Shared publicly  - 
 
Well, darn. It's confirmed Android 4.4 KitKat is missing the App Ops functionality that was 'hidden' in 4.3.

I only had certain apps installed because of this power-user feature of Android, and now they're taking it away. That's a real shame. I guess it was inevitable; it was hidden away from users for a reason.

+Dianne Hackborn Is there any more information on what happened here? Was this a planned feature that was dropped? 
33
8
Matthew Churilla's profile photoDerek Ross's profile photoJochen Schurich's profile photoArtem Russakovskii's profile photo
38 comments
 
+Danny Holyoake That UI is (and it should be quite clear) not an end-user UI.  It was there for development purposes.  It wasn't intended to be available.  The architecture is used for a growing number of things, but it is not intended to be exposed as a big low-level UI of a big bunch of undifferentiated knobs you can twiddle.  For example, it is used now for the per-app notification control, for keeping track of when location was accessed in the new location UI, for some aspects of the new current SMS app control, etc.
 
+Cameron Brown She's saying that's what it's used for now. It doesn't matter what the first implementation was.

So +Dianne Hackborn, is it correct to conclude that this isn't a feature that we'll ever see and is for internal development only? I mean, the framework could be there without the UI, but Google specifically built a UI around it. This UI was only meant for Google engineers? 
 
+Artem Russakovskii The current UI is definitely not something that is appropriate for end users; it is mostly for platform engineers (a tool for examining, debugging, and testing the state of that part of the system), maybe some day for third party developers.  In what form these features might be available in the regular UI I couldn't really speculate about.
 
+Dianne Hackborn  Well if it means anything, my children know how to use my phone, and download free apps, usually kids games have the option to read contacts. Short of not letting them use technology.. It would be great if we could require a password / play store options to restrict access to certain apps which access different permissions.. With more and more children using smartphones, there needs to be a way to restrict information from being shared. Parental control for purchases was a great step for the play store, but would like to see some other options too. 
 
+Dianne Hackborn From a security standpoint why is this not user facing?  The revelation about that flashlight app secretly stealing data is a perfect example where this would have come in handy for some people.

Will it ever be user facing in some capacity?  I certainly see why giving users the option to block Internet Connection would be frowned upon due to ad based apps but allowing users to deny access to things like contacts/sms/mms/location would be wonderful.
 
+Dianne Hackborn If it was there for development purposes (because it's not ready for end-users), then why not put it into the developer options?

Most of us power-users and developers got a Nexus devices because of the flexibility it gives us to test out new features before they become widespread. Losing a feature because it's not ready for end-users is counter-productive to us.
 
+Mathew Pinard The feature was never meant to be user facing. You didn't lose a feature you were never supposed to gain yet. The fact that it was hidden but still accessible, twice, was essentially a bug and an oversight. 
 
+Dianne Hackborn
Permissions in Android is completely broken - it's shameful on Google that they don't have this essential security feature as a user facing proposition, and your desperate attempts to break it for users really makes the entire platform worse. Shame on you.
 
The only problem with removing access to it is - Google / +Dianne Hackborn have created a bigger headache in that the permissions that were previously revoked for individual apps are still revoked after the 4.4.2 update - and now the user has no way to change their mind and re-grant the permissions. I get that we were never meant to have access to it - but the fact is - we did have access to it - and now it's been removed - there is no way to revert changes. Presumably uninstall and re-install will override whatever had been previously set in AppOps, but will also lose data associated with the app?
 
Thanks +Dianne Hackborn at least it doesn't mean losing data... I'm happy to leave it as it is for now - I only revoked Twitter and Facebook having access to read my SMS - because they haven't explained why they would ever need to.
 
+Andrew Livingston We aren't attempting to break anything for users, we are fixing security holes in the platform that developers have been using to get access to parts of the system that were never intended to be accessible.

+Mathew Pinard It is there for platform development purposes.  There isn't really much utility for third party developers.  As I said, App Ops is a part of the platform framework that is being used for an increasing number of things, which are visible in the UI -- per-app notification control, location access history, current SMS app -- and this UI is just a tool for people working on the platform itself to more easily debug and interact with it.
 
