Here I am, in Google Play, getting ready to install “Amazon Shopping” onto my Android Phone. I have to admit that it is generously and honestly warning me about the parts of my phone that this app will have access to.
Examples: It wants access to my microphone, I suppose so that I can tell it what I’m looking for, instead of typing. Likewise, I suppose it wants access to my camera so that I can show it a bar code. It wants access to my SMS, probably to send me a text message to confirm my purchase, but I think that would come from their SMS, not from mine. Anyway…
Why on earth does it need access to my Contacts? The only answer I can think of is so they can send spam to my friends, relatives, and coworkers. And why does it want access to my Photos/Media/Files? So it can make suggestion about think I might want to buy?
I really do not want to give up my privacy to Amazon on these things, and so I will shop on Amazon via my PC, even if it is less convenient than my phone.
My question for GQ is this: Am I mistaken? Do they have a legitimate need for these things? What might those needs be?
Please note that I am not singling out Amazon in this rant. There are many apps that I’ve refused to install. And many are from apparently-legitimate businesses! For example, there has been an update to Microsoft Word available for several months, but I have not updated it, because it wants access to my Contacts. Why would it want that? Am I beeing needlessly paranoid?
For small/independent apps, it’s often because the developer is a doofus and doesn’t know how to scope things properly.
Google Play is trying to encourage developers to explain why they need various permissions. I just checked out the Amazon shopping app and they haven’t explained why they need all that stuff - and it does look like quite a large, intrusive list. I can’t think of a good reason for some of them - I can think of bad reasons such as Amazon wants to use your personal information to target you more incisively with advertising and offers.
The worst I’ve seen is the app for the local Regional Transit Authority. OK, asking for location makes sense, so you can ask it for the quickest route from “here” to wherever you’re going. But camera, microphone, contacts? The one thing that it doesn’t ask for is in-app purchases, which is odd, because the primary purpose of the app is buying fares… and if they’re not using in-app purchases to process payments, then what are they using, and why should I trust it?
Thank you for validating my suspicions. I can easily see how the local transit folks might be understaffed, but Amazon and Microsoft - not so much.
I am curious how these warnings work. Suppose I make an app and try to put it in the Play Store. Does the “camera” warning come up because Google has analyzed the code and determined that the app uses the camera? Or does the warning appear by default unless I prove/certify/whatever that the app does NOT use it?
If the answer is the former, then I don’t see how the “doofus” factor would be involved, because there is something in the app that is accessing the camera, even if only in a rare combination of circumstances.
I wish I knew how to contact someone at Amazon or Microsoft to ask/complain about this stuff. What a shame that they are so big that they no longer need to care about small market segments like us.
Perhaps the camera access is needed to scan barcodes and the microphone access is needed in case you need voice to text because you have some sort of handicap that limits your ability to type. Contacts is the one I don’t like, why the freak doe any app need to know my contacts?
They seem pretty benign. The reason for the SMS is given as:
They give the reason for the contacts as:
The camera is needed so that you can scan barcodes. The mic is so that you can do voice searches.
Personally, I have no concerns about installing apps from major companies such as Amazon or Microsoft. I believe they only use my information as necessarily so I can make use of their apps and do not sell or share my information with anybody. If you’re paranoid about trusting them, you may as well be paranoid about using your bank’s app or your pharmacy’s app. My bank’s app needs to use my camera so that I can deposit a check to my account. I don’t worry about the security of that. My pharmacy’s app has access to my prescription history so that I can order refills and pick them up more easily. If you can’t trust the companies that offer apps, you might as well not install any.
My feeling is that trust needs to be earned, but I have a fairly low bar for earning it. Those few words were quite adequate to move them from suspicious to trusted. Thanks again.
Except that it’s not “the local transit folks”: The same company, using only slight variations on the same app, serves the transit systems of a dozen different cities. And it’s not that they were too lazy to turn off all of the permissions, because they did turn off in-app purchases, and then set up their own payment system of some sort, which had to be a lot of work to do it right (if they did do it right, that is).
If you’re running Android 6.0 and up, you actually have the capability to allow and deny app permissions individually with the caveat that, yeah, if you deny it access to the microphone, you’re not going to be able to do voice searches and so on.
I have an iPhone but I think this applies here - when I install an app, unless I can quickly determine why I might need a feature, I generally deny it. If I end up needing it, when I go to use the thing that needs it, it will ask for permission again and tell me how to turn it on in Settings.
So for something you might use once, they get access to something they don’t really need. Also, couldn’t they just send you a text & have you type in the value, like most two-factor authentication places do & bypass the need for this access?
What happens if you want to send a gift card to someone who isn’t in your contacts; can you manually type their email address in? If so, why can’t you do that with people in your contact list, it’s a simple cut-&-paste.
They also want access to location, even though it is only used for two countries.
You have read of some of the high profile data breaches, right? If they get hacked but can’t access your sensitive data, then you are protected. I’m not giving out access just because someone may, possibly want it one time.
I am also amazed by the number of apps that request location info. ALL of the major action cam apps (GoPro, Garmin Virb, Fly360°, & Sony) now request it, even though they didn’t in previous versions. The apps are basically remote controls &/or remote viewers to be able to ensure the way you’ve mounted your camera really is the angle that you want (which you can’t tell on something like a body mount - is your helmet cam pointing out, two high, or two low?)
Why the 'ell does the manufacturer need to know where I’m shooting? I actually use my old phone as a dedicated remote control for them since it has the older, non-GPS apps, but at some point I suspect it won’t work with new cameras &/or new camera controls.
This is wonderful news, thanks. At the moment, I am still on 4.4.2, but I plan to get a brand-new one in the new week or two. I will certainly look for this feature!
It’s not all that great. Some apps will just put you in a loop: “It looks like you’ve denied access to the camera. We need it to work right. Please try again.”. Others will just crash. Don’t upgrade just for this. I’m not very familiar with the iOS permissions model, but you may want to do more research on that… hearsay makes me think that it’s a saner model than the Android approach, but I could be wrong.
If you’re worried about app permissions, just use the Amazon mobile site instead.
Oooooor better yet, make a limited user account on your phone just for questionable apps, and let the apps have access to all the random shit in that user account that you dont’ use anyway.
There’s a permissions “manifest”, a file written by the developer that tells Android which permissions it needs. It’s just a list: I need the camera, the SMS, calendar, etc. If a developer fails to include it in the manifest and/or the user doesn’t agree to that permission, Android will deny usage of that particular function and the app will either gracefully degrade (“Ok, you don’t want us to access your calendar. We won’t be able to export events for you, but that’s ok!”) or refuse to work (“We absolutely need your calendar. Sorry. Please try again.”) or just crash. Just depends on how the developer coded it to handle refused permissions.
Reply has it right - there’s a checklist when developing apps for the developers to indicate what capabilities they might need. If they’re careless they’ll check everything just in case. I teach Android programming, and these just started showing up last year, so older apps won’t ask for permissions, while newer apps are required to ask. (It broke a lot of code that used to work for my students, plus the sample code in the Coursera course I took last summer.) If you don’t allow some permissions when installing, the app is supposed to ask you to turn it on (such as the camera) when needed, and if you say no at that time, to fail gracefully. You can turn permissions on or off by going to Settings - Apps - and select the app and change its Permissions.
And many are from apparently-legitimate businesses! For example, there has been an update to Microsoft Word available for several months, but I have not updated it, because it wants access to my Contacts. Why would it want that? Am I beeing needlessly paranoid?