App Ops showed up in Android 4.3 and made it possible to revoke permissions on a per-app basis. It wasn't exposed in the main system settings, but it was easy to access. Then Android 4.4 made it quite a bit harder to get to, and now it appears to be completely missing in 4.4.2. What gives? Well, Android engineer Dianne Hackborn has indicated App Ops was never meant to be a user-facing feature in the first place.

nexusae0_131 nexusae0_2013-11-25-07.01.26 nexusae0_2013-11-25-07.01.51

This information comes via Color Tiger, which recently built AppOps X as an enhancement to the stock App Ops UI. After the 4.4 update AppOps seemed to be missing, which one of the devs posted about on Google+. Hackborn responded to the developer's post, pointing out that Google uses App Ops as an internal testing and debugging tool – it was never designed to be seen by end users, which is why it wasn't given a spot in the system settings, or even the developer options.

Some folks have cried foul at Google's efforts to hide App Ops, but it sounds like Mountain View never intended to give us access in the first place. Hackborn says App Ops as it exists now will never be user-facing. Perhaps somewhere down the line similar functionality will be rolled out for third-party developers, but nothing's certain. So don't expect Google to change its mind about this.

[+Danny Holyoake]

Ryan Whitwam
Ryan is a tech/science writer, skeptic, lover of all things electronic, and Android fan. In his spare time he reads golden-age sci-fi and sleeps, but rarely at the same time. His wife tolerates him as few would.

He's the author of a sci-fi novel called The Crooked City, which is available on Amazon and Google Play. http://goo.gl/WQIXBM

  • http://k3rnel.net Juan Rodriguez

    And this is why Custom ROMs really shine. :-)

    • jammer

      Yep. Hopefully this doesn't affect CyanogenMod's efforts with privacy guard.

      • http://k3rnel.net Juan Rodriguez

        Given that CM already has root, and Privacy Guard. I'm sure that it'll stick around. After all, aren't all CM users "testing and debugging only"? ;-)

      • Eran Murat

        Privacy guard came out before app ops, so I don't see why it should matter to CM that app ops cannot be accessed anymore.

        • cj

          CM merged their privacy guard and app ops implementation. So changes to app ops will in fact affect them AFAIK.

          However this change should not matter much to custom ROM... app ops is still very much present in the source code

    • didibus

      This right here, might push me back to CyanogenMod

    • https://steamcommunity.com/id/m-p-3 m-p{3}

      I think the Xposed framework reintroduce the feature as well, without having to flash a custom ROM. Only root is necessary, so that could be useful for those lesser known devices which don't have much community development on them, but still can have root.

  • Cherokee4Life

    So I should be glad by Nexus 5 didn't get 4.4.2 yet? Half is glass full today boys!

    • Roemraw

      "Half is glass full today boys!" ???

      In soviet russia: The half is glass full :P

      • Cherokee4life

        I re read that at least 10 times until I saw what you were talking about haha my bad

        • Roemraw

          xD I know what you mean. I read your comment multiple times before I finally figured out what part of it stood out. It's so easy to miss!

          But you are right though. Got 4.4.2 yesterday and already missing the app ops :(

  • UniBroW

    That's pretty shit, oh well. I guess if my Note ever gets 4.4.2 I'll either have to give in a root it or just get rid of apps that i don't like having my location

  • Bluewall

    "Used For Internal Testing And Debugging Only"
    But what if we also want to do testing and debugging ? :D

    • RyanWhitwam

      You're not "internal." ;)

      • dickiedickiedohickie

        If you keep opening your mouth with your tongue out like that we all will be in a minute.

      • Mkvarner

        He probably prefers to ignore your comment ;)

      • Ted Strayer

        Not with that attitude...

    • NF

      What if I want to dogfood Google apps before they're released?

  • Abhijeet Mishra

    It really needs to be user-facing, at least for disabling things like location access and notifications. One of the things I like about iOS is how there's a simple switch to disable apps from using location services and displaying notifications, two things that are often a problem if a user doesn't notice them. Every app on iOS will ask on first run whether it can send you notifications (I guess the OS makes that a requirement), which is something Android should also do as it can reduce the spam notifications can create, especially from games (the way to disable notifications from the app's info page is a stupid and totally inconvenient method, not to mention basically non-discoverable for normal users).

    Oh, and a Do Not Disturb-like mode would be great too, but one step at a time I guess.

    • jammer

      I use CyanogenMod's privacy guard to prevent LinkedIn from stealing all of my friend's contact info when I accidentally hit the continue button on their app.

    • Guest

      We already have settings for disabling notifications per-app and the location access menu (4.4) tells you which apps are using location services and the battery drain.

      • Abhijeet Mishra

        There's still no way to simply disable an app from accessing location, which is what I'm talking about (it will likely come with next Android version, Google always takes it slow with these things). Also, like I said, the method of disabling notifications per-app from the app info for each app is an inconvenient and poorly thought out method, since most will never discover it. Just a simple question on first run of each app would go a long way towards solving the issue.

