Referenced previous discussion that this was going away from early June 2022, 167 comments: <a href="https://news.ycombinator.com/item?id=31698148" rel="nofollow">https://news.ycombinator.com/item?id=31698148</a>
The dynamic permissions are not a replacement.<p>Some users would never even install apps that asked for too many static permissions on the Play page.<p>But now, if an app seems to meet their needs and they aren't sure, some of them will go ahead and install it just to try it out. How much can one run hurt after all? Due to unresolved questions or sunk cost dilemmas, they may even grant dynamic permissions. How much can one run hurt after all?<p>So this will manipulate a percentage of reluctant users into data-providing users by hiding a reason for their reluctance. I'm inclined to suspect it'll benefit Google's ad impressions business and that's the actual motivation, not "feature parity" with Apple.
I know this doesn't help the average user, but <a href="https://exodus-privacy.eu.org/en/" rel="nofollow">https://exodus-privacy.eu.org/en/</a> does their own analysis of apps and lists permissions and sensors. You can check here first. There reports are integrated into the Aurora Store.
What I always found very confusing is that apps on Android can either read all of the SD drive or nothing. Wouldn't the normal approach to gate applications from each other be to give each one the right to access a single directory?<p>The way it is, all apps want to "READ_EXTERNAL_STORAGE" so they all can read all the data I save.
This is one reason I switched to F-Droid a while ago. Among other things, F-Droid is very strict about reporting potential anti-features, which (ironically?) makes me much more comfortable installing apps from that app-manager.
What they really need to do is to simulate data for permissions that are rejected.
For example, if I reject location permissions, then play back a random GPS trail in a randomly selected city on the planet, complete with simulated error and drift. If I reject Wi-Fi scanning, then show a constantly changing set of fake access points. If I reject camera, then play back some cartoons or deepfaked video as a camera device.<p>The app should never have to know its permission request was denied.
I teach digital literacy courses for seniors. The Play Store is such a nightmare for me. What used to be a lesson on basic app installation has now become a safety lesson on how to be careful in the Play Store. It's a minefield of scammy apps.
This is similar to either the Microsoft Store or Apple App Store (can't recall). You used to be able to see what in-app purchases were available, to determine if you weren't ripped off downloading this app. Now you can't.
in unix, xattr and setfattr drive me crazy. As a PM, I do sometimes realize that the UX drive here would be "lets just remove these extended attributes, people hate them" instead of thinking about what they do, and how people (mis)understand them.<p>I think Android permissions are like xattr. its the noise behind chmod, it shows up in odd ways like when you can't move or delete a setuid file, or in ls -<flags> contexts if you tickle it right. its the nitty gritty, the details. Not "does this s/w respect my privacy" but "of 100+ distinct attributes, data items about 'me', can I atomically grant/deny access or apply some conditionality to them"<p>So I think the same thing about AWS Privs. My god, theres a million of the suckers. Do I want Amazon to simply remove the pane? God no. I just want to understand it better.<p>Why can't google "do both" and have a path to see these, but feature-parity with Apple and simplify it on the surface?
My idea to improve the issue is the following: an app asks for permissions and you as a user get two choices: grant the permission or grant mock permission. Mock permission gives access to some random data that like stock contacts/stock photos/whatever.<p>Every app is required to work correctly with the mock data or is removed from the store. You could even have mock folders in the photo app or mock contacts on your phone so you as a user can see how the app works on those without giving it access to the real stuff.<p>Example: a parking app asks for access to your contacts and ability to call, you give it a mock permission. It just works. When it tries to call someone you see info: "app XYZ calls mock contact A". When it tries to read your contacts it just gets a stock list. If it tries to tell you it needs real contacts you report it to Google and it gets removed.
right, since the popup for permissions is in the app when its requested<p>I would like more permissions to be different than all or nothing though. I wish you could segregate contacts. like, if I don't tell people around me that I know a high ranking official, why should a random app just because one of us uploaded our contact list.
There are still ways to get gplay permissions - e.g. see <a href="https://42matters.com/docs/app-market-data/android/apps/by_permission" rel="nofollow">https://42matters.com/docs/app-market-data/android/apps/by_p...</a> (note: i'm affiliated, but I believe it's relevant to the topic).
I publish both Android and iOS apps regularly, this is just Google getting to feature parity with Apple.<p>Apple had data safety, Google now has it.<p>Apple didn't show permissions, now Google also doesn't.<p>Presumably most people don't really care about permissions anymore.
I don't think I've checked permissions on the play store in ages. Don't apps prompt when they access things now?<p>Speaking of which, anyone from Spotify around?<p>Could you kindly take your request for control over Bluetooth and shove it up your fuckin arse?<p>Why must I say no to this every time I open the app?<p>No means no.
"Permission" system is broken to begin with. Every app should get all the permissions they want, but the user could choose what kind of data to actually provide, none, some, all or even fake.<p>see also: XPrivacyLua
Honestly, these days I feel like it's dumb to deploy on a platform you have no control over, unless you have enough money to pay lawyers to get Google's/Apple's attention.