Google unveiled the developer preview of the next version of Android at its annual I/O developer conference last week, and there’s a big difference from previous versions in how it will handle user data.
Instead of forcing users to accept a long list of app permissions up front when they install an app, Android “M” devices will ask for permission to use certain features only when it needs them – what Google calls “runtime permissions.”
This change in permissions structure will finally give Android users the same kind of control over how apps access devices and data as iOS users (and Firefox OS users, too).
It works like this: when a messenger app like WhatsApp or Facebook Messenger wants to access, say, your location data to tell your friends where you are, a dialog box pops up asking for that permission.
If you hit “deny,” the app won’t be able to access that data and, according to Google’s overview for developers, it should “handle lack of permissions gracefully.”
If the app is not granted an appropriate permission, it should handle the failure cleanly. For example, if the permission is just needed for an added feature, the app can disable that feature. If the permission is essential for the app to function, the app might disable all its functionality and inform the user that they need to grant that permission.
What’s even better – users can go into an app’s settings and change the permissions at any time.
So you can grant permission for an app to access your device’s camera (maybe to make a video call), for example, and then turn off that permission if you decide don’t want the app to have that capability.
You can also see all of your apps that have the same type of permissions within the Apps screen in your device Settings – so if you want to know which apps have access to your camera, you can see them all in one place and decide which ones you want to have that permission.
Google tried out this kind of granular control for app permissions before, in a hidden feature called App Ops that it claimed was “accidentally” released as part of Android 4.3 (Jelly Bean), but quietly removed in Android 4.4 (Kit Kat).
Back then, Google sheepishly responded when confronted by privacy advocates that the App Ops feature wasn’t ready, and that it would “break many apps” because they weren’t designed with that functionality in mind.
This time around, Google is encouraging developers to make their apps fit the new paradigm, but Android M also has a way to handle older apps that aren’t designed for runtime permissions – by feeding them “empty data” if the app doesn’t have the right permission.
The transition from Android’s all-or-nothing approach to runtime permissions could be problematic for some apps, and some developers may not like the new structure.
Android product manager Ben Poiesz said at Google I/O that the change is “like switching from the left side of the road to the right side of the road.”
It could also make some Android developers less inclined to build free apps in the hopes of earning revenue by selling your data to advertisers.
If that means we’ll see fewer Android apps that suck up as much data as they can when they really don’t need access to sensitive data like your location to do what you want them to do, that’s a big win for user privacy.
Unfortunately, the many millions of pre-Android M users won’t have the same ability to control app permissions – but Google is definitely taking a step in the right direction.