      • miltiekfi981

        мʏ ƈօ-աօʀĸɛʀ'ѕ нαʟғ-ѕιѕтɛʀ мαĸɛѕ $79 ɛʋɛʀʏ нօυʀ օɴ тнɛ ιɴтɛʀɴɛт. ѕнɛ нαѕ вɛɛɴ υɴɛмքʟօʏɛɖ ғօʀ ғιʋɛ мօɴтнѕ вυт ʟαѕт мօɴтн нɛʀ քαʏ աαѕ $1241з ʝυѕт աօʀĸιɴɢ օɴ тнɛ ιɴтɛʀɴɛт ғօʀ α ғɛա нօυʀѕ. ƈнɛƈĸ օυт тнɛ քօѕт ʀιɢнт нɛʀɛ fox200&#46com

    • Whyzor

      The control of permissions should be up to the user, not the developer. And not in its current state of all or nothing. iOS even has a 'disable cellular data' for specific apps. Android needs this level of fine control too.

      • Android Developer

        Android has this feature too, of disabling an app from using mobile data.
        you just go to "data usage", choose the app, and select to restrict it.
        That's it...
        on the same screen, you see how much each app used, so that you could eliminate the problematic causes for the high usage.
        You can even install "Onavo Extend" to reduce the usage on the mobile data for all apps.

    • Android Developer

      The reason for both of your questions is breaking functionlity of apps, causing more crashes and frustration for both users and developers.
      notification on Android have 2 main uses: to notify the user of a single event, or to be able to run a long running task and let the app stay alive while doing so.

      Many apps need to have the second one, some need both.
      If the user would disable the notifications entirely even without starting the app, it would break the functionality of the certain apps, which would in turn cause crashes and remove features of the app.

      In fact, when you disable the notifications of an app, Android already shows you a dialog, warning you of the consequences, but only talks about the first type of notifications for some reason.

      same goes about permissions. there are really a lot of permissions, and developers can even make their own custom permissions. When you install an app, you need to read them and only if you accept them, install the app.
      Why should the OS ask you again about each permission, if you've accepted all of them already?
      Users don't like to be asked about every tiny thing . for exmple, see the case of UAC - User Account Control - it drives me crazy seeing it asking me if I wish to open an app - of course I want to run it, that's why i've double clicked it...

      The thing I think Google should do, is to require the developers to explain the reason for using each permission. It's also for the developer's own good, since it will prevent users from keep asking why they need them. If a developer didn't explain about their permissions, Google could mark it with red warnings or something "warning: The developer do not wish to be clear about this permission of the app!".

      • didibus

        The dev can lie about his explanation. App Ops is a good way to control the sandboxing of the app by the user. I understand this is an advanced feature and can break the app, a simple obvious warning that you might break the app by disabling permissions would suffice from the user thinking it's Android who sucks.

        Anyways, at least make it a dev option, so that advanced users that know what they are doing can prevent certain permissions. It's basic security measures. But I agree, it should not ask for every permission, I like how you accept them on install, but can restrict them afterwards. Would be nice to be able to fine grain them at install also, but oh well.

        • Android Developer

          There are so many permissions out there, that the more permissions you block the higher the chance of breaking things. It might even do harm not just to the app, but even outside the app (depending on the app and the permissions it needs).
          As I've also written, new permissions can also be created by developers. developers depend on them too to make things work right.
          If such a thing was available for everyone , developers will need a lot more time of testing their apps just for the permissions revoking feature, and the more they have, the more combinations they would need to test in order to see things work in some way.

          Which permissions do you think are most essential to check/block using this tool?

          • EatMoreHumans

            keep awake

          • Android Developer

            keep awake might be a must for apps that need to download things even when the device is sleeping.

            Again, i think that first, all developers should be clear why they need their permissions, so that users could have some trust on apps that have weird permissions (or a lot of them).

          • didibus

            The problem is, it's impossible to enforce devs to tell you the truth about why they require certain permissions. Restricting app permissions is something I can do on Linux, Windows and OSX, on those platforms also it can prevent an app from working, and it is up to the person using the OS to know better. I say, put it in the Dev Options at least and let power user do what they want.

          • Android Developer

            really? you can block an app from changing the volume? from being on top of other apps? as i've said, there are tons of permissions, and android allows developers to create their own permissions (without any descriptions of what they do), so there are actually infinite number of permissions. here's the list of built in permissions:

            about enforcing devs to tell about the permissions, it's better to say something than not at all, since if there's something weird with what they write, people can learn not to trust them.

            if a flashlight app requires to write data into the contacts (which is weird by itself), and the developer says something like "it's so that i could take a picture of them when you turn on the light" , you know it doesn't make sense.

          • Al

            I have blocked lots of apps' nefarious permissions. Not a single force close so far...

          • Android Developer

            breaking things might not always be just crashing an app. it might have other weird consequences, depending on the app and what it tries to do.
            crashing the app is the least important thing that could happen.

          • Dan

            "the more permissions you block the higher the chance of breaking things"

            Yes, we know. We're adults. Stop trying to nanny us. If we want to block a permission, we should be able to do that. If that crashes the app, so be it. This doesn't need to be exposed to every user, but there's absolutely no rational reason for stopping us, legitimate power users, from using the tools that already exist.

          • Android Developer

            breaking things might not always be just crashing an app. it might have other weird consequences, depending on the app and what it tries to do.
            crashing the app is the least important thing that could happen.

          • didibus

            Apps are sandboxed, nothing worse could happen but crashing the app or breaking the app, the rest of the system and other apps are 100% protected by the sandbox.

          • Android Developer

            just because apps are sandboxed, it only means they can't affect each other's data without appropriate permissions to do so (it is possible for an app to allow other apps to change its specific data using its own customized permission).

