In a move that might surprise some, Google is rumored to be ready to give application permission control back to the users. This issue has been on again, off again for quite some time. There was even an app created, App Ops, that (at one point) allowed users (without root) to control what permissions an app was given. That app, now requires a rooted device to work.
You may be asking yourself, "Why is this even an issue?" After all, Apple's own iOS allows users to turn off and on permissions of certain services for apps. Why can't Android, a much more flexible platform, handle this task?
Before we dive into that question, let's step back and ask an even more important question:
Is this actually necessary?
The idea of turning on and off app permission, on the Android platform, was born from users growing paranoia that apps were using services and features with ill intent. This came to a massive head when Facebook released their Messenger app. The app unleashed a massive list of required permissions that the user had to accept in order to complete the installation. It was all or nothing. Word spread (through Facebook, ironically enough) that the app was going to use your camera and mic to spy on you. After all, why would a simple messaging app need permission to use your camera?
Eventually, that rumor mill was squelched. People removed their tin foil hats and installed the app. However, the continued need for full control of app permissions seemed like an idea that wouldn't lose steam.
The issue I have with users having control of app permissions is simple—users have no idea what permissions will break what features, and developers don't always have the time and resources to build in functionality that warns end users of the consequences of breaking the apps. Let's look at the Facebook Messenger app as an example. A user installs the app but sees that it requires the use of their camera. That user decides they don't want "Facebook spying on them" and denies the app permission to their camera. The user then starts enjoying the Facebook Messenger app and, at some point, wants to send a nice selfie of themselves to another user. They tap the attachment button and—uh oh—it doesn't work! What the what? Said user then throws a fit and tries to understand why the Facebook Messenger app is "broken."
You see where this leads.
Should Google go through with handing over this level of control to the users, it will have to do so in a very Apple-esque way. You can't just allow end users to turn on and off any and all app permissions at random. Google will need to decide on a set amount of features (such as Camera, Mic, Location) and allow users to enable/disable them from within a feature inside Settings. If Google just opens the floodgates, users will wind up breaking apps and having no idea how to regain the features they've either knowingly or unknowingly disabled.
Again, you see where this leads.
I have a solution that I believe will work for both sides of this fence. Google needs to create a list of "necessary" systems and features to be used as a "baseline" for all apps to function. This baseline only needs to include features and systems (either hardware or software) that allow any given app to open and run—not function as listed in the Google Play Store. Beyond that baseline, all features and systems must be required to be enabled/disabled. Then it would fall on the shoulders of the developer to ensure their app does not break when non-baseline features/services are disabled. Yes, the app might lose functionality (such as Facebook Messenger not being able to attach images if the user disables the camera), but the app would still function.
Why this? Because the last thing the Android ecosystem needs is an app permission feature that systematically breaks apps, simply to appease user paranoia.
Why is this even an issue?
The biggest reason for this need has already been answered—paranoia. User A sees that the Facebook Messenger app requires the use of his camera and spreads word that Facebook is spying on us. When that happens, users decide they will refuse to install the app unless they can deny the app permission to use the camera. After all, iOS can do this.
Another issue is the problem of third-party, non-Play Store apps still managing to get installed on Android devices. This is how users wind up with malicious software on their smartphones and tablets—software that uses systems and features in nefarious ways to collect data or hold devices for ransom. But even with a permission system on the platform, these apps are still going to have their way with your device. By denying side-loaded App X permission to use the camera, you are not going to prevent that app from sending data packets to a server that will eventually be sold to the highest bidder.
The idea that users need control over app permissions is misguided. For one, it assumes the end users actually know what they are doing—that they fully understand the repercussions of disabling Feature X on App Y. The truth of the matter is that most end users do not fully understand permissions on a complex system. The end result is said end users rushing to their IT support asking them to fix their devices.
I know privacy is very important. But so much driving the app permissions issue isn't truly privacy. Privacy is enabling Do Not Track, shutting off GPS (until it is needed), setting up a PIN, password, or pattern on your lock screen, and using two-step authentication. Privacy is not denying apps like Facebook Messenger permission to use the camera on your device.
So, if Google does follow through with this, I would hope they'd take a nod from Apple and handle the permissions system in such a way that won't wind up causing IT staff an endless wave of users coming to them to "fix" their smartphones.
What do you think? Is the control of permissions something Android needs? Let us know in the discussion thread below.
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.