Android App ops

EFF warns against updating to Android 4.4.2 KitKat over privacy fears

The Electronic Frontier Foundation (EFF) has hit out at Google after it emerged that the App Ops interface was removed from Android in the recent 4.4.2 update. App Ops was introduced with Android 4.3, making it possible to disable specific permissions for individual apps.

Using App Ops, apps could be prevented from accessing information such as location data and SMS messages. Following its removal, the only simple way to prevent an app from taking advantage of all the permissions it requests is to make sure it isn’t installed on your devices in the first place – a return to the take-it-or-leave-it policy of old.

Although LBE Privacy Guard – a third-party app available from the Play Store – does allow for permissions to be set on individual apps, it requires a rooted device.

Although the EFF has warned of the dangers of installing Android 4.4.2 KitKat, it also acknowledges that the update includes some important security fixes. This puts anyone thinking of upgrading in a difficult position, essentially left having to balance privacy against security.

“We would have to advise you not to accept the update to 4.4.2,” said Peter Eckersley of the EFF.

“But this is also a catastrophic situation, because the update to Android 4.4.2 contains fixes to security and denial-of-service bugs. So, for the time being, users will need to chose between either privacy or security on the Android devices, but not both.”

Google have informed the EFF that App Ops was only ever an experimental feature that was included in a final build by mistake. The company said that overriding the permissions requested by apps could lead to stability problems.

The EFF has been quick to dismiss Google’s comments, however, pointing out that Android could just return artificial data. For example, when an app requests a phone’s IMEI number or location, it could still receive a response, but be provided with fake information.

Image credit: EFF