Reverse engineering android applications (part 2)

Taking a look at a single application, an  ebook I bought from O’Reilly that also had an Android app format it looks like my suspicions were correct.

When I take it apart I can see it is looking like advertising and usage information that are the main sources of the need for all the networking.

The O’Reilly application appears to use AdMob and Google Analytics.  AdMob does advertising which can be geo-aware which causes it to want to find your location.  The advertising probably explains a lot of the permissions requested.  I understand the need for ads in a lot of applications and I definitely sympathise with using analytics to allow you to figure out basic things about your user base so that you can improve your application in ways users are more likely to care about.  The problem is I still didn’t install the app because of those permission requirements.  And there are a bunch more I haven’t installed either.

I would be a lot happier if google came up with a standard API so that they could label the functions wanted ‘advertising’ and ‘collecting usage statistics’ as needed permissions instead of access to networks etc.  That way an app can use those facilities without needing to light up all the other permissions if it doesn’t need them.

There would be a friction if they were the only allowed supplier of ads on the platform but I would have thought that they could come up with an API that allows for restricted information to be communicated from the device while still allowing it to hook up to arbitrary ad/analytic providers.

The key thing is giving the user a clearer and narrower set of permissions to allow while allowing the app developers to use key services not directly related to the functionality of their applications.  If I saw ‘‘advertising, collecting usage statistics and sd card access’ as a requirement I’d be much more likely to allow it than the current, ‘wireless, gps, mobile data, sd card, your life, your wallet….’.

It’s not necessarily an easy problem but it ought to be solve-able.

Of course they might have already fixed this.  My phone is only running Android 1.6 and I’m not an Android developer, at least not yet…