[Discuss] Android privacy

[shankar.viswan at gmail.com (Shankar Viswanathan)]

On Wed, Jul 03, 2013 at 11:36:03AM +0000, Edward Ned Harvey (blu) wrote:
> I think somebody here said ...  The application requests a set of permissions as defined by the developer, and in order to install the app you must accept all those permissions, but there's an app you can install, to selectively take away some of the permissions from some of the apps.  Right?
> 
> The problem there is...  Everyone's going to remove internet access from all the apps that use ads.  Developers don't get paid and stuff like that.

That's absolutely true, and that's probably the exact reason why Google has not implemented a finer grained permissions policy for Android apps. In addition to the idea of having a common ad network framework (mentioned elsewhere in this thread), I feel there is another way we could make the permissions work for everyone. Consider a two-tiered permission system consisting of:
   1. Required permissions: these are permissions that the app absolutely requires. This list of permissions would be very similar to the current permissions list: accept all or don't install the app. Connection to an ad server could be listed here. 
   2. Optional permissions: a list of permissions that may enhance the app functionality in certain ways, but is not essential. There would be a checkbox against each permission in this list and the user can choose to grant/deny each particular permission as he/she feels fit.

As an example, I was looking at a navigation app for use overseas, but it required access to my contacts database. I emailed the developer asking why it needed my contact data and he replied saying that you could tell the app to navigate to the street address of a contact in the database. I don't have any street addresses in my contacts so this feature is useless to me, but because of this permission I chose not to install the app. It would have been great if Google had allowed this feature to be optional, the basic functionality could still have been provided without this (with the extra hassle of manually typing in the street address). The developer did not want to create a separate version of the app without the contacts permission, but he said he wouldn't mind doing the work to make this feature optional if Google allowed him a way to do it (at least I think that's what he said ... his English was hard to comprehend).

And from what I know about Android app development, implementing the optional feature list shouldn't be too much of a burden from a developer standpoint -- list the required and optional permissions separately in the manifest XML file and use a Google-provided API to query the list of granted/denied permissions and condition the code appropriately. From the user standpoint, the usability shouldn't be too different either: the default for the optional permissions could be made "opt-out" and the majority users would blindly click "Accept" (no different than today) and the more discerning users could choose to deny certain permissions. The choice could be saved at install time and possibly have a method to change the choices later.

My $0.02,
Shankar