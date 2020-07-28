A smartphone needs to do more than send texts and make calls. That’s the whole premise behind the term smart — an ability to do more than basic features. Android phones can do almost anything, and that makes them a very powerful tool for all of us.

But being able to do so much means that rules need to be set, or everything will quickly become chaos. We want our phones to do something, so we install an application that can do it, and that application runs using the platform that is Android. Android has to decide how, when, and sometimes even why an application can do its job.

There need to be some rules, but those rules need to evolve along with the rest.

One of the ways this is handled is through Android’s app permissions. Applications that want or need to perform a specific action can’t do so unless permission is granted. Now, I’m a firm believer that we should be able to grant any app any permission we like and likewise refuse any app when it asks for any specific permission. We bought the phone, and it’s our data that is being accessed and acted upon.

Android has slowly moved to a model that sort of works this way. Since Android 6, apps have been able to use more granular permissions that we can choose to grant or deny whenever we run them. That’s great, but not every permission problem has been solved yet. Permissions are still lumped together in many ways and untangling this really needs to become a focus as Android evolves.

If I want to let an app share a photo or anything else, there is no reason why I should have to grant that app permission to read my contacts. This is a simple example that says everything about what’s wrong with Android permissions. Companies that make Android apps get blasted every day because they have very broad and seemingly unnecessary permission requests, but often it’s not the app that needs to be blasted.

A good example of this is DJI’s Go 4 app. DJI builds drones that allow you to use your phone as a controller. Security researchers recently had some concerns about the app and published a list of issues that could potentially be used to leak our personal data. Some of the concerns are bugs or practices that deserve questioning. However, one specific concern is how social sharing through SDKs (Software Development Kits) from platforms like Facebook, Twitter, or Instagram means the app needs access to all of our photos, all of our contacts, our location, our SD cards, and our camera and microphone.