back to article Google tells EFF: Android 4.3's privacy tool was a MISTAKE, we've yanked it

Privacy campaign group the Electronic Frontier Foundation is more than a little miffed with Google – after the Chocolate Factory pulled an Android tool that lets users control the information apps can harvest. The software, dubbed App Ops, was bundled into Android 4.3 as a hidden application. For each installed program, it …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    ...and so it begins.

    Don't be evil? yeah right.

    1. Anonymous Coward
      Anonymous Coward

      I trust them more than MS

      1. Captain DaFt


        Until the NSA is brought under proper control, I trust no US company online!

      2. Vociferous

        > I trust them more than MS

        Damning with faint praise if ever I saw it.

        1. RAMChYLD

          If anything, this action combined with the stupidities happening on Youtube caused me to pick out a Blackberry as my new phone yesterday when my old N97 died again and there's no point in repairing it anymore due to M$ burning the platform. (*1)

          I trust neither Google nor M$ nor Apple. I used to trust Google more than the latter two, but I am now cynical and bitter.

          (*1) Choice made primarily on which phones has a Qwerty keyboard, which left me between several Android-based phones and several Blackberry based phones.

          Not enough apps is no longer a problem for me. I've grown old and have wisen up enough to use a proper toy (i.e. an iPad) for playing games and using only the phone for what it is- a communication tool.

      3. Steve Crook


        Anyone who expresses any trust in any corporation or government probably deserves everything they get. Both should be approached with continual and complete distrust because they are there to make money, wield power.

        Both will happily tread on our throats if it suits them and think it won't hurt their future prospects...

        From this you can probably tell that I'm old and cynical :-|

        1. Anonymous Coward
          Anonymous Coward

          @ Steve Crook Re: Fools

          "old and cynical"

          no, just a realist.

        2. Anonymous Coward
          Anonymous Coward

          Re: Fools

          "Both will happily tread on our throats"

          but sir, you MISUNDERSTAND, they tread on your throat purely for your own good. Don't they say so, every time there's a lurking suspicion the opposite is the case?

      4. h4rm0ny

        "I trust them more than MS"

        I don't. I trust greed. MS want my money - they're old fashioned and I like that. I give you money, you give me product. The only people who ever disliked the pay for X with money approach are those with less money. Google are all about the hidden intangibles. I don't like that. I can control money flow. It requires my consent. Personal information control is a constant war against Google. Seriously - try blocking google analytics at the router level - about half the Web will suddenly start timing out as it waits for a response before loading the page.

        No-one should trust a company "just because". They're all about self-interest. MS's self-interest has historically been about money. I trust that. Tracking me everywhere I go and building a Stasi-like profile of my interests, habits and social connections, I do not. The former is a choice.

      5. Anonymous Coward
        Anonymous Coward

        re: I trust them more than MS

        I distrust them more than I distrust MS.

    2. DryBones

      The EFF is complaining over something that wasn't officially supported, and could cause unknown problems with apps if you fiddle with what they have in the way of permissions.

      This is right up there with all the stories of companies being butthurt about their products no longer working (hint: they didn't follow the published interface spec and design documentation) when the workarounds they were using went away. Apple did it, MS did it, Google did it. RTFM.

      1. Alan_Peery

        Not official, perhaps problematic -- sounds like a beta feature

        For Google to remove this is inexcusable. It provides a partial answer to the bloat of applications:

        1) A web browser that now wants to access my camera (I have the camera app, Skype, and Google Hangouts for this) -- Chrome

        2) A weather app that wants access to my camera so I can send snap of the weather along with current temperature, and a hardwired advert of the app -- Weather Pro

        3) A wallpaper app that wants coarse location, and is not a removable app on my Nexus 7 2013 -- Android Live Wallpapers

        4) read contacts -- Google Korean Keyboard and Google Pinyin keyboard -- both non-removable

        I am sure there are a lot more examples even on my lightly loaded tablet, but it's hard to tell as the App Ops app doesn't see all the privileges that an app may have.

    3. RyokuMas

      "and so it begins."

