
Updated Facebook for Android requires "Retrieve Running Apps" permission - SoapSeller
https://play.google.com/store/apps/details?id=com.facebook.katana&feature=nav_result#?t=W251bGwsMSwxLDMsImNvbS5mYWNlYm9vay5rYXRhbmEiXQ..
======
kakuri
I really hope Google fixes Android's broken security model. As the owner &
user of an Android device, I should be able to configure feature access on a
per-app basis. It's ridiculous that you have to either grant an app all
requested access, or just don't install it. You should be able to install it,
but choose which features to grant access to and which to deny.

~~~
salman89
What if core features of the app rely on the permissions? Is the onus on the
app developer to build checks for permissions or on the user to realize the
app isn't working the way it should because they disabled some permissions?

~~~
moron4hire
I see nothing wrong with making developers check for features before using
them. Should be used to it, with the variability of platforms.

------
_chrismccreadie
I would like to see Apple, Android and Microsoft provide a mechanism where the
developers can explain, in their own terms, why they need access to certain
permissions. I own an HTC HD7 which is WindowsPhone 7. I remember installing
some generic music player app (for the life of me I cannot remember the name
of it). It required access to, among other things, my location information. At
this point the installation was cancelled and the app deleted from my phone.
All I could think was "Why on Earth do you need to know where I am to let me
listen to my music?".

If developers were at least given an opportunity to explain to their users why
they are requiring certain information, consumers may be more willing to allow
access. It seems to me many apps take a "lets grab all the info we can"
approach which is extremely off putting.

~~~
Zigurd
Unfortunately, what you describe is the ideal case.

A typical case might be:

1\. Developer releases free app

2\. Users find it useful

3\. Developer seeks to monetize, adds some mobile ad network libraries

4\. Ad network libraries want the user's location

5\. User's who liked the app now find themselves OK'ing a frivolous-seeming
permission during an update, or they have to uninstall the app, potentially
losing access to some of their own data.

And so we find our developer on the slippery slope. Putting the power to cause
those apps to fail when they do dubious things in the user's hands means that
developers would be more discriminating about their monetization partners,
among other benefits.

~~~
_chrismccreadie
All good points and I'm sure many of the app developers on HN will be able to
give reasons as to why they are unable to provide this information on the apps
they develop and I suspect it is all closely controlled by the platform as
opposed to the developers themselves.

If the app I downloaded said "Our free version requires your location due to
our arrangement with our Ad providers" I would have at least known why they
were wanting my location.

I know this doesn't solve the problem, people will still have the choice to
either accept it (albeit grudgingly) or uninstall the app. What it does do
however is acknowledge they are asking for permissions to a users data. If
someone asks for my permission to use my car is it unreasonable for me to know
why they want it?

------
mcrmonkey
The increasing number of permissions that appear to be out of place for this
app is exactly why i hit the "force stop" button for the app about a month ago
and then went on to hit the uninstall button for it about 3 hours ago. I would
like to continue to use the facebooks messaging features though. however their
need to include the read/write/edit your SMS/MMS messages permissions is a
serious put off and causes me not to want to install it.

~~~
bsimpson
That's because they are the SMS app for Facebook Homeified devices.

~~~
toomuchtodo
Are Facebook mobile developers that bad they can't check if they're on a
Homeified device and degrade gracefully if they're not?

~~~
RobAtticus
What are you asking here? They probably can, but they still need to request
the permission upfront because that's how Android is set up.

~~~
toomuchtodo
I'm asking who is responsible for the poor application design choice.

~~~
dstaley
It's not a "poor application design choice." Facebook wants to provide the
ability for users to send and receive SMS/MMS from the Messenger app. Even
though it's a feature you can turn off, the app must request the permission
even if it's not using the feature. This is an Android limitation. A better
solution would be to the app request permission only when it needs it, such as
how an app requests your location or access to your photos on iOS.

~~~
lucid00
Android provides this for some features but not all.

The problem is if an app requests too many permissions it gets messy to just
show a pop-up dialog for each and every one.

This is the reason why Google Chrome and Firefox started working on web apps
that essentially are just fancy bookmarks those bookmarks provide permissions
before hand for the web app so that they don't need to be requested later.

------
lazyBilly
I'm not gonna lie, I like using facebook, but I unplugged it from my phone a
while ago and haven't regretted it. Social networking is a fun diversion but a
terrible lifestyle.

------
jcomis
It's pretty much the only thing left they didn't already require, so no big
surprise here. Perhaps it's time to switch to only using the web version on my
phone...

~~~
petepete
I do this and don't miss the official app. At first I did miss having my
contacts synced, but HaxSync does this fantastically.

[https://play.google.com/store/apps/details?id=org.mots.haxsy...](https://play.google.com/store/apps/details?id=org.mots.haxsync&hl=en)

~~~
nfriedly
Just bought haxsync and so far its doing exactly what I want - thanks!

Otherwise I just use FB in the browser too.

------
np422
This is it, the final call, privacy invading has gone to far.

I'm already wearing at least half a tinfoil hat, now it's time to put it on
leave it there.

I have already deleted my facebook account a long time ago and honestly I
haven't missed it ... at all!

I encrypt all my hard-drives at home and on my laptop, just because I can.

I have several privacy extensions installed in my browser and I try to avoid
using chrome unless it's absolutely necessary.

I still use google search and gmail, but I will migrate away from them in the
near future.

I do not want to be the product being sold any more, I don't want anyone to be
able to put together a complete profile on me with a few clicks on keyboard.

"The line must be drawn here, this far - no further"

------
pkhamre
Related to the new Facebook Home app-launche feature?

~~~
dannyr
Yup. The Facebook Home pretty much communicates directly with the Facebook App
which has all the permissions needed to be a Home Replacement/Launcher.

This is why Facebook Home does not need any permissions.

[https://play.google.com/store/apps/details?id=com.facebook.h...](https://play.google.com/store/apps/details?id=com.facebook.home)

~~~
zerovox
Well it is no wonder they had 'Too many methods'[1] in their Facebook android
application if they've packed all the features into their facebook client, and
left their messaging and launcher applications as thin wrappers around the
core application. Is there any good reason they don't split the functionality
to the appropriate applications? Then maybe they wouldn't have to hack dalvik
to run a simple facebook client.

[1] : [https://www.facebook.com/notes/facebook-engineering/under-
th...](https://www.facebook.com/notes/facebook-engineering/under-the-hood-
dalvik-patch-for-facebook-for-android/10151345597798920)

~~~
bsimpson
Before I installed Facebook Home last night, I'd replaced the Facebook app
with a Chrome bookmark, but kept Messenger. I still received and could reply
to text notifications, so Messenger is definitely a real app.

I wonder if Home is just a shell so they can maintain huge install counts on
the main Facebook app. Then again, they could require the main app for API
access and still use Home separately to handle drawing the Home UI and
listening for Home interactions.

------
devd
FYI, on Android, you can get a list of installed Applications without any
permission.

