[HN Gopher] Tell HN: Google does not list application permission...
___________________________________________________________________
Tell HN: Google does not list application permissions in the Play
Store any more
https://postimg.cc/6y3Z9yjY They had implemented that already a
while ago, then reverted the behaviour, and now implemented it once
again. It seems as if it was not "enabled" for everyone yet,
however. They hid the permissions with each version better and
better and apparently decided now, users don't need them at all.
Author : datalist
Score : 232 points
Date : 2022-06-10 19:03 UTC (3 hours ago)
| maxerickson wrote:
| I don't remember, was the information contained in the permission
| similar to the information provided as data safety?
|
| https://play.google.com/store/apps/datasafety?id=com.google....
| josephcsible wrote:
| "Similar" is subjective, but there were a lot of permissions
| that definitely aren't listed there.
| Groxx wrote:
| While it is much less of a concern with runtime permissions that
| are optional.... yeah, I greatly dislike this too.
|
| In particular because _not everything is a runtime permission_.
| E.g. I like to know that [apk X] has no internet or file
| permissions at all - it rules out nearly all practical ways to
| leak your information. And google just keeps taking more and more
| steps to hide that information from me.
| bornfreddy wrote:
| LineageOS. Or Murena, if you can't be bothered to install it
| yourself. And then use f-droid, or if it's not available there,
| Aurora store.
|
| As seen on computers, OS is too important to be left to companies
| - if you value your freedom of choice and privacy, that is.
| aftergibson wrote:
| Or GrapheneOS with sandboxed Play Store.
| DoingIsLearning wrote:
| I am very much fed up and ready to get on board with you but
| one thing that holds me back is photo quality.
|
| Nowadays camera sensors are only half the story and most of the
| iphone-like photo quality is achieved in software.
|
| Have we reached a point where non-OEM apps can deliver
| something comparable to the market expectations from big
| manufacturers?
|
| I am ok with narrow combinations e.g. if you use app X on
| Hardware Y you have amazing photo results.
|
| Is there something along those lines that anyone can recommend?
| joecool1029 wrote:
| There's a whole GCam (Google Camera) modding community that
| manages to get image quality that's often better than what
| non-pixel OEM vendors offer. These ports usually work on
| LineageOS (and other ROMs) This site has a large collection
| of models and the config files generated for each device:
| https://www.celsoazevedo.com/files/android/google-camera/ I
| think they link to some Telegram channels too where people
| share the kinds of photography they get with the
| modifications.
| worble wrote:
| >one thing that holds me back is photo quality
|
| But... why? I use open camera. It works. It takes pictures.
| Those pictures look alright, pretty damn good even. I
| certainly don't look at them and go "well blimey I just can't
| tell what this picture is meant to be".
|
| Whatsapp ends up destroying the quality when I send them to
| friends anyway.
|
| Like, maybe if you've got a huge instagram following and a
| patreon drawing in money based off that or something? I
| dunno, it's just one of those things I really can't wrap my
| head around, so long as I've got a picture I'm happy.
| fartcannon wrote:
| This brings up a slightly tangential question I have. Is
| other peoples photography like other peoples dreams?
|
| In that no one cares about it unless they're in it.
| simonsarris wrote:
| That seems OK since it still asks you as it needs them when
| running an app, and "prunes" permissions away from apps that you
| do not use often.
|
| Lots of apps only need specific permissions if you use specific
| parts of the app. And apps are much larger (one app does more
| things) than they were 5-10 years ago. Eg you can use some apps
| as a camera, but never as a photo editor, and get use out of it
| by only giving some specific permissions (camera), forever.
| is_true wrote:
| This clearly isn't OK. I want to choose between an app that
| asks for what it needs to work and an app that ask everything
| it can, before installing it. It's a dark pattern.
| ece wrote:
| The new data safety section lists things that look like
| permissions as well. Should permissions be clearly listed in
| the new data safety section? I think it would be more helpful
| that way.
| thaumasiotes wrote:
| > That seems OK since it still asks you as it needs them when
| running an app, and "prunes" permissions away from apps that
| you do not use often.
|
| No no no no no, this is a total catastrophe. I can't understand
| how it got implemented at all.
|
| I just missed a birthday notification from my calendar app
| because Android "helpfully" removed the app's ability to create
| notifications! After all, I hadn't _opened_ the calendar app in
| more than six months!
