The problem with Android permissions is too much information and not enough information all at once

People freaking out over an Android app’s permissions again was overdue.

It’s a regular happening in the tech press. An app has questionable permissions and people freak out about it. Sometimes it’s warranted, but most of the time it’s because the people freaking out don’t understand the Android permission model or haven’t taken the time to see what reasons an app might have to need those seemingly sketchy permissions. And it’s Google’s fault. Sorry, Google, we love you, but this is all yours.

There are two ways to handle letting the user (that’s you and me) know what an app needs to do or needs to see in order to function. One way is to plainly state everything up front before that user installs it so they know exactly what can be done and seen. In other words, the Android way (mostly). Another way is to carefully screen each and every app and have the user trust your screening process and know that the app isn’t doing anything out of the ordinary. This is the Apple way. Both are good in some ways and bad in some ways.

It’s Serenity and crew’s job at iMore to tackle iOS issues on this front if it needs tackling— they’re more knowledgeable about them than I am — but we really need to talk about Android permissions here and why they need some attention from big G.

I’m going to pick on our own Android Central app here because I can look through the code or build it myself and know exactly what it does, what it can do, and why. Let’s start with what makes people freak out because there is a good example right in the picture above — prevent device from sleeping.

Why in the hell does an app to read a blog need to keep your phone locked awake? I don’t blame you at all if this is the first thing you think. In fact, I want it to be the first thing everyone thinks because we all need to be a little skeptical when it comes to software that we install on our phones. But our app has no intention of keeping your phone running all the time, and unless there’s a bug somewhere it doesn’t. We need that permission so that the screen doesn’t shut off while you’re reading this.

Tell us what those permissions mean and we’ll freak out less.

There are two very big issues here that Google can fix. One is hard but the other is easy, Like delicious pie easy. The hard one is to continue building out the APIs until we have one that can only keep the screen on. Let background data and everything else sleep until it’s used and keep the CPU idling unless it needs to ramp up for something else a user is doing. That’s all we’re using the prevent device from sleeping permission for anyway. If Google makes that API, we’ll switch to it. Until then, we need permission to keep your whole phone up and running even when we’re not doing anything in the background.

The second and easier thing that needs to be done is to give more information here. Once you decide that you’re going to give the user all the info about which permissions an app needs, you need to go a step further when you list them. What we have right now is either too much information or not enough information.

I am a nerd. I don’t even try to hide it. Plenty of the people reading this will also be nerds. What we see now on Google Play when permissions are shown was written by nerds for nerds. I understand it, my fellow nerds understand it, but a normal person who just wants to install a cool new app might not. Consider this:

  • Prevent your device from sleeping. This application needs to keep your phone from going into a sleep state. This can only happen while the app is running and shown on your screen and may not be processor intensive. If you have any questions you should ask the developer using the contact information at the bottom of the page.

That took me like 30 seconds to bang out on my keyboard. (And 20 more to fix the typos because I think I can type really fast without looking at my keyboard but I actually can’t.) It’s not the greatest explanation of what this permission might mean, but it’s a metric shitload better that what we have now. The people at Google are way smarter about Android than I am (but I challenge any and all comers to test my knowledge on Dunmer lore) and could do this even better. If they did, it would help people who actually bother to read the permissions when they see Twitter melting about an app needing GPS data because it’s a free ad-driven app that needs GPS to show you those “relevant” Target ads when you’re in the Target parking lot.

The Android permission model needs to be refined and explained. And not by nerds.

This isn’t a new problem. Since Android became popular people have seen too much information about needed permissions without enough information about those permissions and what they mean. Then they (rightfully) freak out about it. I enjoy those freakouts. I get to sit back and watch people actually care about mobile security and their precious personal data for a day or two. But the app developers surely aren’t very happy when it happens to them, and they are the reason Android is as popular as it is.

So how ’bout it Google? Can you make a change to give us everything we need to know when we actually look at an app’s permissions without going to the Android Developer site and reading a bunch of documentation about them? We’ll love you more.

