Problematic Permissioning

Ah Facebook.  You and I have had an on-off love affair for many years now.  First you were a simple but useful tool for organising parties at university.  Then you allowed a bunch of random American teenagers to spam friend requests around and you broke my heart.  I remember the arguments most of all: you would constantly ask what I wanted to do with my life, did I want to be a vampire or a werewolf?  I just ignored you …  But then the reconciliation came.  Mobile platforms sprung up and suddenly I wanted Facebook again.  Mobile versions of Facebook condensed down the simple parts that I appreciated all those years ago.  When I finally got to the Android version of Facebook, I knew it wasn’t perfect, but I accepted it.  It was passable.

Where am I going with this preamble (or ramble …)?  Well, first off I wanted to make it clear that I don’t have anything against Facebook.  It’s become fashionable over the years to knock and dismiss Facebook and I don’t really get this – I think it’s one of the best of its genre of service.  Having said this, over the years there have been some spectacular mistakes made with Facebook.  This week they seem to have triumphed again with the 1.6 update to the Android app. Seeing the notification in the Market I eagerly jumped on to get the update.  First stop, the changelog.

Well, nothing amazing there.  Looks like some basic functionality updates, and then the mysterious “Feed Improvements”.  Well, that sounds worth it.  But wait, what’s this.  You want me to approve some new permissions?   Now hang on here.  Why the hell do you need to be able to send and read my SMS messages?  Facebook has a messaging system built in to it and I don’t plan on letting something spend my money sending texts around.  I also question why I need to expose my text message information to Facebook – my texts are data in a different service as far as I’m concerned and I have no desire to mix the two.  The Market comments are now littered with people asking why these permissions are being requested.  Trust me, they’re there, but you might have a hard time finding them amongst the bug complaints.  It would be a simple matter for Facebook to come clean and explain why these permissions have been requested, but the damage is already done.  Whatever future updates come through, I’m going to have an innate distrust of them.

The same already happened with Adobe Reader.  They pushed an update out that requested access to GMail.  Cue outrage in the Market comments.  Adobe quickly backtracked and posted a message in the Market details to explain why they had requested the permissions.  I’ll give Adobe points for responding quickly to this, but the fact remains that this explanation should’ve been provided at the outset.  There are all sorts of examples out there of this happening, yet some developers/publishers still make this mistake.  It’s a mistake that, in my opinion, is inexcusable.  What the hell are the testers doing if not thinking like a user when faced with deploying an update?


So, what am I going to do about it?  Well, there’s little I can directly do for other applications beyond appealing to other developers to make their permission requests clear.  There’s also little influence I can have on the design of the Android Market.  It would be great if they offered, encouraged or even mandated use of a facility to explain the permissions you request.  I can, however, make a small difference in my own apps and make sure I always list why I’ve requested certain permissions.  As I said previously, getting the right permissions set up from the start is one of my goals.  There’s a challenge in there to get the balance right.  While I’m keen on only requesting minimum permissions, should I be requesting external storage on the promise of a feature so as to avoid it causing headaches in future updates when permissions change?  Maybe so, but only if I’m sure of my roadmap for using the external storage and, above all, only if I make it clear why I want this access.

One thought on “Problematic Permissioning

Leave a Reply

Your email address will not be published. Required fields are marked *