|
| Infuriatingly, I caught the original message telling me "hey,
| we just noticed that your calendar shouldn't be allowed to send
| you reminders" and I tried to restore the permission, but that
| doesn't seem to have worked.
|
| Whoever designed and implemented this "feature" shouldn't be
| trusted to put on pants.
| jfim wrote:
| Yeah that feature is complete garbage. The intent is laudable
| (reducing permissions for unused apps) but the implementation
| of getting a notification every once in a while with a ton of
| permissions removed is awful.
|
| Combined with the fact that Google seems to be sending more
| notifications for all kinds of junk nowadays makes it even
| easier to fail to notice that.
| mdp2021 wrote:
| > _and "prunes" permissions away from apps that you do not
| use often_
|
| Certainly agreed: a system should never "take the initiative"
| and replace you in decisions.
|
| I am seeing cars that act along the lines of "Ah, you turned
| off the air conditioning, so I'll proactively open the
| windows": this clearly indicates that some manufacturers have
| embraced decadence and nihilism, they "have given up" and
| "want to watch the world burn" (unless they are simply
| underage savages).
| Dig1t wrote:
| You are right, but that doesn't seem like a good excuse to
| remove that information from the Play Store completely. It
| would be trivial for the Android APIs to require that all
| permissions requested programmatically are also present in the
| manifest. This would continue to give user's a picture of what
| the app could/would request.
|
| They could just change their play store listing from "Required
| permissions" to "Permissions this app can request". This is
| similar to the "nutrition label" approach that the Apple App
| Store has.
| djbusby wrote:
| IIRC it's already in the manifest.
| abeyer wrote:
| Yup, you must _both_ put the perms in your manifest, and
| then _also_ request them at runtime now (at least for many
| "sensitive" ones... not sure if there are exceptions for
| any others.)
|
| Google's docs are very clear that apps are meant to explain
| the need for perms, and the impact of denying them at
| runtime... I'd love to see the play store to also provide
| publishers a way to specify what the impact/loss of
| features is if you deny them at runtime. Trustworthy
| publishers would love this, and the non-trustworthy ones...
| -\\_(tsu)_/-
| uranium wrote:
| One of the permissions I'm really reluctant to grant is "run at
| startup". As far as I know, that's granted at install time, not
| prompted for, and there's no way to disallow it. Is there now
| going to be no way to know if I'm granting that or not?
| datalist wrote:
| What about standard permissions? The user is never prompted for
| them.
| dotancohen wrote:
| What are standard permissions in this context?
| codethief wrote:
| Network access, for example
| retox wrote:
| This change was when I stopped downloading from the Play
| store. Prior to that you could easily see that the
| compass or flashlight app you were going to install
| needed network access, something that set off alarm bells
| given the state of malware back then.
| Gigachad wrote:
| It was a bit of a pointless permission because literally
| every app requested it. The android permissions system
| very quickly fatigued users in to accepting everything.
| The new model is much better. Allow the user to actually
| deny the important permissions but just accept that
| network access is what apps do now.
| mdp2021 wrote:
| Since when network access is standard? Access to
| filesystem is not, use of hardware components but for
| display and speaker is not, internet access is not...
| Maybe you are referring to the exploitation of "intents"
| to exchange with networking enabled applications?
| kuschku wrote:
| Network access requires no user approval. The only place
| you could find it _before_ granting it to an app was via
| the permissions list in the play store.
| uranium wrote:
| Same with "run at startup" and some other important ones;
| there's no way to deny it once installed.
| morder wrote:
| I'd prefer to avoid even downloading apps if they ask for
| permissions that aren't necessary. To hide that just makes me
| never want to use the play story anymore.
| binkHN wrote:
| This is truly a sad state of affairs--I really hope this was just
| an oversite as a result of the new Data Safety section they have
| been rolled out as I frequently used this permission list to
| determine if I was going to install an app or not.
| dblohm7 wrote:
| I still miss the good old days of Android when apps didn't
| automatically receive the internet permission.
|
| Now get off my lawn.
| Groxx wrote:
| I've been running netguard for this reason, yeah. Many have no
| need for internet access.
|
| As a bonus, the DNS-based adblocking works _extremely_ well.
