Why you should be very afraid of the changes Google made to the Play store

Let’s say you invite an acquaintance to your home for dinner.

Let’s call him John.

You have personal accouterments in the living room, rare artifacts from your expedition to Israel in the dinning room and family photo albums in the bedroom.

As John saunters through your home admiring the blinds, cabinets and pans he asks to use the bathroom.

This is a conventional question for any new guest so you gladly oblige without even thinking about it.

“Sure, just walk down there”, you say pointing straight ahead, “You’ll see it straight back on your left”.

He walks into the bathroom, closes the door but then starts shuffling through your medicine cabinet.  As he thumbs through drug containers and pill boxes he mutters to himself:

“Acetaminophen… Aspirin… and oh what’s this?”  He pauses and chuckles as he reads the label:

Bisacodyl?  Didn’t know he struggled with constipation… ha, that explains the uncomfortable look on his face during meetings”.

Your intrusive guest suddenly notices a phone book near the sink.

He picks it up and starts foraging through pages and saves the email addresses and phone numbers of a few contacts he could use for his side-business.

“Score, these would make great leads”

After flushing, he glances in the mirror and tidy’s up his slovenly appearance before joining you in the kitchen.

“Great place” he remarks without an ounce of compunction in his voice.

Then with a duplicitous smile and an image of the Bisacodyl on his mind says, “So what’s for dinner?  Hopefully something easy on the stomach”.

How is this germane to Google?

John is loosely analogous to the simplified permissions system Google just released in the Play store.

Do you really want officious apps rummaging through your “medicine cabinets” and “address books” when you only gave them permission to “use the bathroom”?

With the Play store update, Google has condensed app permissions into groups which ostensibly help people make better decisions regarding app security.

In a statement Google said:

Google Play prioritizes the permissions that are most important for you to make an informed decision, displaying them front and center. Using the Play Store’s app review and scanning systems, we are able to evaluate some of the permission requests that were previously displayed in the primary permissions screen, flagging and removing apps with potentially harmful code. As a result, some of the permissions covered by those checks are no longer displayed in the install experience.

The real problem resides in the final sentence of the above quote: “no longer displayed”.

On the one hand, a minimalist approach to user interface design can improve the utility of software because it removes clutter and reduces the possibility of confusion.

I think Google became cognizant that average users felt a sense of trepidation when installing apps.  The sheer glut of information preceding an app installation was enough to send Android tyro’s running for a new iPhone.

I get it: Google dumped too much information at the user rendering him or her paralyzed by choice; however, on the other hand, withholding critical information isn’t a wise way to ingratiate yourself with your customers.

The new austere interface actually occludes important security information that users need to know.

Let me show you what I mean…

Why the new App permissions should scare you

Before installing an app, Google displays the permissions caption that coincides with one or more of the following group titles:

  • In-app purchases
  • Device & app history
  • Cellular data settings
  • Identity
  • Contacts/Calendar
  • Location
  • SMS
  • Phone
  • Photos/Media/Files
  • Camera/Microphone
  • Wi-Fi connection information
  • Device ID & call information
  • Other

Besides the fact that the group called Other is so nebulous that it it could mean anything… let me show you the group names that the Swiftkey Keyboard App shows before installation.

Incidentally, Swiftkey Keyboard is actually a great app and is now free in the Google Store, I think it used to cost $4.  I’m not knocking SwiftKey – I just want to show you what the new permissions screen looks like now.

SwiftKey Keyboard App permissions

It looks nice but as Reddit user iamtubeman first pointed out, approving one permission group actually approves all subgroup permissions regardless of how fatuous they are.

He created a test app (which he documented with screenshots on imgur) with basic permissions such as the right to get user accounts and write to the call log.

He pushed it to Google Play, downloaded it and approved the basic permissions.

Next, iamtuberman, discreetly updated his test app – augmenting the benign permissions with crazy stuff such as MOUNT_FORMAT_FILESYSTEMS and SEND_SMS.

You would hope Google Play notified him about these pernicious changes; however, instead it passively approved them with no warning!

Yup.

That’s some shit isn’t it?

As long as all the updates are under the originally approved group, Google makes no effort to warn you about the changes.

As you can imagine, the ramifications are abysmal.

Think about it:

HappyBirds app version 1.0 requests access to Read your contacts which is under the Contacts/Calendar group.  A few weeks later, version 2.0 is pushed with an update to Read your calendar events plus confidential information.

Or what about this… Flashlight version 1.0 starts with basic Read call log permissions under the Phone group but version 2.0 surreptitiously adds Make calls without your intervention and Directly call phone numbers.

By the way, I’m giving you actual permissions directly from Google.  I’m not making these up.

