When a mobile application is about to be installed on an Android phone, the mobile operating system asks the user to grant all permissions requested by the app. If the user refuses, they app is not installed but if the user agrees the user has no way or allowing only specific updates for that app later down the road.
This peculiar feature of Android has raised some security and privacy issues with some users as many apps use it to obtain permissions that relate bundled advertising. Recently, the Google Play app store also began grouping permission into categories instead of listing them individually. This makes it hard for user to determine exactly what permission they are granting.
An upcoming version of the Firefox mobile OS aims to provide users with greater control over application permissions. Code for Firefox OS 2.1 is expêcted to be completed this November, according to online technology publication PCWorld.com
In a recent blog, Frederik Braun, security engineer for Mozilla, cited another issue with so-called Alarms API that allows apps to get opened at a specific time. While there is nothing inherently bad alarm functions based on timezones, he said it is often hard for users to know what the app will do with this permission.
He said the OS will also feature a new developer setting called Verbose App Permissions that allows users to alter permission by application.
“The typical list in the Settings app will show you all the permissions an app has and allows you to set them to Allow, Prompt or Deny,” Bruan said. “This feature, however, only targets the Privileged apps.”
Braun said security model for Firefox OS 2.1 is based on contextual prompts.
“So for APIs that are understandable and human meaningful like geolocation, using the camera or recording audio, the OS will prompt the user,” he said. “You save & remember these choices and later revisit them in the Settings app under App Permissions. You may set them to Allow, Prompt or Deny.”