The controls in question would have allowed users to install an app without having to grant all of the permissions demanded by the app. "This turned out to be the fundamental problem with the previous Android model: installing an app was an all-or-nothing proposition, and there were few practical ways to protect yourself against the apps you'd installed, or even really see what they were up to," explained Peter Eckersley, EFF's technology projects director.
He went on to add that this had changed with Android 4.3, which "added awesome new OS features to enhance privacy protection... Want to install Shazam without having it track your location? Easy. Want to install SideCar without letting it read your address book? Done."
Eckersley was fulsome in his praise. "Its availability means Android 4.3+ [is] a necessity for anyone who wants to use the OS while limiting how intrusive those apps can be. The Android team at Google deserves praise for giving users more control of the data that others can snatch from their pockets."
Then, yesterday, he was forced to publish a retraction. Google had pulled the feature in the latest version of the operating system. "The App Ops privacy feature that we were excited about yesterday is in fact now gone." [This reporter can confirm that trying to run App Ops Starter on Android 4.4.2 continually crashed Settings and was unusable; even though Google Play claimed it was compatible with the 4.4.2 device. Reviews for AppOps Launcher on Play include, "crashes immediately on 4.4.2 I'm running a 4.4.2 ROM on a Galaxy Nexus and this app crashes," and "Excellent Dead simple to use, works a treat - Android 4.4, Nexus 4."]
Google told EFF, "the feature had only ever been released by accident — that it was experimental, and that it could break some of the apps policed by it." EFF, for its part, is suspicious of this, and does not believe "that it in any way justifies removing the feature rather than improving it... A moment ago, it looked as though Google cared about this massive privacy problem. Now we have our doubts."
The problems could be solved in the short term, suggests EFF, by the OS providing false data when the app demands something the user doesn't wish to give; and in the longer term by documenting that such API calls might fail for privacy reasons. It is calling for the facility to be re-instated and improved.
"In the mean time," says Eckersley, "we're not sure what to say to Android users." He would like to say, don't upgrade to 4.4.2; but adds, "Android 4.4.2 contains fixes to security and denial-of-service bugs. So, for the time being, users will need to chose between either privacy or security on the Android devices." They can't have both.