| Not perfect, but _dramatically_ better than nothing at all.
| martin_bech wrote:
| Probably because all apps are now required to target the latest
| api, which means most permissions are done by user prompts, and
| not just by downloading the app.
| MBCook wrote:
| The iPhone has worked like that (to various degrees) for a long
| time. But Apple still added their privacy label things to tell
| me if an app is going to try to track my location.
|
| I don't want to download a clipboard helper of some kind and
| find out it's going to ask for my GPS coordinates.
|
| I want to know ahead of time.
| shadowgovt wrote:
| I believe Google is addressing that concern via the new Data
| Safety block.
|
| This is a better approach for the goal, because if there's
| one thing they learned from years of offering the permissions
| list, it's that users can't convert the concept of "app
| permissions" into a good mental model of "What data the app
| can collect on me." They just aren't on average savvy enough.
| So the Data Safety info answers the question users _actually_
| care about without added complexity of pretending the average
| user is a developer who groks what permissions mean.
| izacus wrote:
| Privacy labels are something very different and Play Store
| has (or will soon have?) that as well.
| skykooler wrote:
| Given that modern apps are dozens or hundreds of megabytes, on
| a slow connection I'd really like to avoid having to download
| the app just to learn it requires permissions it doesn't need.
| cptskippy wrote:
| So now I have to install an App to discover it wants access to
| things I don't feel comfortable giving it access to, uninstall
| it, and then go into my profile and disassociate the app from
| my Account?
|
| That sounds so much easier than just listing the possible
| permissions it might ask for on the Store Page before I install
| it.
| [deleted]
| blip54321 wrote:
| I hate installing and uninstalling apps. And overly permissive
| apps are a good sign they're not my friend in the first place.
| t0bia_s wrote:
| Aurora store does. Also F-Droid.
|
| I did not use play store over 3 years and I'm not miss anything.
| givemeethekeys wrote:
| I hope Tim Cook succeeds in convincing our government that
| privacy is important.
| kccqzy wrote:
| The iOS App Store doesn't list permissions requested by each
| app either.
| sicp-enjoyer wrote:
| Privacy is marketing strategy they chose to differentiate
| themselves from their competitors who have business models that
| heavily rely on advertising and surveillance. It's a good thing
| for consumers that they are interested in it, but cynically, I
| don't think that interest is because they think its "important"
| on an ethical level.
| sofixa wrote:
| If you have to rely on people like Tim Cook ( who is anything
| but a regular person and could literally afford to have a hand
| crafted phone and OS build for himself) to convince your
| government of something for _your_ benefit, something is wrong.
|
| And btw, a huge amount of Apple's "privacy" schtick is pure
| marketing combined with gatekeeping. Oh no, we couldn't allow
| users to have the choice where to install an app from, or how
| to pay for it, because _privacy_ and not because we like our
| tax.
| hbn wrote:
| > They had implemented that already a while ago, then reverted
| the behaviour, and now implemented it once again.
|
| This is, among many other reasons, why I finally dropped Android
| after the better part of a decade. The constant A/B/C/D/E testing
| makes every single thing they put out feel like it's a constant
| state of beta testing. It's to the point where you don't even
| know what to expect when you do something as fundamental as
| opening the app store. You'll seemingly have some kind of server-
| side flag activated one day that gives you a totally new UI in an
| app you use every day, hiding things or removing features you
| rely on. Then maybe in another few days it'll be back to how it
| was.
|
| Not only do they not seem to value their users, they actively
| punish you for being one of their users, jostling you around
| between new UIs or even entire services that are always worse
| than the last.
| devit wrote:
| Just don't use proprietary applications (or don't expect them
| to serve you).
| pavel_lishin wrote:
| Isn't that equivalent to telling us not to install apps at
| all?
| mdp2021 wrote:
| I guess the poster meant, "either use Open Source or code
| them yourself".
| hbn wrote:
| I switched to an iPhone and I'm using proprietary
| applications, but ones that don't randomly change their UI on
| a regular basis whenever some nameless product manager
| decides they want to use me to gather some new engagement
| metrics by rearranging UIs on my phone
| jchw wrote:
| That's funny. I mean I use iOS and sure the UI is nice...
| but if you are thinking there's not needless silly UI
| changes... how many major versions have you been through?
