Privacy, permission, and opting out

Earlier today I got an update notification for the Facebook app for Android, and to install the update I had to agree to some new permissions:BcFRREcIAAA9tvW.jpg_large

The thing is, I don’t agree to those new permissions. So I tweeted this:

Looks like this new update to Facebook for Android means it's time to uninstall the app.

It seemed to hit a popular nerve and got retweeted a handful of times, but then I started to get people telling me I was in error or having a knee-jerk reaction. Twitter’s 140 characters are great for short bites but somewhat lacking in context, so I thought I’d (hastily) put together this explanation.

I don’t believe that my personal data should be a condition for installing an app. I believe that when an app or service wants my data, it’s entering into an exchange with me. For me to be happy with the exchange, I need a satisfactory answer to these three questions:

  1. For what purpose do you want my data?
  2. What do I get in return?
  3. How can I get my data deleted if I change my mind?

In my opinion, Facebook’s explanations aren’t satisfactory. In the case of SMS permissions, they give the example of using SMS confirmation codes for authorisation. This is a reasonable example, but the wording is clear that it is only an example of what they require the permission for.

That causes what is, to me, an unacceptable ambiguity: a permission may be granted for a use I deem reasonable now, but once granted it doesn’t have to be requested again for a reason which I may find unreasonable.

Perhaps it doesn’t mean that, and maybe I’m being paranoid, or uncharitable, or thinking the worst, but to be honest, I’m a very light Facebook user and I don’t need the hassle of working out whether that’s the case or not.

So I don’t agree with the latest permission requests, and as they’re not optional requests I took the only course of action open to me and uninstalled the app. I’m not thinking about terminating my Facebook account, I can avoid the permissions issue by using the mobile website instead, so I will.

If Android had an optional permissions model, or if there were definite guarantees from Facebook about what these permissions were required for, this would have all passed without incident.

There are, of course, much bigger conversations being held about personal data and privacy, but it’s almost Christmas and I should stop writing this.

2 replies on “Privacy, permission, and opting out”

I get very perturbed by those as well, but I think partly the Android model doesn’t allow for much granularity.

What I would like is to be able to install the app without giving certain permissions (e.g. read my contacts or SMS), and it has to ask each time it wants those. I should then have the options: Allow, Reject, and a tick box for Always do this.

That would require some updates to Android / playstore, and how they write the apps though :-/

Lanyrd is a great example of this, where it doesn’t ask for write permission to your twitter account unless you try and do something that requires it, then you authenticate for a temporary pass.

Comments are closed.