New Permission System Could Make Android Much Less Secure 249
capedgirardeau writes: An update to the Google Play store now groups app permissions into collections of related permissions, making them much less fine grained and potentially misleading for users. For example, the SMS permissions group would allow an app access to both reading and sending SMS messages. The problem is that once an app has access to the group of permissions, it can make use of any of the allowed actions at any time without ever informing the user. As Google explains: "It's a good idea to review permissions groups before downloading an app. Once you've allowed an app to access a permissions group, the app may use any of the individual permissions that are part of that group. You won't need to manually approve individual permissions updates that belong to a permissions group you've already accepted."
you should be able to... (Score:3, Informative)
Re:How is this a good idea? (Score:5, Informative)
This permission grouping is the exact opposite direction that Android permissions should be heading. There are a number of permissions, such as "Read Phone State and Identity" that should be broken up because they aren't even strongly related to each other.
Re:you should be able to... (Score:5, Informative)
cripple apps by denying parts of their permission request. right now its all or nothing
Funny, I was expecting this crowd to have fantasies of crippling those apps' developers.
I mean seriously, $(app vendor), your app does not need access to my location and/or phone calls in order for me to do $(menial computation X).
Re:cyanogenmod? (Score:5, Informative)
Using an alternate rom (ie cyanogenmod) will allow you to use different android versions, with different (or no add on) UI. These are things like touchwiz or HTC Sense. The permisions system for apps remains the same. Also, cyanogenmod and other ROMS may not support all your hardware or be stable (but then again some carrier builds are not that great either).
There are programs that when rooted will allow you to block access of apps to certain subsystems, giving finer grained control, but it is not automatic, you have to go in and do it yourself, and that is regardless of the ROM/android version.
Xprivacy (Score:5, Informative)
Install XposedFramework: ...then the Xprivacy module.
http://repo.xposed.info/module... [xposed.info]
This isn't a great option for many, however, as you need root access. It does give you extremely fine-grained control over permissions, and includes options like randomizing (on each boot) the garbage data returned to apps to keep them happy.
Xposed is great; the GravityBox module, for example, has a ton of interesting and useful functions, like setting your cellular radio to 2G when connected to wifi, a mode to have an increasing ring, a network speed indicator, etc.
While I'm plugging Android software I use: the F-Droid open source repository is full of nice stuff (like AdAway.)
https://f-droid.org/ [f-droid.org]
Re:cyanogenmod? (Score:3, Informative)
I've done a lot of custom ROM installations, and many of them to support AppOps to expose these granular permissions. Cyanogen has actually expanded upon this functionality.
Re:cyanogenmod? (Score:5, Informative)
Yes. It absolutely IS possible. Cyanogen calls it Privacy Guard, and I have it enabled by default, such that anything I install from Play automatically gets blocked unless I go in and enable something specific.
Re:New Permissions (Score:4, Informative)
Hint: you can still see the onld screen with new permissions marked as NEW by scrolling all the way down in app description to PERMISSIONS and clicking on"View details".
But I completely agree with you. Totally lame move by Google. I want to see this screen when I press the update button. Config option for advanced users would be sufficient.
Re:cyanogenmod? (Score:5, Informative)
With limits, yes.
CM's privacy guard allows you to block apps from getting at your address book or SMS and such. It also allows you to control things like camera/microphone access. And you can even disable background apps and notifications (for example, I have Facebook pretty much tuned so it can't do anything more than it can in a web browser).
One notable thing CM doesn't do is allow you to prevent Internet access for apps. I read that this is to prevent someone from downloading an add-supported app and then cutting it off from its ad networks. I order to do that sort of thing, you usually need to root and install a firewall or some other ad blocker.
Quite frankly, if you've got a phone that's out of warranty or no longer getting vendor updates, installing CM is worth looking into. It's a bit of a pain in the ass the first time (at least it was for my devices), but after that it's pretty smooth sailing.
Re:I want silent denial (Score:5, Informative)
Actually, somebody posted it below: http://repo.xposed.info/module... [xposed.info]
Then load the XPrivacy module. The thread is here: http://forum.xda-developers.co... [xda-developers.com]
Re:Well, no. (Score:3, Informative)
Anyone use SnoopWall? It allows fine-grained permission setting after installation of an app
http://www.citeworld.com/artic... [citeworld.com]
Re:cyanogenmod? (Score:4, Informative)
Google have chosen to remove user access to AppOps from recent Android releases and while CM's Privacy Guard is a slightly improved and much easier to use approach on those system calls it requires a custom ROM and even those are still limited to a minority of devices. (Hint: consider only buying devices that will be supported by custom ROMs!)
There is something that is more comprehensive and granular, although more complicated to use as a result. XPrivacy is built upon the well-known Xposed framework (requires root) and it lets the user to control essentially all permissions individually.
Here's a brief and useful recap by xda-developers [xda-developers.com] about the main options.