            In any case, weird things can still happen, worse than crashing. you should check out the list of available built in permissions :

            for example, suppose you have a floating app that is shown during calls, and you've revoked the permission of listening to call events , yet you didn't revoke the one of outgoing call events.
            In this case, if you've called someone and the app starts showing, it won't get the event of hanging the call, so it will keep staying on top of everything, and if it's a full screen app (replacing the calling process), you won't be able to close it without restarting the device.

          • didibus

            That scenario can not happen, because android guarantees that I can always have access to the home, back and recent apps buttons, even in full screen mode. So I would easily be able to close the app. Unless the app went to the full extent on screwing me over and having no way for me to quit it, but that would not be caused by permission denying, but by an asshoole dev: http://stackoverflow.com/questions/16657300/disable-all-home-button-and-task-bar-features-on-nexus-7

            Even so, having to reboot the phone isn't that big a deal. The key part is that, because of the sandbox, nothing on my phone is broken by me denying permission to the app. On the contrary, my data was safeguarded because I prevented the app from using malicious permissions, and I realised the app breaks all hell loose, requiring me to restart, now I know this app is not worth my time and I'll uninstall it. The Android sandbox guarantees me an uninstall removes 100% of the app except usb storage data it would have saved granted I had allowed that permission.

            And this is also a very strange example, if I installed a replacement dialer that somehow does it's thing by overlaying the original one and disable it access to phone calls, I probably don't want this app in the first place and am one click away from uninstalling it.

            Sandboxed means way more than isolated data. It means each apps runs in it's own user space. If one app allows other apps to change it's data with appropriate permissions, I should be allowed to revoke that permission if I deem the app doesn't need that permission. This is why I believe, the sandbox is broken if I can not disable individual permissions. I understand, I just shouldn't install the app if I don't like it's permissions, but it's not always convenient to find another app that does the same thing with less permissions.

            I also know why Google probably doesn't want to add this control. Like I said, if I disable network access on an app that makes money by displaying ads, I'm basically hurting the app revenue stream. Similarly, if it makes money from data mining my phone usage, I'm preventing it fro making money. I understand in those cases Google believes maybe it's a case of either I agree to the permissions in exchange for using the app, or reject in. I just don't like this restriction.

          • Android Developer

            this scenario can happen, and i've not only seen it happening, but even caused it to happen on one of the apps i'm working on.

            what will happen in this case is that you will go home and go back, but on apps that are behind the one that is on top, and you will see the recent apps list, but again, behind the app that is on top. This means that you won't really be able to access any of those things (since the on-top app covers everything), and you will need to restart your device, hoping that this app won't start on boot.
            if you wish , i can easily make a buggy app like this for you and send you an APK file, so that you will have to restart your device.

            if you are a developer or just curious, this permission is :

            it's used on many floating apps (and apps that are supposed to replace the screen that you call someone), for example aircalc.

            This was just one example. as there are infinite number of apps people can make , and bugs, and plenty of permissions to toy with, you can't assume nothing will happen.

            apps can't affect other apps without any mechanism that the other apps offered, that's true, but again, this doesn't mean you can't do other stuff.

            about uninstalling apps, you are mostly right. when you uninstall an app, most of the junk it can leave is on the external storage, but it can be on other apps too or even metadata on your contacts .

            i know about the sandbox idea, but it has nothing to do with the permissions toying.

            about blocking ads, developers can already know something is wrong and show a fake banner instead, requesting you to pay for premium package that doesn't have ads.

            and again, i think this can be a cool feature and i liked it when it was on CM , but it shouldn't be for the public. it goes even beyond what power users do, and when a power user tell his less-power-users that android is buggy, it has even larger consequences.

            if you were a developer, what exactly would you get from using this feature?

          • didibus

            As a dev it really has no use lol, so you're totally right that it shouldn't really be in the dev settings menu. I'm just thinking where could they put it only for knowing users.

            Hum, I didn't think of that. You're right, I can see the problem with top most apps using that permission. Personally, I feel that's an issue with Android then, it shouldn't be ever possible in any way to have an app take over my control of the basic system. Maybe lock + volume up should bring up the Apps Settings on top of all windows as a last resort, like ctrl+alt+delete in windows. This way I could force close or uninstall misbehaving app even like in the context you explained.

            It's true, apps can leave junk elsewhere, but only if they were granted the permissions to do so. I think this is a bit my point, I feel the user should be in control of the permissions. The dev is required to list the permissions it uses, and the user must grant them to him. Now it's done in an all or nothing fashion. After discussing it with you, I realize that this way is probably an easy compromise. Yet sometimes, as a user who's also a dev, I don't really trust devs.

            If I make a flashlight app and I ask for location, no one should really trust me. Even if I explained it as: I use location to show you relevant ads. And say you think this is a good reason, you still can't trust me, because you have no way to know my real intent for the permission.

            That's why I believe that apps should always be granted the minimum amount of permissions, and this is Android's policy too. I feel though, that the responsibility is now given to devs, devs need to make sure they use only those permissions they need for functionality. I'd like to see a way the user's are given part of this responsibility too.

            Maybe not all users can have that responsibility, but I see no reason why I shouldn't have it. With app ops, I've had blocked permissions on a lot of apps without any repercussions on functionality, but with added security on my part.

