EFF hits Google for removing 'vital privacy feature' with Android 4.4.2
The new Android update disables a feature that allowed users to revoke permissions for installed apps
IDG News Service - The Android 4.4.2 update that began to roll out Monday to Google's Nexus devices removed a feature that gave users fine-grained control over app permissions, prompting criticism from the Electronic Frontier Foundation.
The removed feature was called App Ops and was introduced in Android 4.3. It provided an interface from where users could withdraw permissions they gave apps when installing them. Traditionally, Android users have had to choose between giving an app all permissions it requests or not use it.
The granular permission control provided by App Ops is something that privacy advocates have long requested, since many apps ask for more permissions than they need to provide their main functionality.
In part this is because a lot of apps, especially free ones, bundle advertising libraries that provide a revenue stream for developers. Often the excessive permissions requested by such apps come from those ad libraries.
Last week, Goldenshores Technologies, the developer of a popular flashlight app for Android, settled U.S. Federal Trade Commission charges that it shared users' geolocation information with advertising networks without properly notifying users. The company agreed to disclose to users how it collects, uses and shares geolocation information and obtain consent from them before doing so.
While present inside Android 4.3, the App Ops interface has never been directly accessible to users, but it was easy to gain access to it by installing third-party applications like Permission Manager or AppOps Launcher from Google Play.
In a blog post Wednesday, the Electronic Frontier Foundation, a digital rights watchdog, called App Ops an "awesome" feature and a "huge advance in Android privacy." However, the organization's enthusiasm was short lived, as some users later pointed out that Google removed the feature in Android 4.4.2.
"Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone," Peter Eckersley, EFF's director of technology projects, said Thursday in a separate blog post.
"The disappearance of App Ops is alarming news for Android users," Eckersley said. "The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago."
According to Eckersley, when contacted by the EFF, Google said the feature wasn't supposed to be released to begin with because it was experimental and its use could break some apps.
The EFF feels this explanation is suspicious and believes that Google should have worked to improve it rather than remove it. The problem of apps breaking down when not given access to information like location data, the address book or the phone's IMEI (equipment identifier) number, could be solved by supplying those apps with dummy data when the corresponding permission is removed, Eckersley said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Survey Report: Mobile Content Security and Productivity Read this report to learn how important mobile access is to users, how likely they are to by-pass authorized systems, how compliant current...
- Enterprise Mobility Management: A Data Security Checklist This document presents a checklist of features organizations should review when evaluating a data security solution as part of an enterprise mobility management...
- BYOD File Sharing - Go Private Cloud to Mitigate Data Risks Read this whitepaper to learn the security risks associated with not having an IT endorsed file sharing solution, and why your organization should...
- Mobile Device Management Buyers Guide Mobile device management (MDM) solutions allow IT organizations to centrally manage, monitor and support mobile devices. In this guide, you'll learn what you...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Mobile Security White Papers | Webcasts