Android and the Unexplained Permissions

I’m currently on holiday so was quite excited when I saw a post about the release of TETRIS® free on the Android Market by EA.  I’ve was mentioning to someone the other day that I love Tetris so this seemed perfect to while away some time by the pool.  How wrong I was.  As if I wasn’t already pissed off enough with the way EA have been approaching the distribution of BattledField 3, with this app release they’ve managed to join the ranks of developers requesting permissions far beyond what one would expect with no explanation.  I’ve written previously about the Facebook 1.6 update adding SMS permissions with no justification listed up front.  The TETRIS release is even odder, requesting permissions to make phone calls.

We all know that there is a constant problem with permission creep in Android.  Arguably, this is one of the reasons that a perception has grown of the Android Market as a home of malware without the protection afforded by Apple’s review process.  One could suggest that this is partly due to customers becoming desensitised to reviewing application permissions because they are so used to such large, unexplained requests.  Now, app developers broadly fall into two camps: those who will ensure they request the minimum set of permissions possible and those who go for everything left right and centre.  It’s particularly saddening to see the latter camp being joined by those larger houses who should know better.  Do they not have some sort of basic audit control to prevent such requests, and if not, why not?

Ultimately, I believe the responsibility to sort this situation out falls on the head of Google.  They need to put in some effort to work with some of the larger / higher profile publishers to set a good example to other developers.  Over dinner I pondered three possible solutions.

The simplest thing would be to educate developers in their use of permissions.  I had a quick skim of the Android development guide sections on permissions (going on the top Google results here) and was shocked that there wasn’t a simple statement to encourage developers to limit what they request.  Surely this is a good starting point.

The next change would be to give users a voice to alert publishers that they are displeased with what is being requested.  I can’t review TETRIS® free to make my opinion clear on the market or warn others as I haven’t (and won’t be) installing the app.  Being able to express why one doesn’t want to install an app would give publishers a demonstrable metric of potential lost sales and/or user base.  Surely this would make them sit up and listen.

The last, and possibly most extensive, overhaul would be to enforce a mandatory explanation for every permission requested.  Whether this is implemented in the Android manifest or when one publishes an app I don’t really care.  The latter could be used to add an additional warning to developers when they have requested additional permissions in an update and push the message further.  There is, without a doubt, no good reason that any developer should not be able to explain what they are using a permission for.  The only reasons could be because the permissions are malicious in nature or the developer does not fully understand what they are requesting, an equally dangerous prospect.

Obviously this latter option would require some policing to ensure that rubbish isn’t entered into the explanation, but that’s what the wonderful community is for.  Allow market users to flag up poor explanations and then Google can review these and come down these publishers with the force they would normally reserve for someone with an unusual name on Google+.

I know this blog isn’t read heavily, so I’d love a way to push this message out further.  I’m sure others have tried to suggest similar approaches in the past and I am disappointed with our Googly overlords.  THEY CAN DO BETTER.  I’ll throw a link up to this on Google+ and see if it gets any notice.

4 thoughts on “Android and the Unexplained Permissions

  1. Couldn’t agree with you more. Users need to become more aware about what their downloading. There are many malicious apps out there that are compromising privacy. There’s a company called Appoozle that rates apps based on the permissions they use. You can also download their Android App to view these rating before you download.

    1. Cheers Paul. Not sure anyone wants to focus on Flip! until I actually make good on my promise to update it sometime soon! Will be working on that this week.

      As for explaining the permissions, it’s something I do in the Android Market description under the heading “Full Disclosure”. I’ve copied the pertinent bits below. I suppose I probably should’ve mentioned this as a bit on “what developers can do” but I wanted to focus on solutions that could be driven by Google.

      I hadn’t come across Appoozle before, but I think that’s a fantastic idea (other than the fact that my first visit to the site declared “Justin Bieber: Safe” – I think you need some additional filters in there to account for taste 😉 ). One questions I have for you: have you given any thought to the best way to control the “INTERNET” permission? It’s always worried me that once you give this away you’ve really opened up everything. On the other hand, it would probably have to be used in conjunction with other permissions to be particularly dangerous, plus any additional granularity in internet permissions would just make things more complicated for the end user.

      Paste from Market as promised

      Full Disclosure:
      – INTERNET and ACCESS_NETWORK_STATE permissions are used for AdWhirl adverts (and no GPS permissions unless people are gagging for location based adverts …)
      – INTERNET is also used to send back information on usage through the Google Analytics and Flurry networks. This should only be capturing a) menu clicks and b) anonymous device type stats (model, android version, etc.)

      1. This particular Bieber app is keeping it Safe. You’d be surprised to see how many wallpaper apps out there require extra permissions they don’t even need.

        Controlling permissions is an interesting notion and one that we have had discussion about. As you mention, some permission that stand alone may be harmless but in conjunction with others could pose a threat.

        Thank you for providing your permission explanations. We’ve upgraded your app information and promoted your ranking on Appoozle – Flip!.

        Keep up the good work Oli!

Leave a Reply

Your e-mail address will not be published. Required fields are marked *