Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Google does not list application permissions in the Play Store any more
471 points by datalist on June 10, 2022 | hide | past | favorite | 167 comments
https://postimg.cc/6y3Z9yjY

They had implemented that already a while ago, then reverted the behaviour, and now implemented it once again.

It seems as if it was not "enabled" for everyone yet, however.

They hid the permissions with each version better and better and apparently decided now, users don't need them at all.




While it is much less of a concern with runtime permissions that are optional.... yeah, I greatly dislike this too.

In particular because not everything is a runtime permission. E.g. I like to know that [apk X] has no internet or file permissions at all - it rules out nearly all practical ways to leak your information. And google just keeps taking more and more steps to hide that information from me.


My biggest pet peeve is optional runtime permissions that are not optional.

I have a CO2 monitor that you read through an android app. It cost like $250. If you don't give it geolocation permission, it just says "this app needs geolocation permission" and shows you a button to go to your settings to enable it. Any time you disable geolocation, you get that message and button again.

I have yet to find any geolocation functionality in the app.

EDIT: Please see epukaza's comment below. There is a legitimate reason for this permission, which his comment explains.


The app needs the geolocation permission to access the bluetooth radio and scan for devices. Any company can can technically do geolocation using nothing but nearby bluetooth MAC addresses if they have location information for any other phone/device in bluetooth range.


With the proper permission set (neverForLocation), the OS shouldn't ask for geo-location permission. So the app seems malconfigured, or it's actually doing something with the Bluetooth beacons that it can't do otherwise.

https://developer.android.com/guide/topics/connectivity/blue...


That permission is pretty new, so the app might not have been updated for it.


What you said sounds plausible and I believe it.

Assuming you’re right, it’s really sad that multiple sibling posts assume that the app was doing something shady and selling the user’s data. It shows, in general, how little trust people have in apps on their own phones.


Trust is earnt. I can reasonably have a default level of low trust for practically any app. This isn’t some blind anger stance. Its not blanket mistrust or some kind of ignorance. It is healthy scepticism. Totally reasonable in today's environment.

Plenty of app developers have muddied the water enough that apps should have a lower level of trust given to them. Stealing data is a reasonable fear now. It is not reasonable to assert otherwise.

It is therefore reasonable for a person to wonder why geolocation is requested but then be suspicious why it doesn't seem to need it. Regardless of the underlying technical reason. Those technical reasons are part of informed consent. If I don't have informed consent, do I really have consent?

Its also not a sad state at all. Its healthy. Its part of the modern landscape that someone can be suspicious and rightly so. If not, you're setting people up for misfortune. Is there some reason you want people to blindly trust like this? That seems almost abusive to me.


I don't know about others, but thanks to a combination of protocols, google and law-enforcement my trust on phones and anything connected to it is basically zero, despite being quite secure on a technical level.


> Assuming you’re right, it’s really sad that multiple sibling posts assume that the app was doing something shady and selling the user’s data. It shows, in general, how little trust people have in apps on their own phones.

This is almost all apps. Your default assumption should be that anything on the big app stores is being as malicious as they can get away with -- especially if it is a forced install leveraging some product you have already purchased that could easily be sent over a standard protocol.


The Canon printer configuration app has the same sort of soft geo-permission lock. Sniff the network traffic right as you enable it, and you'll see your data happily find its way to their servers.

_Maybe_ the app is fine, but in the cases I've checked big corporations abusing your privacy is the norm.


Trust is earned not granted. You don't trust a random stranger walks by, why should anyone trust apps created by some random organizations? Especially given some calculator and similar apps came with a privacy statement, how much trust do you believe we should have in apps on our phones?


It's sad that so many apps can't be trusted, leading to a lack of trust in apps in general. But that's not our problem.


I could not agree more.


Ah, that would make sense. It is indeed a bluetooth connection and it scans for any nearby devices. Thank you for clarifying that, I appreciate it, and I feel a lot better about the app!


Can you tell if that's all it does? I don't know what all geolocation covers in Android terms, but it would certainly be a superset of just scanning for BlueTooth.

I would be curious if it does any or all of:

- Fetching GPS coordinates, which are typically to many decimal places. - Making API requests to external servers that you don't own.

A tool like MobSF (https://mobsf.github.io) might be very enlightening to understand what a given app does, or at least can do. I've tinkered a bit with an iOS app in it, but not Android so far.

Also, proxying your device through Burp Suite or ZAP could also be interesting to see what traffic occurs, especially if the developers weren't picky about valid TLS certificates.


