Why are android permission so broad?

Question

I was reading a review for a game on the play store where someone gave a bad review saying that the game looked cool but it required access to photos, media and such which encouraged the user to uninstall rapidly. The developers replied to this person saying that they valued users privacy and what not but they didn't have a choice because they needed that to actually save the progress. This totally makes sense that they would require access to internal or external memory to save.



I was reading that some games also require access to phone call so that they could pause the game when you get a call which also makes sense. But the displayed message for the user is that the app will have access to your calls, can make calls (which could cost you money) which is a red flag for some users.



I'm guessing that most games don't use permission in a malicious way but to prevent any why aren't permissions more restrictives/specific ? I'm assuming that the vast majority of games use file permission just to save and nothing else, why not make a save permission ? I also assume that having more restrictive permission might increase the number of required permission for some game which could potentially be annoying for the majority of user.


Tapaka | Sources

Answer

As an Android developer, this is an especially frustrating aspect about delivering apps into mass market.



The wording on permission models have caused great grief, as you have pointed out, but it has gotten better. In fact, prior to Android 5.1.1 (API 22) apps were required to request all of their permissions up-front, at install time.



Now, permissions are generally requested when they are needed - i.e., when a protected API is accessed at runtime - allowing developers in-app time to explain their intentions.



If the developer of an application were respecting the spirit of permissions enough, their applications would, ideally, still function without being granted a particular permissions.



Obviously, if you deny a photo app access to, say, the Pictures directory, the app experience might not be stellar. However, an app should still continue to function - that is, without crashing - regardless of granted permissions.



Also, as others have pointed out in the comments, developers and publishers are encouraged to provide meaningful insight into why their app needs the permissions it is requesting.



Now, focusing on your main concern:




. . .why aren't permissions more restrictives/specific ?




They are becoming more restrictive/specific. For example, Google has introduced Scoped Directory Access.




Apps such as photo apps usually just need access to specific
directories in external storage, such as the Pictures directory.
Existing approaches to accessing external storage aren't designed to
easily provide targeted directory access for these types of apps. For
example:




  • Requesting READ_EXTERNAL_STORAGE or WRITE_EXTERNAL_STORAGE in your
    manifest allows access to all public directories on external storage,
    which might be more access than what your app needs.




Note the bullet point - relating to the game you mention, the developers could leverage scoped directory access models to fine-tune their permission requests. That, in tandem with clear and concise permission explanations, would strengthen trust for app's users.



Why haven't they, as well as many other apps out there, already utilized this feature? Well, the scoped directory APIs become available in Android 7.0 - meaning only devices running Android 7.0+ can actually use it. It is often simply a matter of prioritization for developers on whether or not to implement different behavior on different devices. Personally, I believe in doing what's best for the platform, but I digress. Feel free to reach out to the app's support channels requesting changes or deeper explanations for their permission requests.


CzarMatt | Sources

Q & A

Webpage objects extend beyond visibility
What smartphone and/or app support voice dialing on speakerphone like Moto X 2nd Gen?
What system app handles the screenshots in Lollipop?
“There's been a change to your Google account” message and password prompt?
My Nexus 6P just entered bootloop mode
How to use tablet-only apps on normal 5 inch phone?
Google Now cards not loading
Home shortcut on Apple bluetooth keyboard
How to Emulate hardware menu button
Broken device after uninstalling King Root
Can't check 'Phone Audio' setting for a Bluetooth headset
How to set a blank property
Is the Android default calendar open source?
My yu Yureka is bricked now I tried installing nougat with cm-14 but there is a error being displayed while installing cm 14 (comparing tz version)?
Unable to sideload a file to One Plus One. What are my alternatives?
How do I set up Slack to send notifications to my Android phone?
Restore Whatsapp
How to restrict some tracks from playing in 'Shuffle tracks'
How to turn off Wi-Fi 15min after it had been turned on?
Lock screen notifications rearrange themselves for seemingly no reason

Topics

2D Engines   3D Engines   9-Patch   Action Bars   Activities   ADB   Advertisements   Analytics   Animations   ANR   AOP   API   APK   APT   Architecture   Audio   Autocomplete   Background Processing   Backward Compatibility   Badges   Bar Codes   Benchmarking   Bitmaps   Bluetooth   Blur Effects   Bread Crumbs   BRMS   Browser Extensions   Build Systems   Bundles   Buttons   Caching   Camera   Canvas   Cards   Carousels   Changelog   Checkboxes   Cloud Storages   Color Analysis   Color Pickers   Colors   Comet/Push   Compass Sensors   Conferences   Content Providers   Continuous Integration   Crash Reports   Credit Cards   Credits   CSV   Curl/Flip   Data Binding   Data Generators   Data Structures   Database   Database Browsers   Date &   Debugging   Decompilers   Deep Links   Dependency Injections   Design   Design Patterns   Dex   Dialogs   Distributed Computing   Distribution Platforms   Download Managers   Drawables   Emoji   Emulators   EPUB   Equalizers &   Event Buses   Exception Handling   Face Recognition   Feedback &   File System   File/Directory   Fingerprint   Floating Action   Fonts   Forms   Fragments   FRP   FSM   Functional Programming   Gamepads   Games   Geocaching   Gestures   GIF   Glow Pad   Gradle Plugins   Graphics   Grid Views   Highlighting   HTML   HTTP Mocking   Icons   IDE   IDE Plugins   Image Croppers   Image Loaders   Image Pickers   Image Processing   Image Views   Instrumentation   Intents   Job Schedulers   JSON   Keyboard   Kotlin   Layouts   Library Demos   List View   List Views   Localization   Location   Lock Patterns   Logcat   Logging   Mails   Maps   Markdown   Mathematics   Maven Plugins   MBaaS   Media   Menus   Messaging   MIME   Mobile Web   Native Image   Navigation   NDK   Networking   NFC   NoSQL   Number Pickers   OAuth   Object Mocking   OCR Engines   OpenGL   ORM   Other Pickers   Parallax List   Parcelables   Particle Systems   Password Inputs   PDF   Permissions   Physics Engines   Platforms   Plugin Frameworks   Preferences   Progress Indicators   ProGuard   Properties   Protocol Buffer   Pull To   Purchases   Push/Pull   QR Codes   Quick Return   Radio Buttons   Range Bars   Ratings   Recycler Views   Resources   REST   Ripple Effects   RSS   Screenshots   Scripting   Scroll Views   SDK   Search Inputs   Security   Sensors   Services   Showcase Views   Signatures   Sliding Panels   Snackbars   SOAP   Social Networks   Spannable   Spinners   Splash Screens   SSH   Static Analysis   Status Bars   Styling   SVG   System   Tags   Task Managers   TDD &   Template Engines   Testing   Testing Tools   Text Formatting   Text Views   Text Watchers   Text-to   Toasts   Toolkits For   Tools   Tooltips   Trainings   TV   Twitter   Updaters   USB   User Stories   Utils   Validation   Video   View Adapters   View Pagers   Views   Watch Face   Wearable Data   Wearables   Weather   Web Tools   Web Views   WebRTC   WebSockets   Wheel Widgets   Wi-Fi   Widgets   Windows   Wizards   XML   XMPP   YAML   ZIP Codes