I don't own an IOS phone but they do use some kind of permission scheme when installing apps. So, no comments on IOS.

Anyway, on android it's accept these permissions or you don't install it.

I believe in 4.3+ they had a feature called AppOps which allow you to manage those permissions. I just found out they disabled access to it from the users. It's still available but it's hidden and the only way to access it is by rooting the phone. Personally, I don't like rooting any phones because things can go wrong, well sometimes and you'll end up with an expensive paper-weight.

I like android and I like using it but the permissions based scheme of android is less to be desired.

yeah i installed lbe which allows you to prevent some nefarious permissions from random apps (like google-maps asking to read your contact list) but it doesnt feel like it is part of the os.

Yeah. The android developers have to come up with a more practical way of allowing us users to enable and disable some permissions while still letting us install the app.

Thanks for the reply

It's one of the main reasons I am doubtful I'll buy an Android device when I "upgrade" my current "feature phone".
I think not allowing the end user granular control over permissions, if they wish, as part of the OS is appalling and insulting and points to a company who wants its users to have their privacy violated by all comers.

1 members found this post helpful.

what is the most obscure permission requested by an app that you noticed.
for me its 'media hub' requesting my gps location.

My phone is Symbian but I did see some "weather" "app" which appeared to need my contacts to function. I seems most Android or iOs "apps" need access to your location to do anything, for some reason.

I understand some apps requires certain permissions based on the function and/or purpose of the app, but some apps make you scratch your head as to why does it need my contacts, my personal information, my location and etc?

The answer is pretty much obvious, It's all about selling your information.

Even though android is using a linux kernel and a locked down system, I can't wait the day a true genuine GNU/Linux smartphone/tablet be available where you can su to root when needed and use GNU programs and install many other linux programs not found in android and the play store.

That would be awesome!!!

1 members found this post helpful.

After all this are only apps. If you don't like that some of them want permissions for things not even slightly related to their intended function then don't install them. Those developers try to make money and if you just don't install their apps they see that they don't get away with such strategies, while installing it nonetheless and then disabling such permissions (ever tested if those third party apps to manage permissions actually work?) does not.
Vote with your feet, but you can only do that if you don't use such apps at all, not if you use them with disabled permissions.
I am fine with my Android phone, but I would never install such an app, so that I not falsely encourage developers that publish those apps.

True, true. And believe me, if an app that doesn't have any reason to access this type of permission, I always decline to install it.

From what I've seen eschewing the "apps" which don't ask for all permission seems to leave one with a vastly smaller choice -- meaning the whole "huge number of apps" is a lie.
Then there are the situations where one doesn't want to give permission that could be considered legitimate -- not wanting a VIOP app to have access to contacts, for example, so that one can keep a separate list -- there is no malicious intent asking for the permissions but one may not want them.
If an almost-extinct phone OS can give granular control then the only reason for a modern one not to is by design so i can only surmise that Google want the user to be powerless.

I don't quite get how Google comes into play here. Which permissions an application wants is solely defined by the developers, not by Google, AFAIK. Not giving the enduser access to manipulate those permissions can have a totally different reason: I would think that the number of support requests from users who have not set up the permissions correctly for a specific app would be overwhelming, seeing the vast number of Android devices activated every day, which outnumber any other OS by far.
And it is not that I as an enduser have no choice, I can choose myself if it is OK to me to give those permissions to any app I install. The same way I can choose not to install a program on a PC, when it looks cheesy to me. That there are certain people that don't care is not Google's fault.

Google is kinda evil (why do they want my actual whole name to use hangouts video conference -- used to work with just my initials).

What bothers me is that other people give people like Facebook my name, number, address, birthday,... when they install the app on android/ifone.

Googe made the API and seem to encourage lazy developers to ask for the kitchen sink when it comes to permissions. This also encourages end users not to think about what an app is asking for or, in some cases, end users are naive enough not to realise that an app is asking for something it doesn't need. Take access to telephony as an example -- I don't recall exactly how google word it but the distinction between data connection and the ability to make phone calls is a tough one to make to a non-techie end user.
The support calls argument is one I did expect because it makes sense -- but that's a poor excuse and if it's true it's not exactly "doing no evil" to put the fact support calls could cost money ahead of customer education and protection.
Google want it both ways -- they want this magical "Google app store" but they want to spend no time and money policing it and no time or money helping users have some control over what the apps do. That's because their customers are the add companies they provide demographic information to by taking every little piece of information they can squeeze out of their users. When you use a Google device you are the product not hte customer and this kind of thing makes it very clear that that is the case.
Contrast it with Apple, who I dislike for other reasons, who provide a walled-garden app store that tried to protect their customers because their customers are their end users from whom they extract their revenue.
Or, as I mentioned, contrast it with Symbian which for many years ruled the "smart phone" market which was sold by Nokia (sometimes via telcos) to customers and allows much more control.

1 members found this post helpful.

I can't see that they are doing that, any links to a site were they encourage this behavior?
Sorry, but IMHO those endusers that don't care about permissions when they install an app will also don't care when they have a menu somewhere that can be used for more fine-grained permission control.

Android users are not normal Linux users, they use their phone as an appliance, if they want a functionality they install it. In my opinion it is simply the better approach to tell them about the permissions an app wants before they install it, they won't change it afterwards anyways.
True, but the problem is: It is not Google asking for permissions to get your data, it is the app developers and they are also the ones getting the data. You can hardly blame Google for that.

1 members found this post helpful.

I don't think this is entirely true. I think some people are intelligent enough to make a choice about these things so either they're not installing the apps and missing out because of that or they're installing the apps due to, for want of a better way of putting it, peer pressure. A few extra warnings would raise awareness of what apps can do and waht information others want but, again, this would risk raise awareness of how Google themselves are funding the whole thing.

By Google encouraging the developers to do this I mean that unless every app that asks for phone book access is malicious, for example, then developers are demonstrably asking for permission they do not need. Whether this is down to the API being badly put together or a slapdash "we'll ask for it now in case we need it later" approach I don't know but Google don't seem to know or care either. Again, because it's not their business to know or care as it's irrelevant to them.