Well, that didn't take long: shortly after Google added a new Android feature that let you deny apps access to your sensitive personal data, they have revoked it. This is frankly terrible, and the Electronic Frontier Foundation's Peter Eckersley has some very pointed commentary, recommendations for Android customers, and advice for Google:
A moment ago, it looked as though Google cared about this massive privacy problem. Now we have our doubts. The only way to dispel them, frankly, is for Google to urgently reenable the App Ops interface, as well as adding some polish and completing the fundamental pieces that it is missing:
* Android users should be able to disable all collection of trackable identifiers by an app with a single switch, including data like phone numbers, IMEIs, information about the user's accounts.
There should be a way to disable an app's network access entirely. It is clear that a large fraction of apps (including flashlights, wallpapers, UI skins, many games) simply don't need network access and, as we saw last week, are prone to abuse it.
The App Ops interface needs to be smoothed out an properly integrated into the main OS user interface, including the Settings->Apps menus and the Play Store. There are numerous ways to make App Ops work for developers. Pick one, and deploy it.
In the mean time, we're not sure what to say to Android users. If app privacy is especially important to you — if, for instance, you want to be able to install an app like Shazam or Skype or Brightest Flashlight without giving it permission to know your location — we would have to advise you not to accept the update to 4.4.2. But this is also a catastrophic situation, because the update to Android 4.4.2 contains fixes to security and denial-of-service bugs. So, for the time being, users will need to chose between either privacy or security on the Android devices, but not both.
Google, the right thing to do here is obvious.