I see Android 7.1.1 as a significant improvement over 5.x .

In Android 7.1 , Google seems to have taken an aggressive approach to rectifying this problem and this problem.

Not only do newer versions of Android give users control over granting each permission to an app that requests it, thus slowing down privilege escalation attacks that have been possible in the past. But Android 7.1 actually rolls back permissions, which have been granted in the past. When we upgrade, the apps are optimized in such a way that many of their permissions default to Not Granted, until an effort is made by the user to Grant Them.

Further, since version 6.0.1 , Android has a feature called Doze. What it seems to do is cancel alarms which apps had set, to wake themselves again in the background. It cuts down significantly on the battery consumption of a fully up-to-date Google Pixel C.

Unfortunately, this also interferes with how the email apps Kaiten and K-9 work, which try to poll the email servers at regular, user-configured intervals, but which eventually stall in their older way of doing so, instead displaying the message ‘Sync Disabled’. On my own Pixel C, I have had to whitelist the Kaiten app, to exclude it from Battery Optimization manually, so that now it is fetching emails from the server again.

Continue reading I see Android 7.1.1 as a significant improvement over 5.x .

Android App Permissions Dialog

Most Android users are at least vaguely aware, that every time we install or update an app, we’re shown a dialog with a list of permissions the app is requesting on our mobile device. We can either Allow or Deny this request.

What people should be aware of as well, is that by default, Android did not allow us to Accept or Decline each permission on its own. We were shown the whole list, and would then have to either Accept or Decline the entire list, and in the latter case, the app would not install, or the update would not take place.

This was a rather powerless feature, because when we declined an update, Google Play would just come back within short order, and offer the same update again. Also, there was no way to opt out of updating for one specific app. So we would then either be obliged to accept the update at a later time, or to uninstall the app.

This was the status-quo up to and including “Android Lollipop”. The Android version that came after Lollipop, and which is the current version, is called “Marshmallow”. And the main, key improvement which Marshmallow offers, is control by the user, for each individual permission the app is asking for. With Marshmallow, the user is no longer obliged either to accept the entire list of permissions or to reject it. He can grant or deny any specific permission, and then still install the update, which gets rid of the messages for that update.

One reason fw this is important, is the possibility of a “Privilege Escalation”, which is also a known form of cyber-attack. Privilege Escalation means, that an already-installed app can ask for progressively more permissions during each update, which users often don’t pay strict attention to, so that after several updates, the app has a dangerous collection of them on our device.

Granted, most of the time the apps need a large number of permissions for innocuous purposes, or maybe because they’re just not programmed well enough, to work without those. But the potential exists for too liberal a set of permissions eventually to compromise our privacy online, or even our online security.

This is why, regardless of whether we have Marshmallow or not, we should in fact be examining the requested permissions each time, before we simply grant them.

Having said that, I don’t have Android Marshmallow yet. This is secondhand information, from a friend of mine who is in the know, and who has Marshmallow on at least one of his devices.

Dirk