Jeff Atwood describes the app-installation-headaches nicely here: http://blog.codinghorror.com/app-pocalypse-now/
I suspect that a lot of users end up never updating apps like this. It makes a lot of sense for the developer to request everything that he might want upfront.
And yes, I also decline to update apps that demand additional permissions. Requesting more permissions up front will not help you with this, at least not with me.
It's painful to have a bunch of permissions in the manifest that aren't used by 100% of users, but 100% of them have to allow them if they want to install the app.
While I hate it my game dev friends retort that they see no negative repercussions... as in their install rates don't change perceptibly based on permissions requested. A few geeks like me might refuse to install but we're such a tiny percent of their customer base that it's not worth it for them to find alternative libraries or write their own.
Android needs this desperately. One of my apps has ~15% of users never updating because I added an additional permission and when you do that you can't auto-update. I wish I could just ask for it at runtime, since it's a Camera permission and I added picture-taking to my app. I'm sure 100% of users would say yes at that time.
I'm an Android user, but I prefer the unix philosophy, I just want an app to do one thing and to do it well. It's hard to find apps that do that I find.
Examples that have turned me away from apps before: a filesystem viewer doesn't really need the ability to control my wifi. An ebook reader doesn't really need access to my contact list.
With the double dialog approach, you definitely have a point. Google Maps on iOS nags me every time I open it to give it location permissions.
However, tying it to an explicit action like the end of the article means it only appears when the user tries to do something that obviously requires that permission. There's no unprompted nagging involved.
It kind of reminds me of the story I read somewhere where app developers were showing their own dialog asking you to rate their app. Only if you chose a high rating would they actually forward you to the respective app store to actually leave a review/rating. If you gave a poor rating, they would simply "eat" the response without sending you to the store.
A notable recent occurrence of this was Dungeon Keeper:
I'm fortunate enough to understand (I think!) what apps are doing; I've played a few games that ask for ratings in return for in-game bonuses, and I usually click the button that takes me to the app store, don't rate anything and jump back into the game.
I share the same frustration and instead deleted the app and used the website instead. Google does not need to know my home location.
The same app also asks me to logon with my Google account - persistently. There is no option to say 'stop fucking asking'. The Google Maps for iOS team is obviously a bunch of brogrammers without kids, cos if they weren't they'd realise that a common use case for an iPad is a family shared device. Hence, I don't want to login with my account, and I don't really want anyone else from my family to either.
To annoy me further the app already knows my google account name. How? I thought these iOS apps were sandboxed?
Sorry rant over. It pisses me off that I have to make a decision between privacy and convenience. Such is life.
Back in iOS6 I added a passcode to changing location service permissions on a whim of security. I promptly forgot it. Upgrading to iOS7 has added extra security measures that makes it impossible to extract the passcode from backups :(
They do :)
See all of the NS.*UsageDescription keys listed here:
Our experience at Theneeds is kind of strange in this regard. We have the "classical" initial join page with social buttons, and we ask for permissions when the user tap one of them. Surprisingly, we realized that many users click on Facebook icon, but next they "Don't allow" permissions. This forced us to implement a web fallback to still be able to authenticate the users (without forcing them to go to the iphone settings).
If you can make your users feel more comfortable about the legitimacy of your app and help them to feel more at ease with giving away those permissions, then you're doing a good job.
"SuperApp would like to send you push-notifications"
Absolutes are usually bad advice. Some apps effectively use push. Many don't. With iOS' limited background modes, despite advancements in 7, sometimes you need to get the user's attention, and push is the means.