“But that’s the way we’ve always done it” never really works as an excuse for an unforeseen problem. The reasoning behind Android’s ability to let app developers access personal smartphone photos without permission is understandable, but it actually goes against a core Android design principle.
The New York Times has had quite a week when it comes to uncovering ways that rogue application developers can exploit both iOS and Android in order to obtain personal photos. Earlier in the week it reported that iOS applications can access and upload photos stored on your iPhone simply by asking you to share your location with the app (Apple is believed to be working on a fix.) On Thursday it reported that Android apps can do the same thing without asking for any permission at all.
How is this possible? Google’s explanation, provided to the Times:
We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images. As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images.
As many have noted, this is sort of how computers have worked for a long time. If an application prompted you every time it needed to access a file, you’d do nothing but approve prompts, as MG Siegler pointed out in a post dismissing the concerns articulated by the Times as similar to those of people who never leave the house because they’re scared of getting robbed.
But the example the Times used to test this out involved a timer app that uploaded photos from the phone when the user started the timer. It’s not unreasonable to suggest that an app designed for the most personal computing device we’ve ever created should have to ask your permission before being allowed to do something completely unrelated to its core function.
In other instances, Google agrees: just look at its response to the Path/iOS address book snafu. When you install an app on a mobile operating system that is has been touted by its creators as more secure than the competition because it requires developers to ask your permission to do absolutely anything–and that app does something that it never asked your permission to do–you have a right to be annoyed.
Google won’t even let an Android application access the Internet unless the app developer tells Android that the app intends to access the Internet. Applications have to declare their intention to “write to the SD card,” as Facebook’s Android application does before it is downloaded. But they apparently don’t have to declare their intention to “read from/access the SD card,” which Facebook is obviously allowed to do so its users can upload photos.
The company needs to find a way to require app developers to list something like “access to photo library” alongside the list of permissions it requires app developers to submit before their app is allowed to upload photos. That doesn’t mean the app has to ask your permission every time it wants to access a photo: it just needs to tell Android that it reserves the right to do so once installed and allow potential users to see that intention before they install the app.
Assuming you read that list of permissions before you download Android apps, you might wonder why a timer app needs to access your photo library. And if that bothers you, you might go off and find one that doesn’t feel the need to make a copy of your photos.
Mobile computing isn’t going to turn into a nanny state if Google requires Android app developers to be honest about their intentions, a policy that it applies to just about every other piece of personal information on an Android phone except photos. The only people who lose in that situation are those who would exploit your photos for their own benefit.