Google Play Store app

Important permissions bundled into a primary group, with common permissions relegated to a secondary screen

Google is pushing out a new version of the Google Play Store app. The biggest change in recent versions (we're currently at 4.8.20) as we see it so far is that the permissions you see listed when you install an application have been scaled way back and are almost written in English.

That's long been a complaint of ours. Permissions are a tricky thing to explain properly, as apps often need access to things like the Internet or your contacts. But giving detailed technical explanations sometimes does more harm than good. Now, permissions have been placed into groups.

Here's how Google puts it:

To help make it easier to understand what an app will have access to, the Play Store has recently made improvements to how permissions are displayed. Permissions are organized into permissions groups, easily identified by icons (example: Location Location) to help clarify the most important information and capabilities an app can access on your device. This information can help you make an informed decision more easily on whether you would like to install the app.

Using the Android Central app as an example, you'll be told that our app "uses one or more of: files on the device such as images, videos, or audio, the device's external storage."

Android Central App Permissions

Things have changed a bit in the traditional desktop browser as well. There's once again a link to view permissions without having to hit the install button (that's a good change), and there you'll also see that our app has full network access, can set a wallpaper and view your network connections.

The idea, Google says in its support page, is to move common permissions — say, network access, because an app needing to be online is pretty common — to a secondary screen. Looks like for now those don't show in the app, but you'll still be able to get them in the web browser, and you can view any app's full permissions in the settings menu.

More: Google Play support

 

Reader comments

New Google Play Store greatly simplifies permissions

55 Comments

You are absolutely correct. However, because of how google staggers the push of these updates (and how soon both were released) some people skipped past 4.8.19 and went right to 4.8.20.

Really excellent change, probably wholly inconsequential for most readers here but this is huge for the neophyte and it makes it easier to urge people to read permissions before downloading apps.

There is still that strange combination of device id and call information. Still hoping that they separate those two.

While I agree with you, imagine what would most likely result: a bunch of general users who revoke enough permissions to render the app useless and then leave a horrible rating.

The complexity for the programmer to have to code in all of the possible exceptions due to having missing permissions in order for the app to at least "appear" to work would be an absolute nightmare.

Yes, it would be cool, but in the end, it would ultimately push both users and developers away from Android, in my opinion.

Posted via Android Central App

That is all moot, the users didn't get access to it in the first place anyway, you had to download an app to get access to it. They could easily retain access to App Ops without root and leave it hidden or move it to Developer options.
android central app

I'm just really trying to figure this out and I don't own an Apple phone but I do see that in the privacy settings on an iphone you are able to prevent access to contacts location and other information and their apps work fine, so my question is how are they able to do it and Google can't?

It's a choice. Certain permissions (such as access to the GPS) can be individually toggled on iOS. I has (I believe) pretty much always been that way. It's not that Google *can't* but there would certainly break a *lot* of apps in the process. And being able to toggle GPS on/off for specific apps isn't nearly as complicated as being able to toggle each individual Android permission on and off. The way it works on iOS, for the location stuff is that, if you disable an apps ability to use GPS, iOS simply tells the app that the GPS chip is "turned off".

There has been talk of doing something similar with Android, where you could pass an "empty" contacts collection, if you turned off an app's ability to access your contacts, for instance. But this still requires some pretty careful consideration before making changes that might potentially break 80% of the apps in the Play Store.

Maybe the renewed focus on this stuff, however, is an indication that Google is finally looking to do something about this. Who knows...

You have that ability from 4.3 to 4.4.1, but Google took it away staying from 4.4.2 unless you have root.

android central app

It entirely likely that Google is getting ready to "put it back in" with the next Android release. The fact that it was in 4.4.1 shows that Google's been working on it, but they might have just decided that it wasn't ready "for the masses" yet. Maybe they've been working on getting it there...

Well if app has permission to use internet and use storage that means that if it is malicous app it could put all files from storage to some places in the internet.

I have sony smartwatch 2 app which gives all notifications to smartwatch but it has no internet permission so it could not copy all my whatsapp/viber/sms/ messages etc which will show in notification drawer and send them elsewhere. And these apps have only 5000-100 000 downloads thought even that would not protect from spying...

You are correct, which is why you should never have any "sensitive" data stored on your SDCard, and why Google is moving towards tightening security on the SDCard.

The difference being that apps cannot see each other's data on the internal storage (not referring to the emulated SD-Card, because that is treated just like the external SD-Card).

You could view all permissions prior to installing from the Play Store app. Just scroll down further and youll see a "view details" link in blue...

It's also probably worth noting that this update removed the network communication permission from install button's permission list, which is kinda lame. Some programs needed more "serious" permissions but didn't require any access to network connectivity. That was a solid indicator of safety and privacy. (I can think of ways around this, but in general...)

It's also probably worth noting that updates can enable any ADDITIONAL permissions from any permission group they have access to without so much as informing the user.

This makes it easier for me to know not to update facebook, because to see all the permissions even collapsed I have to scroll. Just to bad I will want another phone come August.

I have never seen an actual update for Google Play in Google Play. I always get my update via a reputable external site. What's up with pushing updates for your own damn store Google!?

Posted via Android Central App

Mine always updates in the background through Google play services. Am I wrong that this is how this works?

