The Android 4.4.2 update that began to roll out Monday to Google's Nexus devices removed a feature that gave users fine-grained control over app permissions, prompting criticism from the Electronic Frontier Foundation.
The removed feature was called App Ops and was introduced in Android 4.3. It provided an interface from where users could withdraw permissions they gave apps when installing them. Traditionally, Android users have had to choose between giving an app all permissions it requests or not use it.
The granular permission control provided by App Ops is something that privacy advocates have long requested, since many apps ask for more permissions than they need to provide their main functionality.
In part this is because a lot of apps, especially free ones, bundle advertising libraries that provide a revenue stream for developers. Often the excessive permissions requested by such apps come from those ad libraries.
Last week, Goldenshores Technologies, the developer of a popular flashlight app for Android, settled U.S. Federal Trade Commission charges that it shared users' geolocation information with advertising networks without properly notifying users. The company agreed to disclose to users how it collects, uses and shares geolocation information and obtain consent from them before doing so.
While present inside Android 4.3, the App Ops interface has never been directly accessible to users, but it was easy to gain access to it by installing third-party applications like Permission Manager or AppOps Launcher from Google Play.
In a blog post Wednesday, the Electronic Frontier Foundation, a digital rights watchdog, called App Ops an "awesome" feature and a "huge advance in Android privacy." However, the organization's enthusiasm was short lived, as some users later pointed out that Google removed the feature in Android 4.4.2.
"Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone," Peter Eckersley, EFF's director of technology projects, said Thursday in a separate blog post.
"The disappearance of App Ops is alarming news for Android users," Eckersley said. "The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people's data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago."
According to Eckersley, when contacted by the EFF, Google said the feature wasn't supposed to be released to begin with because it was experimental and its use could break some apps.
The EFF feels this explanation is suspicious and believes that Google should have worked to improve it rather than remove it. The problem of apps breaking down when not given access to information like location data, the address book or the phone's IMEI (equipment identifier) number, could be solved by supplying those apps with dummy data when the corresponding permission is removed, Eckersley said.
Sign up for CIO Asia eNewsletters.