            Anyways, I'm not devastated, there are just some apps I won't be using anymore, I'm going to hunt down for alternatives that have a better set of permissions.

          • Android Developer

            about your example, for an app that needs your location of ads, it should use the non-precise way to get your location. there shouldn't be any difference between an ad given from a precise location (exact street) and a city or even a country. Google also explained about it here:

            what's bad about uninstalling apps is that google didn't add the option to clean the junk of the other apps, and many apps do leave junk, like web browsers (maxthon), chatting apps (whatsapp,viber), navigation apps (waze), other tools (widgetsoid,camscanner,airdroid,...)
            there are even apps built in that just make junk/empty folders which keep taking more and more space.
            currently it's up to the developers to put the correct files into the correct folders.
            I wish I had the option to sandbox them even in the external storage .

            about app ops, isn't it already possible to use it using root and some apps ? it's even possible on some ROMs...
            maybe i'll make an app like that . wonder how many will download it.

          • didibus

            It is with Root, but I don't like rooting my phone for security reasons. You can get Apps Opps X if you are rooted. Or you can install a custom rom, since they all offer an equivalent feature.

            I'm glad you mention the leaving of junk behind. I have a question. Would an app with no permissions be removed completely? I'm a dev, but didn't really go deep into android development. I'm more a desktop dev. In Windows, even an app that does nothing but install and remove itself can leave junk behind. The OS gives absolutely no guarantee of proper uninstall. From what I had understood, Android guarantees you that the app's data that was created at install time will completely be removed on uninstall by Android itself.

            I also read that 4.4 gives apps a special app folder inside the External Storage that would get removed on uninstall. So I feel they want to standardise folder structure for app data on external storage.

            Lastly, I felt that the only junk could be on my external storage. You made a great point about junk an app could leave behind using content providers like contacts, etc. Those things would be extremely hard to track though, and especially hard to know if the user wants it removed or left behind.

          • Android Developer

            about uninstallation of apps, you are correct. if the app has no special permissions, it will be removed completely.

            about 4.4, i didn't hear anything special about it, so please put a link about it.

            however, about external storage, you can put all your files into the correct location on the external storage, and when the user uninstalls your app, even this folder will be removed. this is a very old rule, so much that i don't even remember if it was always this way or started at some android version.

            in order to use it correctly, read this (search for "Accessing files on external storage") :

            about the junk data that is on the contacts , i've even made a post about it on StackOverflow, here:

            i haven't found a lot of information about it. the data is like the "registry" of windows, only that it's attached to contacts.
            why google has added this feature and didn't clean it upon uninstallation i have no idea. i do hope that apps at least put either useless or encrypted data there.

          • didibus

            Hum, very interesting stuff for the Contacts. Hopefully someone will eventually answer your question.

            Here are links to what I was talking about in API level 19:


            It's what your link was talking about, except in Api Level 19 they removed the need for permissions to read and write to your apps directory.

          • Android Developer

            @didibus:disqus cool. didn't know that. wonder what other good things google has changed on the API.
            sadly, it will take a long time till most users will use this version, so they will still see this permission for the next few years...

          • AdrianC.

            " I understand, I just shouldn't install the app if I don't like it's
            permissions, but it's not always convenient to find another app that
            does the same thing with less permissions."
            Exactly my point. I installed a monitoring program on my rooted phone. It does a lot of things, which I LOVE, but it also monitors the location very often. And this feature cannot be turned off. I asked the developer to give me a version of the program without the location monitoring, and they can't. The program does not allow, like I already said, for this option to be turned off. Now, since I like the program, I am keeping it. If I had access to all permissions I could turn location service off for this program. The program uses a lot of battery on this location thing, which is the reason I want this feature turned off.
            What I did is the following: I turned GPS and loc.serv.through wifi/network OFF. This way I'm saving battery. I installed cerberus app, since this program can turn GPS on remotely in case of theft. The program can even survive a factory reset, because I integrated it into ROM.
            BUT, what I really wanted is to leave GPS on and location through wifi//mobile network on all the time, (so other apps like facebook, etc, are working properly), and only turn location off for the monitoring program. And I cannot do this, and it is very annoying.
            At least an App Ops for rooted phones would be nice, but I have not seen any yet.


          • didibus

            Permissions to access content providers and stuff like cameras, locations, etc. are the most dangerous. A lot of apps don't need them.

            I have a flashlight app for example, the first one that comes up when searching flashlight, it requires:

            - Access to USB storage
            - My location
            - My camera
            - List of running apps
            - Access to my phone number
            - Full network access

            Out of those, only the camera is required for the app to work, which is start and stop the LED of my phone. The app is free, but what do you think they use all other permissions for? It's pretty obvious they sell info they track on you to make money.

          • Android Developer

            Well such an app looks suspicious from the beginning, so you can do the next things:

            -don't install it.
            -install it only to give it a bad review and remark on the permissions not being explained.
            -report about it to google using "flag as inappropriate".
            -install an app that warns you about permissions of your choice, just because you don't read them before you install the app... :)

          • didibus

            Or, like on every other OS, Google could give me fine grained control on permissions.

          • Android Developer

            yes, i agree that it could be a nice feature, and in fact CM had it a long time ago - you just clicked on a permission (on the "manage apps" screen) to toggle it and that's it.
            however, if it was available for everyone as a built in feature, i think more people would complain about how buggy android is, as they would assume developers should handle all of the things they've done - if it's built in, you (the developer) should know how to deal with it.

