I’ve read in the blog about this “privacy impact” feature which seems to become effective after you installed an app but before you actually launch the app. Although I like the feature, I wonder if it’s really effective: Many apps install (system) services, and afaik they get launched even before launching the actual app.
Personally, I think this feature should pop up during the installation of an app. For instance, you could make two apps in the app installer dialog: One with privacy impact, and one with the “traditional” and more detailed information Android gives.
What’s your opinion about this?
I don’t think Apps usually start background processes before you started them the first time. Could you give an example of an App you think does that?
Yes, many apps install background services. These services may start themselves, e.g. after booting. However the user needs to launch the app at least once for these services to be activated.
Afaik many apps (like e.g. facebook) install background sync services and stuff. But I don’t use such apps, therefore I can’t tell for sure…
Yes they install those, but they can’t really take effect before you start the app and log in can they?
Well, afaik services don’t need a user interface at all and can be even accessed by other apps than the original “app” which installed the service:
I assume that many malicious apps install services and don’t provide icons in the launcher, so they need to have a way to start them as service without user interaction. Also some of those anti-theft type of apps do the same thing.
I don’t think Privacy Impact is meant to address malware.
To provide the same Info for Services and Apps that don’t have an Interface it would indeed need to start before installing the Service/App, but I guess for that it’d need root access, wouldn’t it?
Sure. But it’s a feature built into the ROM, otherwise it also couldn’t hijack into the process when you start an app. Or it’s part of the launcher, then you would loose it if you used an alternative launcher. I guess it’s the latter and thus has only limited capabilities - including the limit of not being able to address services.
Nope, just tested with KISS Launcher: Privacy Impact works there too…
Okay, then maybe we could try to find an app which installs a service and then check if the service gets launched after a reboot if you did not run the app before (so just install it). Any suggestions?
Privacy Impact is baked in at the operating system level, and it effectively intercepts any launch from an app - so hidden/boot services should not be able to bypass it.
I’m also not sure if Privacy Impact is that useful. Most users seem not to understand it and it doesn’t seem to work well at app level. As long as it can’t create fake data and is ‘too polite’ (and the user really wants to use the app …), there is no real benefit for a normal user. But maybe I’m misunderstanding how it works.
In my humble opinion the whole privacy impact feature is pointless. Not saying that it wasn’t a nice thought as a substitute for a missing privacy framework in 5.1. But given the fact that obviously everyone just turns it off very soon shows that it is hardly wanted to be used. Moreover I have strong doubts that it actually is helpful or really informative. Together with the fact that it actually does not work but still is buggy, I think it rather back fires and causes much more harm than it is useful.
Point is, I’m very sceptical of its usefulness and practicality.
Absolutely true. Every day, on this forums or on local Facebook group comes people with “bugs” related to Privacy Impact… For what? Which benefit?
In addition of this, the post explaining this situation is not anymore pinned on top threads to warn users who are not aware of this bug.
It could also be a misunderstanding: The users think they will be nagged by Privacy Impact every time they tap on the app icon. I think Fairphone has to make more clear that Privacy Impact will be shown only once per app.
Technically it seems to me that privacy impact interferes before the launch activity is created but after the application has been started.
(at least I ran into breakpoints in the Application derived class while the privacy impact notification was up)
So I do not think it is meant to protect users from malicious software but to notify them of the impact an app has.
Considering its settings are being placed under “sounds and notifications” and not under “security” that seems absolutely fine.
It may however be that users misinterpret what privacy impact does and what it is not meant to provide.