Android Permissions-on-Demand System

March 19, 2012

Today’s Android permissions system has many short-comings. While perhaps a decent starting place for development of a more robust solution, the existing implementation is minimally effective at fostering good security practices.

Consider the last time you installed an app — did you look closely at the permissions? I sometimes look out of curiosity, or to make sure they are not blatantly egregious. But, even then I often assume someone else has scrutinized the application for me.

A revised system might foster a “Permission on Demand” model, as implemented in most modern Web Browsers. As non-core features are needed, the user is able to allow or disallow the permission — optionally, to always or never allow. Some more elevated permissions — those sensitive to the user’s data and identity — might always require explicit consent.

The new permissions system would extend the existing infrastructure beyond the all-declarative uses-permission element, to include a new requests-permission element. Required permissions would then only be those necessary for basic operation of the application. All other permissions would be declared with requests-permission. At install, these could be set to “Never,” “Always”, or “Ask me.” The default would be “Ask me.”

Much later, when the user has forgotten the particulars of this interaction, the application might try to request an optional permission. At this time, the user would make a decision appropriate to the context: “Not now,” “Never,” “Yes,” or “Yes, always.” In the event that the User decided to deny the permission, the application would display an error message stating that the functionality was not available — or degrade gracefully. Up until then, however, the application would have been entirely functional as expected, operating perfectly happily without the permission.

Now this all sounds like the Web. In many ways, as horrifying as Web programming and security has been throughout its lifetime, the infrastructure seems to have gained a certain degree of maturity. Here, for example, we either evangelize a mass movement to HTML5, or make a request to “forward-port” a better permissions model to Android.

So who’d like to code this up?

2 responses to “Android Permissions-on-Demand System”

  1. Justin says:

    I totally agree 100% .. I don’t feel comfortable with apps being able to have all these permissions into your privacy at their disposal. I have wanted ‘ask me’ and ‘deny’ options from the start. We should have the choice even if it decreases the functionality of the app, it’s our choice (or should be for that matter). I honestly wanted to return my android slate shortly after buying it for that reason alone. I have faith that Google will add this much needed and most important privacy and security fix in a future android release soon. I guess it all depends if Google cares enough about the security and privacy of its users or not, only time will tell.

  2. Simeon says:

    I similarly agree. I do development related to the Android PDroid framework modification which tries to provide some additional user flexibility with security but it really can’t replace a better permissions implementation.

    One thing I found really interesting was this:

    Basically, there is a flag to indicate whether a particular permission is ‘required’ for an app to run: at the moment, all permissions are considered ‘required’ but clearly there has been some thought in this direction. I recall seeing other related things in the API (though the details presently escape me).

Leave a Reply