Almost all the other low-level permissions have existing user control and mostly require opt-in rather than opt-out. Background restriction isn't a privacy feature and isn't how background privacy restrictions are done so that being opt-out isn't a privacy issue at all.
Conversation
What about the increasing number of "normal" permissions that Google Play vets, like QUERY_ALL_PACKAGES and USE_EXACT_ALARM? Should users not have visibility into which apps request those kinds of permissions before installation, or just trust Google Play's vetting?
1
3
Google vets / restricts requesting battery optimization exceptions from users even though it requires user consent. That's normally the way it works. In cases where they don't require user consent, either it has no actual meaning yet or they should be making an actual OS feature.
1
2
QUERY_ALL_PACKAGES is unfinished and has no real privacy value. I don't think their reviews accomplish much in the first place, so them reviewing something that isn't actually required to easily query all user installed apps isn't really changing much about that flawed process.
1
2
QUERY_ALL_PACKAGES has to be turned into something that actually provides some kind of privacy property because it should be exposed to users. As is, exposing it would mislead users into thinking apps without it can't query all their user installed apps. Harmful, not helpful.
1
2
Using exact alarms is already exposed to users in special app access. Users can disable it. It's currently granted at install time and it's not a privacy related feature but rather a battery saving one which is perfectly fine and matches other things like background restrictions.
1
3
If an app can query all user installed apps and you don't show it as having QUERY_ALL_PACKAGES but you show other apps as having it, you are misleading users into thinking app without it can't do what they can do via explicitly listed queries. Can also detect apps without either.
1
5
That is part of why simply the existing "All permissions" view is harmful. It should only be there if you enable developer options. They should also either remove the highly misleading user facing strings entirely and only show the permission names or give actual descriptions.
1
3
The actual descriptions would be for developers. At most the low-level INTERNET permission is something that should be a user facing runtime permission, and one day QUERY_ALL_PACKAGES + queries could be user facing but not as a permission toggle since it's more complex.
1
3
Aside from that, they are entirely missing any kind of permission for most sensors access. They have restrictions on what can be done in the background, but that's it. There is absolutely no low level permission for stuff that can be used to record movement / direction or speech.
1
2
We add Network and Sensors permission toggles in GrapheneOS. It would be nice to at least get Sensors in Android itself, especially since the lack of even a low-level permission for it means we have to mark all apps as requesting Sensors with a Sensors toggle for all of them.
The only way to make QUERY_ALL_PACKAGES + queries work as a user facing permission would having a permission which fully disables BOTH of them and draws no distinction between intent-based queries and QUERY_ALL_PACKAGES because there is really no actual difference in practice.
1
3
These are some pretty good points. They all seem based on the viewpoint that permissions = privacy/security feature though. Is that ALWAYS the case? I can't think of anything off the top of my head, but I imagine some permissions could be used for controlling device behavior, etc
1
Show replies