> The app needs the geolocation permission to access the bluetooth radio and scan for devices.

Sure, but why does the app need to be able to scan for any and all Bluetooth devices? There should be an entry in the manifest describing the kind(s) of devices the app wants to interact with, and only those devices should appear in the scan. Naturally the list would need to be reviewed to verify that the selected devices are related to the app, and presented to the user in the app store along with all other requested permissions.

In this particular case the same company designed both the app and the device it's connecting to, so for all we know the device could have an embedded GPS receiver to provide the app with much more detailed location information than it could get from Bluetooth alone. It could also just relay its own Bluetooth scan results. However, the app at least couldn't easily get location data from Bluetooth scans when the device isn't in range.


This permission structure has now been split up in latest versions of Android to avoid this kinds of confusion.


The fact you couldn't find that reason yourself implies you could not have made an informed choice. You were effectively compelled. That isn’t permission consent. That was permission coercion. Being forced to consent isn't ethical.


They obviously want to collect the "CO2 readings at location" data and sell it to the highest bidder.

Why do they refuse to opt you out of being an unpaid drone generating $0.02 worth of data for them after you paid them $250? Because they can, since we don't have any laws forbidding it.


A colleague of mine discovered his air monitoring device companion app was uploading to their website along with a map pin on his precise address. He wasn't too happy about that


"This dirtbag cares about the quality of his air! Get him!"


At the risk of getting off topic… For anyone now curious about CO₂ monitors, I’ve been running an imitation of this setup and have no complaints:

https://github.com/larsp/co2monitor

Adafruit’s SCD-30 is also nice and pairs well with a Pi Zero W.


The geolocation information is not for you, it’s just sent along the rest of your information.


> E.g. I like to know that [apk X] has no internet

As far as I know (please correct if this is wrong), there's no such thing as an app with no Internet permissions. All apps can access the Internet without permission, and only additional uses of the Internet (e.g. seeing your WiFi AP name) require special permission.

AFAIK the "Internet" permission many apps requested was actually for this more advanced usage - just to hit a REST endpoint or something required no permission at all.


The internet permission is separate, and without it an app can't connect to the network:

https://developer.android.com/reference/android/Manifest.per...

It's so commonly requested though, that virtually every app does have it.


(extremely) commonly requested, and granted implicitly for I-don't-know-how-long-but-it-is-a-long-time.

But for quite a while you could still read the permissions list in the play store, and see if it used it. And adding the permission would still give you a warning on upgrade (outside the play store anyway). Both of those (I believe) are gone nowadays.

It's obviously going to be requested by most, but its absence can be extremely relevant, e.g. https://play.google.com/store/apps/details?id=keepass2androi...


> please correct if this is wrong

It is wrong. Internet permission is made of INTERNET and ACCESS_NETWORK_STATE, which are "normal"-level permissions to be specified in the Manifest. Without them, no Internet. Correctly: there are plentiful applications that do not need it.


Google play stopped showing the internet permission ages ago, but it exists.


That seems OK since it still asks you as it needs them when running an app, and "prunes" permissions away from apps that you do not use often.

Lots of apps only need specific permissions if you use specific parts of the app. And apps are much larger (one app does more things) than they were 5-10 years ago. Eg you can use some apps as a camera, but never as a photo editor, and get use out of it by only giving some specific permissions (camera), forever.


You are right, but that doesn't seem like a good excuse to remove that information from the Play Store completely. It would be trivial for the Android APIs to require that all permissions requested programmatically are also present in the manifest. This would continue to give user's a picture of what the app could/would request.

They could just change their play store listing from "Required permissions" to "Permissions this app can request". This is similar to the "nutrition label" approach that the Apple App Store has.


IIRC it's already in the manifest.


Yup, you must _both_ put the perms in your manifest, and then _also_ request them at runtime now (at least for many "sensitive" ones... not sure if there are exceptions for any others.)

Google's docs are very clear that apps are meant to explain the need for perms, and the impact of denying them at runtime... I'd love to see the play store to also provide publishers a way to specify what the impact/loss of features is if you deny them at runtime. Trustworthy publishers would love this, and the non-trustworthy ones... ¯\_(ツ)_/¯


> That seems OK since it still asks you as it needs them when running an app, and "prunes" permissions away from apps that you do not use often.

No no no no no, this is a total catastrophe. I can't understand how it got implemented at all.

I just missed a birthday notification from my calendar app because Android "helpfully" removed the app's ability to create notifications! After all, I hadn't opened the calendar app in more than six months!