          • didibus

            That's a valid point. A lot of things Google does is to prevent Android looking broken. The sandbox itself used to cause problems initially because of SELinux. Android would kill apps that would try to use more than the allocated amount of processor or ram they were allocated. This is done to prevent an app from slowing down your phone and hogging all it's resources. Users considered it as if Android apps are buggy and crash a lot, when in fact, it was a protection mechanism to prevent slowdowns.

            I don't think it needs to be out in the open, but accessible through Developers Options would be nice. I doubt the majority of users even know they exists or how to get to them. Plus, they would feel like they are playing with experimental features. This would be the best for me.

  • dextersgenius

    @Ryan Could you contact Dianne and ask for the reason why it's not available to end users?

    • http://www.androidpolice.com/ Artem Russakovskii

      Just reply to the g+ post and ask.

  • Ahmad Nadeem

    This is actually acceptable on Google's behalf
    Majority of android users aren't geeks like the readers here, so they can mess up real bad if they play around with it

    • https://steamcommunity.com/id/m-p-3 m-p{3}

      Google could simply put a warning that playing with permissions might break some essentials features in an application, and doing so is at your own risk (like they do when you choose to install apps from unknown sources).

      Anyway, it's not like it would permanently break the app. Just go back into App Ops and unblock the permission causing problems.

      • Mobile Phones Fan

        I'm guessing you've never worked in CS, have you?

        They can post warnings in flashing neon green text accompanied by blaring klaxon horns and electric shocks through the power button, but nothing -- and I do mean nothing -- will stop a concerted dumbass from (a) breaking his device and then (b) blaming everyone but himself. It's human nature*.

        Face it -- we've all seen this scenario played out in the comments, here and on other tech sites, many many many times. And, sure, the solution might seem relatively simple and straightforward, but that's an illusion. At this level, pretty much any CS issue costs too much in time, money and bad PR.

        * Even moreso among dumbasses.

        • https://steamcommunity.com/id/m-p-3 m-p{3}

          I actually do IT support for a living, and indeed you can't protect a dumbass from itself. That's the inevitability of an open system like Android, but IMO the flexibility outweight the potential problems.

          • mjku

            "but IMO the flexibility outweight the potential problems."

            For who? The users? What about the developers? They're the ones that have to deal with the dumbasses.

          • chk

            yeah, that's true.. but smart users have to avoid 90% of apps because they will get your contacts, account information and such in order to sell those information to third parties.

            That's what's sick in android and that's why google itself should have made that kind of choice available since the beginning. Of course they want to hide this.. why in the world they would break a such 'steal your information system' when it's what works so well?

            You don't want stupid users to bother developers?

            It's as easy as a piece of code. As soon as you edit an app permission, your account won't be granted access to vote or comment to that app. Ever.

          • mjku

            "It's as easy as a piece of code."
            It ALWAYS seems to be as "easy" as a "piece of code".
            "As soon as you edit an app permission, your account won't be granted access to vote or comment to that app."
            That's a decent idea, and I'd be mostly OK with that. I don't see it happening though, because it'd confuse/piss off users that don't understand why they can't rate or comment on the app.

    • Roemraw

      chug it under developer options with some warning labels and call it a night.
      Casual users don't tap enough to be developers :P

  • https://steamcommunity.com/id/m-p-3 m-p{3}

    Even though the feature isn't ready for use by end users, they could still make it available through the developer options (which isn't visible to end users that aren't aware of that mode straight out of the box).

    I wouldn't mind using it at my own risk.

    • http://www.androidpolice.com/ Artem Russakovskii

      The problem is everyone who enabled it would still blame app developers for crashes that shouldn't happen unless you have app ops enabled because they wouldn't put 2&2 together and figure out that apps crash for this reason.

      • https://steamcommunity.com/id/m-p-3 m-p{3}

        Maybe they could improve the crash report and include if there's any blocked permissions in there. (If that's not already the case).

      • https://play.google.com/store/apps/developer?id=iWizard Bikram Agarwal

        Yep; that's the case. But I guess instead of letting apps allowing whatever permission they ask for, the control should be in the user's hand. At least via developer options. And app developer must be instructed to write their apps in such a way that they catch exceptions. e.g. if an app needs "location" access and is going to crash/not work without it, the app should detect if it doesn't have location access and pop a toast notification before closing.

      • renegadedroid

        Properly coded apps do not crash due to revoked permissions but ask for them when needed.

        • http://www.androidpolice.com/ Artem Russakovskii

          Properly coded apps are properly coded because such a stipulation is provided to developers ahead of time and they know to code for it. Expecting things to work the same if an unexpected and unannounced curveball is suddenly thrown and calling it not "properly coded" is just wrong.

          • pobautista

            Artem, developers should not expect! Instead THEY SHOULD CODE DEFENSIVELY and put error handling. If they ask for location data, for the contact list, for the call log, surely they have to write error handling when the request fails, or when the requested info is not available. Oh yes, I will blame these developers for the crashes, not App Ops, and not the Android API.

            Also, if Google doesn't want to let me block apps from accessing my location, then what the hell is the GPS quick toggle for?

