Friday, 30 May 2014

Do You Know Where Your App is?

The Huffington Post is reminding us that Facebook Messenger asks for a lot of permissions when you install it.

On the one hand, the article is kind of alarmist. It needs permission to do all those things because it is designed to be able to do all those things - you can use your Messenger app to manage your SMSs and make phone calls and so on and so forth. It wants to be your social hub or whatever. But, at the same time, it's absolutely right that once you've given it permission to do these things IT CAN DO THEM AT ANY TIME. It's sort of the same principle as the legal T&C thing that went around a couple of years ago - people were startled to find that Google, Flickr etc were being granted the right to distribute your images, despite that being exactly what the relevant services were designed to do. But, yes, once they have permission to do that, they can totally do that, and it's a permission that could be abused.

Unfortunately (unlike apps running on Facebook itself), Android does not have functionality for users to grant individual permissions on install. They just have to ask for everything, and you have to agree to everything or reject everything. So even if I'm not using its SMS functionality, I need to give them permission to read SMS. I can configure the app to not do that, but at a system level it still has permission to read and send them. In the event of software error or developer abuse I would be boned.

I'm sure there would be a huge scandal if it emerged that Facebook was actually abusing these privileges, but of course by then the damage may have been done.

The ability to rescind or decline specific permissions would be a good first step (though there could be knock-on effects - the need to check for permissions, or respond to permissions being denied, would increase development time and potentially slow down execution). Personally, the most disturbing things about these permissions are the "at any time" aspect, which may be more of a problem with the O/S than the app itself. Any app that uses the camera can use the camera at any time. Anything that records audio can do it at any time. To me this seems like a very lazy way to go about things. Perhaps Android needs to introduce an "only while the app is in the foreground" or "in response to user prompt" level of permission.