KGI: iPhone 8 may supplant Touch ID with optical fingerprint & facial recognition sensors

iPhone 8 is widely expected to become Apple’s first full-face handset as the company is rumored to have devised ways of integrating Touch ID into the display assembly. A research note by KGI Securities analyst Ming-Chi Kuo, a copy of which was obtained by MacRumors, claims iPhone 8 may sport a new biometric identification technology that would supplant the good […]

_

Meitu — What you need to know about privacy and the filtering app

[record scratch]
[freeze frame]
[shot of Phil in Meitu app]

Yep, that’s me. You’re probably wondering how I ended up here …

Every now and then we get hit with an app that seems to just take over. The latest — and god help me, I’m about to talk about selfies — is called Meitu. There’s almost no way that you haven’t seen it — or at least the results from it — in the past week or so.

It’s one of those apps that takes your pictures and filters the hell out of them until you get something that looks like you, but not you. ln this case, you get a sort of China doll thing. It’s available for iOS (in the App Store) and Android (on Google Play), and there’s a good chance you’ve already seen it being shared all over Facebook and Instagram.

But you might want to think twice before you install it.

Subscribe to Modern Dad on YouTube!

So here’s the gist. You take a picture either with the Meitu app, or use one you’ve already snapped. The app then makeups the hell out of you in a LOT of different ways. The kids love this stuff. The cool new feature everyone’s talking about, though, is the “hand-drawn” filter. It’ll take a shot of you — or someone else — and change you up.

And that’s great. It’s a lot of fun. I feel pretty already.

But there’s also a reason why you might not want to install Meitu.

Apps that are loaded up with tracking code — analytics — aren’t anything new. Pretty much every single app (or website) you’ve ever used has had some sort of analytics tracking built in. Developers need to know how their products are being used. But questions have been raised about the way they’re implemented in Meitu, and rightly so. Particularly because it harvests your phone’s unique IMEI number. There are better and less-sensitive ways to identify a device.

For its part, Meitu has said that the red flags are because the app originally was coded for use in China, which has to do things behind a government-controlled firewall. Fair enough. But that doesn’t mean that’s the right way to code things for the rest of the world. Ultimately, you’re giving access to a lot of your data just slap some makeup on your mug. Choose wisely, and stay vigilant.

Apple sues Qualcomm over withholding $1B as ransom in a legal investigation

Apple on Friday announced it’s suing iPhone modem supplier Qualcomm, which owns many wireless patents, “after years of disagreement over what constitutes a fair and reasonable royalty”. The suit argues Qualcomm withheld nearly $1 billion in payments it owes to Apple as retaliation because Apple cooperated with the Korea Fair Trade Commission. Last month, Korean regulators slapped…

_

Best legal add-ons for Kodi

Kodi has a ton of quality — and legal — content available.

Kodi is one of the easiest ways to cut the cord and say adios to your monthly cable bill. Formerly XMBC, Kodi is a front end that streams media. It’s also super easy to install on just about anything that runs Android. Even if it’s Android in name only, like Fire OS on the Amazon Fire TV stick. If it can install and run Android apps, you can install Kodi.

Installing Kodi is only the first step, though. A media streamer doesn’t do much without media to stream. Setting up your own storage space and connecting it to your Kodi install is easy, but there’s a whole internet out there filled with media to stream. You just have to know where to start.

YouTube

Of course, YouTube is on our best list. YouTube is a free service where anyone can upload media. That means some of it is the worst media you can imagine, but there are also plenty of gems you can stream to your TV using the YouTube Addon. And installing it is simple.

  • Open the settings and click the icon labeled Add-ons.
  • Depending on the version of Kodi you’re running, you’ll see an icon that says Install from repository or Get add-ons. Click it.
  • Choose the Kodi Add-on repository
  • Under Video Add-ons you’ll see YouTube listed. Click it to install.