I would actually like to make a request though (2 actually) while I appreciate the reasons for removing access to altering permissions - could we at least (at some point) regain access to seeing what apps have used various permissions? This would be the best of both worlds - it removes the headache for developers who can continue to assume that if their app is installed all the permissions it wants are available, while also giving power users the tools they need to see that for instance a flashlight has accessed their contacts list. The second request - and it is MUCH more urgent for me - is to please nudge whoever you have to - to make the Android Device Manager actually do something (anything at all) for those of us mortals who still have @googlemail.com accounts. +Dianne Hackborn 
 
+Dianne Hackborn But you have broken something for users, as Android's permissions framework without App Ops is not fit for purpose. What you "intended" isn't relevant - App Ops needed to be front and centre of Android's UI for many years now. Android's existing permissions are far too wide to be of any actual use, as we've seen recently with many rogue apps.

Essentially, without App Ops I will just have to drop Android as a platform - the security risk is just too great, and iOS is able to manage permission revocation properly.
 
+Dianne Hackborn You hid the feature well enough that essentially only enthusiasts were accessing it. It is a feature they clearly love. All you've done is basically piss off your single largest base of supporters. Let the power users have the kind of granular control they deserve.
 
Is this really a major issue? With a rooted phone,a little help from Xda, and a custom ROM, this will still be accessible?
 
i dont want to root my phone, but i like some control over the app-permissions. some of the app-permissions are absolutely crazy.
 if there is no app-opps-comeback, i will switch back to ios sooner or later.
 
+Dianne Hackborn I've published a small tool called "App Ops Starter" to the Google Play Store and today i've more than 38.000 downloads. If you take a look at the ratings and reviews you'll see that many, many people love this App. In fact, they love YOUR App Ops UI.
I've created the "App Ops Starter" because i wanted more control over "Spyware". I wanted to control who can read my contacts, but i still want to use Apps like the facebook App.
The "App Ops" UI is not for power users, it's very easy to use and everyone can understand what he is doing. Please re-enable this feature!
 
+Dianne Hackborn says, "The current UI is definitely not something that is appropriate for end users".  Uhm, I can say the same thing re: the Developer Options menu, yet the entire menu remains in 4.4.  I really don't understand your reasons. :(
 
+Perfecto Ong Bautista  I doubt that the UI is the real reason. Rather, the business model for ad-based apps would no longer work. The same applies for apps which are "using" your personal data stored on the phone. Maybe i'm wrong but the UI is definitely appropriate for end users!
 
+Dianne Hackborn If that menu is not for end user, can we please have some privacy control similar to iOS7 for basic things like contacts, location, storage etc along with call logs, SMS, microphone, camera, background processing and more. I know android has list of permissions when you install apps but most people ignore it anyway and for user like me I want to use the app but don't want to share everything with app. In my opinion iOS7 has done much better job in terms of permission control to the user. I will rooted all my phone to get similar control functionality, but It should be standard for all non rooted phones with user and developer friendly interface.
 
I second that +Rinay Patel, while the Google Play permission list is useful, the Android model has created an echosystem of apps that just ask for all permissions. The Facebook app is a perfect example, it wants to access everything on your phone from call log to contacts. I refused to update to the latest till I had AppOps.
Why would I allow a banking or shopping app that has access to SMS, call log or my contacts? But if I had to do banking on my phone I am now forced to give them that info because AppOps is gone.

BTW, AppOps wasn't perfect either but better than nothing, as you say Android needs iOS like permission dialogs so that the user is aware why a given app is accessing that permission at that stage.

+Dianne Hackborn you guys have created a monster on the Android app echo system, the list of permissions keeps growing with every single app on my phone. At this rate I will uninstall most of the apps on my phone.
Jon Sykes
+
1
0
1
0
 
Have to agree, AppOps is essential in order to protect your phone and data. The Facebook app is a perfect example of an app I want to have , but refused to install on my phone because of the excessive permissions it wants:

Directly call phone numbers
Record audio
Read call log
Write call log
Download files without notification
Retrieve running apps
Draw over other apps
Prevent phone from sleeping
Turn sync on and off
Install shortcuts
Send sticky broadcast

Not one of those is justified for Facebook to show me updates from friends and family. Being able to go in and turn them all off is exactly what Android needs to let users do. AppOps allowed Facebook on my phone. 

