Google has frequently found itself drawing criticism for its privacy policies, something that Microsoft has been particularly keen to highlight with its Scroogled campaign. As users come to rely on mobile devices in ever-greater numbers – and with Android dominating the smartphone market – concerns are increasingly being raised about the privacy policies that Google adopts on its mobile OS.
Earlier this week, the Electronic Frontier Foundation (EFF) – a non-profit organisation campaigning for improved digital rights for users – published an article entitled ‘Awesome Privacy Tools in Android 4.3+’, in which it praised Google for introducing greatly improved and more granular options to give users more control over what data could be accessed and used by apps installed on their devices. In that article, the EFF’s Peter Eckersley wrote:
To date, there has been no way to run apps on Android with real and reliable privacy controls. Android version 4.3 and higher take [sic] a huge step in the right direction, letting users install apps while denying some of the apps’ attempts to collect the user’s data.”
That praise did not last long. The next day, Eckersley published a follow-up article, noting that Google had removed those ‘App Ops’ tools completely in the latest OS release, Android 4.4.2, which is currently rolling out to its newer Nexus devices.
After the EFF contacted Google about the removal, a company spokesperson said that the App Ops tools had been ‘released by accident’ in Android 4.3, and that they were an experimental feature that could end up doing more harm than good by disrupting the operation of certain apps. Curiously, this explanation does little to explain why Google did nothing to remove this ‘accidental’ feature in its subsequent Android 4.3.1, 4.4 and 4.4.1 releases that have appeared since version 4.3 was released at the end of July.
Eckersley isn’t buying that explanation either, calling it “suspicious” and adding that the EFF does “not think that it in any way justifies removing the feature rather than improving it”. He also opined that “the fact that [users] cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people’s data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.”
His comments underline the practice of some apps which demand access to data that is seemingly unrelated and unnecessary for their operation, as a condition of installation. Users may question, for example, why a basic flashlight app needs access to their contacts list or location information, but they are left with no option to limit access to such data if they wish to install it.
Eckersley’s final word on the matter highlights the more difficult choice that Android users face. Newer OS versions don’t only add (or remove) features; they also bring improved security packages and bug fixes. “For the time being,” he says, “users will need to choose between either privacy or security on the Android devices, but not both. Google, the right thing to do here is obvious.”
Whether the company that prides itself on ‘doing no evil’ decides to reinstate the App Ops feature, to provide its users with a more comfortable balance of both security and privacy on future Android versions, remains to be seen.