Wednesday, June 24, 2015

App Permissions: Android M Spotlight

App permissions have long been a controversial topic for Android apps, lately there have been numerous articles regarding flashlight apps and the permissions they request. Google wants to make permissions easier for people to use and understand so that they can control their apps the way they want.

How it Works

Typically when you install an app from the Play Store you are provided a list of permissions that the app wants access to. In order to install the app, you must by default, accept these requests or no app for you. With Android M this changes, instead when you install the app you don't have to accept the permissions, instead you grant or deny them when the app actually needs it. For example if you download Facebook Messenger and you go to send a picture, the app will pop up a little window asking if you want to give the app permission to view your files. Same goes for using the camera in Messenger, if you want to take a picture it'll ask you for permission to use the camera first. The ability for users to fine tune their app permissions will go a long way for developers and trust.

Why You Should Care

The reason I used Facebook Messenger as an example is because of the outrage people had with the fact that they not only were being forced to use a separate app but that it was requesting permission for phone calls, camera, and microphone amongst other things. What these angry people didn't understand was why exactly it was asking for those permissions and that it was entirely likely that the app would never actually access those permissions. These people thought that somebody was going to record them or spy on them with the camera or worse yet steal their information. Fortunately this is completely untrue, as a matter of fact Messenger would only access the microphone if you made a voice call and would only use the camera if you wanted to send a picture to your friends in chat. With Android M, Google is removing the accept all permissions requirement and allowing people to monitor that themselves. You no longer need to worry about the permissions as you will only need to grant them when the app needs them. In the long run this will give users a better understand of how these permissions work and why apps request them in the first place. This is great for developers because users don't have to trust them, they can revoke permissions at will.


My only fear is that users will not see past what they already believe and not see the correlation between the feature they are using and the permission they are granting. I can easily see someone who is not as well informed granting permission to allow access to the camera so they can take a picture then going back into permission settings and revoking it again for persistent fear that the developer has ulterior motifs. To anybody who is learning from this, when you grant permission to an app for the camera because you are using the camera, its not just a coincidence that it is just popping up at that moment. It truly is the only instance in which that app needs to use the camera, and if the developer planned to exploit that you would have been asked permission to use the camera at a time when you didn't actually need the camera. It is also worth noting that these permissions are not created by developers, they are built into Android and developers are forced to adhere to that. Thus, there is no room for masking what permissions you are granting.


No comments:

Post a Comment