[MichaelGG]

> a dedicated work profile that isolates and protects work data

Oh wow, can this be used to just create a separate profile for every app? That way I can run Uber or Line without giving them every permission to everything? This is the biggest reason I do not install apps. Every "famous" app requests so many permissions it's just stupid.

And not to mention the weirdness of some of them, like "WiFi Device Information". What's that mean? Access to my WiFi AP names? No thanks. Or just local multicast? Who knows.

[errantmind]

CyanogenMod's Privacy Guard is useful for dealing with this situation. There is a setting to enable it by default on newly installed apps. No matter what permissions the app says it requires, you are prompted when it actually requests them and can deny them at will or permanently.

[therealmarv]

Why do I need a custom ROM for privacy? This is so wrong. Great that you can partially fix this but what about the millions of other users who also want to control their privacy without reflashing a complete ROM.

[rav]

CyanogenMod comes preinstalled on OnePlus One, so for me it is no longer a "custom ROM". Even though it is not rooted by default, Privacy Guard has been working for me out of the box from day one.

[sp332]

OnePlus has announced that they are moving away from CM for future phones, so it will be a custom ROM for all new phones.

[scottjad]

When you deny them, roughly how often in your experience does this cause the app to crash or display an error?

[patcon]

Doesn't crash, but sometimes apps seem to be created under the assumption their permission request isn't creating a popup, so there are sometimes like 10 in a row, so the user will often give up and just either blanket deny or accept

EDIT:an "allow for 10 min" option would resolve this

[mmebane]

The lack of a "for 10 minutes"-type option is, IMO, the biggest failing of Privacy Guard. XPrivacy is better in that regard, but was harder to use overall when I last tried it.

XPrivacy does have the benefit of making it easy to provide realistic-looking fake data, which I believe the CyanogenMod team is against.

[hundchenkatze]

In my experience, the apps I've used don't crash. The biggest problem I've seen is me getting frustrated with an app for not working as advertised. Then I remember that I've enabled privacy guard and the app must not be getting some info it needs from the OS.

[MichaelGG]

I think it can return valid data, like empty sets or fake data. So apps shouldn't crash at all.

[dspillett]

Code that assumes it is going to get data instead of allowing for an empty response (in a circumstance where this is technically possible in reality but so rare the developer didn't thing to allow/test for it) could cause misfunction.

[pwnna]

That sounds like a bug in the application.

While I'm not exactly certain on how Privacy Guard works (I have yet to examine that code base), if a phone returns [] for a list of contacts and the application crashes...

[potato]

Rarely, as it will feed empty data. It doesn't deny permissions.

[davorb]

If you have a rooted device, try XPrivacy. That gives you a lot more options and you can even set what data you want the app to see. Want those apps that are asking for your location to think that you are on the North Pole? No problem.

[scott_karana]

Wow, just like iOS.

[loxs]

Actually that's the reason I use iOS

[vlunkr]

I honestly don't understand why this is down-voted, more "sandboxed" apps is one of the reasons I use iOS as well.

[Splendor]

Just for the sake of clarity, do you mean that there are more apps that are sandboxed on iOS or that all apps have a higher level of sandboxing on iOS?

[noblethrasher]

More "sandboxed" in the sense that iOS apps start in a small sandbox that gets progressively and opportunistically larger. Instead of demanding all permissions upon installation, they demand them contemporaneously with attempted access to certain resources. The idea is that user consent is more informed.

In contrast, Android apps demand all of their permissions up front.

[runeks]

More importantly, if you ask me: iOS allows you to install an app, and deny it permission to something. Eg. I can deny the Facebook app access to my contact list, and the app still works.

With Android, you grant an app access to everything it asks for, or you aren't allowed to install it. This seems obviously inferior to me.

[easytiger]

With Ap Ops since 4.3 you can twiddle them individually.

[vlunkr]

Even beyond that though, if an iOS app requests ALL possible permissions, it doesn't have the same capabilities that an android app does.

[kelnos]

I consider that a weakness of iOS as a platform. There are some pretty cool and useful things you can do with an Android app that you just can't do on iOS, period.

Android's permission-granting model does leave much to be desired, though.

[vlunkr]

The second option, that all apps have a higher level of sandboxing. Until iOS 8 apps couldn't do anything to modify the OS besides adding push notifications and maybe a page in the settings.

[vilmosi]

It's downvoted because it's a troll comment that doesn't further the discussion at all. It's irrelevant.

I use Android because it let's me have defaults. See? Irrelevant statement.

Everyone has different needs, just drop it.

[dredmorbius]

Can you expand on that?

[runeks]

> Oh wow, can this be used to just create a separate profile for every app? That way I can run Uber or Line without giving them every permission to everything? This is the biggest reason I do not install apps. Every "famous" app requests so many permissions it's just stupid.

iOS does not require the user to accept all permissions that an app wishes to use, before installing that app. On iOS, you install an app without giving it permission to much, initially, and then the app, when you start it, starts asking for permissions that it needs, as it needs them. You can deny any permission request, and the app still works.

Eg. you can install the Facebook app, and deny it access to read your contact list.