      It began years ago - it's just that everyone was too busy wailing on/about Microsoft to notice.

      Not that Microsoft and numerous others aren't doing exactly the same thing - but at least they never really tried to pretend that they were doing it out of a sense of altruism.

  2. Andrew Jones 2

    If it comes back it will be because of peer pressure.

    Dianne Hackborn stated that it was never meant to exposed to users and is an internal testing tool.

    While initially quite happy to talk to users about the removal, she has since stopped commenting - which is a shame, I suggest an interim solution might be to remove the switches but leave the data (eg this app has accessed the following data). The most obvious reason Google have removed this - is because users can turn off the internet permission on apps that only require the internet to display ads.

    See more here:

    1. Tom 35

      The info is there

      But only one app at a time, no list of apps with location access like you had with app ops.

      They killed the access in 4.4 but people found a way to get back in, 4.4.2 killed it.

      I want it back.

      1. Jonathan Richards 1

        Re: The info is there

        > 4.4.2 killed it.

        > I want it back.

        I'm posting from a position of ignorance with respect to Android development, although I am an Android user. This issue wouldn't arise if Android was properly Free Open Source Software, would it?

        If this happened with a Linux or a BSD kernel, there would rapidly be a source patch set developed that we could use against the published source, to compile a kernel with the deleted functionality restored.

        It seems to me that there should be an Android source branch with App Ops in it, and then there's 4.4.2 with App Ops removed. What stops people or organisations who care enough, forking or patching Android to replace App Ops? I'm asking, wanting to know.

        1. DaLo

          Re: The info is there

          They can.

          AOSP is the android open source project. There are also forks and ROMs which can add and remove anything they want. Cyanogen Mod is one of the more popular ones.

          1. h4rm0ny

            Re: The info is there

            Technically it is possible. However, Google have become pioneers in the field of subverting Open Source. Microsoft attempted to meet the OSS movement head on and at the time we (OSS zealots) were all ready to fight MS and we did. Google did something worse - they co-opted the movement. Here is an interesting read:


          2. Mr Flibble

            Re: The info is there

            The App Ops disabling is undone in CyanogenMod 11 (currently in development and based on Android 4.4.2). It's used by Privacy Guard, which is found in the security settings menu.

            Yes, I use it. Yes, there are apps which wouldn't be installed but for it.

    2. monkeyfish

      So why not have the permission for the internet connection disabled for apps that require it for adverts? I've not got ad supported apps for that reason, I don't like apps that have free rein to fetch whatever they want. I'd prefer google to make separate permission that is 'internet access to the ad network' as opposed to the whole internet (i.e. the app only has permission to access a single ip where the ads come from). Then that option could be un-blockable from app-ops.

  3. Arctic fox

    I think that there is a problem here.

    Many apps that are downloaded are so called "free apps" where the deal is that ads are the "payment" - what about them?

    1. Jonathan Richards 1

      Ad supported apps

      Such apps have a choice: they either run without Internet access, or they don't. I rather expect the ad-supported apps that I have to work even when I don't have a 'net connection, e.g. if I've got mobile data turned off, or if I'm in an aeroplane, and that's usually what happens. Being able to deny net access with App Ops seems to me to be no different to an overall mobile data switch, in terms of its effect on advert serving.

    2. Anonymous Coward
      Anonymous Coward

      Re: I think that there is a problem here.

      I don't block ads, not deliberately. I do, however, turn of wifi when not at home and mobile data is turned on only when I want it. I chose a PAYG deal, and don't need various processes running in the background, checking for emails, updates etc. So, most apps must run without internet access.

      Those type of apps aren't the problems, it's those that demand a whole host of permissions, none of which can be justified. The developers have three choices, remove those permissions and get installed, leave them and have them blocked by me, or, not get installed at all. AppOps allowed me to choose, so, now my choice is simple. I won't install.

      1. Arctic fox

        Re: "I don't block ads, not deliberately."

