With the release of Google's Android 6.0 "Marshmallow" mobile operating system this week, we have reached a watershed moment in the history of the Privacy By Default movement.
For over three years, our members have been quietly petitioning to re-introduce proper privacy setting into the Android mobile operating system.
SIDE NOTE: Yes, I did say "re-introduce". Here's a quick recap for those of you who haven't been with us for the full journey: in Android 4.3 (Jelly Bean), there was a feature called 'App Ops' which let users adjust permissions for individual apps. You could, for example, restrict Skype from accessing your contacts list, but still allow it to make video calls and access your phone's camera. The settings granularity was a little primitive and the implementation not as good as it could have been but it showed promise and we liked it. This excellent functionality, however, was completely removed with the release of Android 4.4 (KitKat) in October 2013 and it has been missing from the Android OS ever since.
Our friends at the Electronic Frontier Foundation said this was completely unacceptable and they made their position abundantly clear in Peter Eckersley’s post back in December 2013 “Google Removes Vital Privacy Feature From Android, Claiming Its Release Was Accidental”. Similarly, Dianne Hackborn was vociferous in her article “Android's permissions gap: why has it fallen so far behind Apple's iOS?” which appeared in the technology section of the UK’s highly-respected Guardian newspaper.
So what changed today with Android 6.0? It used to be that Play Store apps would present you with a huge list of permissions upon installation; and then refuse to install unless you agree to all of them. That’s a thing of the past now. In Android 6.0 app permissions are requested when required, not at installation. So the first time an app tries to access your camera, it brings up a request to do so, and you can agree either to that one-time-only or forever. Similarly if you deny the request you’ll be preventing yourself from accessing the feature you just requested - but you’ll be doing it as part of a well-informed process. Ultimately this means you’re not providing access permission to an app for features you never use. For example, if you only use Skype for voice calls it doesn’t need to access your camera.
There’s a smaller, simpler set of permissions now too, and you’ll be able to go in and edit them either by app, or by permission type; the latter will let you universally stop all your apps from accessing say your contacts or camera if you wish.
Clearly this is a big step forward for security, openness and convenience. More importantly, it’s a giant leap forward for the protection of an individual’s privacy. But we won’t rest on our laurels, there is much work still to do.
We still believe all access to all hardware, firmware and software should be disabled when an app is installed. And only when a function is needed should it be enabled thus giving the user a clear, contextual choice.
And, of course, we’ll keep a close eye on Google to make sure this feature doesn’t suffer the fate of Jelly Bean’s ‘App Ops’ and disappear in the next release of the operating system.
Head of Digital Marketing