Infuriatingly, I caught the original message telling me "hey, we just noticed that your calendar shouldn't be allowed to send you reminders" and I tried to restore the permission, but that doesn't seem to have worked.

Whoever designed and implemented this "feature" shouldn't be trusted to put on pants.


> and "prunes" permissions away from apps that you do not use often

Certainly agreed: a system should never "take the initiative" and replace you in decisions.

I am seeing cars that act along the lines of "Ah, you turned off the air conditioning, so I'll proactively open the windows": this clearly indicates that some manufacturers have embraced decadence and nihilism, they "have given up" and "want to watch the world burn" (unless they are simply underage savages).


Yeah that feature is complete garbage. The intent is laudable (reducing permissions for unused apps) but the implementation of getting a notification every once in a while with a ton of permissions removed is awful.

Combined with the fact that Google seems to be sending more notifications for all kinds of junk nowadays makes it even easier to fail to notice that.


Fully agreed. What's worse, even if you painstakingly go through all your apps and disable this anti-feature—since there no global setting—it just gets turned back on the next time the app is updated. Putting aside the abysmal UX, automated systems should respect clearly-expressed user preferences.


Android documentation says that if the permission is auto removed, you'll get a permission prompt next time a notification is sent.


This clearly isn't OK. I want to choose between an app that asks for what it needs to work and an app that ask everything it can, before installing it. It's a dark pattern.


The new data safety section lists things that look like permissions as well. Should permissions be clearly listed in the new data safety section? I think it would be more helpful that way.


Don't you have more context to understand and grant the permission request at runtime? For example a banking app might want access to the camera for depositing checks, but until I'm actually depositing a check it might not be clear why it would want to use the camera.


You can ask later, too. But be clear upfront, I want to compare choices. Not many choices in that case in which you install the app your banks has.


I'd prefer to avoid even downloading apps if they ask for permissions that aren't necessary. To hide that just makes me never want to use the play story anymore.


Why is this okay?

I wouldn’t download, e.g.; a video game that would ask for my contacts or location.

Why should I have to download and wait for the app to install before I know what permissions it’s asking for?

Furthermore - what’s the possible purpose of removing this information when it was already there?


Here's a reason: if you never download it, you can't give it a 1-star review.


One of the permissions I'm really reluctant to grant is "run at startup". As far as I know, that's granted at install time, not prompted for, and there's no way to disallow it. Is there now going to be no way to know if I'm granting that or not?


What's wrong with run at startup?


My calculator doesn't need to run at startup. There's nothing useful it could do in that situation, the only possible reason is to download ads, track me, or just pointlessly waste battery.

Ditto for a wide range of apps. Pretty much everything that isn't a messaging app.


Exactly. Tracking me, wasting my resources, etc.


What about standard permissions? The user is never prompted for them.


What are standard permissions in this context?


Network access, for example


This change was when I stopped downloading from the Play store. Prior to that you could easily see that the compass or flashlight app you were going to install needed network access, something that set off alarm bells given the state of malware back then.


It was a bit of a pointless permission because literally every app requested it. The android permissions system very quickly fatigued users in to accepting everything. The new model is much better. Allow the user to actually deny the important permissions but just accept that network access is what apps do now.


> literally every app requested it

No, not every application requested network access. And surely not a small number of users checked if a calculator or a sound recorder did, and, also checking the developers' justifications for including specific permissions, decided their (dis)trust.


I agree this is a better set of defaults, but there should be a toggle in the settings someplace, even deep in the developer mode settings, that gives users control over more granular permissions and allows them to choose which permissions to auto-grant and/or auto-deny.


Though I agree with you, why is this level of detail demanded of mobile apps but not of desktop apps? I would love to be able to sandbox desktop apps as well.


Since when network access is standard? Access to filesystem is not, use of hardware components but for display and speaker is not, internet access is not... Maybe you are referring to the exploitation of "intents" to exchange with networking enabled applications?


Network access requires no user approval. The only place you could find it before granting it to an app was via the permissions list in the play store.


Ok, let us clarify the matter a little.

An Android application requires "permissions" to do "anything past the basics"; permissions have to be declared in the "Manifest" file.

There are (simplifying) two main types of permissions: "normal"¹ and "dangerous, runtime"²; the former only need to be specified by the programmer in the Manifest; the latter also need direct confirmation from the user at a requester prompt.

This implies that "normal" permissions are granted by the user implicitly with the action of installing the application. Which means, that it is _quite important_ that the user sees the permissions list beforehand, before installation.