        Actually, what you describe is pretty what I do myself. One problem however in this context is those devs who refuse to do a paid version of their app with no more permissions than are necessary for the app to function. I have on several occasions had to reject an app because of this problem. One gets the impression that a fair number of devs are utterly uninterested unless they get to own your phone's arse.

      2. h4rm0ny

        It's not the ads that bother us. It's the tracking.

        I don't really object to ads. I think most people don't really. It's the tracking we loathe and oppose.

        1. Jordan Davenport

          Re: It's not the ads that bother us. It's the tracking.

          "I don't really object to ads. I think most people don't really. It's the tracking we loathe and oppose."

          Really, it's a little bit of column A, a little bit of column B. I don't mind unobtrusive ads, but there are some that I do mind, especially the great big flashing ads textually shouting "YOUR ANDROID MIGHT BE INFECTED!!", trying to get people to download junk apps that at best they don't need or at worst will actually install malware or adware on the phone.

          I know to avoid these ads, but some older people I know get worried when they see them. It's the same problem as on Windows, really, not that I'd want to be locked into any one walled garden with no gate. I just uninstall anything that has ads like that and advise others to do the same.

  4. Gene Cash Silver badge

    I blocked my KitKat update

    This was one of the major reasons.

  5. Mike Wilson

    Some creepy apps out there

    After the permission manager went missing, I went through my installed apps and removed all the ones with sinister permissions. Air Droid, for example, wants access to SMS. Why? I can't think of a good reason, so it's back to moving files over a cable for me. Several wanted to read phone status and id. Those are mostly history as well.

    Giving excessive permissions to apps isn't just about paying for "free" apps by looking at ads, it's about paying by handing over personal information. Many people won't realise what they are paying. If they did, they might decide the price is too high.

    If someone wants to keep track of my location and sell that information to an advertising network, they're going to have to give me something a lot more valuable than a crappy little app. A house might cover it, but it'd have to be a nice house by the sea.

    1. kevjs

      Re: Some creepy apps out there

      Well Air Droid claims it can send and receive SMS from the web browser so that will be the reason it needs SMS access.

      This is where more granular permissions are a benefit.

      e.g. Air Droid NEEDS permissions X, Y and Z to function - if you don't like that tough you can't use Airdroid. It would also like "SMS Send/Receive permissions to allow you to send and receive SMSes from your browser" - I don't want to allow that - okay I'll hide that function in the app for you!

      Apps requiring internet access for adverts only could be mitigated so some degree by adding a sandboxed framework - i.e. the advertising providers plugin app gets the internet and location (Which I can switch between "country", "course", "gps") and the actual app itself gets the basic permissions needed.

      1. Charles 9

        Re: Some creepy apps out there

        The trouble was that Android had to appease the developers, who pretty much insisted on permission control or they wouldn't develop alongside Apple (which at the time was their comfort zone).

    2. Steve Evans

      Re: Some creepy apps out there

      And with that, the Facebook app is removed.

      Not only is there more functionality from, but a web page cannot trawl my phone with excessive permission.

      1. TheRealRoland

        Re: Some creepy apps out there

        funny how everything goes through cycles. the Blackberries were/are being vilified for not having enough apps, where the argument was 'but the website offers the same or better functionality'. No, everything had to be apps.

        so now that everything is apps, the complaints are that the apps have too much access to what's happening on your phone.

        mind you, am not trying to sound snarky. I think it's just funny, in a sad kind of way.


    3. Havin_it

      Re: Some creepy apps out there

      OK, serious question: How in the Hundred and Seventeen Hells did you manage to use AirDroid without noticing its SMS functionality? I mean it's right there when you login in your browser.

      Genuinely baffled by that comment. Even if you somehow thought file transfer was all it did, you must have some wicked tunnel vision.

  6. Anonymous Coward
    Anonymous Coward

    Google has gone from "dont be evil" to being the schoolyard bully

    I hope there will be a lot more competition in the handheld space that can make Google rethink a couple things. Excessive apps-permissions are simply unacceptable. Scare-ads ("your phone is infected by a virus" - type) should be stopped, and every app in the store must be checked properly for malware. Tech-media should act responsibly and really hammer these very basic issues which are essential for both security and privacy. Maybe recommendations for users to consider other alternatives could make Google rethink their actions.

