Better Android App Permissions
Apr 5th, 2012 by JoeC
If you use an Android device, you’re familiar with installing apps. Each app has a set of permissions that it requests. For instance, the screen capture at left shows the permissions required by the Google Maps app. As you can see the list is extensive and some of them might give you pause, like “Services that cost you money” or “Your personal information”.
Before you install an app, all of its requested permissions are listed, along with the short descriptions you see here and you can decide whether or not you want to install the app, thereby granting it those permissions. That’s good because unlike iOS, you can see specifically what it wants access to and at least have some knowledge about what it might do and decide whether or not you want to install it. The app cannot access permission-protected functions in the API without this express approval at installation time.
This is good as far as it goes, but it could be a lot better. First, it’s all or nothing. You either accept all the permissions or you don’t install the app. Second, the terse and generic explanations are frequently not sufficient to determine if you want to grant the permission or not.
Developers could provide application-specific explanations of permission use
It would be great if there were explanations of why the permission is needed in terms of the app’s functions. For instance, an app I’m writing requests the “Phone calls” permission because it needs to know the hardware ID of the phone to do some database functions. But it’s not going to make any phone calls. That would be nice for the user to know before they installed the app.
Google Maps would explain why and when it needs to “directly call phone numbers.” After poking around in Maps a bit, I discovered that the “Places” activity locates things like restaurants and gives you a “Call” button right on the listing. This is the kind of when, why, how information you need that is specific to the application in order to decide if you want to grant the permission.
Android could allow permissions to be individually granted
When installing an app, it would be much better if, coupled with the application-relevant explanation of the permission’s use, you could individually grant or withhold a permission. This would require the app developer to identify which permissions were minimally necessary and which were optional, if any. Further, it would require the app to be gracefully tolerant of missing permissions.
For instance, with Google Maps you might choose to deny access to your contact data. When choosing to deny this permission, you should have full knowledge of what functionality you would be missing by doing so. This would make application development more difficult, but would yield significant benefits to the user.










