Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google removes Android privacy feature, says it was inadvertently released

Google removed a much-lauded privacy feature when it released Android 4.4.2 last week. 

The feature, known as ‘App ops,' allowed users to pick and choose what individual apps could have access to data on their mobile, including user location or information on contacts. Now all Android applications have access to data on the device.

The technology and security experts at the Electronic Frontier Foundation (EFF) praised Google on Wednesday for the inclusion of the feature on Android 4.3 mobiles, but on Thursday, one day later, the EFF's opinion flipped 180 degrees when it learned that Google had removed the feature in the Dec. 9 update.

Why is this feature so important?

“Because it should be up to you to decide what data apps can collect from you when they live in your pocket,” Peter Eckersley, technology projects director for the EFF, told on Tuesday. “The iPhone has had these kinds of fine-grained, per-app privacy controls for a couple of years now.  They were added after a series of privacy scandals about data collection by iOS apps.”

Google maintains that the feature was included inadvertently and was never meant for users – or developers, for that matter.

A Google spokesperson confirmed to on Tuesday that the experimental code was accidentally added in Android 4.3 and was deliberately removed in Android 4.4. The spokesperson added that the feature is untested and that documentation was not provided to developers on how to build apps with ‘App ops' in mind.

“A lot of people were excited to be using it, and it's hard to understand how Google can justify taking those privacy protections away from people, rather than making them better,” Eckersley said. “We'd love to see it come back, but right now we don't even know if the management on the Android team thinks this sort of privacy protection is desirable.”

The Google spokesperson told not to use the term “killed” when referring to the decision to remove the feature because that implies it would never be a part of Android.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.