Android privacy just got a lot better. The 4.3 version of Google's mobile operating system now has hooks that allow you to override the permissions requested by the apps you install. So if you download a flashlight app that wants to harvest your location and phone ID, you can install it, and then use an app like AppOps Launcher to tell Android to withhold the information.
Peter Ecklersley, a staff technologist at the Electronic Frontier Foundation, has written up a good explanation of how this works, and he attributes the decision to competitive pressure from Ios, which allows users to deny location data to apps, even if they "require" it during the installation process.
I think that's right, but not the whole story: Android has also always labored under competitive pressure from its free/open forks, like Cyanogenmod. In the days when Android didn't allow tethering (as a sop to the mobile carriers, who are the gatekeepers to new phones for many people), Cyanogenmod signed up large numbers of users, simply by adding this functionality. Google added tethering to Android within a couple of versions. Some versions of Cyanogenmod have had the option tell your phone to lie to apps about its identity, location, and other sensitive information -- a way to get around the "all or nothing" installation process whereby your the apps you install non-negotiably demand your "permission" to plunder this information. I'm not surprised to see the same feature moving into the main branch of Android.
This dynamic is fascinating to me: Google has to balance all kinds of priorities in rolling out features and "anti-features" (no tethering, non-negotiable permissions) in Android, in order to please customers, carriers and developers. Free/open forks like Cyanogenmod really only need to please themselves and their users, and don't have to worry so much about these other pressures (though now that Cyanogenmod is a commercial operation, they'll probably need to start playing nice with carriers). But because Android competes with Cyanogenmod and the other open versions, Google can't afford to ignore the featureset that makes them better than the official version. It's a unique, and extremely beneficial outflow of the hybrid free/commercial Android ecosystem.
In the early days, that model was at an improvement on its major competitor, Apple's iOS, which didn't even have a permissions model. But after various privacy scandals, Apple started forcing apps to ask for permission to collect data: first location and then other categories, like address books and photos. So for the past two years, the iPhone's app privacy options have been miles ahead of Android's.
This changed with the release of Android 4.3, which added awesome new OS features to enhance privacy protection. You can unlock this functionality by installing a tool like App Ops Launcher. When you run it, you can easily control most of the privacy-threatening permissions your apps have tried to obtain. Want to install Shazam without having it track your location? Easy. Want to install SideCar without letting it read your address book? Done.2
Despite being overdue and not quite complete, App Ops Launcher is a huge advance in Android privacy. Its availability means Android 4.3+ a necessity for anyone who wants to use the OS while limiting how intrusive those apps can be. The Android team at Google deserves praise for giving users more control of the data that others can snatch from their pockets.