If you've been using Google's hidden App Ops to lock down and prevent some of your Android applications from exposing your privacy, then think twice before updating to the new Android 4.4.2 software.
App Ops was Google's hidden gem that was built into the Android OS since 4.3 Jelly Bean, and it allowed you to control which apps had access to track your current location, read and modify contact information, and more.
It was meant more as an internal tool for Google, not for individual use, but was easily unlocked using tools like Permission Manager and App Ops Starter on Google Play. Though it had the potential to break app functionality in certain cases, it allowed you to prevent apps from collecting and sharing data that had no good reason to do so, like in the case of Brightest Flashlight Free, which the FTC caught maliciously accessing and sharing users' location data to advertisers.
It was also reported earlier this year that over 260,00 mobile apps with malicious intentions were floating around, and that most of them were Android. This report also claimed that 3 in every 5 third-party Android app stores serve up malware, which makes you appreciate the hidden App Ops even more.
However, in the recent Android 4.4.2 KitKat update, Google has officially wiped App Ops out of the system, meaning apps like App Ops Starter will no longer work until they find a workaround for gaining access.
Now, the EFF is working hard to get App Ops back, even though they know it wasn't widely accessible to the general public without certain know-how. In fact, they had just lauded App Ops as a great step forward in privacy and security in Android, and are looking to Google to bring it back with the following improvements.
- Android users should be able to disable all collection of trackable identifiers by an app with a single switch, including data like phone numbers, IMEIs, information about the user's accounts.
- There should be a way to disable an app's network access entirely. It is clear that a large fraction of apps (including flashlights, wallpapers, UI skins, many games) simply don't need network access and, as we saw last week, are prone to abuse it.
- The App Ops interface needs to be smoothed out an properly integrated into the main OS user interface, including the Settings->Apps menus and the Play Store. There are numerous ways to make App Ops work for developers. Pick one, and deploy it.
In the meantime, if you updated your Android device to KitKat 4.4.2 and want App Ops back, you can do so by either converting to a CyanogenMod ROM, or rooting and installing the Xposed framework, along with the AppOpsXposed module by XDA member caspase.
For more help on installing and using Xposed, you can check out any of our installing Xposed guides for the Samsung Galaxy S4, HTC One, and Nexus 7. With the Xposed framework on your device, you can even feed apps fake data using XPrivacy if you'd rather mislead those malicious devs instead of blocking them entirely.
If you don't want to root your device, you can always downgrade your OS.