|
| Some of the bad phone UX ideas started on iPhone. Like
| removing the physical button at the bottom in favor of
| annoying gestures and no touch ID. And iOS 7 removed all of
| the borders everywhere, it's arguably more radical than
| Google Material, a UI design I also am not really that fond
| of.
|
| I guess if you mean there's no A/B testing or it moves
| slower then probably. But, it definitely moves. That
| becomes apparent any time you load an app from the App
| Store that hasn't been updated in a while and suddenly your
| phone looks and feels like it did 2 years ago across the
| whole UI.
| hbn wrote:
| They've definitely changed the overall look, but a good
| amount of their apps are pretty much identical in how you
| use them from the original iPhone in 2007. Notes,
| Messages, Contacts, etc are all relatively unchanged,
| except for additional features. The biggest overhaul was
| probably the recent change to Safari where they brought
| the address bar to the bottom, which was a consideration
| based on how big phones have gotten, and allows you to
| reach things easier.
|
| And at the very least, these changes come from normal app
| updates either from the App Store or OS updates. And it's
| usually a pretty big deal when they change something, and
| gets a formal announcement months in advance where
| someone high up gets up in front of the world and pitches
| why the change is an improvement (not to say it always
| is). Whereas Google just randomly shunts out new UI
| updates on a regular basis and enables them for random
| people. Usually someone posting about their new UI on
| reddit is the first place you'll hear about the
| redesigns.
| bjelkeman-again wrote:
| At least with Safari address bar, I found a setting to
| move it back to the top.
| WorldMaker wrote:
| I appreciated when iOS Firefox added a setting to move it
| down to the bottom. As an old WinPhone user, I missed
| having that key navigation tool at the bottom. It really
| does make one-handed phone usage easier.
| ajross wrote:
| > ones that don't randomly change their UI on a regular
| basis
|
| I'm genuinely curious what apps you're talking about here.
| Everyone does this nonsense. Everything changes all the
| time. Everything. I don't like it either, but to state that
| it somehow doesn't happen in the Apple ecosystem seems like
| a pretty big whopper.
| hbn wrote:
| Here's a random example: I think it was like 2017, 2018
| when Google launched messages for web. For starters, when
| it launched, it was located at messages.android.com
|
| I don't think it was much time later before they moved it
| to messages.google.com, which i think was in line with
| their SMS's apps like 5th rebranding, this time from
| Android Messages to Google Messages.
|
| Originally the app had an overall blue theme, and for
| individual contacts you could change the color of your
| conversation with them so each chat thread was themed.
| This even had the neat effect that it would sync with the
| web version. However, it only lasted like a week maybe
| before Google completely redesigned Messages to be all
| white themed, and killed the chat themes entirely so all
| message threads were now blue and white to look like the
| iPhone messages app.
|
| That wasn't a rare experience, and I haven't encountered
| anything like it since switching to an iPhone.
| shrimp_emoji wrote:
| No, they just entomb you into a comfy walled garden where
| it's only easy to do what Apple lets you do and where you
| hope some change made by some nameless product manager/CEO
| autocrat doesn't force you to buy more expensive hardware.
| shadowgovt wrote:
| Yeah, it's pretty great. Best walled garden on the market
| by a country mile.
| serf wrote:
| > Yeah, it's pretty great. Best walled garden on the
| market by a country mile.
|
| a lot of us avoid supporting such behavior from
| corporations because we view it as unethical or immoral
| and damaging to the sector in general -- regardless of
| how good the ux/ui may be.
| shadowgovt wrote:
| The nice thing about living in a world of free people is
| that is a choice a person can make.
| heleninboodler wrote:
| They do make arbitrary changes to the UI, though, and when
| that happens, you can be damn sure it's because some
| turtleneck somewhere decreed that the new way is the One
| True Way and there's no amount of user complaining that
| will fix it.
| cmroanirgo wrote:
| The alternative is iOS, a more consistent UI/UX, but you lose
| out on projects like F-Droid, where you can bypass Google HQ
| nonsense.
| hbn wrote:
| If you're running Google Play Services, you're not really
| bypassing Google HQ nonsense.
| ffhhj wrote:
| > one day that gives you a totally new UI in an app you use
| every day, hiding things or removing features you rely on. Then
| maybe in another few days it'll be back to how it was.
