Android users worried about the new Android permissions aren't the users this update was intended to help. Android enthusiasts - the minority of the Android ecosystem - know enough to protect themselves against the perceived flaws. The controversy that surrounds this update is clearly an example of what Voltaire referred to when he said “perfect is the enemy of good” two and a half centuries ago.
The typical Android user is better off, though. The new Android permissions present app updates more clearly for the everyday Android user. The granular permissions presented by previous releases have now been grouped into families of related permissions to streamline the approvals of permissions during updates.
Critics claim that because of this grouping of permissions an unwanted change could slip past the user’s scrutiny and result in harm. The important point is Android doesn’t silently and automatically approve additional app permissions. If a user has set automatic apps to update automatically, updates are automatic, and when the update finishes the user receives a notification. If the app update requests additional permissions, the user is asked to approve the update.
This is the point of contention. Previously, changes in any of the more than 40 permissions were presented in granular detail for approval. The critics don’t want this change because they like to consider each change before accepting the update. But many users can’t interpret the consequences of the app changes, and oftentimes indiscriminately accept them all.
Consolidating similar permissions into more general and understandable categories is more actionable. It’s easier for the typical user to decide whether or not to accept a permission change by comparing a meaningfully named permission to the apps function. For instance, a user would instantly understand that a flashlight app shouldn’t need to request permission to use the SMS function. The Play store also has automated systems that check apps against policies.
The tradeoff that comes from approving a group of permissions may result in the approval of one permission one layer below the group that could cause harm. For instance, a user could approve an app that legitimately should read incoming SMS messages to send billable SMS messages. Whether this is an improvement or not depends on your point of view. For the many users who would simply click a longer, more granular list of permissions, it doesn’t change their vulnerability. This threat might be categorized as a nuisance, but it’s not serious.
Hiding a lower-level permission to create a serious exploit below a grouping really isn’t possible. For example, a user might accept the “Format external storage” permission hidden in the top level Photos/Media/Files permission, but actually formatting storage such as an SDCard and deleting a user’s data would also require an independent installation of a device management app and the user’s unlikely activation of device administration policies. Also, a change in permissions can’t change the Android security model that isolates apps from other apps, limiting the effect of permission changes to only the updated app.
The more knowledgeable users aren’t limited by this change. They can examine the requested permissions in detail on the Play Store or afterwards under the apps section of the device settings.
There is an app called ManifestViewer that that will display an app’s manifest that includes all the permissions. The manifest is a complicated XML file that is used to specify the environment during installation that most except for the Android enthusiast wouldn’t. The presentation by ManifestViewer is meaningless to the general public. An app could be written that compares the app update’s manifest to the previous versions, identifying and presenting the exact change in the lower-level permission within the group. This still wouldn’t mean much to most users.
This is an opportunity for a developer, though. An app that could interpret the permission and explain its meaning in plain language would be immeasurably useful. The real challenge is to translate the permissions into terms that those users who otherwise would indiscriminately click through accepting all permissions will understand, take pause, and make good decisions.
Microsoft’s approach to these permission decisions is “contact your system administrator.” Apple’s is to disallow decisions. Android’s new approach to permissions is good.