Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Google

Google Play Hides App Permissions In Favor of Developer-Written Descriptions (arstechnica.com) 33

An anonymous reader quotes a report from Ars Technica: Google's developer deadline for the Play Store's new "Data Safety" section is next week (July 20), and we're starting to see what the future of Google Play privacy will look like. The actual Data Safety section started rolling out in April, but now that the developer deadline is approaching... Google is turning off the separate "app permissions" section? That doesn't sound like a great move for privacy at all.

The Play Store's new Data Safety section is Google's answer to a similar feature in iOS 14, which displays a list of developer-provided privacy considerations, like what data an app collects, how that data is stored, and who the data is shared with. At first blush, the Data Safety entries might seem pretty similar to the old list of app permissions. You get items like "location," and in some ways, it's better than a plain list of permissions since developers can explain how and why each bit of data is collected.

The difference is in how that data ends up in Google's system. The old list of app permissions was guaranteed to be factual because it was built by Google, automatically, by scanning the app. The Data Safety system, meanwhile, runs on the honor system. Here's Google's explanation to developers of how the new section works: "You alone are responsible for making complete and accurate declarations in your app's store listing on Google Play. Google Play reviews apps across all policy requirements; however, we cannot make determinations on behalf of the developers of how they handle user data. Only you possess all the information required to complete the Data safety form. When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action."

This discussion has been archived. No new comments can be posted.

Google Play Hides App Permissions In Favor of Developer-Written Descriptions

Comments Filter:
  • by SuperKendall ( 25149 ) on Friday July 15, 2022 @03:45PM (#62706518)

    I suppose App Review might try to verify an application really is using various system features it claims it is using... but it's good to have automatic controls around that.

    I still really like the iOS approach where a developer has to provide a string that describes for each particular system permission why they are asking for that specific access. A general description is not as useful, and an app might want to surface requests for access to soemthing like contacts, at a completely different time as for something like location...

    Hopefully it's not as much a step back as it sounds like.

    • It IS a step back (Score:4, Informative)

      by franzrogar ( 3986783 ) on Friday July 15, 2022 @03:51PM (#62706534)

      I think you might know the difference between system permissions and a vendor's text...

      Said that, it's FACTUALY a step back in privacy.

      • The vendor could change the text in devious ways, for example, describe access to your contacts as "Access to local storage." What's to stop them?

      • So far back they're literally giving a middle finger to disclosure and human rights in general.

        Remember "Don't be evil". Me neither.

      • I can just see it now: "Geolocation app will definitely not send credit card details to phishers in Nizhny Novgorod, not send bank account info to server in Krasnoyarsk, or post Google account password to Boris' server in basement of mother's khrushchyoba. Pizdets!".
    • I still really like the iOS approach where a developer has to provide a string that describes for each particular system permission why they are asking for that specific access.

      And one thing I like about recent Android versions is that it removes permissions from unused apps pretty frequently, and tells you what permissions from what apps have been removed. Some people will miss the set it and forget it approach, but I don't mind being reminded now and then what has access to what.

    • by AmiMoJo ( 196126 )

      A lot of Android software does that, justifying every permission. Reading the justifications your realise why they aren't a great option for users.

      Take the location permission. It's needed for Bluetooth, because Bluetooth beacons can be used to determine location. Most people have no idea what a Bluetooth beacon is, they just see "location permission" and think they are being tracked.

      This solution might not be the best, but if they keep the detailed permissions available a click away then I'm okay with it.

      • by narcc ( 412956 )

        BlackBerry really did things the right way here. I have no idea why no one bothered to copy them.

    • With how easy it is to set up Play Store vendor accounts, what is keeping a vendor from putting a description in their fleshlight app saying, "Access to required stuff is needed" or something vague, and them getting every permission under the sun, even su.

      The worst that would happen is the vendor sets up another Play Store account, Best thing that can happen is that they get a lot of bank account and crypto wallet information so they can drain that for big bucks.

    • by xeoron ( 639412 )
      Always manually audit installed apps: Whether it is iOS or Android go into the settings and review permissions. I once noticed that a schedule listing program for a local service wanted access to my GPS, SMS, Contacts, phone, camera, full storage. I blocked it all and it still worked fine then I reported the security concerns on Twitter and their response was to drop the app.
  • Next, they'll let the devs write the setting choices:

    A. Allow Happily.
    B. Allow Sadly.

    So is this just about hiding the real permissions, or something more? The language makes it sound like Google is attempting to shift some kind of legal liability onto the dev. Surely this wouldn't help Google dodge the GDPR, would it?
  • Better approach (Score:4, Interesting)

    by bustinbrains ( 6800166 ) on Friday July 15, 2022 @03:55PM (#62706542)

    The XML manifest declares what permissions the app uses. There could simply be a new attribute that lets the developer include a localized string on why they need that permission. Then the Play store and the device and the OS and various app scanners and...well the list goes on for a while...could look at the new attribute and present the information to the user alongside each permission.

    Also, the binaries are digitally signed whereas information in the Play store is not digitally signed. Digitally signing a binary is as effective as an in-person signature.

    • > Digitally signing a binary is as effective as an in-person signature.

      Assuming you can see the physical body of the person, and confirm that it is who you think it is, ... not so much. Someone steals the digital key used to sign the binary, and all bets on authentication with that key are off.