    Just noticed that maps and hangouts now require access to control WiFi, BT and NFC. That's simply outrageous. I need to be able to trust that any RF-transmitter I have turned off remains off for as long as I want. I seriously need to investigate other alternatives. And no, iOS and WP won't do either.

    1. Jonathan Richards 1

      Outrageous permissions

      The ones that creep me out are applications that want (among others) (i) permission to take pictures and (ii) full access to the network. What could possibly go wrong, eh? I've been declining updates to several apps for a while now, particularly in order to avoid that combination.

      1. Vociferous

        Re: Outrageous permissions

        > permission to take pictures

        Unless the app has a really good reason (e.g. it's an OCR or barcode scanner) that's a "never install" requirement, right there.

        1. Charles 9

          Re: Outrageous permissions

          What about if lets you take pictures to integrate with the program?

          It's been something I've been thinking about. Perhaps in future, Google should demand that app makers provide not just an access list but also an EXPLANATION for each and every permission. For example, if an app needs to take a picture, there must be an explanation (written by the developer) such as "We use the camera so you can take pictures for your avatar." (for some communication program) or "We take pictures to process in the cloud for product recognition." (for something like Goggles).

          1. Anonymous Coward
            Anonymous Coward

            Re: Outrageous permissions

            "It's been something I've been thinking about. Perhaps in future..."

            That's OK, to a point.

            In the UK and the EU in general, there are laws and guidelines that all data processors are supposed to adhere to i.e the Data Protection Act. This act equally applies to mobile developers in the UK who control data (other EU countries have their equivalent). What dismays me, as an occasional mobile app developer, is that many mobile developers in the UK seem to think that they are in some way excluded from their duties under the Act.

            So, whilst your suggestion is reasonable, there are other more fundamental requirements placed on developers/data controllers. If developers/data controllers choose to ignore their legal obligations then send them to the bloody wall. There's simply no excuse for the often outrageous permissions.

            The ICO has been running developer outreach for nigh on a year. I for one, as an occasional app developer, think it's about time the ICO grew a pair and started using their teeth. After all, ignorance is no defence under the law.

            Also, as some (including the ICO's senior tech and policy bods) point out, it pays to remember that permissions != privacy and also that permissions != data security.

    2. petur

      Re: Google has gone from "dont be evil" to being the schoolyard bully

      my friend, the neo900 project is just the thing for you ;)

    3. Anonymous Coward
      Anonymous Coward

      Re: Google has gone from "dont be evil" to being the schoolyard bully

      "And no, iOS and WP won't do either."

      Very true. I see I will be using my old Nokia E7 with Symbian Belle II as long as it will last and then it's back to old, trusty Nokia 3110: Not a single smart thing on that, it just works.

      Unless Jolla boots up but anyway: It's touch only and no qwerty available. At least for now.

  7. David Pearce

    Obeying aircraft mode

    Allowing the App to control WiFi etc makes me wonder if they actually obey Aircraft Mode setting. This would be a legal and safety issue in several situations apart from in-flight - hospital CCUs, hazmat

    1. Charles 9

      Re: Obeying aircraft mode

      Last I checked, Airplane mode is a separate setting that overrules all the data settings (WiFi, Mobile Data, Bluetooth, etc.), like an outer lid covering the multiple inner lids. An app cannot turn WiFi on while in Airplane Mode. Now I know some apps are capable of switching Airplane Mode on and off, but I have to recall whether or not they can only do it under root permissions, because I don't recall Airplane Mode being a listed app permission.

      1. Havin_it

        Re: Obeying aircraft mode

        I thought apps couldn't access any data pipes unless you had them (the radios) turned on. Certainly I've never seen my *G or wifi indicators light up when they're turned off, though I know there are apps running that would use the net if they could. What gives? I presume they'd not be allowed to hide the activity... am I naiive?

