[Someone1234]

> I would argue that no permission should be "implied". For each example you list in that category, I can find an argument to not make it implied.

I'm sure you can. But ultimately it is losing battle.

When you turn something which 99.99% of normal apps require into a "permission" it isn't really a permission at all. Just an obstruction which teaches the users permissions can be safely ignored (i.e. stupid permissions hurt good permissions).

If a user ONLY gets a permissions pop-up when it actually matters they're far more likely to take it seriously than if they get it every time and 9 times out of 10, it is just nonsense (e.g. Reddit app needs internet access, store accounts, SD card write, etc).

> Likewise if you are concerned about privacy and want to know when an app connects to the internet and thereby automatically reveals your location, possibly usage pattern, etc.

Without getting boringly into the intricacies of Android's underbelly, even without the "internet" permission (which is now standard with higher API levels anyway), you can connect to the internet through other APIs and inform a server that you exist.

Literally an app with zero permissions on Android can make API calls which let a server know they're installed at that IP address.

The internet permission was just a good example to throw into the set because Google already moved in the direction of effectively removing it. Now they just need to do more permissions in a similar vein.

[jonemo]

> When you turn something which 99.99% of normal apps...

I think you are confusing your personal use case with everybody's use case. What's a "normal app" anyway? Did you mean to say "apps I use on a daily basis"? Because of the 17 apps on my home screen, 6 do not have a functional requirement for internet connectivity. I bet for users in emerging markets this ratio might be even higher.

> If a user ONLY gets a permissions pop-up when it actually matters...

For most people, spending money is something that actually matters. Again, just because you don't have metered data, doesn't mean everyone else is in the same situation.

> Just an obstruction which teaches the users permissions can be safely ignored

Google manages to sort millions of search results by relevancy, I'm sure they can do the same for app permissions.

[Someone1234]

> I think you are confusing your personal use case with everybody's use case.

But your "use case" isn't even really solved by permissions. It is solved by OS settings (e.g. turning off cellular data, using the data usage tracker/warning, etc).

> What's a "normal app" anyway? Did you mean to say "apps I use on a daily basis"?

No, I mean the majority of apps that exist already on the Play Store. Apps that require no data at all are the exception not the rule, apps that also don't use the accounts API, or store data to the SD card are exceedingly rare.

> I bet for users in emerging markets this ratio might be even higher.

Perhaps, but permissions don't solve this. If data isn't there then apps need to fall back to something else, that is up the developer to implement.

> For most people, spending money is something that actually matters. Again, just because you don't have metered data, doesn't mean everyone else is in the same situation.

Solved by the data usage tracker, not the internet permission.

> Google manages to sort millions of search results by relevancy, I'm sure they can do the same for app permissions.

They also manage to strip millions of search results of no relevance which is what they should do to permissions of no relevance.

[randallsquared]

> What's a "normal app" anyway? Did you mean to say "apps I use on a daily basis"? Because of the 17 apps on my home screen, 6 do not have a functional requirement for internet connectivity. I bet for users in emerging markets this ratio might be even higher.

It sounds like you're agreeing with the GP that a normal app (11 of the 17 most used, for you) needs internet access?

[yourad_io]

> Without getting boringly into the intricacies of Android's underbelly, even without the "internet" permission (which is now standard with higher API levels anyway), you can connect to the internet through other APIs and inform a server that you exist.

At the risk of boring someone else, any more info on this? Is this true for the later versions of Android? (4.2+)

I found something similar to what you describe but for 2.x (and then, a very visible "exploit" - i.e. opening the web browser)