet access", in order to get new ads, and sometimes "Fine (GPS) location" too, to provide location-appropriate ads. That might be fine if it's just used for ads, but that combination of permissions can also mean "reports your exact location to anyone who's listening", and you definitely wouldn't agree to that.

Lastly, you can't accept or deny individual permissions on a per-app basis. If this app requests full internet access and you don't want that, too bad. Take it with the rest or leave it completely alone, there's no middle ground.

What's the solution? Well, we could have a set of acceptable default permissions that we are happy to grant and some that we will deny by default so that we don't get nearly as many notifications about it. We also need a separate ad service on the phone so that we can see if a particular app wants internet access to display ads or phone home with private data. That "full internet access" permission needs to be more granular for ad-supported apps. Lastly, we do need the ability to grant or deny individual permissions for individual apps, so that we can still install them without having to take it all as one whole package. That will not be a feature of any official version of Android, because app makers need ads to keep their apps free.

Mokalus of Borg

PS - At best, you'd get an ad service you can't turn off.
PPS - And that still means you don't completely own your phone.

No comments: