What Android really needs is a way to accept/deny each permission separately. I see some apps. asking for some permission they clearly do not need to function, and you're left with a choice of either not installing the app. at all or having to give it the permission you don't want.
Permission is one of my major gripes about the whole smart phone thing. I wish devs would take the spirit of GNU and just release some simple free apps without all these "adware" crap. For example, I wanted to install a led flashlight app a couple days ago. The one with 10 million downloads wants access to my phone book, internet, browser, etc. WTF! This is a LED flashlight app and it has an install base of 10 million, why on earth does it need access to the internet and phone book?! Arg, there is a total disconnect between useful apps and privacy! I do not know what the answer is, but the current system really grinds my gears!
Imagine if you wanted to use the ls, cd, grep, tar, pwd, top, etc commands on unix and an "ad" would pop up, or maybe you would see it connecting to the internet. These are utilities too. Is this acceptable behavior?
App stores are great for commercial developers but culturally clash with open source apps. If someone were to take grep and commercialize it, no one would use it. (Though I have seen stories about it happening with Blender). But if grep were an app in the Play Store, and it was open source, someone would grab the source, commercialize it, and maybe even invest in advertising to make their grep to the most popular one.
Spare Parts is (was?) part of the Android Open Source Project, but got posted to the Android Market with ads added and only minor changes. Romain Guy (of Google's Android team) posted sample code for a Shelves application and had the same experience.
I love open source, but make my living with closed source Android apps. One of my early projects actually was an LED flashlight app. I tried selling it for a week or two, then switched to a free and donate model which doesn't make much money. My other apps do, and it's just a flashlight so I have no interest in monetizing it. I also rarely update it, don't answer support emails for it, and certainly don't buy banner ads to promote it. Without any marketing effort on my part, there is no way it will compete with the commercial offerings. I've considered open sourcing it, and maybe I should, but I'm still a bit attached, as it was one of my first apps, and I'd hate to see a fork of it with ads and junk grow more popular than it. I also wouldn't have much time to review pull requests and build/test new APKs to publish.
The app is TeslaLED. If it works on your device (works on most modern devices) then it's probably what you're looking for. Sadly if it doesn't it is unlikely to get updated in the near future with support.
> Romain Guy (of Google's Android team) posted sample code for a Shelves application and had the same experience.
As a 3rd anecdote, Ken Magic (also at Google) made an open-source Solitaire app [1] for Android, and I'd guess at least 1 in 5 of the (numerous) Solitaire apps in the Play Store are minor tweaks of his code with ads slapped on -- you can recognize them by the card art.
I made my own zero-permissions Solitaire app [2] and purposefully haven't open-sourced it because I would expect someone to slap ads on it. Even worse, considering that I don't have a large install base, they could probably outrank mine in the Play Store search results (granted, I don't do myself any favors by simply calling it "Solitaire").
Having seen this happen with Connectbot and others, I'm under the impression that open-sourcing Android apps isn't worth it, in spite of what your principles about software may be.
Which makes me wonder, does this happen on other platforms (iOS, BB10, WP7/8) too, or is it just Android?
How about a licence with a special clause forbidding adware and/or "privacyware"?
As long as you hold copyright, you could always offer different licensing if anyone had a genuine need for it (say re-licence under GPL for some "worthy" project, or re-sell under BSD for a price).
a) The ‘worthy project’ would have to license their product under GPL, too, which has the obvious effect that the whole thing is properly open-sourced again and everybody can slap ads on their stuff.
b) A license forbidding the modification to add advertisements is certainly not DFSG-free, and while this is likely of less concern in the Android ecosystem, I tend to measure the open-sourcness of a programme by its possible inclusion in Debian.
Ah, TeslaLED! An app that lit the way for me and my family in darkened mini-vans for quite some time (I bought the donate app, of course). It was one of the few flashlight apps that wasn't ridden with ads.
I've only recently switched to Cyanogenmod, which comes with its own built-in flashlight app, and I'm committed to not installing anything on the phone now that requires a Google login (like Google Play, for example). So no TeslaLED now.
But thanks for a great app! TeslaLED is a very well-made app, and looking at the Google Play page now, I see it has a lot of features I wasn't even aware of. Best of luck with your future apps.
I'dd hate to see a fork of it with ads and junk grow more popular than it.
Last time I checked, the google play store interface only broadly discriminated between for-pay and free apps. I think adding other broad categories like "open source" and "no tracking / advertising" would help to keep these fork+advertising versions from becoming popular.
True, also GNU was/is made possible by university funding (MIT in particular but also others) and corporate donations (much of which ironically comes out of profits from proprietary software). Not really the same situation as an indie Android dev trying to put some food on the table with their apps.
That's where you will want to install f-droid. It is an alternate "app store" for free apps, with no crapware (they even re-compile the apps from source themselves, and do some level of auditing to remove unwanted "features" from some apps [ it is clearly stated in the descriptions when they do this though ]). BTW, the flashlight app from f-droid is a simple no-frills flashlight app without ads or anything.
Perfect, this is exactly what I've been looking for. I've recently installed Cyanogenmod and have foresworn having any apps on my phone requiring a Google sign-in. This includes Google Play, so an alternative app store with utility apps is exactly what I need.
Many of the popular 3rd party ROMs have this feature. I think it's not in stock because it can break apps that expect "this feature that I require before installation should be here", which then blow up when the feature is not, in fact, there, but I guess that the assumption is that if you're savvy enough to run a custom ROM and to revoke permissions, you're savvy enough to place blame where blame's due.