All apps must be able to check for the availability of permissions before they try and use them. No internet access, no GPS, no wi-fi, no SMS capability. All of those are perfectly normal everyday occurrences, whether through user preference, geographical location or hardware limitations.

If an app crashes because it cannot access a specific permission, then it is the app that is faulty, not Android, not users.

Bring back AppOps and do it now.
 
+Dianne Hackborn, I too have software installed which I would have uninstalled or not upgraded were it not for App Ops  (and CyanogenMod's Privacy Guard).

Games wanting to access contacts information, call log, calendar, SMS? No chance. There are apps which I've refused to updated and others which I've uninstalled because newer versions want information to which I can't currently block access such as running apps and accounts and I don't see a legitimate reason for allowing them access.

Should I need to wipe the app data, I'll re-install apps from my own local backup rather than allow them to be downloaded because that way I get versions whose permissions ‘requirements’ I find acceptable.

Security matters. Privacy matters.
 
+Jochen Schurich I was sorry to find that your app will not work with my Sony Xperia. Any chance it will do?
 
+Dianne Hackborn as if Facebook weren't bad enough they now want access to my sms messages. Abuse of privacy and security is exactly why we need AppOpps. If app developers are not prevented from permission escalation then user privacy will be abused and eventually users will leave Android. 
 
I cannot agree more with the overwhelming sentiment in this thread. Privacy matters! What can we do to get that message across? 
 
I'm hoping that +Dianne Hackborn can allow something to be released that can be used to limit permissions that apps need.  I currently live in China and doing online transactions either requires IE and Windows or custom Android apps.  As a Linux user the whole IE thing is not happening so I install these horrible Chinese apps.  The permissions on most Chinese apps is normally "everything" and I would love to restrict them just sane stuff needed for online transactions.  I really don't like giving Chinese companies full access to every detail of my personal life just so I can pay my bills!
 
+Dianne Hackborn  I can understand why it is not ready for 'end users'. I just had to dig up this thread (sorry for resurrecting it). I just wanted to provide some feed back on what happened to me, and also thank you for pointing out how to reset the app settings to clear all the settings at once..  (It just saved me from a factory reset). 

Basically, I went through the settings on KitKat, and disabled a bunch of settings for location, and contacts for apps that I felt did not need access to them. (I have had some friends email me saying they get emails from 'me', but routed through some other server, which means there must be some apps skimming some data from my contacts list)... Anyway, as of a couple weeks ago, I noticed that my location was not accurate.. It was as if it was GPS + Network Triangulation, but not taking into account wifi (as if wifi was turned off).. I went through the list, and set all location specific flags back to allowed, but it still did not fix the issue that all I could get was GPS + Network.. Wifi was not being used to give me a good location. 

Not sure if this helps at all with any possible bugs/testing, but figured I would pass it along, and say I have #SeenTheLight , and also thanks for pointing out the way to revert all my dumb changes..
 
+Dianne Hackborn  and others.  I just purchased an Android device today and got home and started to install apps.  The first app I tried to install (and just about every app since then) has an appalling list of permissions it asks for.  So now I am in a crappy situation I can either use my device without any apps installed or I can install them watch my privacy go away.  As a user I don't want anyone seeing my contacts without permission, I don't want anyone to know my location without permission, I definitely don't want anyone reading my SMS messages and listening to my microphone without explicit permission.  

As someone coming from iOS I thought the level of privacy controls there (which is apparently what App Ops starts to provide) was somewhat standardized.  I was shocked to find out that agreeing to install an app is basically agreeing to give them complete access to everything on your device they want since every app seems to want just about every permission.  

Now I have to decide if I want to take my phone back and pay the restocking fee and get a new iOS device instead.  I just can't believe privacy on Android devices is so crappy, and that the fact that it is so bad isn't documented more on the internet.   
Add a comment...