Android 4.4.2 removes hidden App Ops privacy feature, EFF grills Google about it

by: Chris SmithDecember 13, 2013


When Google released Android 4.4.2 a few days ago, it removed a hidden privacy feature called App Ops – many of you may know about it, while others may read about it for the first time – which was available on Android since Android 4.3, and now the Electronic Frontier Foundation (EFF) wants it back.

The app allowed users to better control what kind of data Android apps can have access to and/or collect, assuming that users knew about it and how to activate it. Despite being discovered for quite a while, App Ops was never an app that was immediately available to Android users – in other words, if you didn’t know about it, chances are you wouldn’t have discovered it and used in the first place.

Google apparently told the EFF that the app was released by mistake and that it could break apps if still left inside the OS. However, that’s not necessarily a great argument for Google, especially after only recently a flashlight app has been found to access location data and share it with advertisers even though users may have believed they opted out of it.

It’s one thing not to have an app that can have a saying in what kind of data apps access and collect, such as it was the case before Android 4.3, and quite an other to have the app removed starting with Android 4.4.2 – this obviously applies to Android users that knew about App Ops and were actively using it. For everyone else, it’s as if the app never existed. In fact, Android Police reminds us that App Ops was meant to be an internal tool for Google, as confirmed by Android engineer Dianne Hackborn in early November.

As for the app itself, the EFF has extra suggestions for it in case it will be brought back to Android, as in its current state, the app lacks some “fundamental pieces:”

  • Android users should be able to disable all collection of trackable identifiers by an app with a single switch, including data like phone numbers, IMEIs, information about the user’s accounts.
  • There should be a way to disable an app’s network access entirely. It is clear that a large fraction of apps (including flashlights, wallpapers, UI skins, many games) simply don’t need network access and, as we saw last week, are prone to abuse it.
  • The App Ops interface needs to be smoothed out an properly integrated into the main OS user interface, including the Settings->Apps menus and the Play Store. There are numerous ways to make App Ops work for developers. Pick one, and deploy it.

Let’s hear it from our readers, have you used App Ops to disable permissions for apps?

  • APai

    More Power to EFF! only they seem to be on the side of the user. none of the corporates nor the government cares for the people

  • TechGuy

    Users own their data and should be entitled to the privacy they desire. If an app requires private data it should be easily possible to disable that requirement. If the app will not work without such access, that is the choice of the app creator.

  • gommer strike

    Yeah, why does a flashlight, calculator, or a compass app, need network access at all? There are indeed apps on the Play store which allow you to control your apps with granularity, but to make things ironic, these very same apps…want network access. Permissions Manager is one of the few good ones, but requires root.

    • joser116

      Free flashlight, calculator, or compass apps need network access to display ads that support the developer.

      • Mike Reid

        That’s right.

        Most people expect free apps, and many pirate when they aren’t free.

        Devs have to make money SOME-where.

        That said, there will always be nasty apps and excessive amounts of data grab, but these things can be subjective.

    • CRiTiCaL_FLuX

      Yeah, network access is usually to display ads, but when a calculator wants your location and access to your contacts list, you know something’s up.

  • Androidway

    These updates are so fast. Imagine how long it will take phones like S4 or HTC One to get to 4.4.2. I know it just fixes some bugs, but still…

    • Aaim khan

      How can I install in my S4 I9505 I try to installing but in recovery mode some failed erore connecting so please say me about of installation if other easy way

      • AndroidBoss

        You can’t get any updates on the S4. Like the 4.4.2 is only on the Nexus 5 and maybe Nexus 7. Non Nexus devices take a long time to get these updates. People root their phones in order to get something similar to the updates, but I wouldn’t recommend it.

        • haha get some knowledge

          Lol have you even tried? I root to take control of my phone for how I want it… Not to be hearded the way the corpates want me to use a phone that * I own * … Ever ask anyone on a infuse if they hot past 2.3.* ? Most won’t – the few who have 4.2+ actually have rooted and want the best most up to date software… Nothing like waiting 2 years for a incremental update from 2.2 to 2.3 when 4.0 had been out for 6+ months…

      • How about reading whatever guide you’re following properly? #alwaysthefirstflaw

  • districtjack

    I enjoyed using Permissions Manager App Ops 4.4 to restrict a permission that I believed an app did not need to have.
    The best feature it offered was the date and time any app had used a permission. That was a impressive bit of info, being able to know that a good app used my contacts list 6 months ago or a questionable app with many unneeded permissions had in fact not accessed those permissions.

