Android developers, prepare for fine-grained user permissions

William J. Francis fills you in on the Android App Ops privacy feature and explains why he believes it's good for users and developers.



A new privacy feature in Android 4.4 KitKat called App Ops has caused quite a stir. The app showed up briefly in Android 4.3, but it wasn't meant for prime time; some users stumbled across the feature thanks to Android's intent launcher paradigm. The folks over at the Electronic Freedom Foundation (EFF) made no bones about calling the feature "awesome."

According to Google, the feature is still experimental and was supposed to be hidden. In fact, Google quickly pushed out an over the air (OTA) update that made the feature unreachable. 

On Google+, Dianne Hackborn of Google's Android team chimed in on a discussion about the sudden appearance and disappearance of the feature. "It was there for development purposes." Hackborn wrote.  "It wasn't intended to be available."

What is (or was) the app?

App Ops appears to be a dynamic permissions system. In other words, users could install an app and then later choose to deny it some or all of the access the developer requested. Think of installing Pandora, and then using App Ops to turn off the ability for the app to track your location. You could still find out who plays a song without getting the annoying targeted advertisements.

For users, I think this is the way of the future. For developers, it means we don't have to be hesitant to include cool features that require extra permissions, because users can still install the app and opt out of granting access to anything that makes them uncomfortable.

Why it's particularly interesting for developers

We still have no idea when this new capability will be available for the masses. However, it brings up an interesting point for mobile developers that I think has merit in discussing now rather than when App Ops finally resurfaces.

In the past, with Android's all-or-nothing permission system, developers didn't have to worry so much about degrading features gracefully -- well, maybe here and there with things like locations services and Wi-Fi. I suspect that in the not so distant future we will have to anticipate and write code in such a way that the app still provides some amount of functionality when permissions get yanked out from under it.

Going forward with a new mindset

I don't plan to wait on App Ops to start coding with this new mindset. I intend to write my apps under the assumption that users can and will deny me access at various times to different system-controlled resources, peripherals, and services.

Ultimately, I think this is the way all mobile development will go. The apps we write live on what are arguably the most personal device people own. Angry Birds co-exists on your smartphone with things like contacts, pictures, and banking.

Putting more control in the hands of users is the right thing to do.

Disclaimer: TechRepublic and CNET are CBS Interactive properties. 



William J Francis began programming computers at age eleven. Specializing in embedded and mobile platforms, he has more than 20 years of professional software engineering under his belt, including a four year stint in the US Army's Military Intellige...


This is long overdue. I'd love to be able to leave my GPS on so that I can use it with maps but deny Facebook, Yelp, etc the ability to use it. Why the bloody hell does Facebook need to use my GPS and why does it take 5 minutes to load when the GPS is on?


This can't become available to all users soon enough.  I stopped updating apps almost 2 years ago when the new permissions they demanded became intrusive.  The older app versions work just fine, thank you.

Enable all the permissions as the default .. and those who don't care won't change them.  But make the availability of a program to control app permissions a *known* element, where to download it, and how to install/use it.  Make it understandable to the general user .. not just the technically competent.

If you really want a good 'yes/no' app, have it explain *why,* for example, a notepad needs to take pictures and record video.  Or why it needs to create accounts and set/change passwords .. and others that only serve a purpose for tracking you and for marketing.  

The device is mine - I paid for it - I am not a pawn for a marketing firm or scammer.

Kevin Loughrey
Kevin Loughrey

This enhancement is long overdue.  

Indeed, the operating system should have a block on all sensitive faculties; such as accessing the contact book, reporting the GPS co-ords or communicating with a third party over the Internet.  In such an arrangement, when any application tries to access a sensitive feature, the operating system would require the app authenticate.  The app would be able to authenticate if the user, when installing the app, had already given their permission.  If the app can't authenticate, ie, the user opted that they would like to know when this particular action was being taken, (or in situations where the app was unintentionally installed malware) then the user is notified the app wants to, say, access the contact book or communicate over the Internet.  The user can then explicitly give their permission for it to do so or refuse it.  

The present arrangements with Android are just plain unsatisfactory and dangerous.

A further enhancement would be provision for the app programmer to provide a reason why the app needs to access any particular sensitive facility so as to better inform the user as to whether the app should be permitted or refused the access it is requesting. (Something akin to the code construct used when throwing an exception.)


I'd love to see this generally available to us non-rooted folk. One of my pet peeves is apps updates that need new permissions but don't explain why. It sure would be great to disallow FB from sending emails, or stop my wine bottle scanner from accessing Google Play. I'll grant permissions, but I want devs to justify them first.


Pretty much this exact same capability exists today (albeit for users of rooted devices only) via such available Android third-party programs as Permissions Pro.  I've used this program over several versions of Android the past 2+ years and its an indispensable part of my userland toolset.  Google's a little late to this party... but it's certainly better late than never.  They've a steep hill to climb to match/better Permissions Pro excellent implementation. 


@Kevin Loughrey Very cool idea.  I'd never thought of allowing the developer to explain why the app needs a certain permission--and yet who is better qualified.

Editor's Picks