The truly rotten egg here is Android (and Google by extension).
Why a user cannot elect to nominally provide permissions to an app, but restrict the content of different grants (so an app may see an empty phone book by default or an empty Pictures folder) is beyond me. It borders on abusive.
Android 6.0 has the ability to enable/disable individual permissions. Apps running on Android 6, but not compiled against the Android 6 SDK, end up with similar behaviour to what you described i.e. If you disable access to your contacts, the OS just reports back you have zero contacts etc.
A lot of people have suggested this and I would really like it too, but the thing is that this makes things extremely difficult or annoying for users and any novice will just accept all the alerts they get, defeating the entire purpose.
Is it really? I know they would allow you to specify the permissions yourself, but i think the guy above you is talking about "fake" permissions (the app "sees" your emails, but there are none)
You cannot do any of that on a computer either. As far as I know neither Windows, Mac and Linux have any kind of permission system for the applications they run. Sure, you can hack something together using sandboxing/containers/VMs, but none of the operating systems provide this by default. There have been alternate Android roms which provide the features you speak of, as well.
My firewall can stop them talking to the Internet. I often use VirtualBox to run new downloads in isolation, sometimes with a VPN running as well.
And who installs apps on their PC anymore, maybe after your initial setup? The point is you install apps you know and trust. I don't think notepad++ is uploading my photo library somewhere.
And there's a word for PC apps that do the wrong thing: (ad/mal/crap)ware. It's one of the reasons I do as much online in a webbrowser as possible - its a hellla lot more secure than downloading and installing stuff all the time.
That's not strictly true on Linux: you could use AppArmor/SELinux to remove capabilities from programs. Surely not as user friendly as they could be but the capability is there.
I think Spotify guy is right. If you give photos access to twitter, it is not much of a stretch to give it to the Music app.
The problem is the way permissions work. You should be able to give temporary individual permissions to each app for each service to only a portion of your storage. For example, not all photos forever, but just these photos.
The way the permissions currently work on Android is insane.
It is also insane that people are okay with sharing all of this information with facebook, twitter, verizon, google, lyft, uber, yelp and 50 other apps.
> The problem is the way permissions work. You should be able to give temporary individual permissions to each app for each service to only a portion of your storage. For example, not all photos forever, but just these photos.
That is much better handled by dedicated pickers running in isolated processes which can give temporary access to explicitly selected datasets without the application having any access rights to even those data in the long term.
Surely Android has some sort of media picker intent which lets users select media without giving applications "background access" to all your media library, no? Unless the application is image edition software, I see no reason for it to get any passive access to the user's images.
Pretty sure they can get the photos whenever they want once you have the app installed and running in the background.
Otherwise, how would automatic photos backup work?
I haven't written any Android apps though so I don't know the details.
It's not the app permissions that are the problem, it's the attitude of the licence which is basically we'll help ourself to whatever personal data we feel like and do whatever we like with it.
Interestingly on virtually all home computers the situation with access control to certain APIs and data is _way_ worse (because basically nobody (I know you're out there SELinux/AppArmor/grsecurity/etc users) uses it to the extent that would be necessary to provide even basic privacy protection or system security).
I do hope that, when application sandboxing goes mainstream, it is not only going to be used to mitigate dependency hell, but also to provide a nice and featureful (and usable!) interface for filesystem/networking/etc isolation and monitoring with white/black/greylisting and fake permissions (i.e. pretend an application has a permission and return made-up data).
Heck, it'd probably be best to make full isolation of every executable the default and selectively introduce (fake) permissions, such that it just gets the minimum that is needed/desired.
I'm a big fan of the Qubes OS project, and I think they're on the right track there:
https://www.qubes-os.org/
Basically, have the desktop environment running in a non-network-connected machine, and have different VMs for different purposes with application windows seamlessly appearing on the desktop. If I have a spotify VM (or even listen in a disposable-removed-on-close VM), there's nothing for them to access.
EDIT: Not saying this is for everyone. At this point I would not let my grandmother use it. But I can see the concept becoming very easy to use.
As long as I can opt out of providing access to those features (photos, contacts, sensors) and still use the app, then I will do that, even if that means I get "reduced functionality" or however they spin it. I just want to listen to my music, I don't care about social features or anything like that.
But if I can only use the app by giving access to those features, even as a paid subscriber, then I will absolutely cancel my paid account and look to other services.
Once you've given those permissions on Android by installing/upgrading Spotify, you have no guarantee that the app won't use them without your knowledge. Any options to limit the features from inside the app itself are purely cosmetic from an access control point of view.
Not sure about Android, but at least on iOS, you aren't prompted to allow access to photos until the you attempt to use the feature in most cases, which is what Spotify are arguing for here. But you're right, once you've granted permission it's up to the app to be responsible.