Posted via Android Central App

You are correct. The PlayStore updates on its own, automatically. You will never "see" an update for it. Some people, though, get impatient due to the way Google staggers its updates to devices around the world, so they download them from sites like this. Doesn't mean they wouldn't have gotten the update automatically later.

It takes a lot of bandwidth to send 10MB of data to 1 billion people ;)

I have 4.6.17 right now on my Moto X, does that sound right?

Posted via Android Central App on my Republic Wireless Moto X

I just went into the settings in the Google Play store and tapped the build number. A popup said "a new Version of Google play store will be downloaded and installed." I had 4.6.17, now I have 4.8.20

Posted via Android Central App

" The idea, Google says in its support page, is to move common permissions — say, network access, because an app needing to be online is pretty common"

But important... Of a keyboard replacement wants to access the internet then you need to be really careful. Similarly network access is the only way an app can do real harm so it should be obvious to a user if an app that doesn't normally need network access wants it.

Posted via Android Central App

I wish they'd limit permissions to just location. Why do they need access to Photos- NEVER or media and other files!! give them generic 'sales' data (male/female, country/state, age) they don't need anything else.

Wanna post a picture to Facebook? How about send it via a third party sms? Or post a picture on a yelp review?

Sometimes it needs more functionality than you think

Posted via Android Central App

If an app needs an update and it requires additional permissions, the new version of Google Play does not highlight what those new permissions are - it just shows the entire list of required permissions.

At least that is my experience. Does anyone know if it's possible to bring back the "new" flag that used to highlight the new permissions?

It used to flag added permissions with a green NEW. Doesn't seem to do that, as far as I can tell. Very sad Google. :-(

Correction... It does show them, just not when you hit the update button. If you scroll to the bottom, there is an option for permissions. Select that and you see all the permission with new flags on those to be added. That is a little more hidden, don't like it Google. Why not just use flags in the update popup like before?

Knowing the required permissions does not help. Being able to choose the permissions to allow does. For example, a taxi app is needed to book a taxi, yes? Why does it need access to my "Photos/media/files - files on the device and external storage", and my contacts/calendar? AFAIK, it does not need them, but I can't install the app without granting it access to these sections. Not acceptable. And that is just one example.

Posted via Android Central App

This seems to be less for the end user and more for scrupulous developers. If I read it correctly thry can add permissions in a group already implemented without you knowing. A lumped all or none. Sure, the old way was more confusing but at least you were told everything straight. It's like lying to a child because you don't think they can understand the truth... It seems like Apple.

The other day I went to install an app. Because of this update, it seemed to not require many permissions. I tapped on the "Other" header to expand that section, and in there is said the app needed full access to all controls and data on the phone. If I hadn't expanded that section and read through it, I never would have suspected the app of requiring so much. I was disappointed that this update seemed to hide such important permissions.

All this change does is make using the Play Store and the apps within it less secure. First, Google stopped separating the apps that require new permissions from those that don't in the updates section, to help the users keep track of which apps are trying to increase their foothold on our devices. Now, you don't even get a warning anymore when updating an app if it's increasing its permissions. The only way to know is to go through the extra step of scrolling down and clicking the permissions link.

It's as if Google is intentionally trying to sabotage the security of Android users. Considering their history of violating their users' privacy, and the fact they themselves frequently add new permissions without explaining them, it wouldn't surprise me in the least if that's exactly what they're doing. Google has shown over and over they don't care about their users, what they need or want, or their privacy. All they care about is money. And while they keep making changes like this that only worsen the user experience and hinder security, there are still multiple issues with the Play Store which have existed anywhere from months to years that are not being dealt with.

Yet all the online "media" sites can do nothing but continue to proclaim how great Google is and how wonderful this new change is, completely neglecting the users and their privacy and security. They're supposed to be reporting for and in the interest of the users, who are their audience, not Google, etc. It makes me wonder if Google has bought them all off, since they act more like an advertisement than a news source.

Your post carries an air of conspiracy theory that many will dismiss, but they shouldn't. I agree with your assessment, and I too am taken aback that the multitude of news outlets (AC included) are accepting this as a good thing. It is beyond reason how one who is even half immersed in the Android ecosystem could see this as anything more than a blatant threat to User security. Is Google that out of touch with the goings on in the world these days? How could they be? Their biggest mobile competitor, Apple, just released the exact opposite... An update to shore up security for their mobile users.

It makes me sad to be an Android user. I hope some form of open, customizable OS becomes available soon. I'm no longer happy following Google down this road of selling it's user base for pennies on the dollar.

Here's xda developers recent take on these changes, to give some perspective...

http://www.xda-developers.com/android/play-store-permissions-change-open...

This is a HORRIBLE idea, HIDING THE SPYING that is going on, especially now that we've learned that the NSA is actively hacking into our phones using backdoors into apps. And if you think I'm the only one with this opinion, check this out: http://tech.firstpost.com/news-analysis/google-play-store-ui-change-mean...

Fortunately, there is a workaround to prevent the Google Play Store from automatically 'updating' itself without user consent, do that after uninstalling the update, it's based on a script first discovered at the time when it was called the 'Android Market': http://www.redmondpie.com/how-to-disable-android-market-from-automatical...

I'm running a Galaxy Note 2 under JB 4.1.2 rooted and it seems to be working fine. No unauthorized updates since doing this procedure.