Here’s another one: SuperPhoto 1.0 begins with the harmless Take pictures and videos permission under the Camera/Microphone group but weeks later gets a major upgrade in version 2.0 to Record audio.

Why this really sucks

The problem is that there may be zero indication that the device is recording audio or video.  Unlike some video cameras that sport a pulsating red light when recording, your smartphone isn’t required to adhere to these rules.

The screen can be completely opaque… dark… off…. but the mic is still covertly recording everything in the room.

In this case, the mic is always hot.  Always on.  Always collecting.

In addition, since Network Access is now enabled by default (whether or not the app needs it) your private conversations could be uploaded off to Iceland somewhere where some reclusive developer is selling your private information to underground buyers or even planning to impersonate your identity.

So now what?

Well, the only way I know to get around the privacy pandemic is to disable automatic updates.

You have to:

  1. Tap open the Play Store
  2. Touch the Play Store icon in the upper left corner of the screen and choose My apps in the left pane
    Google Play My Apps
  3. Pick your app from the list then hit the menu key on your phone to unveil the secret Auto-update menu.

In the graphic below you can see Auto-update at the base of the screen.

How to disable auto update in Google Play

But this isn’t much of a solution because it unwittingly introduces another security risk.

Is running an outdated app any better than running an updated app with gratuitous permissions?

The Bottom Line

We live in click-and-forget world where people blithely approve permissions without considering what they actually do.

Ultimately, people don’t really want to be bothered with permissions.  They just want the apps to work.

Unless you’re an Android developer, no one really cares why or how it works.  Therefore; in one sense, is the new simplified permissions screen really a problem? I mean, if no one reads it anyway then what does it matter if a nefarious developer inserts code to nuke the file system?

Consequently, duplicitous app creators can exploit the general incompetence of the public for selfish gain but I don’t hold the app developers responsible here, at least not primarily.

I actually think Google abdicated it’s responsibilities by designing a permissions system which condones exploitation.

The stupid permissions in Android is one of the cardinal reasons people hate it and embrace iOS 7 and iOS8 devices.

There should be a way to make certain permissions optional and then when the specific permission needs special access, the app should explicitly ask the user for approval.

If an app is updated with new permissions, Google should design an ecosystem where it conspicuously underscores all the new permissions.  It’s not sufficient to inform the user that permissions changed.  In my opinion, the user has a right to know which permissions changed.  Google isn’t doing this today and therefore has failed.

I hate to say it because I’m an avid Android user, but Apple understands mobile permissions better than anyone else.

Think about iOS: you get the app and when it needs to do something intrusive it asks for access.

Simple.

What do you think about the new Google Play permissions?  Share your opinion in the comments below.

Oh, and don’t forget to kick John out of your home… he already knows about your contacts and medical proclivities – who knows what he’ll extract from your bedroom…

About

Connect with Vonnie on Twitter

Posted in Mobile, Samsung Galaxy S4, Smartphones Tagged with: , ,
  • Robert Abe

    Just went to install an app (Floatify) and noticed the new permissions thing they did, searched for the topic and found your article..and I totally agree with your points. I don’t care what some people think, I WANT to know all permissions an app is asking for and/or could get if I install something. I too am a big big Android fan, but this action (which will not go away anytime soon) may be enough to push me to another camp. Did Google just push me out of their cozy camp by doing this? I hate to say that it seems to be that way.

    It’s totally nuts that 10 years ago, if we installed a desktop PC app and it even brushed on some of these topics there national news on it until eventually the company would relent. I mean, imagine if 10 years ago we installed Photoshop, and it requested access to our contacts, our browsing history, our call logs, our photos, our microphone, and our calendar. People would go absolutely nuts. The calendar by the way is where I put a lot of things that I do NOT care to share with ANYONE, so some apps (including Floatify) will never make it to my device because they are asking for access.

    Whatever happened to the more fine granular control over permissions that Cyanogen mod was working on? That’s what I want…actually I want to roll back to Android 2.3 when on my DroidX I had an app that let me approve/deny access for each permission of any app. I just want that level of control back.

    So now the question is, do I leave Google because of this, and if so, which one is the better camp for me?

    • G121390

      i just switched to apple iphone which i never liked but the updates are not set to auto update by default, if a app needs updating it just alerts me and if i want to update i can if not it just wont. Besides i never auto approve anything, my mic, camera, contacts, location, etc all are always off and if any app needs to use them iphone asks me to turn them on, if i dont want them used then its my choice to cancel the action. You gotta sacrifice something but no app is that important where i would have to exchange a little of my private life for. Just a little bit of info in case you were still looking to switch…. honestly though there is NO phone, tablet, computer or any electronic device that connects to the internet that will ever keep you or your life private, as soon as you create an email with your real info youre identity is no longer a private thing. Good Luck.