Google removes 'awesome' but unintended privacy controls in Android 4.4.2

Summary:Google's recent update Android 4.4.2 didn’t bring many changes, but it did break off a privacy feature that slipped into KitKat by accident.

Praise for what some thought was a a new privacy feature in Android called the App Ops has turned to criticism after Google cut off access to the feature on devices running its latest version of its mobile operating system.

Hidden system app, App Ops. Image: Color Tiger.
Hidden system app, App Ops. Image: Color Tiger.

The App Ops UI could be exposed by installing one of several third-party apps launcher apps, offering users granular control over which resources each app has access to. For example, it could revoke or grant an app the ability to read location data and contacts, send SMS or MMS, or post notifications — addressing the seemingly unnecessary permissions that apps demand before they can be installed.

The removal of access to App Ops was brought to attention by the Electronics Frontier Foundation (EFF) last week, which had earlier praised Google for the surprise feature, calling it "awesome".

"Today, we installed that update to our test device, and can confirm that the App Ops privacy feature that we were excited about yesterday is in fact now gone," EFF technology projects director Peter Eckersley wrote.

Despite its potential usefulness as a privacy control, according to Google Android engineer Dianne Hackborn, the App Ops UI was never meant to have been exposed to end users.

"The current UI is definitely not something that is appropriate for end users; it is mostly for platform engineers (a tool for examining, debugging, and testing the state of that part of the system), maybe some day for third party developers. In what form these features might be available in the regular UI I couldn't really speculate about," Hackborn wrote in answer to questions from developers on Google+.

As noted by Android Police, Google had already begun tackling the exposure of App Ops with the release of Android 4.4 by making it harder for users to find, so that it's now fully blocked isn't a surprise.

Even though it was never meant to be available to users, the EFF's Eckersley reckons those that value privacy should avoid updating to 4.4.2.

"If app privacy is especially important to you — if, for instance, you want to be able to install an app like Shazam or Skype or Brightest Flashlight without giving it permission to know your location — we would have to advise you not to accept the update to 4.4.2."

However, he notes, users on 4.4.1 would be missing out on a few security fixes available as part of the subsequenty Android release.

The developers behind one of the third-party launchers, App Ops 4.3 / 4.4 KitKat, claim to be working on a fix to make the launcher function again on 4.4.2 but for now, it only works on Android versions 4.3 and 4.4.

Topics: Security, Android, Mobility, Privacy

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.