Google Play Store Is Bringing Back the App Permissions List (9to5google.com) 11
An anonymous reader quotes a report from 9to5Google: With the addition of the developer-generated Data safety section this year, Google Play removed the old list of app permissions. The Play Store is now reversing this decision in response to user feedback and will have both coexist. In a short thread this morning, Android Developers (@AndroidDev) on Twitter said it "heard your feedback that you find the app permissions section in Google Play useful, and we've decided to reinstate it." It will be "back shortly," but the company did not specify if this will be done through a server-side change or whether a new version of the Play Store app is required: "The Data safety section provides users with a simplified view of how an app collects, shares, & secures user data, but we also want to make app permissions information easily viewable for users to understand an app's ability to access specific restricted data & actions too."
As Google summarizes, the Play permissions list is "based on the install-time permissions that an app declares in its manifest," and "represents an app's ability to access specific data." Data safety is focused on what an app collects and shares with third parties, similar to Apple's App Store. As of July 20, Google is directly warning "non-compliant new app submissions and app updates" that don't completely fill out the Data safety form. Developers have until August 22 to comply or they won't be able to publish new apps or updates. After that, applications might be removed from the Play Store.
As Google summarizes, the Play permissions list is "based on the install-time permissions that an app declares in its manifest," and "represents an app's ability to access specific data." Data safety is focused on what an app collects and shares with third parties, similar to Apple's App Store. As of July 20, Google is directly warning "non-compliant new app submissions and app updates" that don't completely fill out the Data safety form. Developers have until August 22 to comply or they won't be able to publish new apps or updates. After that, applications might be removed from the Play Store.
People want to know what they are installing.... (Score:4, Insightful)
Re: (Score:3)
Re: (Score:1)
Listing permissions up front is pointless on a system where each permission is individually granted by the user at runtime. Having someone pinky swear to you through the manifest of what the app does doesn't protect you in any way from any malicious developer.
Re: (Score:2)
>"It is a good thing they are reversing course and listening to customers. Now if they would only list which permissions were optional vs required."
I was thinking the exact same thing. Lumping requested and required permissions together does little for the user. I want to know if I deny contacts or camera, will it work. As it has been, all we can do is install it and see what happens. And if we don't like it, then deny and uninstall. Although their specific list might still not be true, at least it
Re: (Score:2)
I am shocked, but probably not as shocked as the middle-managers at google who thought removing the list of permissions and trusting every single dev to not be naughty was a good idea!
I'm shocked about the senseless outrage. The manifest from the playstore was always done on a honour basis. You never needed to list your permissions correctly (though you would be de-listed if caught out).
I frankly haven't checked what permissions an app requests in the Play Store in many years. After all the phone notifies me what permissions are being requested as they are being requested. It is not only real (rather than the honour system), but often provides context.
"What? App X needs my camera! They a
Why install time? (Score:3)
Android was doing okay with run time permissions where it would pop up a dialog. That way someone installing a generic app and not realizing it demanded every permission under the sun would find their bank account compromised, because users tend to just click install if it is an all or nothing thing. At least with ask at use, a user will wonder why some app they just downloaded is wanting full access to contacts, GPS info, GPay, and sudo permissions.
Re: (Score:3)
Nothing is changing with run time permissions. This change only affects information visible in the play store which literally can't represent anything other than the time you look at said app in the play store.
Well, This is a Surprise... (Score:5, Informative)
I'd like to know what this fabled feedback mechanism is, because I couldn't find one when I went looking to instruct them to reinstate the permissions list. (I wrote about this [slashdot.org] over a month ago.)
That's because the permissions list is enforced by the OS -- you can't access, say, the microphone unless you expressly declare that you want access to the microphone.
The "Data Safety" block, however, is just a blob of assertions by the developer that can't be checked or enforced by the OS, and is therefore utterly meaningless and, as often as not, a filthy stinking lie.
One fun activity is to check out the "Data Safety" declarations for obviously bullshit apps, and compare that against the app's permissions list. As just one example, check out this flashlight app [google.com] on Google Play (don't actually install it; it's an ad delivery trojan). The "Data Safety" declaration claims that it collects no data (but also claims it doesn't encrypt data in transit). However, if you actually look at the app's permissions list, it wants access to your camera and microphone -- resources a flashlight app has no business accessing (not to mention the Aurora Store [auroraoss.com] app detects six trackers in it).
So, yeah. The "Data Safefy" declaration is utterly meaningless bullshit, and I'm somewhat surprised that Google backtracked on the issue.
Re: (Score:2)
It's not entirely obvious, but if you go to Google Play there is a question mark icon at the top right, next to your account icon. Click that and "send feedback" is at the bottom of the menu.
False sense of security (Score:1)
If Apple can’t manage to accurately list application permissions when they have a locked down and white listed API, I sincerely doubt that the ghetto that is the android app system will ever be accurate.