--

¹"Normal": BLUETOOTH, INTERNET, VIBRATE...

²"Dangerous": READ_CONTACTS, RECORD_AUDIO, SEND_SMS...


Same with "run at startup" and some other important ones; there's no way to deny it once installed.


This is why having a firewall installed is essential in every android phone. Afwall+ does the job. My phones are all rooted but if I'm not mistaken it works on non rooted phones as well.


Nope, it requires root, as it should, really. Anything that can mess with networking at a low level needs root; there's no Android permission that I know of that lets you get down to iptables level.


There do exist "noroot" Android firewalls; I am not sure how they work (I think by somehow becoming interfaces - like "noroot" packet sniffers), but very probably not through `iptables`.

There are products on GitHub; I am looking at NetGuard (from, I think, Marcel Bokhorst aka M66B - the project has many forks). The .md says, «The only way to build a no-root firewall on Android is to use the Android VPN service».


LineageOS. Or Murena, if you can't be bothered to install it yourself. And then use f-droid, or if it's not available there, Aurora store.

As seen on computers, OS is too important to be left to companies - if you value your freedom of choice and privacy, that is.


I am very much fed up and ready to get on board with you but one thing that holds me back is photo quality.

Nowadays camera sensors are only half the story and most of the iphone-like photo quality is achieved in software.

Have we reached a point where non-OEM apps can deliver something comparable to the market expectations from big manufacturers?

I am ok with narrow combinations e.g. if you use app X on Hardware Y you have amazing photo results.

Is there something along those lines that anyone can recommend?


There's a whole GCam (Google Camera) modding community that manages to get image quality that's often better than what non-pixel OEM vendors offer. These ports usually work on LineageOS (and other ROMs) This site has a large collection of models and the config files generated for each device: https://www.celsoazevedo.com/files/android/google-camera/ I think they link to some Telegram channels too where people share the kinds of photography they get with the modifications.


That is exactly the type of answer I was looking for, thank you.


This brings up a slightly tangential question I have. Is other peoples photography like other peoples dreams?

In that no one cares about it unless they're in it.


>one thing that holds me back is photo quality

But... why? I use open camera. It works. It takes pictures. Those pictures look alright, pretty damn good even. I certainly don't look at them and go "well blimey I just can't tell what this picture is meant to be".

Whatsapp ends up destroying the quality when I send them to friends anyway.

Like, maybe if you've got a huge instagram following and a patreon drawing in money based off that or something? I dunno, it's just one of those things I really can't wrap my head around, so long as I've got a picture I'm happy.


The commenter explained why. (they mentioned the iPhone specifically; this may be the case moreso on there, I don’t follow Android)

It’s because there is a metric shitton of software that goes into the camera app itself, and access to the camera’s hardware does absolutely nothing to enable these features.

IIRC there’s actually some sort of crazy ML shit behind Apple’s native camera app; I would be very curious to see what a raw photo from the same sensor would look like in comparison.

Having said that whatsoever validates the commenter’s point.


> I would be very curious to see what a raw photo from the same sensor would look like in comparison

Raw format photography (ProRAW specifically) has been officially supported on iPhones since around iOS 14.3 (which was released in late 2020), and plenty of people have reviewed that functionality already.

As for how it would look specifically, it is difficult to give a straightforward answer, because RAW photos require a good amount of manual processing. And the final result of is going to look 100% subjective depending on the person and how they manully processed it. Just like how the same would be the case for RAW photos taken with a DSLR.


Secure Camera by GrapheneOS[1] is what you're looking for. It's built on the latest CameraX API, which means it supports all the modern sensors.

[1] https://play.google.com/store/apps/details?id=app.grapheneos...


Or GrapheneOS with sandboxed Play Store.


Enough people need to adopt them, for it to truly be effective. At which point they just become the new Google.


Not really, if anything, they (Murena) become new Canonical. There's still Debian (LineageOS in this case) when they overplay their hand (like Ubuntu is doing with snap).


Probably because all apps are now required to target the latest api, which means most permissions are done by user prompts, and not just by downloading the app.


Given that modern apps are dozens or hundreds of megabytes, on a slow connection I'd really like to avoid having to download the app just to learn it requires permissions it doesn't need.


I hate installing and uninstalling apps. And overly permissive apps are a good sign they're not my friend in the first place.


The iPhone has worked like that (to various degrees) for a long time. But Apple still added their privacy label things to tell me if an app is going to try to track my location.

