Android differs from iOS in that it’s a more open system. Apps are not sandboxed and can request permission to do all sorts of things to your phone and with the data on it. Well, when I say request, I actually mean demand. It’s all or nothing – either accept them all or don’t install the app.
With iOS an app can request access to data, such as your contacts, but you can refuse. The app will then continue to run with limited functionality. It’s your choice. Android does not offer you a choice, other than to refuse to install the app.
The problem is that apps often ask for too broad a range of permissions. Sometimes these are to support features you might not choose to use, sometimes it’s just developer laziness, but you’re not in control. The Facebook app is a good example. It wants permission to read your text messages, read your phone call log and even make calls. If you don’t want that level of integration and just want the ability to read and post to Facebook itself you’re out of luck – or left with browsing the mobile site. You have no option to install the Facebook app and restrict what it can do.
To make matters worse, Google have recently “simplified” the permission system into groups. If you allow an app access to a permission within a group an update to the app can add further permissions in that group without asking. Some of these groups are very broad and mix read and write access – a complete no-no from a security design perspective. For example, the Identity group includes the permission to read your own contact card – i.e. name and other contact information. Unfortunately, it also contains the permission to modify your own contact card. This flies in the face of good security design, which should always separate read and write permissions.
An app may well need to know when you’re on a call so it doesn’t try to interrupt you with a notification or play a sound but does it also need the ability to make calls without your intervention? No. Absolutely not, and it’s wrong that an app can ask for fairly innocuous permissions and then silently grab more in an update.
Sadly, Android 4.3 briefly had App Ops, a system feature giving the user fine grained control over app permissions, but this disappeared in later releases and this functionality is now only available if you root your phone. Google’s argument seems to be that it would lead to frustration amongst users and complaints when apps stopped working, which is understandable given the permission model. App developers expect the permissions they demand, whereas on iOS they know the user can choose and must therefore code accordingly.
I have removed apps from my phone based on the permissions they request, and have refused to install apps that ask for too much. It took a lot of searching to find a simple torch app that required no more than access to the camera in order to turn the flashlight on – why would a torch app want access to my contacts? To email them to tell them it’s dark where I am and I’ve lost my keys? No thanks…
The upshot of all of this is that I’ll be seriously looking at the iPhone. It has limitations that I’ll come back to in another blog, but it’s getting harder and harder to safely manage security on Android.
So come on Google, give some power and control back to the users. It’s increasingly a selling point as people get more concerned about their privacy – or lack thereof – online.