The OS could lie to the app after permission for some aspect was revoked and respond with no data or garbage data.
For example if you revoked permission for access to pictures or something else like music, when that app queried for the number of pictures/music on the device the OS would just return 0. For something like GPS you could return a valid location (like say somewhere on the Google Campus).
This feature was added to Cyanogenmod at some point, then removed later.
Many apps are designed to not work unless they have these unnecessary permissions. I removed phone log permissions from some media and game apps (Bejeweled clones & coin-drop games) and they simply crashed.
If you root your phone and use a packet filter -- DroidWall is very good -- you can gate network communications per app. This works very well for apps that you don't trust, as long as you're willing to forego network connectivity for them.
Of course they're going to crash if the call is simply denied or returns invalid information. The OS should simply return valid, dummy information (empty array, array with single fake contact, etc.).
If you feel like doing some not-too-difficult patching and running an AOSP-based ROM, take a look at OpenPDroid[1], which does exactly that.
It would be much better if Google would come to their senses and include that functionally in Android. Which it looks like they might be working toward--AppOps in Android 4.3 is a start [2]. It looks like they may have even used the code from the PDroid project to implement it.
While I, as a power user and a developer would love this feature, I can only imagine the kind of problems it'll cause for regular users. eg. "Why does this flashlight app use the camera permission? (Because the Flash LED is part of the camera!) Why does X game use the phonebook permission? Let's disable it. Ugh, the friends feature no longer works. I'm going to give this app a 1 star rating."
> For some permissions, the app has to
> make use of them before they will show up in App Ops
So by the time an app has stolen all your personal data it's already too late to disable the permissions...
Let's hope this feature will be complete and implemented properly by the time for release. It's far overdue already. This should have been built into the system from the start, now getting apps to degrade gracefully on declined permissions will be a pita.
> "Smartphone usage has skyrocketed, and some advertisers have begun to experiment with aggressive, new techniques to display ads on mobile devices. This includes pushing ads to the standard Android notification bar, dropping generically designed icons on the mobile desktop, and modifying browser settings like bookmarks or the default homepage," explains Lookout.
Wait, seriously? Perhaps I'm too accustomed to iOS, but I wouldn't expect a smartphone app to change the browser homepage.
PC applications have always been able to do it so I don't see why not, in the end it's the user that is accepting this, everything needs permissions, if the user doesn't pay attention it's partly his fault. This are features that can still be useful for legitimate uses.
I have always found the fact that Windows app installers routinely do this to be one of the irritating things about that platform. Apps should know their place: it's my machine, not theirs, and they should not presume to tell me how I should organize it.
It's interesting that Android is rediscovering the same lessons Windows learned. As Windows progressed, they exposed less things via API, realising that the user wants control of their experience. For instance, pinning items to the taskbar.
Devs call MS and whine "how can I make my installer pin the app to the taskbar" and the answer is "that's the user's space, so you're not allowed". Of course, without a sandbox or approved environment, applications can reverse engineer the system somehow. And if MS adds a mandatory sandbox/approval (WinRT) then it's "but it's not an open or fair platform; my machine is locked down; freedom etc.".
Sure, you might say "but I want" this app to violate the sandbox. But if that's remotely easy to accomplish, then all apps just request you to violate the sandbox (just like the tons of sites that used to have "click yes to install the ActiveX control when the scary warning pops up").
The converse is that I really wish there were an app for managing the Start screen in Windows 8 because having to right click a million icons etc. by hand really sucks.
There is a balance to be had, however, and the watch your back! approach to the market is not consumer friendly, and history has shown that it simply doesn't work. There's no reason to accept it.
Honestly -- and I say this as an Android developer -- Google needs to perform at least rudimentary identity verification of developers/developer companies. Right now it is a joke, and is how fly-by-night scammers can roll in and out with impunity.
It is hard to blame a user when they fall for garbage like this. The hundreds of fake reviews are the topping on the cake, and this is one of countless examples of this sort of horseshit.
Other important changes that will improve the ecosystem:
"Do not post an app where the primary functionality is to:
Drive affiliate traffic to a website or
Provide a webview of a website not owned or administered by you (unless you have permission from the website owner/administrator to do so)"
and
"Apps that are created by an automated tool or wizard service must not be submitted to Google Play by the operator of that service on behalf of other persons."
I wouldn't be surprised if 10% of all apps in the Play store fall in those categories.
This is quite significant as some of the bigger ad networks focus almost exclusively on these kind of ad units and have reasonable market shares (Airpush and Leadbolt are good examples): http://www.appbrain.com/stats/libraries/ad
Mobile apps are such a shitty situation; it seems like one either has to submit to the ridiculous walled garden approach or stand constant vigil against every app one installs.
All OSs need fine(r)-grained permissions, they need to supply fake data to apps that refuse to run without permissions, and in general make it deleterious to abuse the user's trust.
My ideal vision is sandboxed applications that can reach out to shared data stores or open external apps via some kind of intents; but only if the user allows them to. Also apps should be signed and the user should have the option of installing third-party CA certificates.
It would be nice if Apple would implement/actually enforce this as well. I have ads pushing out notifications on "deals" or whatnot daily. Good on Google for making this happen
"The Google Search app will be able to show Google Now ads for nearby businesses". We'll that's good that at least Google get's to show its ads, because it's "open" and you are its product.
