CyanogenMod May Soon Allow Users To Revoke Specific Application Permissions, Cue Mass Force Closing As A Result

Android Police

One of the ways Android protects application users from unwanted activities is by requiring every app to declare a set of permissions and allowing users to view those permissions during the installation phase. Don't like what an app can do? Just don't install it.

However, this all or nothing approach doesn't allow you to selectively turn off specific permissions, so if you don't like that an application accesses your phone state, you can't just disable that and still have the app installed. This forces you to either potentially compromise your privacy or miss out on what could be a great piece of software. Annoying, isn't it?

A change to this core Android paradigm may be coming soon to CyanogenMod users in the shape of a proposed patch, posted to CM's bug tracker by psychoi3oy (clever name, isn't it?) and developed by Plamen K. Kosseff. The patch would add currently non-existent methods to get and set permissions for specified apps, together with a related Settings area and a new android.permission.REVOKE_PERMISSIONS permission that would guard the new methods.

Adds support for revoking permissions.

- 2 new methods in PackageManager: set and getRevokedPermissions.
- new permission android.permission.REVOKE_PERMISSIONS that guards the new methods.
- new widget that can revoke permissions and is to be used in Settings app.

Change-Id: I19aace30b6e2bd2075231f8a8581c22b428e86e8

Patches get submitted to open-source projects all the time, and having one in no way means it will be accepted by the project admins. However, Steve Kondik, aka Cyanogen himself, left the following comment, which not only didn't dismiss the patch but made its integration with CyanogenMod seem quite a bit more likely:

Steve Kondik Mar 24

Going to save this for 7.1.

If implemented, the new permissions would revolutionize the way applications are handled in CM, but I am foreseeing a lot of problems if apps are suddenly denied access to what they would normally be able to do. Considering that in Android, once a permission is granted, it is guaranteed, I would guess most developers don't ever bother to catch SecurityExceptions. Guess what an unhandled exception results in (hint: it rhymes with "Smores Roses"). That's right - the app will crash, and you will start experiencing conflicting feelings of safety and rage.

As an Android developer myself, I hope the CM team will take these consideration into account and in case the patch is implemented, it is tweaked in such a way that it would deny permissions by faking requested resources rather than outright refusing them.

If you are an application developer, we'd love to hear you think - share your comments in that sexy rectangular field below.

Source: CM bug tracker, CM Gerrit Code Review