When you install an app on an Android smartphone or tablet, it asks for access to data such as your location or address book. If you say no, you can’t install the app. Not surprisingly, this puts some people off:
Apple handles things differently. On its mobile operating system, iOS, apps don’t ask permission when they’re installed. Instead, iOS takes some permissions as a given—internet access for instance—but for more sensitive data, such as your photos or location, the app has to ask for access when you use it. That more closely relates the decision to grant access to the reason for asking for it.
That there should be a difference between Android and iOS, which between them control 96.3% of the smartphone market, isn’t surprising. They have different overarching philosophies: Android is free for any smartphone maker to use while iOS is for iPhones only. Developers can freely upload their apps to the Google Play Store while Apple has tight gatekeeping. Android is easily customized; iOS is not.
But both Apple and Google are making big changes to the nuts and bolts of how permissions work, and they’re moving in opposite directions: While Apple is making it harder for apps to get access to your data, Google is making it easier. Most users may not notice; compared to the design, functionality, choice of apps, and price, privacy often comes last in people’s decisions about which phone to use. But these little-noticed details will have a profound impact on how widely your data are shared with other companies.
A growing chasm
Last month, Google simplified the way apps ask for access on Android. Where before an app might specify, for instance, whether it needed to send text messages from your phone or only to read them, now the system just says the app needs access to SMS. Easy. But that also means giving up lots more permissions—particularly to free apps, which generally demand much more access:
The goal, a Google spokesperson says, is to make Android’s system “more useful as well as making the permissions easier to understand.”And users still have some degree of control: They can turn off automatic updates. But few people will know about or make the effort to do that.
By contrast, Apple’s forthcoming iOS 8 operating system will require app-makers to be much more careful about what data they request. They will have to explain to users why they need permissions. The operating system will remind users that such permissions have been granted. Some will be narrowed: It will be possible, for instance, to gain access on a one-time basis, or only to parts of the data (e.g., a single contact instead of the whole address book.)
In another privacy-conscious move, Apple is introducing a way to cloak the true identify of a phone from Wi-Fi networks that may be sniffing around for tracking purposes. That follows a long line of other such moves. Luis Abreu, an app designer who watched 17 hours of talks at Apple’s developer conference to identify all the security and privacy changes, makes the point well:
Applications must have a very good reason to access Location and make that clear to the user through the provided purpose description text or they will be rejected by the App Store team.
Different paths to the same destination
Why such differing approaches to permissions, when the ultimate goal of both companies is to give users as big a choice as possible of apps that are well made and easy to use?
One way to look at it is to consider Google as an underdog fighting back. Though Android is the operating system of four out of every five smartphones in the world and now has more apps in its store than iOS (most of them free; see chart above), serious app makers still build a version for iOS before they build one for Android. That’s because iOS is where the money is. So making life easier for developers is crucial for Google, while Apple can afford to tighten its ship.
But there is more going on. Android’s changes follow a predictable Google pattern. The company wants to simplify the experience for users while trying to obtain more data from them. An update to Google’s Gmail app on iOS 7 earlier this year, for instance, was advertised as fetching email in the background. But it also signed in users to various Google apps, ensuring that the company could track user movements across their products. In 2012, Google simplified its privacy practices by combining 60 disparate policies into an overarching one. That certainly makes it easier for users, who now only have to read one incomprehensible piece of text. But it also allowed Google to mine data across services. And so on.
“Android recognized that a lot of users didn’t update the apps because there were new permissions and they were getting stuck in the update section. And this is a way for apps to be able to update themselves regularly and work properly,” says Oliver Amar, CEO of MyPermissions, an app that allows users to see what permissions the apps installed on their phones use. “I don’t think there’s any malice in it. They’re just making sure developers have the ability to update when they want to.”
Apple on the other hand is less reliant on user data. It needs the stuff as much as any other company operating online today—but to improve its services, not as the basis of its business, which relies on selling hardware, not mining data to sell ads.
But the fact that Apple is giving users more control of their data doesn’t necessarily mean it cares more about their privacy than Google. Abreu suggests it is probably because Apple is aiming at the enterprise market and at children, both of which require much tighter controls, either by law or practice.
And nor is there much evidence that most users particularly care. There are roughly 1.5 billion smartphone users in the world today. Fewer than 10 million of them have downloaded MyPermissions.