Skip to main content

Google: Android app privacy tool added "by accident"

Only one day after praising (opens in new tab) the "awesome" new privacy tools included in Android 4.3 Jellybean, the Electronic Frontier Federation (EFF) watchdog has issued a full retraction (opens in new tab). It turns out one of those awesome features was included by accident.

The setting, called "App ops" allowed users to easily control the privacy-threatening permissions that apps often try to obtain from users who download and install them.

"Want to install Shazam without having it track your location?" the EFF wrote. "Easy. Want to install SideCar without letting it read your address book? Done."

The EFF praised the App ops function as being "a huge advance in Android privacy", as well as being "overdue."

However, users excited to use the new functionality of their phone were soon disappointed, as it turns out Google removed the section from its update to Android 4.4.2, released earlier this week.

The company has claimed that the release was accidental, that the function was only experimental, and that it had the potential to "break" some of the apps whose permissions it reduced.

However, the EFF has written sceptically about these excuses, claiming that "Many instances of apps 'breaking' when they are denied the ability to collect data like a location or an address book or an IMEI number can easily be fixed."

This could be achieved by giving the app "a fake location, an empty address book, or an IMEI number of all zeroes."

The ability to control app permissions is increasingly important, since it has been shown that a significant proportion of Google Play apps (opens in new tab) are in fact copycat "thief-ware". Even among legitimate apps, software developers are prone to abusing the permissions given to them by phone users - such as the flashlight app that shared geolocation data with advertisers (opens in new tab).

The watchdog has called the repeal of the App Ops setting "a Stygian hole in the Android security model," one through which "a billion people's data is being sucked through."

If that damning judgement isn't to spur Google into reintroducing the function, perhaps another fact will: that the ability to control app permissions has been available on iOS for years.

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.