    Unfortunately, the app is now useless after the kit Kat update. According to the app developer Alvaro, the only way to remedy my situation is to root. He says “App Ops no longer works on 4.4.2; Google removed it again, properly this time. There is no solution for now without rooting the phone.”

    I guess google removed App Ops because too many customers were playing with it and breaking their phones and flooding the system with crash reports and complaints.

    • APai

      they can leave it for those who root & mod right ? at least those who care about privacy must be able to do it.
      but google’s primary revenue source is peddling ads, so of course they have an interest to make it as tight as possible.

      app ops might be a colossal mistake by google, which they closed soon.

      sadly for us users, we need need guys like eff to get things done. corporates will happily screw us over at the drop of a hat. (it’s a free service right ? you’ve sold us the right to your data)

  • GiggidyGoo

    I use Xprivacy. App opps user interface is too half baked. But I do care about the ability to control what we share. There just so many apps requesting unnecessary permissions. At least Google should make developers state explicitly what each permission is for during an app install. Otherwise they are just meaningless to everyday users. Even I have hard time keeping track with app permissions. Luckily Xprivacy is there to help.

    • Deborah

      I’m a new android user..unhooked from Apple yesterday. The lack of access to permissions for apps is creepy.. I had the AppOps on my phone for about 30 minutes.then upgraded to Kitkat not realizing it would kill it.. What is Xprivacy?

  • Pranav Arora

    I shouldn’t have updated the damn version.
    Seriously Fuck you Google!

    • Brian

      Yeah. Google really put you out. What were they thinking.

  • Bob

    We should have the right to restrict app permissions. I am an App Dev, but still believe we should have this.

  • Spikedude

    If you’re rooted, install the Xposed Framework module AppOpsXposed to restore the app ops function in KitKat 4.4.2.

  • HulkBanner

    I uses it all the time and loved it, its unfortunate that they are taking it out…..I mean who has the the time to go through and pick and choose what apps get access to what, or if they even understand the consequences. I mean if I install let’s say Angry Birds, why the hell do they need access to my contacts, does not make sense. I think they should put it back in.

  • thomas sim

    It seems to me that it was removed so we wont discover more of ‘flashlight’ incident.

  • eric Soulliage

    android firewall is great to let you enable data transmition per apps , let them collect , jsut deny them transmit

  • Allan

    Like everyone is saying, this is just plain stupid. On the other hand, maybe Google is giving into the pressure of App Devs who receive negative reviews from App Ops trolls?

    Anyways, AppOps for Xposed or XPrivacy is the way to go.

  • asdfadfawf

    I can’t find the Hidden Apps after the update

  • Lee

    Looks like this might be further evidence that Microsoft’s message with it’s Scroogled merchandise is right on the money about Google. It does seem to need to keep stealing your data.

    Of course, that doesn’t explain why Google built and distributed AppOps in th first place. Curious…

    Best outcome (for users)? Google polishes any issues with AppOps and reinstates it in Android 4.4.3…..

  • droidsail

    DS Super AppBlocker, a third-party AppOps manager, support Android 4.3~Android 4.4.2+

  • So when will Google bring it back? It has been 4 months now. What are they doing? Do they have a plan for this? That’s all my care about. Back EFF!

  • Maenad

    Facebook app asks for MASSIVELY excessive permissions

  • RandomPerson

    Google is always doing something stupid, U’d think for a big corporation they want what the user or there customer would want. But they are more into keeping us in the dark. I like android because of the more feature it hold but it lacks security. Apple product suck at everything but have a strong security.

    As an RN i am constantly using my android tablet with work related, i have over tons of patient files that should never be exposed. I am only stuck with a Password or 4 pin tablet lock. I wanted to use an APP even if i have to pay for it to keep all my files secure, as i began searching for these kinda apps i notice all these apps require permission as to Read/Write SD, Network, Contact, GPS.

    Seeing these kinda permission is a big sign of NO. I just wanna lock my files from other to see why does the app require all this stuff?. Google doesn’t care about security breach apparently. Which comes to a conclusion that Google OS and Window OS are still the common system to breach with even tiny malware. While iOS can be breached but is highly unlikely. I prefer to have Highly Unlikely then 90% possibility of breach.

    I’d also like to know why Google is fine with people rooting/Bricking there OS but when it comes to security permission they remove the feature, like how the hell does that make any sense?. Having an APP to remove certain permission without Root is a plus. Now more people will just root and have full access of the OS Core system. Nice Job Google seriously nice job.