How Android’s new App Ops controls could encourage privacy by design

It looks like the latest version of Android(s goog) has an interesting little feature tucked away: granular controls for app permissions. The Android 4.3 feature, called “App Ops”, has just been flagged up by Android Police on Friday, and it looks like it could be a game-changer when it comes to privacy.
By way of example, App Ops lets the user turn off various pieces of functionality in the Facebook(s fb) app, such as location or the app’s ability to tap into the user’s phone contacts. It also informs the user when the app last deployed specific functions – a handy way of finding out what’s causing all that battery drainage. It’s all pretty buried, although some enterprising soul has already created an app to allow straightforward access to the feature.

Breaking’s bad

For users, all this is great news. At the moment, when you install an Android app you get presented with a list of the permissions it requires but you don’t get to pick and choose – it’s all or nothing. I certainly know granular controls would make me feel more comfortable about using Facebook’s app; I never check in anywhere and I just want the feed. I want more control over what these services do, and App Ops looks like it may satisfy that need.
For many developers, however, it could prove an utter nightmare. In the quest for privacy or longer battery life, many users may turn off bits of functionality then later wonder why those elements of the app don’t work. Apps will break all over the place, unless developers change their mindset. And that’s possibly the best effect that could come out of this feature: welcome to the concept of privacy by design.
Privacy by design is a set of principles promoted by data protection watchdogs, notably Ann Cavoukian of Ontario, Canada, that involve having privacy in mind right from the start of a system’s creation – it’s the opposite of what usually happens, where privacy controls are grudgingly tacked on in order to meet some regulation or calm users down after bad publicity, but without having privacy ingrained in the system.
The reason privacy is not baked into many apps in this way, is that the concept runs counter to the developer’s current or potential business model — it’s that whole “if you’re not paying, you are the product” thing. So what happens when the user gets to stymie their own monetization by turning off the bits of the app that they don’t like? The app breaks from a business model point of view, that’s what.

Incentive for transparency

In effect, this should lead many developers to be more upfront about what their apps actually do, and provide a better explanation of why the app needs to track you, and tap into your address book, and so on.
Right now it’s in the interests of the developer to show you a quick rundown of the permissions the app needs, so you just go “yeah whatever” and click install. If App Ops then raises the specter of broken apps and all-round support nightmares, it will be in the developer’s interests to make a more honest and thorough pitch at the installation stage, to save heartache down the line (and yes, I realise this will need to be reflected in Google Play’s installation procedure).
Even if the developer doesn’t choose to go that route, App Ops will certainly encourage the re-architecting of the app to make sure that the switching-off of one component, such as tracking, doesn’t break too many other parts of the app. In that scenario, too, the user is the winner – they get to exercise control without being punished by a broken app.
All in all, this looks like a positive move on Google’s part, so let’s hope it gets unburied soon and made into a mainstream, easy-to-access Android feature. After all, good privacy practice is all about transparency and choice, and this could be a great way to deliver that.