[vetinari]

In iOS, there are about 10 permissions (location, contacts, calendars, reminders, gallery, bluetooth, microphone, motion, twitter and facebook accounts).

In Android, about 150.

There is no mapping 1:1. Some things iOS does not allow at all (wifi information, sd card access). Some things iOS allows by default, with no way to deny it (internet access).

The iOS approach would not scale, the user would be burried under confirmation dialogs. And that's just the initial confirmation, there has to be UI, when he changes his mind later.

Those, who claim that iOS approach is superior are showing their ignorance, that they newer thought about the way, how the user would set matrix of this amount of permissions with many apps, without getting lost (hint: many are getting lost just in the current system. Imagine, that they would be able to toggle anything. And imagine, what the developers would say about that).

[scrapcode]

I understand the discussion of app permissions is not a new one, but today I decided I wanted to try and buy a product through Amazon outside of the browser... Amazon specifically instructs you to navigate to your settings and allow installation of 3rd part apps. Then it directs you to download their .apk - To this point I was almost to the point of excitement that a MAJOR company is showing the public that this is even possible.

Then I opened the .apk. It asked me for what has to be every permission available on Android. Why would Amazon need access to me Contacts? It even asked specifically for permission to my microphone! What?

[btilly]

If they have not asked for those permissions, then how can they give those permissions to third party apps that you install through them?

[dredmorbius]

That transitivity itself is an issue.

Why cannot the installed apps request the permissions they need individually?

[digi_owl]

Unless i am mistaken, Amazon can't give premissions to another app install. The user has to leave the "unknown source" option checked as each APK installed goes through the same rigamarole.

Play gets around this by being bundled as a system app initially. And if you have a rooted device you can potentially promote the amazon store to the same status, and so forgo the "unknown sources" switch.

[dredmorbius]

Thanks. I'm not familiar with the specifics.

[rtpg]

This is one place where iOS trumps Android. Per-permission switches on apps is really great.

There's also an issue with "leaky abstractions" on android, where some useful features require extremely invasive permissions.

[cbhl]

This is more targeted for people who have an enterprise domain (Google Apps for Work, Blackberry, Citrix, etc.)

That said, if you want to create a separate profile for Uber or Line, you can already do so on Android 5.0 and above: https://support.google.com/nexus/answer/2865483?hl=en&ref_to...

[thanksgiving]

Please correct me if I am wrong but I thought this was for sharing your phone with someone else or sharing your phone between two or more Google accounts...

I think Facebook Messenger, Line, and the like will still have access to all permissions even if you switch to a different user and install the apps there...

That being said, guest mode is really nice on my nexus 5 so my curious friends on iPhone can log in to their google account on my phone as a guest and test drive android.

[scintill76]

I think the idea is, you create a dedicated "sandbox" account, install apps in it that you don't trust that want access to calendar, contacts, text messages, etc., and then don't put any real data of those kinds in the account. So, they still have permission to see those things, but they don't see anything when they look.

Note, I have not looked deeply, so maybe it doesn't work like I said. I would not expect multitasking to be very seamless with this method. Also, I know there are some permissions that have "cross-user" abilities, so maybe there is still a way to accidentally allow an app to access your real data.

[guelo]

Lollipop already added profiles. No reason you couldn't have a profile per app.

[minusSeven]

blackberry allows blackberry users to choose what permissions they won't allow access of in their apps. This doesn't work with the android apps but works rather well with blackberry apps.

For example 2048 game has a lot of permission but being a game I don't allow a single one and it still works flawlessly. I would love to see something like this in android as well. But for now users are at the mercy of app developers.

[0x5f3759df-i]

You can use Xprivacy with Xposed to feed an app fake or empty data on a permission by permission basis. This works better than blocking permissions because sometimes apps don't fail gracefully when a permission is denied.

[Nicholas_C]

Isn't there an app that restricts these permissions? I believe your phone has to be rooted for it to work though.

[leeoniya]

XPrivacy: https://play.google.com/store/apps/details?id=biz.bokhorst.x...

App Ops: https://play.google.com/store/apps/details?id=droidmate.appo...

Also, if your phone isn't rooted, is it really yours?

[MichaelGG]

Yeah, but I have a Huawei Mate 2, which, last I looked, had some really obscure rooting instructions. Most steps consisted "download this random exe and give it admin permissions". Plus you have to email Huawei and ask nicely for the bootloader unlock code.

And, rooting doesn't help the majority of users. Whereas protection from spying would. But Google, perhaps accidentally, seems intent on making permissions less visible and has no problem with devs requesting every permission. And since so many major apps do this, users have no effective recourse.

MS and Apple got this one so much more right.

[pjmlp]

And Nokia before them with Symbian security.

[fshen]

Four years of android user. Just switch to iphone6 2 month ago.

Almost every app requests too many permissions. Almost every app starts a background process to receive notifications. which are very bad.

[st3fan]

iOS apps do not (can not) "start a background process to receive notifications".

Notifications are globally handled by the OS over a single dedicated optimized connection. And then dispatched to the individual applications.

[digi_owl]

And i think Google introduced an API in 5.0 that offers a opt in to something similar.