      2. Alan_Peery

        Re: Obeying aircraft mode

        Try this:

        1) Have wifi, bluetooth, and 3G on

        2) Set airplane mode

        3) Turn on wifi

        4) Turn on bluetooth

        The airplane mode setting is can be overridden, at least on HTC Sensation and Google Nexus 7.

  8. T. F. M. Reader

    Broken model?

    I am not an Android developer and I am hereby claiming ignorance regarding the implemented mechanisms. I am an Android user, however, and the whole permission handling model has always seemed fundamentally broken to me.

    From my - user's - prospective permissions should be system-wide, with configurable per app exceptions. If I do not want the device to access my location info or text behind my back or do something equally nasty, I should be able to configure the *system* accordingly. If an installed app tries to do something the system does not allow, an exception should be raised. The user should be given a choice of allowing or disallowing the app to do the dirty thing (per app, ideally also once or forever), or to pass the exception to the app which then can catch and handle it in some intelligent way, e.g., "Dear User, this free version of the app is ad-supported, therefore it needs full network access. Please enable the capability, or consider buying an ad-free version for only $4.99." Or, "Dear User, without access to location services the functionality of the application will be limited in the following aspects: ...".

    The current model where the app declares what it needs, in a take it or leave it manner, and apparently is free to lie (my impression at the moment is that the only recourse to actually enforce a restriction is to cancel the install - or uninstall if you manage to catch the app red-handed) looks completely backwards to me.

    It may or may not be intentional, usually I don't attribute to malice what can be adequately explained by stupidity. It is, IMHO, more plausible that it's just an utter FAIL on the part of Google's Product department rather than a pre-calculated evil-genius conspiracy of the do-no-evil company

    A mobile phone OS that includes capability enforcement will get my serious attention, and I won't care if there are 500 million apps for it.

    1. Charles 9

      Re: Broken model?

      "The current model where the app declares what it needs, in a take it or leave it manner, and apparently is free to lie (my impression at the moment is that the only recourse to actually enforce a restriction is to cancel the install - or uninstall if you manage to catch the app red-handed) looks completely backwards to me."

      The problem was that the model was demanded by the developers. Basically, it was either Google conceding to them or they would never have strayed from Apple's system, crippling Android in a vulnerable moment. And even now, they can't change it too radically for fear of devs walking away. And it's the devs that help make the real money for Google by making people use Android phones.

  9. John Robson Silver badge

    Provide an ad server on boqrd, a second app which caches ads...

    I'll let *that* use the net...

  10. Trooper_ID

    i don't have this issue with my Nokia 6310i.

    1. Vociferous

      > i don't have this issue with my Nokia 6310

      Best phone ever made -- but a bit tricky to surf with.

      1. I ain't Spartacus Gold badge

        Best phone ever made -- but a bit tricky to surf with.

        Depends how big the waves are, and if you've got small enough feet...

  11. Anonymous Coward
    Anonymous Coward

    For anyone missing it

    Root your phone and install LBE Privagy Guard. It provides the same functionality. It also works for on older versios of Android (2.3, 4.x).

    1. Jonathan Richards 1
      Thumb Up

      Re: For anyone missing it

      Interesting. Here is the link to the Play Store page for LBE Privacy Guard.

      Hmmm... after a little research, it seems that rooting my particular phone model is not entirely straightforward, though.

  12. arkhangelsk

    I'll side with the Against but Sympathetic crowd

    It is a nice feature, however it came to be included, but I can see how its functionality means it cannot be Foolproof and having dabbled in Customer Service myself I can understand what happens when you cannot Foolproof such features. So whatever else they were thinking there are valid reasons to pull the feature.

    1. Charles 9

      Re: I'll side with the Against but Sympathetic crowd

      So hide it behind an Expert toggle. There's a develop options menu that's normally hidden, but if you know the access key (tap the Build in About Phone a bunch of times), you can get access to them. Similarly, keep expert options covered unless a specific setting is turned on (with appropriate warnings given like for External Apps permission).

      1. Anonymous Coward
        Anonymous Coward

        Re: I'll side with the Against but Sympathetic crowd

        Ah, I think the point is that you shouldn't have to be an expert in order to manage your privacy.

