Android 4.3, released in July, had a feature that enabled users to install apps but also keep them from collecting sensitive data such as a user’s location or address book.
That app, App Ops Launcher, was “a huge step” in the right direction for Android privacy, said Peter Eckersley, technical projects director at the Electronic Frontier Foundation (EFF), in a laudatory writeup posted last Wednesday.
From the Wednesday post:
Want to install Shazam without having it track your location? Easy. Want to install SideCar without letting it read your address book? Done.
... App Ops Launcher is a huge advance in Android privacy [that makes] Android 4.3+ a necessity for anyone who wants to use the OS while limiting how intrusive those apps can be.
The Android team at Google deserves praise for giving users more control of the data that others can snatch from their pockets.
One day later, Eckersley snatched that praise from Google’s pockets.
It turns out that Google, when it released Android 4.4.2 earlier in December, removed App Ops – a situation that Eckersley discovered on Thursday, when the EFF installed the 4.3 update to its test device, only to find that App Ops had blinked out of existence.
In fact, Google had, well, oops! never meant to release it in the first place.
The app, Google reportedly told Eckersley, was only released by accident, was experimental, and, for all Google knew, could well break some of the apps it’s supposed to police.
In a second posting, on Thursday, Eckersley said that the EFF is “suspicious” of Google’s explanation, saying that the EFF doesn’t think it justifies removing the feature rather than improving it.
The EFF not only wants Google to bring back the feature; it also wants to see other critical protections, such as letting users disable “all collection of trackable identifiers by an app with a single switch, including data like phone numbers, IMEIs, information about the user’s accounts.”
The EFF also wants Google to find a way to let users disable network access for certain applications that really shouldn’t need it, such as flashlights, wallpapers, UI skins, and “many” games.
Google hasn’t chosen to comment further on the accidentally-improved-Android-privacy issue, but the situation doesn’t necessarily call for pitchfork-wielding mobs.
As InformationWeek’s Thomas Claburn pointed out, it’s pretty easy to see that App Ops was leaked by accident, as Google told Eckersley, given that you had to be a fairly devoted Android fan to discover it.
In fact, when Android Police ferreted out and then reported on App Ops back in July, Ron Amadeo described it in his writeup as a “hidden” feature, tucked away in the package installer.
“It’s not really ready yet, so Google has hidden it,” Amadeo wrote at the time.
The feature seemed to work, he said, so he gave instructions on trying it out to those who might be “feeling adventurous”.
The choice to feel adventurous and get frisky with your Android is yours to make.
But if you want to strap a life jacket on before tossing your Droid into choppy water, I suggest reading about Sophos’s free Mobile Security for Android app.Follow @NakedSecurity
Image of y fronts from Flickr