          • oxguy3

            App developers should code defensively, indeed, but they can't be expected to handle exceptions that aren't supposed to be possible. They should catch every exception that they know could possibly occur; i.e. they should handle it if the contacts aren't available or whatever. But if you're listening for a ContactsUnavailableException, and Android throws a SecurityException at you, you in fact should not be catching this error; the proper behavior would be to crash so as to avoid continuing to run the app in a potentially glitched state. Google has not told developers to expect permissions to ever be unavailable, so it would be silly for them to write code that assumes otherwise.

            Now, I totally agree we need this to change, and in the next API version, Google should tell developers to check for permissions and adapt to them being unavailable. But until then, I place no blame on developers for not dealing with literally unforeseeable circumstances.

          • pobautista

            oxguy3, if "you in fact should not be catching this [SecurityException] error", then why does this exception exist? Why is it defined in the API http://developer.android.com/reference/java/lang/SecurityException.html if nobody should be catching it?

            It exists--and it is defined--because it, and other java.lang.exceptions (I know little about Android coding), CAN happen, and because they can happen, developers should code defensively for them.

            Also, does App Ops cause SecurityException errors? In my understanding it just makes API calls return empty or null data.

  • ggggggg

    Google don't want you to turn off the hidden spying.. is the real reason and we all know it

    stick together, they do

  • vasras

    Full of s#it.

    Google Android engineers are just 100% aware that Android security is a joke. Privacy even more so.

    They just wanted it for themselves, but of course Google bottomline doesn't allow for it to spread widely amongs Android users.

    • Al

      Exactly. I don't know what kind of retards are downvoting you.

  • Ryan Stewart

    Of course it wasn't. You could really wreck apps and then the devs and Google would have a hell of a time figuring out what you did to break them.

  • http://www.androidpolice.com/ Artem Russakovskii

    I really do wish we had this power officially, but it looks like Google isn't too content with releasing App Ops for end users.

    I suppose if they did want to do this, they'd been to get developers ready and give ample time to prepare for permission revocation. Like a year.

    • Marcell Lévai

      I don't see them doing that. It would mean you could revoke permissions of Google Apps too = no more data for them.

      • cj

        They can prevent app ops from blocking system app. Of course that leaves those Google apps not installed as system app open to being blocked but ... if they really wanted your data, they'd find a way ;)

      • renegadedroid


  • duse

    Bad form Google. This kind of attitude about things could make me leave the platform. Why is it acceptable to Google for every random app to request access to our contacts, and we just have to deal with it? iOS, arguably one of the most simple operating system experiences in the world, provides complete granular control over this, making it easy to turn off each type of information for each app individually. I was glad Google was working on something similar, even if it wouldn't be official for a good while yet. Now I know they have no intentions of ever doing so. Sure I can use XPrivacy, but what about in the future when Dalvik goes away and maybe Xposed along with it? So then I have to use CM if I care about my privacy?

    • ScottColbert

      See ya.

  • br_hermon

    So it's not just hidden but entirely removed from 4.4.2? Does this mean someone could rip the apk from 4.4.1 and we could side-load or flash it as a mod?

    • Cj

      It's just further hidden. Access completely removed completely from setting I believe. But the functionality is still there

  • Spasillium

    App Ops is still there in 4.4.2 if you decompile and modify a few XMLs in Settings.apk. These shots are from my N4 running stock rooted 4.4.2, which I modified a bit

    Credits to andersonaragao and his N5 Experience ROM for N4 in which I tore a bit to figure how he added it

  • Calkulin

    You could probably get away with using the Settings.apk from 4.4.1 as there weren't many changes with the exception of removing the App Ops from loading. The smali changes are quite easy to get App Ops working again, for those that want to mod the 4.4.2 apk like I did, Settings.smali is where you need to look to get it working again

  • MeCampbell30

    This is the right call. The emphasis should be getting developers to use only the permissions the absolutely need rather than relying on individual users to police thier apps.

    • Grzegorz Górecki

      They should also separate some of the permissions like read phone state AND identity.

  • Marcell Lévai

    I wonder - is it "dead" code now? Or it's removed completely from the system?

    • Sergiu Dogaru

      just dead code

    • cj

      It's simply no longer accessible from the settings apk
      It's not dead to Google and it could probably be accessed with root permissions.They are simply making it harder to get to

  • mjku

    Whoa, lots of tinfoil hats in here. I recognize the need for privacy, but having control over each and every permission is unnecessary is and a burden for devs. I could see simple things like "data" (which is already under 'data usage') and "location", but allowing users to turn off my ability to check for the state of WiFi vs 3G (which is more for THEIR benefit) is completely overkill. And then the app potentially breaks, resulting in a 1-star rating in the Play Store because some idiot didn't use the app as intended.

    Google did the right thing here, at least as it currently exists.

    • h4rr4r

      My computer, not yours. I will do with it as I like.
      The right thing would be to let me spoof whatever I want to your app.

      • mjku

        Then don't whine to me when it breaks or doesn't work right for you. Not YOU necessarily, but that's exactly what happens when this kind of access is given to the masses. Loads of people blame the devs, and then the devs spend hours running down "bugs" that don't actually exist.

        Your computer? I'm down with that, but then it's your problem when things go awry, not mine.

        • renegadedroid

          If a keyboard app breaks, because it was denied access to my location. ..1 star is in order. In general, if an app is not coded by a complete moron, it won't break, but will explain briefly that it is about to stop, because it needs a withheld permission. Apps that break due to user customisation are 1 star by default. If Google needs to do their business using my phone's battery, GPS, etc. they should buy me a phone. Modifying the Linux kernel, paying for an obsolete VM and supplying a framework which is still WIP 5 yrs. on IS NOT enough. They have been handsomely reworded for the half-assed attempt at a mobile OS aleeady. I thought after making a ton of caeh off it, they would realize why people liked it. Instead they are pulling a Nokia onto themselves.

          • mjku

            "If a keyboard app breaks, because it was denied access to my location. ..1 star is in order."
            We're talking all cases, not just strange fringe cases. While you're denying access to a keyboard app that clearly doesn't understand why they should enable only the permissions that are needed, another person is denying fundamental core access to another app which breaks its functionality.

            " In general, if an app is not coded by a complete moron, it won't break, but will explain briefly that it is about to stop, because it needs a withheld permission."
            Unless it's completely unexpected. In many cases, an app crashes differently if something is simply unavailable vs. not having permissions to a resource. At the very least, App Ops would require an API change where only apps compiling for a later version of Android would be subject to user permission revocation. Otherwise, those apps that were previously perfectly functional will break. Since backwards compatibility is a very important aspect of Android, you couldn't just randomly introduce this ability for all apps.
            "Apps that break due to user customisation are 1 star by default."
            LOL - I can break any app by changing random stuff on my system, but that doesn't mean the app is poor. It just means I'm an idiot for expecting it to still work perfectly.
            "If Google needs to do their business using my phone's battery, GPS, etc. they should buy me a phone."
            Because you feel entitled? Neat. Why should they buy you hardware? They're already giving away the software for free. If you don't want to use the OS, there are plenty of other choices out there that might cater more to your sense of entitlement.

            The rest of your comment is just nonsensical whining.

          • renegadedroid

            for the free half-baked OS they are already making a decent USD 3 bln. from the app store alone. Further, Google admits that the share of mobile serches is exceeding half of all searches. For this amount of money, their voice assistent should really learn how to make sandwiches and not tell me to make them myself ;-)

            Lately, however, core functionality has been reduced (i.e google maps ) and there's a tendency towards dumbing down the OS, which kind of changes the status quo along the lines of a bate-and-switch model. I don't see why my phone should be substituting the Google camera car, even when I don't use any Google service that requires exact location.

            Finally, we are not talking "changing random stuff on my system" here, since your system is RO and you need root for changing anything there, which is not the intended use of the device. An app should not crash as a result of changing a user exposed setting. And if it does - removing access to the setting is not the answer.

          • mjku

            "for the free half-baked OS they are already making a decent USD 3 bln."
            First of all, they make profits from their services, not their OS. Second, I'd LOVE to see you make something even remotely CLOSE to "half-baked".
            "Further, Google admits that the share of mobile serches is exceeding half of all searches."
            Much of that is from iPhone. So what? They would never profit off of just giving away hardware for free.
            "An app should not crash as a result of changing a user exposed setting."
            App Ops is/was hidden, meaning it was never meant to be accessed by the user, and you had to do workarounds in order to launch it.
            "removing access to the setting is not the answer."
            You were never supposed to have access in the first place, so they aren't removing anything you were supposed to have anyway.

          • mjku

            That's just it: it's not a setting exposed to users.

        • h4rr4r

          I agree with that 100%
          Apps should however not just up and die on a failure like that. Just crashing is terrible design, no matter how you look at it. Hell tell the user, BLAH BLAH BLAH FAILED CLOSING NOW.

          Also not claiming you are like this, but mobile devs seem to have an aversion to proper logging. More logs means faster troubleshooting.

      • Paul Taylor

        I agree with you - but I'm not sure making that a simple toggle list that Great Aunt Flo can use is necessarily a good idea. A few misplaced swipes and she'll never understand why her maps don't work any more.

      • mjku

        My app, not yours. Use it as intended or don't use it at all.

        • h4rr4r

          Then don't ever give me a binary for it.
          If you expect your app to get good input, I will be sure to never hire you.

          • mjku

            I didn't give you a binary. I posted it on a storefront for which I requested permissions, and for which YOU AGREE TO before being allowed to download it and use it.

            Don't agree with the permissions? Don't use it.

            I couldn't give a rat's ass about your opinions on an app's input. If it follows guidelines and uses the APIs properly, then the app breaking because a user is hacking around with shit is the USER's fault, especially after agreeing to said requirements.

          • h4rr4r

            I never said it was not.
            The real solution here is to give your app what it asks for, but to lie. You want my address book, fine here the list only includes ben dover and Hugh G Rection. You want the phone number too, great but they are all 555 numbers. That kind of thing.

          • mjku

            That's beginning to sound more reasonable.

          • h4rr4r

            If you think it is unreasonable that someone would want to control their own computing device, I cannot help you. That we must go to these lengths is insane. If your app cannot withstand not having access to the address book in a sane manner, ie not crashing that is just pathetic. The fact that it requires addons and root to lie to an app is just sad. There is no reason why android could not have that built in.

          • mjku

            "If you think it is unreasonable that someone would want to control their own computing device, I cannot help you."

            I didn't say that. My argument is that it's unreasonable to expect things to work perfectly when you're not using them as intended.

            "If your app cannot withstand not having access to the address book in a sane manner, ie not crashing that is just pathetic."