        1. Charles 9

          Re: I'll side with the Against but Sympathetic crowd

          But you do. Controlling the acts that give your privacy away is HARD...because SO MANY things give hints as to your identity. It's like the skill needed to do some actual work on your car like changing the oil or swapping wheels: many people don't care about it and let the experts do it, but if you want to do it yourself, it's considered wise to read the manual first lest you break something.

    2. Anonymous Coward
      Anonymous Coward

      Re: I'll side with the Against but Sympathetic crowd

      As it was a hidden option, inaccessible from the normal menus, and you had to download the AppOpps starter app in order to be able to use it, there was no reason to pull it. Only those of us who cared and understood enough to go find the app, install it and use it are affected by this. Ordinary users aren't and it;s those who would be the ones calling up complaining if they made a mess of things. I understand the implications, know how to go back and turn things back on again. Let me decide what apps can do to my data, not anyone else.

      1. Mr Flibble

        Re: I'll side with the Against but Sympathetic crowd

        The genie's out of the bottle, as it were; even if they completely remove it, it'll just be added back by the likes of CyanogenMod. The source is there, the commits can be reverted…


      Re: I'll side with the Against but Sympathetic crowd

      Actually it's on as default on my Huawei P6.

  13. Piro Silver badge

    Thanks, Google!

    Because of this palaver, I saw a comment mentioning XPrivacy.

    It's an Xposed module that basically does more than the Google one could. It's a bit more complex to get to grips with, granted, but it works.


    1. Bsquared

      Re: Thanks, Google!

      Thanks for that - XPrivacy is exactly what I came into these comments looking for. Little bit of to-ing and fro-ing to get it installed, but seems to work well, and offers granular control over many areas one might wish to restrict.

      The previous app mentioned (LBE Pivacy) hasn't been updated in over a year, and has crash reports for Jelly Bean devices (endless boot loop).

    2. Anonymous Coward
      Anonymous Coward

      Re: Thanks, Google!

      Yeah, I was using LBE Privacy for a long time but it was getting ridiculously bloated plus it's closed source Chinese so I had my doubts about it. Xprivacy doesn't have all the capabilities and is a bit trickier to use initially (I was getting a lot of apps crashing until I figured it out) but it's very light and works very well in conjuction with an adblocker and a firewall (to stop access for those apps that crash when Xprivacy turns off internet).

  14. Anonymous Coward
    Anonymous Coward

    It's not just this

    So many small things google have done in the last year or so have made me go from an enthusiastic user of them to actively trying to move away from their stuff. They might not have turned "evil" but they are starting to appear that way to me, and getting worse by the day. More and more I dislike them as a company. I've moved to firefox as I no longer have a great deal of trust in chrome, I host my own email as I no longer trust gmail. Now I just need an alternative to my google phone when its time to renew in a few months. amazingly a windows phone looks like the best choice for least evil comapny right now... I wish there were more choices.

  15. Anonymous Coward
    Anonymous Coward

    Install Xposed framework, install AppOpsXposed module, enjoy your permission control again. Works for me. GNote2, CM 11 nightly (12 Dec build), 4.4.2.

    1. Charles 9

      But I like to use ART, and Xposed and ART don't mix. Anyway, I have a build that includes a working Privacy Guard built-in. I've set it to default to blocking new apps that I install. That way it's hard to be caught off guard.

  16. Ilsa Loving

    Helped me decide on a tablet

    Just this week I was trying to decide what tablet to buy. This article ended up cinching it for me, and I bought an iPad. Say what you will about Apple, but at least they have fine grained privacy controls so that apps can't abuse their access to your personal data.

  17. Kernel

    Or you can root your device and sort the mess out yourself.

    Running Android 4.3.1 (KatKiss 028 ROM) with Apps Advanced Permissons control, Adblocker to sort out those pesky ad-funded apps and Droidwall to sort any app that thinks it knows better than myself who gets to access the net from my tablet.

This topic is closed for new posts.

Other stories you might like