|
| We are approaching the age of Schrodinger's Apps.
| roughly wrote:
| I heard a phrase a while back: "the subtle gaslighting of A/B
| testing" - that feeling that you're pretty sure that button
| used to be over there, or the app used to have that function,
| but not entirely sure, because one day it's just Different, no
| release or upgrade or reinstall, just - it's not the same
| anymore - or, is it?
| mdp2021 wrote:
| > _the subtle gaslighting of A /B testing_
|
| It surely would be so... What could trigger that in an
| application? Some of us have never seen any such behaviour
| (fortunately for anybody responsible and huntable). Maybe
| said applications are web-based, mostly front-end?
| ephimetheus wrote:
| The native Revolut app (at least on iOS) had been doing
| this excessively for a while. I think they toned it down
| now.
| roughly wrote:
| Ain't just web. Plenty of well-defined feature flag
| frameworks for mobile, too.
| ephimetheus wrote:
| This is super frustrating. I've described it like feeling
| like you have Alzheimer's as everything changes all the time.
| nescioquid wrote:
| My wife once handed me her newer-model android phone to fix
| something for her. I thought I was having a stroke because
| I couldn't find the settings icon anymore.
| 2OEH8eoCRo0 wrote:
| It's funny how smart yet dumb A/B testing is. On one hand you
| can intelligently gauge the effect of changes, on the other
| hand you can push stupid shit since you have that power.
|
| How about intelligently designing applications that you
| yourself want to use? Too hard.
| eurasiantiger wrote:
| That would require designers to deeply understand system and
| software engineering, or systems and software engineers to
| understand design. Funny how that gap keeps on manifesting
| itself, even though both parties work on the same domain.
| collaborative wrote:
| All the A/B tests I have done point to one conclusion: assume
| users are illiterate and have an attention span of 5 seconds
| dtgriscom wrote:
| There are facts about human behavior which can only be
| learned by actually testing them. People are complex in ways
| that you, whilst sitting at your keyboard, cannot figure out.
| tornato7 wrote:
| All which can be learned through focus groups and internal
| feedback, no need to further confuse and frustrate your
| users.
| szundi wrote:
| After you have the engine running, the marginal cost of
| an A/B is probably smaller than a focus group test. So if
| you really believe in focus groups for the results and
| you are also ambitious enough - probably this means go
| for A/B.
|
| Disclaimer: just thinking, not knowing the costs
| tornato7 wrote:
| Definitely agree, though I think the point of this thread
| is we don't know the "true cost" of A/B testing in terms
| of long-term lost user engagement.
|
| Have we done an A/B test for A/B testing where we test
| A/B testing...
| gifnamething wrote:
| The lack of valuing their customers is what made me finally
| give up on Android. Android's biggest problem is the same as it
| was 5 years ago - the support doesn't last for long enough -
| and all they've done about it in that time is some half-hearted
| upstreaming of <1% of their kernel patches (project icebreaker)
| as yet-another skunkworks alternative to an existing project.
| The attitude seems to be that they assume Android will always
| have its market share and the users are captive. So just chug
| along in mediocrity and let the e-waste pile up.
| [deleted]
| [deleted]
| lizardactivist wrote:
| Something else I noticed was removed a while ago was info on
| underlying kernel version etc.
| LightG wrote:
| Someone just make an open source app store which solves this.
|
| Can't be trusted to these idiots / money-hungry project managers
| / behemoths * delete as appropriate *
|
| Sorry, maybe there is one but I've not investigated and it's ....
| rant time.
| retox wrote:
| F-Droid is what you're asking for
| https://f-droid.org/en/packages/
| derevaunseraun wrote:
| I see people in the comments trying to justify this change
| because the apps need to request for permissions, but WHY exactly
| would google want to get rid of this info? What benefit does it
| bring to the user, if any?
|
| If anything, it harms the user by preventing them from seeing
| what permissions apps will access in an easy to read format.
|
| Why did google even decide to do this in the first place? My best
| guess is it makes users more likely to let an application access
| permissions after they've gone ahead and installed it, generating
| more ad $$$ in the process. But is there any other reason?
| [deleted]
| dvh wrote:
| In latest Gboard update, in the what's new section on play store
| is "no information from the developer".
___________________________________________________________________
(page generated 2022-06-10 23:00 UTC)