Android and the Unexplained Permissions

 Musings, The Market  4 Responses »
Aug 302011
 

I’m currently on holiday so was quite excited when I saw a post about the release of TETRIS® free on the Android Market by EA.  I’ve was mentioning to someone the other day that I love Tetris so this seemed perfect to while away some time by the pool.  How wrong I was.  As if I wasn’t already pissed off enough with the way EA have been approaching the distribution of BattledField 3, with this app release they’ve managed to join the ranks of developers requesting permissions far beyond what one would expect with no explanation.  I’ve written previously about the Facebook 1.6 update adding SMS permissions with no justification listed up front.  The TETRIS release is even odder, requesting permissions to make phone calls.

We all know that there is a constant problem with permission creep in Android.  Arguably, this is one of the reasons that a perception has grown of the Android Market as a home of malware without the protection afforded by Apple’s review process.  One could suggest that this is partly due to customers becoming desensitised to reviewing application permissions because they are so used to such large, unexplained requests.  Now, app developers broadly fall into two camps: those who will ensure they request the minimum set of permissions possible and those who go for everything left right and centre.  It’s particularly saddening to see the latter camp being joined by those larger houses who should know better.  Do they not have some sort of basic audit control to prevent such requests, and if not, why not?

Ultimately, I believe the responsibility to sort this situation out falls on the head of Google.  They need to put in some effort to work with some of the larger / higher profile publishers to set a good example to other developers.  Over dinner I pondered three possible solutions.

The simplest thing would be to educate developers in their use of permissions.  I had a quick skim of the Android development guide sections on permissions (going on the top Google results here) and was shocked that there wasn’t a simple statement to encourage developers to limit what they request.  Surely this is a good starting point.

The next change would be to give users a voice to alert publishers that they are displeased with what is being requested.  I can’t review TETRIS® free to make my opinion clear on the market or warn others as I haven’t (and won’t be) installing the app.  Being able to express why one doesn’t want to install an app would give publishers a demonstrable metric of potential lost sales and/or user base.  Surely this would make them sit up and listen.

The last, and possibly most extensive, overhaul would be to enforce a mandatory explanation for every permission requested.  Whether this is implemented in the Android manifest or when one publishes an app I don’t really care.  The latter could be used to add an additional warning to developers when they have requested additional permissions in an update and push the message further.  There is, without a doubt, no good reason that any developer should not be able to explain what they are using a permission for.  The only reasons could be because the permissions are malicious in nature or the developer does not fully understand what they are requesting, an equally dangerous prospect.

Obviously this latter option would require some policing to ensure that rubbish isn’t entered into the explanation, but that’s what the wonderful community is for.  Allow market users to flag up poor explanations and then Google can review these and come down these publishers with the force they would normally reserve for someone with an unusual name on Google+.

I know this blog isn’t read heavily, so I’d love a way to push this message out further.  I’m sure others have tried to suggest similar approaches in the past and I am disappointed with our Googly overlords.  THEY CAN DO BETTER.  I’ll throw a link up to this on Google+ and see if it gets any notice.

 Posted by on August 30, 2011 at 8:34 pm

.onResume()

 Uncategorized  2 Responses »
Aug 272011
 

This has been a hell of a busy month for me at work and socially, leaving me little time to do any writing or development. I’m now on two weeks of holiday so hopefully will get some useful things done.  About to fly off to Malta for 5 days so have camera charged, Kindle filled and macbook ready to go!

 Posted by on August 27, 2011 at 11:55 am

Google Real Names and the Validation Fail

 Musings  1 Response »
Aug 212011
 

I read this article a few days ago and felt the need to throw it up onto Google+.  Unfortunately, in the process of sharing it I got a bit ranty and ended up with a rather long post so have decided to reproduce that content here.

I’d apologise in advance about the strong language in this article but a) I have a different view on the offensiveness of that word and b) the author is Australian.
Anyway, worth a read as another interesting case with Google and the Names Policy. This situation worries me (translated as “pisses me off”) on two fronts.

The first, and greatest, concern has been the Google approach to suspensions and appeals. Maybe this has always been the case and I’ve just noticed it more with Google+, but they seem very quick off the mark to suspend accounts with no warning. The follow up appeals then seem to be dismissed off-hand with a stock reply, even when the facts of the matter are quite clearly in the favour of a user. Now, this is not a problem unique to Google – customer services the world over have adopted this model of brainless reaction and it causes no end of customer dissatisfaction. I’ve recently had a run-in with a company who I will be reporting to the ICO partly because they responded with a stock response that was clearly not relevant to the original query, but that’s a story for another time.

Anyway, I expect better from Google. Some will defend this by saying that these are free services, but that doesn’t work. The threat of suspension claims to affect multiple Google services, including Picasa. I pay for increased storage so that I can throw more things into Picasa, so a suspension would indeed impact a paid for service. Bear in mind that we’ve seen suspensions of accounts that are NOT in violation of the terms of service, but have clearly suffered from the ignorance of those implementing the policy. Google needs to jump on this customer service issue quickly – warnings and a more detailed appeal process are the minimum requirements here.

My second concern is a more general one, and touched upon briefly by Stilgherrian in his post – I am always disappointed when developers implement validation / limited options for personal identification based on their own very limited world experiences. In Stilgherrian’s case this has come in the form of Google expecting all names to be of the minimum form FirstName LastName. My personal experience of encountering this massive pain is when I am given a limited set of options for password recovery questions.

I have a pension with Standard Life, and a few months back I was unable to log into their website. Was this down to a technical fault? No, this was down to their fuckwittery. They had recently implemented a need to have password recovery questions, so upon logging in you would be presented with a choice of say 15 from which you had to select 5. It was impossible to continue without selecting these questions. Now, ignoring the general flaws that come with these sorts of questions when they offer such obvious social engineering solutions, we would expect that they are offered such that the user can remember them without having to write down an answer somewhere. They are a fact of identity that you should always be able to recall, right?

Wrong. I was presented with a selection of questions where I could at most guarantee an answer to 2. From 15. The rest were either not applicable to the way I was brought up, or so obscure that it would take me as long to find the answer as any external party! I by no means have had an unusual upbringing, but as an army brat I spent a lot of my youth shifting around the world. That’s not a problem unique to children of those in the services. Unfortunately, this means I didn’t fit into Standard Life’s world view. As far as I could tell, they expect everyone to have grown up in once place, know all of their family, have vivid memories of the street they first lived in and, by golly, you better have had a house that had a number rather than a name otherwise you’ll be in trouble.

Some might say that you could just find a question that’s close enough to something you could answer, but are you really going to remember that 5 months down the line when it’s needed? Or maybe you could write it do …. no, wait, that’s just dumb. So please, if you have to implement such a system in anything you build, spare a thought for the poor bastards who have to use it and, above all, do some real testing. With real users. Find your most exotic friend to run it by. Even better, run it by a cynic. They will point out what could go wrong with your system – it may be an extreme view, but why not be prepared? You can and you should.

 Posted by on August 21, 2011 at 6:18 pm