I’ve read in the blog about this “privacy impact” feature which seems to become effective after you installed an app but before you actually launch the app. Although I like the feature, I wonder if it’s really effective: Many apps install (system) services, and afaik they get launched even before launching the actual app.
Personally, I think this feature should pop up during the installation of an app. For instance, you could make two apps in the app installer dialog: One with privacy impact, and one with the “traditional” and more detailed information Android gives.
Yes, many apps install background services. These services may start themselves, e.g. after booting. However the user needs to launch the app at least once for these services to be activated.
I assume that many malicious apps install services and don’t provide icons in the launcher, so they need to have a way to start them as service without user interaction. Also some of those anti-theft type of apps do the same thing.
I don’t think Privacy Impact is meant to address malware.
To provide the same Info for Services and Apps that don’t have an Interface it would indeed need to start before installing the Service/App, but I guess for that it’d need root access, wouldn’t it?
Sure. But it’s a feature built into the ROM, otherwise it also couldn’t hijack into the process when you start an app. Or it’s part of the launcher, then you would loose it if you used an alternative launcher. I guess it’s the latter and thus has only limited capabilities - including the limit of not being able to address services.
Okay, then maybe we could try to find an app which installs a service and then check if the service gets launched after a reboot if you did not run the app before (so just install it). Any suggestions?
Privacy Impact is baked in at the operating system level, and it effectively intercepts any launch from an app - so hidden/boot services should not be able to bypass it.
I’m also not sure if Privacy Impact is that useful. Most users seem not to understand it and it doesn’t seem to work well at app level. As long as it can’t create fake data and is ‘too polite’ (and the user really wants to use the app …), there is no real benefit for a normal user. But maybe I’m misunderstanding how it works.
In my humble opinion the whole privacy impact feature is pointless. Not saying that it wasn’t a nice thought as a substitute for a missing privacy framework in 5.1. But given the fact that obviously everyone just turns it off very soon shows that it is hardly wanted to be used. Moreover I have strong doubts that it actually is helpful or really informative. Together with the fact that it actually does not work but still is buggy, I think it rather back fires and causes much more harm than it is useful.
Point is, I’m very sceptical of its usefulness and practicality.
It could also be a misunderstanding: The users think they will be nagged by Privacy Impact every time they tap on the app icon. I think Fairphone has to make more clear that Privacy Impact will be shown only once per app.