Follow up on Google Play’s new UI with simplified / grouped permission requests.

In the previous article ( https://mobileprivacyresearch.wordpress.com/2014/05/21/new-google-play-store-ui-changed-way-to-show-app-permissions/ ), I reposted the news report about new Google Play Store UI.

Let’s have a closer look at the permission groups. According to google’s support webpage, we have:

  • In-app purchases
  • Device & app history
  • Cellular data settings
  • Identity
  • Contacts / Calendar
  • Location
  • SMS
  • Phone
  • Photos / Media / Files
  • Camera / Microphone
  • Wi-Fi connection information
  • Device ID & call information
  • Other

A much shorter list, comparing to the list of permissions, huh?  What bad thing would happen? There are two things that strongly need to mention about app updating:

(1)  Fewer App Update Notices. In the old GPlay UI, if new permission is requested, GPlay will pop-up a notice that highlight the new permission request, and let users to make decision of whether “Accept” or not this app update. But in the new GPlay UI, users are noticed only if some app requests a new Permission Group. It means if some app that requests Calendar access wants to read your Contact, they will get green light without noticing you, because they are in the same permission group!

(2) What about the category “Other” ? Does it means that if I accepted any permission in the “Other” group, I shall give access to all different kinds of permissions in the group?

So to sum up, regarding the app updating, the new Google Play solution might bring new vulnerabilities to the Android Permission system. Just my personal opinion anyway.

 

 

 

 

2 responses to “Follow up on Google Play’s new UI with simplified / grouped permission requests.

  1. all your permission are belong to us

    Agree agree agree. This “simplified” system is in fact designed to leave users in blissful ignorance as to what their apps are really up to. Another point worth mentioning: play store no longer shows if an app requires the Internet Access permission. This is a really big deal. Dick move by Google, IMHO.

  2. Thanks, I wondered what were the real implications beyond the simplification blah blah, and apparently your almost the only one to write about that on the internet…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s