In the previous article ( https://mobileprivacyresearch.wordpress.com/2014/05/21/new-google-play-store-ui-changed-way-to-show-app-permissions/ ), I reposted the news report about new Google Play Store UI.
Let’s have a closer look at the permission groups. According to google’s support webpage, we have:
- In-app purchases
- Device & app history
- Cellular data settings
- Identity
- Contacts / Calendar
- Location
- SMS
- Phone
- Photos / Media / Files
- Camera / Microphone
- Wi-Fi connection information
- Device ID & call information
- Other
A much shorter list, comparing to the list of permissions, huh? What bad thing would happen? There are two things that strongly need to mention about app updating:
(1) Fewer App Update Notices. In the old GPlay UI, if new permission is requested, GPlay will pop-up a notice that highlight the new permission request, and let users to make decision of whether “Accept” or not this app update. But in the new GPlay UI, users are noticed only if some app requests a new Permission Group. It means if some app that requests Calendar access wants to read your Contact, they will get green light without noticing you, because they are in the same permission group!
(2) What about the category “Other” ? Does it means that if I accepted any permission in the “Other” group, I shall give access to all different kinds of permissions in the group?
So to sum up, regarding the app updating, the new Google Play solution might bring new vulnerabilities to the Android Permission system. Just my personal opinion anyway.
Agree agree agree. This “simplified” system is in fact designed to leave users in blissful ignorance as to what their apps are really up to. Another point worth mentioning: play store no longer shows if an app requires the Internet Access permission. This is a really big deal. Dick move by Google, IMHO.
Thanks, I wondered what were the real implications beyond the simplification blah blah, and apparently your almost the only one to write about that on the internet…