I don’t want to download a clipboard helper of some kind and find out it’s going to ask for my GPS coordinates.

I want to know ahead of time.


Apple's Privacy Labels and Google's equivalent in the Play Store are unrelated to permissions.

An app may have permission to do something (e.g. access your location), but if the app's usage of this feature does not involve your location being sent to the app's server and stored somewhere, it does not need to be disclosed in the privacy labels.

Apple and Google cannot verify what happens with your data when it leaves the device - they rely on the honesty of developers to explain what happens.


I believe Google is addressing that concern via the new Data Safety block.

This is a better approach for the goal, because if there's one thing they learned from years of offering the permissions list, it's that users can't convert the concept of "app permissions" into a good mental model of "What data the app can collect on me." They just aren't on average savvy enough. So the Data Safety info answers the question users actually care about without added complexity of pretending the average user is a developer who groks what permissions mean.


Privacy labels are something very different and Play Store has (or will soon have?) that as well.


So now I have to install an App to discover it wants access to things I don't feel comfortable giving it access to, uninstall it, and then go into my profile and disassociate the app from my Account?

That sounds so much easier than just listing the possible permissions it might ask for on the Store Page before I install it.


I still miss the good old days of Android when apps didn't automatically receive the internet permission.

Now get off my lawn.


Afwall+ is your friend. No app should ever get internet access unless it's needed for it to work.


I've been running netguard for this reason, yeah. Many have no need for internet access.

As a bonus, the DNS-based adblocking works extremely well. Not perfect, but dramatically better than nothing at all.


firefox supports ublock origin on android :)


In latest Gboard update, in the what's new section on play store is "no information from the developer".


Could this be because every privacy relevant permission, except internet access, now requires a manual approval dialog? Why list every permission when it's only used for specific feature X which is requested upon usage?


Because a lot of these apps claim such and such permission is required and won't run until you grant the permission


That sort of thing should be called out in (1-star) reviews.

The Samsung Gear app is like that, for example. You need it if you want to tweak the settings for their Galaxy Buds headset (the ambient sound level, for example), but on first startup it prompts for what appear to be all the permissions needed for every kind of Samsung device, including things like smartwatches—calendar, contacts, notifications, the works. If you deny any permission the app refuses to start, even though none of that is necessary for the task at hand.

My workaround was to install it and then immediately disable all Internet access (airplane mode), adjust the settings, and then purge the app from the phone before turning the network back on. Fortunately the settings are persistent even without a constant connection to the app. I think that should be sufficient to avoid any unwanted data leakage, but it's a lot of work for relatively minor benefit, and the process must be repeated any time the settings need to be adjusted.


Aurora store does. Also F-Droid.

I did not use play store over 3 years and I'm not miss anything.


This is truly a sad state of affairs—I really hope this was just an oversite as a result of the new Data Safety section they have been rolled out as I frequently used this permission list to determine if I was going to install an app or not.


Honest question, how many of us read permissions after scrolling through the description and then download ? It might make sense if you have metered bandwidth, not otherwise. I first try to find an ad-free app, install it and then see if it asks unnecessary permissions and go from there.


Yes. I check permissions on every app before I install it. Or, at least I did until that was recently taken away.

There are some permissions given to apps without a user prompt, e.g. start at boot. If there are five similar apps with similar functionality and ratings, I'll typically choose the one asking for the least permissions. And if I notice an app looking for excessive permissions (e.g. location) with no good reason why (e.g. a terminal app), that'll give me a clue that there's a ton of data being collected.

Once upon a time, a giant percentage of a device's user base was tech-savvy early adopters. But with billions of devices having been sold, 99%+ of Android users have very little interest in details like permissions.

But when these details are taken away... when I can't see permissions, when apps I use lose features because of new, restrictive Play Store policies, and when Android continues down this road of "privacy" without insight into exactly what my phone is doing... well, if I wanted this, I'd have chosen an Apple device.


I always read the permissions and have decided not to install applications several times because of it. I'm very likely an outlier but I'm still curious about the reasoning behind this change.


If I open up a basic text note app and I see basically every single permission listed, I get an idea of the mentality involved in the creation of the app. I specifically prioritize apps that ask for fewer permissions.


I recall in several write-up about potentially harmful apps that, apart from the review, another helpful method is to check the permission and see if it's necessary for the main function of the app. Having the list of permissions before installing is helpful in determining whether it requires more permission than necessary to function.


I always look at the permissions for apps I use.


Something else I noticed was removed a while ago was info on underlying kernel version etc.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: