The most important news about Android M is how it will handle the way apps get permission to access your private data. That sounds like a humble little technical detail until you realise what a revolution it will be when we can set our own permissions on apps, any time we want. And Chrome is doing it too.
Think about the last time you downloaded an app from Google’s Play store. Before you could install it, a screen full of permissions popped up. Do you want this super important messaging app to access your contacts, calendar, camera, microphone, and location? Um, sure? I guess? I mean, I want this app so I can talk to my family in Canada — but why does it need to access my location and calendar? You probably thought all of these things, and gave the app permission anyway. Or maybe you said screw it, I don’t want an app that makes me give up my location just to chat with my niece in Quebec.
All of that is about to change.
Asking at the Right Time
At Google I/O today, we heard from Android product manager Ben Poiesz about how permissions will work in Android M. There are two basic shifts. First, you will be asked for permission in context. That means you won’t agree to a bunch of permissions up front, before install — instead, your app will ask for permissions only when they are necessary. Let’s say you want to take a picture in your messaging app. When you push the “take picture” button, the app will say, “can this app access your camera?” You will understand exactly why you are giving that permission and won’t be scratching your head wondering why this app asked for camera access.
The other big change is that you can look at the permissions on every app, and revoke them individually at any time. So let’s say you’re looking at that messaging app again, and you pull up the permissions. You’ll see a list of permissions with on/off toggles next to them. Don’t want your messaging app to have access to your location anymore? Set that permission to “off.” You can also search by type of permissions, to see which of your apps have location permission and turn off the ones that you want.
Now you are in charge of how much data each of your apps can suck out of your phone. Not only will it be more obvious why you’re giving permission to apps, but you can also choose to opt out of permissions (for location, say, or sensors) that make you uncomfortable.
Accepting Rejection
During an I/O session about permissions in Chrome, security researcher Adrienne Porter Felt told us about what Google Chrome considers best practices when it comes to giving permission. She said that when you navigate to a website or app that wants permissions to access your camera or data or whatever, Chrome will do what Android M is about to do. It will ask you in real time, right below the navigation box, whether you want to give those permissions.
She said that one thing her team had discovered was that only about 17 per cent of people were saying yes to permission requests in Chrome, partly because they were being asked at the wrong time — or in a way that was confusing. But now the “yes” numbers are near 52 per cent, likely because Chrome now asks permission at the appropriate moment.
Imagine you’re buying a theatre ticket, and so you visit Ticketmaster. Chrome might ask, “do you want this site to send you push notifications?” Likely you’ll say no, because why the hell does Ticketmaster want that? But now, best practices dictate that the app ask you for that permission at the moment you’re buying your ticket. Now it makes sense — Ticketmaster is asking permission to send you notifications about when your tickets will available.
Chrome also allows you to take back your permissions from a list. Just click the icon next to the URL of a site you’re on and you can see all the permissions that you’ve given the site or app. And change them if you want!
Felt also explained that one of the most important parts of permissions is “handling user rejection.” This is key in Android M too, Poiesz said. User rejection is when I decide not to give your app the permissions you’re hoping for. Let’s say you have a mapping app and it would make things much easier if you knew my location — but I’m a privacy nut and I hate giving out location data. So I say no to your permission ask.
A good app should keep working nicely despite my rejection. It may not be able to give me as much functionality, but it should still be able to work without crashing. That’s another way that Android M and Chrome are trying to fight for the users this year: Both are pushing developers to make apps that ask permission coherently, and accept rejection gracefully. At last, this OS and browser are learning social graces — and their users are sure to benefit.