Android Permissions Misery

We recently noticed something pretty worrying when looking at our rating:

Screen Shot 2013-12-19 at 12.28.26

After a year in which our averaged rating has climbed up almost every day, it has started to decline. Why? The app is working better than ever, with every update we aim to make it a little faster and smoother and with the last update we even reduced the file size a bit.

What’s going on?

We did some drilling down and noticed that the decline is all due to poor ratings on Android 4.4, where the ratings have dived from 4.3 to less than 4 in under a week.

And yet, we love Android 4.4 and Android 4.4 loves the app, we’ve been testing on a Nexus 5 (a thing of great beauty) for a while now and it has always performed brilliantly. After a few fruitless search for bugs, we noticed that we’d been getting a few more queries about permissions than usual, especially on Android 4.4.2, the very latest Android update.

One of our users was kind enough to send a screen shot:


This should not be happening.

In fact there are two problems here:

  • These permissions have been in the app for a year (in the case of the ‘use storage’  – which we use for exporting your readings in .csv form to a memory card). Conclusion: These permissions are not new.
  • We recently STOPPED these permissions from applying to Android 4.4. Conclusion: These permissions should not even be there!*

Note, the “Read Contacts” permission was needed pre-Jelly Bean to access the call logs, we do this in order to count the number of minutes you have used (you can see this on the Stats Tab) we hope this helps people monitor their usage. For Jelly Bean and later versions a specific “Read Call Logs” permission was added, so we added some code* to mean that the Read Contacts Permission only applies to devices below Jelly Bean, clearly this code is not doing its job.

[Please note, we NEVER read SMS messages or the contacts log – the latter is easily verifiable to users of Android 4.3 who can make use of App Ops to see that the contacts list is not accessed. For more on permissions: our permissions explained]

The flagging of this permission is entirely responsible for our drop in ratings – we’ve worked this out but going through the comments and ratings  one by one, almost all are in reaction to this apparent change in permissions.

Considering that this problem of marking old permission as new is occurring only for users of 4.4.2 this bug may be related to the removal of App Ops, this is pure conjecture but considering that App Ops was not meant to be released and this is also in the permissions section it seems reasonable.

A couple of lessons for developers:

  • Users care highly about permissions, and rightly so, if you need to make a change that requires adding a new permission be sure to highlight why you are doing this in terms of what features it is adding.
  • If you have an app with some of the above permissions you may want to make a note in the “recent changes” box that appears on Google Play.

A more general thought, Android and iOS are often described as ecosystems and they are: your app is not out there on its own, its success depends on a lot of code that other people have written, the Android APIs, APIs for social networks, the device’s basic functioning. Due to the diversity of Android – which we cover in depth in our Fragmentation Report – I believe it is the most dynamic mobile ecosystem, and that’s not always a good thing.

We’ve often come up against problems in APIs being implemented on particular devices, we once, for about 8 frantic hours, had our app mis-labelled as a Trojan by a popular virus scanner (the problem was in the obfuscation of a mapping library, we discovered it a 3am on a Saturday morning, ouch).

You can never rest completely easy with a released app, not when you have 5 million users to annoy :)

Help us out

So what can you do to help? Download the Android app and give us a five star rating, if you gave it a 1 star rating switch it round!

Consider it your Christmas present to the OpenSignal team.

What’s our Christmas present to you? … A more open way of looking at coverage and network quality with our crowdsourced coverage maps.

… And this picture of a cat in a christmas hat:


Source VH1

* for the technically curious the code to remove permissions at a particular API level looks like this:

<uses-permission android:name="android.permission.READ_CONTACTS" android:maxSdkVersion="15"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" android:maxSdkVersion="18" />

It’s a nifty feature, unfortunately it doesn’t work. And on 4.4.2 it really doesn’t work.
Please consider starring these bugs reports here:

Discuss on HN

This entry was posted in Android Development, App Update, FAQ. Bookmark the permalink.

4 Responses to Android Permissions Misery

  1. Pingback: Android's permissions gap: why has it fallen so far behind Apple's iOS? | ManSwag

  2. Pingback: Android's permissions gap: why has it fallen so far behind Apple's iOS? - AndroTab- AndroTab

  3. Pingback: How To: Revoke Apps Permissions in Android or a Reason Not to Update to Android 4.4.2 KitKat

  4. andrei says:

    You can try submitting different builds (different apk) for certain android versions without those permissions and this might solve your problem. It’s more work but if it keeps the users happy I suppose it’s worth it.
    Did you try this kind of solution?
    I created an account just to ask you this :)

Leave a Reply