  • Then the system name for the permission would be displayed with a developer written explanation of why it's needed/wanted.

    That way "Allow banking details to be sent to St. Petersburg" doesn't show up as "occasionally present cute kitten pictures".

  • "We totally pinkie promise not to share every bit of data we can possibly hoover from your phone with third parties* Accept terms?”

    * not valid if application is installed on a day that ends in the letter Y.

  • by Artem S. Tashkinov ( 764309 ) on Friday July 15, 2022 @05:00PM (#62706700) Homepage
    I sent a news tip about this to Ars Technica in the middle of May. Now two full months later they've finally run the story on it. At least they did. Android Police and 9to5 Google ignored me completely. And of course no one will attribute this finding [ycombinator.com] to me. As to how to view the actual permissions from now on, check this [stackexchange.com].

    God, I really hate what Google has been doing to Android in the past five years. Totally unnecessary changes to maim UI, yet core issues are not resolved. Over four years ago I asked them a ton [google.com] of [google.com] things [google.com] about Android: only one of ten requests has been closed. And they are all quite substantial and important for pretty much the majority of Android users.

    Some changes are welcome though like the removal of permissions when you no longer use the app, however Google doesn't consider Internet access a permission, so all the apps have it and there's no way to disable this access on Google's own phones. At least some vendors implement this control. There's another overlooked permission which many apps abuse: GET_ACCOUNTS [android.com]: "Any app with the GET_ACCOUNTS permission, may retrieve all registered accounts and email addresses stored in Account Manager. I understand this imposes serious privacy and security issues, as a phone compromised with a potentially malicious app, could have ALL of their email addresses collected, and sent to unintended parties." And Google itself calls it "dangerous". Laughably any app can get it without asking. E.g. you install a Chinese/Russian app and suddenly all your emails and oftentimes phone numbers are leaked.

    And I'd like to end my message with the fact that even with all the "privacy" measures Android is leaking so much data [google.com], it's just moronic.

    • I just don't understand why this is done by Google. Are they wanting customers to move to iOS, Pinephones, or other platforms? At least with Apple, you are their customer, not their product.

    • Hey birdie, I usually criticize you on Phoronix when I think you are being an ass, but good catch here. Other comments are misleading: you still have to grant permissions to the app which pop up when the app wants to use functionality X so it is not that bad. However I agree with you that it is very inconvenient not knowing what an app might ask permissions for before installing (or know them only based on the developer promise). That is clearly a step back.

      Regarding internet access, I've been using NetG
    • Cell can let me chose to allow or disable cell connection for each online app, but not wifi. It would had been nice if iOS ask me to allow or disallow Internet access.

    • Look you may be on point about this issue, but honestly the laundry list you aired out to Google isn't important to 99% of their user base. I think you have a strange technonerd expectation of how users actually use their phone. I don't blame you, it's a general detachment which is suffered by a lot of people on technical sites. I'm sure that list you made is highly relevant for example to Slashdot users, but honestly nearly the entire Android users base would neither benefit nor have a clue what to do with

  • I have used Apple, Windows Phone, Android and even Amazon Firephone. So not a fanatic of anything.

    My Android phone was Nexus-5 and the reason I went for iPhone6+ was because at that time, Android would give list of permissions and you had to accept all of them in order to install an app (fixed in Android 6 announce just a month after my switch).

    Now they are again un-fixing it by letting developers control the message on data/permissions. I don't trust 99.999% apps. I have less than 5 third party apps on my

    • Android was my and the worlds darling for so long. What a swindle. Don't be evil. Another.

      Evil from the start? I don't know and never will.

      Evil now? 100%.

  • Why do I need to share my contact information to order a burger? Other fast food apps don't need it.

    • by u19925 ( 613350 )

      In iOS, you give wallet to Apple and tell apple to pay $10 to McDonalds and Apple will pay $10 to McDonalds.

      In Android, you give wallet to Google and tell Google to pay $10. Google will give wallet to McDonalds and tell them to follow honor system and pull only $10 from your wallet.

      • In the App which lets you save orders (like your favorite burger with all special options) and simply click it to reorder it.

        And you get rewards.
        And you get special offers.
        And you specify pickup, dinein, or curbside.

        Does the wallet let you do that?

        Whataburger's app respects my privacy. McDonald's was very intrusive.

  • Then revoke unnecessary permissions before running the app for the first time. If the app won't work with certain permissions disabled then it is not worth using in the first place.

    • by mr5oh ( 1050964 )

      Then revoke unnecessary permissions before running the app for the first time. If the app won't work with certain permissions disabled then it is not worth using in the first place.

      These are disappearing too. Lineage used to have the best one that I knew of. It's slowly deteriorating. By the time this goes live and we have LOS 20 you'll be lucky if any of those options are left

  • I think it's safe to say that if you are looking for a company's products to do anything serious and secure, Google should be considered the "Playskool" option.

    • The choice is between Google who are crap and apple who are crap.

      Google don't attempt to prevent me running a proper browser with real privacy protections so I don't get tracked all over the web.

      So app authors tracking you or websites tracking you. That's the wonderful choice.

Keep up the good work! But please don't ask me to help.

Working...