Makes me think the OS should provide a 'Just this once' button when being asked to allow access to extra permissions.
If you're on iOS you always have to opt-in to give an app access to photos or contacts. On Android, you can't do anything about it now, but it should be moving to a similar system with Android 6 (marshmallow). Neither allows you to restrict access to accelerometers, light sensors, etc as far as I am aware.
If they siphon up your contact list and store it before Marshmallow comes out, blocking it later won't do you much good.
Many custom Android roms have had deep per-app permissions for years (CM is basically built around it at this point), and previous versions of Android loosely supported per-app permissions through the App Ops app.
Notch has a bad habit of getting caught up in drama and making loud but seemingly stupid statements about a situation before all of the information is out there.
Every time a company updates their app permissions, we get this kind of permission-hysteria.
THEY WANT TO DOWNLOAD ALL OF MY PHOTOS!!!
Well, actually, they want you to be able to set a photo as the cover of a playlist, and there is no difference between "Allow user to upload 1 photo" and "Have access to all of users photo" in terms of mobile permissions.\
THEY WANT ACCESS TO MY GPS!!
Well, actually, they're rolling out a Run feature already implemented on iOS, and, as always, you can disable GPS or customize its functionality on both platforms pretty deeply.
Every permissions update we get these histrionics. Notch should have the foresight to step back and listen before jumping in with a million followers.
> Well, actually, they want you to be able to set a photo as the cover of a playlist, and there is no difference between "Allow user to upload 1 photo" and "Have access to all of users photo" in terms of mobile permissions.
I think Notch's response is quite accurate: “But I do understand how easy it is to make up small features to require access to the entire phone so you can sell your customers.”
Two things can be true at the same time. Just because the public, published reason is innocuous doesn't mean there's not some MBA just waiting to get his hands on that data.
Eh, how do we know what they want? We have to give over access to all our info and trust they'll only use the bits they'll say? This is a problem of the permissions systems rather than of the company - but weather Notch is over-reacting or not is kind of moot:
“With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.”
It's hard to know what they really want and what they say they want - we need to fix the way we let apps use our data.
> Well, actually, they want you to be able to set a photo as the cover of a playlist, and there is no difference between "Allow user to upload 1 photo" and "Have access to all of users photo" in terms of mobile permissions.
There's no way I as a user can prevent other usage of my photos after I give them permission to access them all. I therefore have to trust Spotify that they won't abuse their access to my (and all the other people who install the app)'s photos.
Now I understand you trust them completely, and that's your right, I don't trust them at all especially considering their strong ties with Facebook.
Regarding their public 'Sorry' posted this afternoon: https://news.spotify.com/us/2015/08/21/sorry-2/ it's still vague. They state "Photos: We will never access your photos without explicit permission", but there's no state possible where the user can use the app and _not_ have given permission, as the app is only installable if the user gives access to the photos through the Android access rights at install time. After that the app already has access to the photos, and Spotify can state that they won't access the photos 'without explicit permission' but that's moot: to not give them explicit permission I have just 1 option: not install the app (otherwise I have to, see above). Which is a bit of a shit option, really, if you pay for the service (like I did) and want to listen to music.
> There's no way I as a user can prevent other usage of my photos after I give them permission to access them all. I therefore have to trust Spotify that they won't abuse their access to my (and all the other people who install the app)'s photos.
There are 3rd party systems like XPrivacy which allows you to individually allow actions like this.
> but there's no state possible where the user can use the app and _not_ have given permission, as the app is only installable if the user gives access to the photos through the Android access rights at install time
There's a bit of a difference between Notch (2.41 million followers), me (207 followers) and some new egg user (0 followers) saying something on Twitter. As there's no actual volume control for text, followers is a decent loudness rating for Twitter
If there's a miscommunication going on, the opening gambit came from Spotify. They could have spelled out in the TOS exactly what they would do with the data, and contractually bound themselves never to change that activity without issuing new TOS.
I didn't cancel my account (like Notch did) but I did remove it from my phone. It should be safe to continue using on my desktop unless they're mining data from my computer too.
It would probably be more financially rewarding to try to break the encryption on my password vault since I also stash my credit card information in there. I have a pretty boring life, so my photos wouldn't help them much (plus I don't have a Facebook account so where would they even use them?).
Readit News
Why a user cannot elect to nominally provide permissions to an app, but restrict the content of different grants (so an app may see an empty phone book by default or an empty Pictures folder) is beyond me. It borders on abusive.
More advanced people can use XPrivacy or similar:
http://repo.xposed.info/module/biz.bokhorst.xprivacy
And who installs apps on their PC anymore, maybe after your initial setup? The point is you install apps you know and trust. I don't think notepad++ is uploading my photo library somewhere.