Twitch

I love Twitch. I don’t know why, but watching interesting people stream interesting games or other non-gaming content is almost as fun as playing them. And the Twitch add-on for Kodi is a great way to watch them.

It’s easy to navigate and use, even with a remote if you don’t have a keyboard. It also supports your account login and you can chat and spam Kappa just like you can from a PC. Though you might want a keyboard for that. But seriously, check out Paul and the gang from Windows Central on Twitch and tell them kappa sent you!

Installing Twitch is done the same way as the YouTube add-on above, Just search Twitch instead of YouTube.

The list

Instead of writing out hundreds of great add-ons through the official Kodi repository, I’ll direct you to the master list. You’ll find names you know like Hulu and Netflix as well as networks and programming you have never heard of. Every one of these add-ons is also 100% legal and above the board — nobody from your ISP is going to be sending you a nastygram.

You’ll install any of them the same way, right through the settings app on your Kodi box.

Official Kodi Video Add-ons

Our next three add-ons either aren’t listed in the official Kodi repository or are updated so often it’s better to get them from another source that’s quicker to add the new content. We’ll be using SuperRepo to install them.

Not everything at SuperRepo can make our legal list, but these are fine.

SuperRepo has tons of add-ons for Kodi. Some, like these, are completely on the level. Others fall into that gray murky area where ownership and copyright aren’t clear. That means you need to be careful and not just install every add-on that catches your eye if you want to comply with rules and laws.

And you really should comply with laws. Following even stupid laws you hate is a great way to stay out of trouble. But if you do dive in where words like legal don’t apply, use a VPN. DComcast or Time Warner or whoever you get your internet from is watching you.

To install the SuperRepo repository:

  • In the System category, open the File Manager.
  • Click the Add source icon.
  • Click the list (it might say “none”) to open a text box where you can add a new source.
  • Type http://srp.nu in the text box, and give it the name SuperRepo. Click Done.

Now you’ll see Super Repo in your file manager. The files you see will all install an add-on just by clicking on them.

USTVNow

This is the first one to find in your new SuperRepo source. USTVNow is an online version of the cable channels you’ll find through your cable company. CNN, NBC, Cartoon Network and a ton more are available and you’ll always be able to find something to watch. You’ll also find USTVNow in the official Kodi repository, but for faster updates and all-around better service, we recommend using the SuperRepo source.

USTVNow (the name is a clue) is for people in the U.S. only and requires an account. You can set that up, as well as stream to your computer, at USTVNow.com.

FilmOn TV

FilmOn TV is a service that offers both free and premium content. Good, current content. Whether you’re looking for UFC matches, catch up on your favorite cable show or watch a-list movies you’ll find them at FilmOn TV. You can also watch over 600 live TV channels or set up a recording to watch a show at your leisure. Paired with USTVNow, FilmON TV makes cord-cutting easy.

You will need to set up an account at FilmOn.com.

Dbmc (Dropbox)

Dbmc isn’t a full Dropbox client. It’s a way to view or listen to stuff in your Dropbox. You can be boring and productive while looking at TPS reports or you can watch any video you have collected and uploaded into Dropbox. It’s also a great way to build a slideshow of your photos on the big screen.

Dbmc is also available through the official Kodi repository, but we’ve found the SuperRepo version to be quicker on the updates.

Of course, you need a Dropbox account.

If you’re using Kodi and have a favorite of your own that’s nto on our list, shout out in the comments so everyone can check it out!

How to fix voice search problems on Gear VR

How do I enable voice search for my Gear VR?

When it comes to browsing the web in VR, Samsung has made it easier than most with the Samsung Internet app for Gear VR. The ability to surf the web and watching anything you come across is generally pretty easy, though reading isn’t always the best experience.

A key part of this experience is voice search, making it so you don’t have to type every character out by pointing your face at a key on a virtual keyboard. On occasion, this feature can become interrupted by other apps on your phone. Thankfully it’s an easy fix, and one that can be handled in just a few minutes.

Read more at VR Heads!

Get the straight talk about Smartphones