Follow up on Google Play’s new UI with simplified / grouped permission requests.

In the previous article (

New Google Play Store UI changed way to show app permissions.

), I reposted the news report about new Google Play Store UI.

Let’s have a closer look at the permission groups. According to google’s support webpage, we have:

• In-app purchases
• Device & app history
• Cellular data settings
• Identity
• Contacts / Calendar
• Location
• SMS
• Phone
• Photos / Media / Files
• Camera / Microphone
• Wi-Fi connection information
• Device ID & call information
• Other

A much shorter list, comparing to the list of permissions, huh?  What bad thing would happen? There are two things that strongly need to mention about app updating:

(1)  Fewer App Update Notices. In the old GPlay UI, if new permission is requested, GPlay will pop-up a notice that highlight the new permission request, and let users to make decision of whether “Accept” or not this app update. But in the new GPlay UI, users are noticed only if some app requests a new Permission Group. It means if some app that requests Calendar access wants to read your Contact, they will get green light without noticing you, because they are in the same permission group!

(2) What about the category “Other” ? Does it means that if I accepted any permission in the “Other” group, I shall give access to all different kinds of permissions in the group?

So to sum up, regarding the app updating, the new Google Play solution might bring new vulnerabilities to the Android Permission system. Just my personal opinion anyway.

 

 

 

 

Paper: Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?

Bin Liu, Jialiu Lin, and Norman Sadeh. 2014. In Proceedings of the 23rd international conference on World wide web (WWW ’14). 

http://www.cs.cmu.edu/~bliu1/Bin_Liu_WWW2014_Reconciling.pdf

Slides: http://www.slideshare.net/korolevbin/bin-liu-www2014reconcilingslides

Abstract:

As they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. Android for instance allows developers to select from over 130 possible permissions. Expecting users to review and possibly adjust settings related to these permissions has proven unrealistic. In this paper, we report on the results of a study analyzing people’s privacy preferences when it comes to granting permissions to different mobile apps. Our results suggest that, while people’s mobile app privacy preferences are diverse, a relatively small number of profiles can be identified that offer the promise of significantly simplifying the decisions mobile users have to make. Specifically, our results are based on the analysis of settings of 4.8 million smartphone users of a mobile security and privacy platform. The platform relies on a rooted version of Android where users are allowed to choose between “granting”, “denying” or “requesting to be dynamically prompted” when it comes to granting 12 different Android permissions to mobile apps they have downloaded.

 

New Google Play Store UI changed way to show app permissions.

http://www.androidos.in/2014/05/google-play-store-4-8-19-rolling-now-ui-improvements/

Quote:

“To help make it easier to understand what an app will have access to, the Play Store has recently made improvements to how permissions are displayed. Permissions are organized into permissions groups, easily identified by icons (example: Location Location) to help clarify the most important information and capabilities an app can access on your device. This information can help you make an informed decision more easily on whether you would like to install the app,” explains Google in Play support section.

https://support.google.com/googleplay/answer/6014972

source: http://cdn.androidpolice.com/wp-content/uploads/2014/05/nexusae0_wm_Screenshot_2014-05-15-11-20-031.png