Will Verduzco · Dec 16, 2013 at 06:30 am

EFF Misguidedly Chastises Google for Further Hiding App Ops

Back in Android 4.3, a new tool was discovered that for the first time gave users first party granular permissions control for their installed apps. This was, of course, App Ops. As time went on, many users quickly took a liking to the hidden feature, not realizing that the feature was only accessible in the OS for internal debugging purposes. Rather, many took it to mean that Google was looking to bring granular permissions control to the masses. But then, Android 4.4.2 came. Along with the update’s various security upgrades, 4.4.2 also made it more difficult to access the (already hidden) utility.

A few days ago, the EFF publicly chastised Google for “removing” App Ops from Android 4.4.2. Now before getting into the meat of this post, I would take a second to say that here at XDA, we are big fans of the EFF. They do great work protecting the public’s online rights and fighting for what’s right. While we don’t disagree that having granular permissions control is fundamentally a good thing, and in fact we have shared various (superior) means of obtaining such control, it’s a bit unfair to say that this internal debugging feature was “removed” from the OS. After all, it was never officially available in the first place.

Looking back at Android 4.3 when the feature was still accessible, one would have to create a custom shortcut to a specific activity within the Settings app (Settings > App Ops) using a third party app in order to launch the App Ops interface. Alternatively, a user could also install an APK that performed the same task of summoning the aforementioned activity.

Then came Android 4.4.2, which disabled the previously discovered method of accessing the activity. But this change was entirely intentional, as Google always meant to keep the program for internal debugging. As stated by Google Framework Engineer Dianne Hackborn:

 That UI is (and it should be quite clear) not an end-user UI.  It was there for development purposes.  It wasn’t intended to be available.  The architecture is used for a growing number of things, but it is not intended to be exposed as a big low-level UI of a big bunch of undifferentiated knobs you can twiddle.  For example, it is used now for the per-app notification control, for keeping track of when location was accessed in the new location UI, for some aspects of the new current SMS app control, etc.

The current UI is definitely not something that is appropriate for end users; it is mostly for platform engineers (a tool for examining, debugging, and testing the state of that part of the system), maybe some day for third party developers.  In what form these features might be available in the regular UI I couldn’t really speculate about.

In other words, App Ops was never intended to be an end user feature, and as such it was never meant to be seen outside of internal testing. Rather, App Ops was intended for internal debugging of various features that have made or will make their way into other parts of the OS, such as what we saw with the per-app notification control and coarse vs fine location access.

The mere fact that users discovered how to access an internal debug tool, one which has the very real potential to break compatibility in a great deal of applications, does not mean that it was ever “released”—no matter how much any of us want such a feature. After all, most end users don’t even understand the Android permissions model, let alone what could happen when disabling unnecessary permissions.

Now, before you get your pitchforks ready, I want to make it clear that granular permissions control is something that can be quite useful if wielded properly. After all, we’ve publicly commented on the unfortunate state of excessive application permissions in the past. We’ve also covered a few tools such as PDroid and XPrivacy that give users granular control over their permissions. And in the case of XPrivacy, this can be done using fake data that does not break application compatibility. But for those insistent on reacquiring that App Ops functionality that we were never intended to have in the first place, there are various third party workarounds through Xposed framework, Smali editing, or a root-only app.

Ultimately, something has to be done about the Android permissions situation. But criticizing Google for removing a feature capable of breaking application compatibility, one which was never intended to be user-facing, is not the answer. Rather, we should encourage users to use open source privacy management tools such as PDroid and XPrivacy, as well as keep a mindful eye on the applications we choose to install.


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Mario Tomás Serrafero · Jul 5, 2015 at 11:00 am · 2 comments

Sunday Debate: Which Factors Caused HTC’s Woes?

Join us in a fun Sunday Debate on HTC's situation. Come with your opinions and feel free to read some of our thoughts, then pick your side or play devil’s advocate to get your voice heard and engage in friendly discussion. You can read our food-for-thought or jump straight into the fray below!     HTC is underperforming, and there isn’t much of a way of denying this. In April, their revenue nearly declined 40%, plummeting after the HTC One M9 had...

XDA NEWS
Mathew Brack · Jul 4, 2015 at 05:07 pm · 4 comments

HTC’s New Ad Campaign And What It Really Means

HTC has just released three new blind test adverts comparing app loading speed, audio and selfies. Whilst you are surely astounded that HTC won every time, the tests were incredibly biased and their release shows something concerning about the company and how they are performing in the current market.     One of the many reasons companies tend to utilize blind trials is when they feel that their product is comparable or better than its competitors. This leads to the assumption...

XDA NEWS
Mario Tomás Serrafero · Jul 4, 2015 at 12:00 pm · 5 comments

XDA Picks: Best Apps of the Week (June 27 – July 4)

Apps are at the front and center of any smartphone experience, and with over a million apps on the Google Play Store and new apps being submitted to our forums every day, staying up to date on the latest apps and games can be a hassle. At XDA we don’t discriminate apps - if it’s interesting, innovative, original or useful, we mention them. The XDA Portal Team loves apps too, and here are our top picks for this week.  ...

XDA NEWS
Share This