Google declined to comment.
The company reportedly tried to block access to App Ops before, with the initial release of Android 4.4 KitKat, but developers figured out how to enable it again.
EFF urged Google to re-enable the App Ops interface and improve it. The interface should be properly integrated into the Settings interface, Android users should be able to disable all collection of trackable identifiers with a single switch and should have a way to disable an app's network access entirely, Eckersley said.
"There are numerous ways to make App Ops work for developers," he said. "Pick one, and deploy it."
Android 4.4.2 also patches two denial-of-service issues, including one involving class 0 (Flash SMS) messages that was disclosed at a security conference at the beginning on December. Bogdan Alecu, the mobile security researcher who found the Flash SMS vulnerability, confirmed Friday that it was fixed in the new Android version.
Users are now in a difficult situation because they will have to choose between updating to the new version which removes the App Ops privacy feature or not updating and leaving their devices vulnerable, Eckersley said.
Sign up for CIO Asia eNewsletters.