And there's a word for PC apps that do the wrong thing: (ad/mal/crap)ware. It's one of the reasons I do as much online in a webbrowser as possible - its a hellla lot more secure than downloading and installing stuff all the time.
Actually, OS X now has the beginnings of an iOS-like permission system for location services and access to your contacts.
https://en.wikipedia.org/wiki/FreeBSD_jail
Also this:
https://en.wikipedia.org/wiki/Operating-system-level_virtual...
The problem is the way permissions work. You should be able to give temporary individual permissions to each app for each service to only a portion of your storage. For example, not all photos forever, but just these photos.
The way the permissions currently work on Android is insane.
It is also insane that people are okay with sharing all of this information with facebook, twitter, verizon, google, lyft, uber, yelp and 50 other apps.
That is much better handled by dedicated pickers running in isolated processes which can give temporary access to explicitly selected datasets without the application having any access rights to even those data in the long term.
Surely Android has some sort of media picker intent which lets users select media without giving applications "background access" to all your media library, no? Unless the application is image edition software, I see no reason for it to get any passive access to the user's images.
I haven't written any Android apps though so I don't know the details.
I do hope that, when application sandboxing goes mainstream, it is not only going to be used to mitigate dependency hell, but also to provide a nice and featureful (and usable!) interface for filesystem/networking/etc isolation and monitoring with white/black/greylisting and fake permissions (i.e. pretend an application has a permission and return made-up data).
Heck, it'd probably be best to make full isolation of every executable the default and selectively introduce (fake) permissions, such that it just gets the minimum that is needed/desired.
Basically, have the desktop environment running in a non-network-connected machine, and have different VMs for different purposes with application windows seamlessly appearing on the desktop. If I have a spotify VM (or even listen in a disposable-removed-on-close VM), there's nothing for them to access.
EDIT: Not saying this is for everyone. At this point I would not let my grandmother use it. But I can see the concept becoming very easy to use.
Deleted Comment
https://support.spotify.com/uk/article/how-can-i-close-my-sp...
Yet clicking on the "Contact Form" link returns me right to:
https://support.spotify.com/uk/contact-spotify-support/
Wash, rinse, repeat.
Digging through their forums I eventually located this:
https://support.spotify.com/us/close/
But if I can only use the app by giving access to those features, even as a paid subscriber, then I will absolutely cancel my paid account and look to other services.
Makes me think the OS should provide a 'Just this once' button when being asked to allow access to extra permissions.
If they siphon up your contact list and store it before Marshmallow comes out, blocking it later won't do you much good.
Every time a company updates their app permissions, we get this kind of permission-hysteria.
THEY WANT TO DOWNLOAD ALL OF MY PHOTOS!!!
Well, actually, they want you to be able to set a photo as the cover of a playlist, and there is no difference between "Allow user to upload 1 photo" and "Have access to all of users photo" in terms of mobile permissions.\
THEY WANT ACCESS TO MY GPS!!
Well, actually, they're rolling out a Run feature already implemented on iOS, and, as always, you can disable GPS or customize its functionality on both platforms pretty deeply.
Every permissions update we get these histrionics. Notch should have the foresight to step back and listen before jumping in with a million followers.
I think Notch's response is quite accurate: “But I do understand how easy it is to make up small features to require access to the entire phone so you can sell your customers.”
Two things can be true at the same time. Just because the public, published reason is innocuous doesn't mean there's not some MBA just waiting to get his hands on that data.
Deleted Comment
“With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.”
It's hard to know what they really want and what they say they want - we need to fix the way we let apps use our data.
Deleted Comment
There's no way I as a user can prevent other usage of my photos after I give them permission to access them all. I therefore have to trust Spotify that they won't abuse their access to my (and all the other people who install the app)'s photos.
Now I understand you trust them completely, and that's your right, I don't trust them at all especially considering their strong ties with Facebook.
Regarding their public 'Sorry' posted this afternoon: https://news.spotify.com/us/2015/08/21/sorry-2/ it's still vague. They state "Photos: We will never access your photos without explicit permission", but there's no state possible where the user can use the app and _not_ have given permission, as the app is only installable if the user gives access to the photos through the Android access rights at install time. After that the app already has access to the photos, and Spotify can state that they won't access the photos 'without explicit permission' but that's moot: to not give them explicit permission I have just 1 option: not install the app (otherwise I have to, see above). Which is a bit of a shit option, really, if you pay for the service (like I did) and want to listen to music.
There are 3rd party systems like XPrivacy which allows you to individually allow actions like this.
Use an iPhone.
Very vague, let me tell you what.