            Not when the app is built to spec and the user agreed to the permissions used from the storefront. Expecting me to support every niche crowd that finds new ways to break my apps for completely legit use of permissions is ridiculous.

            That said, if Google provided a way to do all this without crashing a huge number of apps (by providing fake info, for example), that would be something else entirely and I would not take issue with this. Apps crash differently when there's no info/service/sensor available as compared to trying to use something it doesn't have permission to use (even though it's in the manifest).

            In the meantime, users who root or ROM make up a very insignificant portion of my user base (about 1%). If someone is complaining my app is crashing because they revoked a certain permission (such as networking, which behaves differently when there's no network access at all remember), then I'll promptly tell them to use it as intended or remove it. If they continue to be a problem, then I'll specifically program the app to exit immediately upon detection of revoked permissions with an appropriate message.

            I don't support a niche crowd whose hacking around breaks the app for them. If the platform doesn't support it, I do not and will not support it.

          • h4rr4r

            I don't think most sane folks expect you to support that.
            Either way clearly we have a problem with apps that want too much data, no Pandora your music app does not need my contact list, and people are looking for ways around that.

          • mjku

            You're right, and I would agree I wish there was a way to have finer grain control over certain permissions, or at least certain capabilities afforded by those permissions. For example, the same permission that allows me to know when the phone is ringing so I know when to stop something is the same permission that allows me to access your phone's ID - the restriction should just be not allowing to read the phone ID, as knowing when the phone is ringing is both harmless to the user and necessary to the smooth operation of the app.

            My only concern was how the tool mentioned in the article was currently affecting things. The appropriate framework is not in place quite yet. Like you, I hope it is soon. Maybe they could added finer-grained permissions at the same time so we don't even question how/why certain permissions are used.

    • Sahil Chaturvedi

      I know I'm gonna get downvoted for this, but I agree.

  • Roger W Turner

    There are some apps I am only prepared to use if I can turn off certain interferences with MY privacy.

  • GraveUypo

    figures. like google would actually want to increase user control over their stuff. google has been slowly stripping control from users for a while now and i hate them for it.

    • renegadedroid

      Exactly how I feel about the latest developments.

      • Paul Taylor

        Is that one of those special apples "dipped in the brew" like in Snow White? ;-)

  • Telefunken

    "Never Meant For End Users, Used For Internal Testing And Debugging Only"
    ok. "It wasn't exposed in the main system settings, but it was easy to access." Right. "never meant to be a user-facing feature in the first place." Got it. "it was never designed to be seen by end users". Uh huh. "never intended to give us access in the first place." Really? "will never be user-facing." Yeah?

    Uh, wait - wasn't this story supposed to be about whether app-opps was supposed to be available to end users, or something?

  • MrNinjaPanda

    But I still have App Ops on my Nexus 7 running 4.2.2. I installed the App Ops X app, and after the 4.2.2 OTA, the App Ops is still there, and works fine.

    • Paul Taylor

      4.2.2 or 4.4.2? (Not the first time I've misread that!)

  • ĴⒶ₡Ҝ

    This is ridiculous. Even iOS has a system Privacy settings menu that gives you complete control over what each app can access.

  • Nick

    App Ops is now on the xposed framework!

  • Al

    That's a LIE. Obviously some developer, maybe even her, thought it was a good idea. And it is! But not for Google. Have you ever wondered why Nexus devices are so cheap and so good? you're starting to become part of the product. Google makes money selling you to advertisers, not devices to you. Now, app ops lowers Android's value to developers and advertisers because it lets you have control. If devs can't make money they'll spend less in development, and apps will be worse and Android will be less used. It's this simple. From Google's standpoint, you have to be screwed.

    • Paul Taylor

      I don't consider myself screwed. I consider it a symbiotic relationship. You know, like those little birds that live on the back of a hippo?

  • Keith Tyler

    So much for an open mobile operating system. Who're we kidding? Google doesn't want users to control anything they own. No, the New Google just wants to be the next Microsoft; nothing less, nothing more. Well here's a pro tip for Mountain View: Most people think of Redmond as evil. So much for "Don't be evil!" Et tu, Google?

  • SuperMario7

    I've recently switched from iOS to Android by buying a Nexus 5, and this thing really bugs me, for example I bought Angry Birds Star Wars 2 from the Play store but I can't install it without giving it permission to use location data or take pictures and videos which it shouldn't need in anyway shape or form. On iOS there was Call of Duty game I had on my old iPhone that asked for access to my microphone on startup... all I had to do was select no when any app wanted access to something it doesn't need. Whatsapp would need access to photo galleries on iOS, when I install this app, a permission box pops up and I can deny it access....and still use the app for regular text messaging. And no my phone never exploded or went into meltdown.

    This is the one area where iOS is so superior to Android it almost makes me cry, even stock iOS apps like the camera or the browser need your consent before using GPS, access to contacts, calendar, photo gallery etc. Full privacy/security controls should be available to end users without question, I thought Android was supposed to be an anti-dote to Apple's control freakery.

    • itookredpill

      And now it is revealed that angry birds loose permissions was used to collect millions of address books and contacts. I'm also an iOS user who recently bought a Google tablet and this makes me sick that it reports everything I do and created a g+ account I never had before. I'm slowly learning how to protect myself, but they don't make it easy or obvious.

  • itookredpill

    Anybody know if something similar exists for 4.2.1?