I was sceptical Google’s Android App Ops feature would be viable when they introduced it in Android 4.3. App Ops allows the user to selectively enable/disable permissions after an app has been installed. The problem is that almost all apps haven’t been written/tested to allow permissions to be revoked and the outcome is uncertain. Some apps might degrade gracefully, others might crash and in the worst case some might misbehave in detrimental ways. Google decided to remove Op Apps in Android 4.4.2 that has caused dismay from the Electronic Frontier Foundation.
Peter Eckersley from the EEF asks Google to reinstate App Ops. However, I think he can see the problems with doing so as, in a footnote, he tries to explain how faking data might be a short-term solution. Unfortunately, things aren’t that simple. Sending the wrong data to an app is just as likely to make it misbehave as shutting off access to protected APIs. Also, for example, if an app tries to access the server and needs a particular formatted response, how is the OS to know what this should look like?
Peter goes on to explain how this situation is ‘catastrophic’ because people can’t stay on 4.3 because they need 4.4.2 to fix recently found vulnerabilities. However, it turns out Google have just disabled rather than removed App Ops. If you really want, you can re-enable it using a 3rd Party app. However, to install you currently need root. Also look into unroot – which I would recommend you do, if you can, otherwise root effectively unprotects all your data.
While the need for App Ops is well-meaning, I don’t think it’s feasible now. If it were in Android OS early on, apps would have been developed with it in mind. As it is now, just switching off APIs is bound to cause too much disruption and confusion.
A higher level question is whether the typical user can really make sense of the permissions in terms of how they might be leaking private data and whether this data is really needed to make the app/service work. The ability to turn off permissions is a very blunt instrument. There’s no point turning them off unless you know why they were needed in the first place. I am not convinced App Ops, on its own, is the solution to this problem or whether, indeed, there is a solution.