[liberationtech] How CyanogenMod’s founder is giving Android users their privacy back | Ars Technica

[Yosem Companys]

http://arstechnica.com/gadgets/2013/06/how-cyanogenmods-founder-is-giving-android-users-their-privacy-back/

How CyanogenMod’s founder is giving Android users their privacy back
New "Incognito Mode" enables more granular privacy settings than in
stock Android.

by Florence Ion - June 17 2013, 4:45pm PDT

What if you could privately use an application and manage its
permissions to keep ill intending apps from accessing your data?
That’s exactly what Steve Kondik at CyanogenMod—the aftermarket,
community-based firmware for Android devices—hopes to bring to the
operating system. It’s called Incognito Mode, and it’s designed to
help keep your personal data under control.

Kondik, a lead developer with the CyanogenMod team, published a post
on his Google Plus profile last week about Incognito Mode. He offered
more details on the feature:

"I've added a per-application flag which is exposed via a simple API.
This flag can be used by content providers to decide if they should
return a full or limited dataset. In the implementation I'm working
on, I am using the flag to provide these privacy features in the base
system:

Return empty lists for contacts, calendar, browser history, and messages.

GPS will appear to always be disabled to the running application.

When an app is running incognito, a quick panel item is displayed in
order to turn it off easily.

No fine-grained permissions controls as you saw in CM7. It's a single
option available under application details.

The API provides a simple isIncognito() call which will tell you if
incognito is enabled for the process (or the calling process). Third
party applications can honor the feature using this API, or they can
choose to display pictures of cats instead of running normally."

Every time you currently install a new application on Android, the
operating system asks that you to review the permissions the app
requests before it can install. This end-all, be-all approach to user
data is certainly precarious because users can't deny individual
permissions to pick and choose what an application has access to, even
if they still want to use that app. Incognito Mode could potentially
fix this conundrum, enabling users to restrict their data to certain
applications.

“This would theoretically allow you to disallow the app from
connecting to the Internet, accessing your contacts, using the GPS,
etc.” Kondik told Ars in an e-mail. He goes on to write that the
development of Incognito Mode is largely in response to malware-like
features of some applications that have been gathering private data
for data mining. “I had been thinking about how we can improve the
privacy situation and put the power back in the hands of the user,”
Kondik continued. “I proposed ‘Run in incognito mode’ on one of our
internal development groups.”

Since not all applications are malicious, users will be able to enable
Incognito Mode on a per-app basis. The option will be available within
each application’s individual settings. The feature is applied by
simply checking off the option in each app’s settings menu. It will
hide all personal data, like contacts, call logs, and MMS, from any
application that you might want to use but don't fully trust. If the
app asks for your contacts, for instance, it will retrieve an empty
list. If it asks for your location, the system will tell it that GPS
is disabled.

Incognito Mode isn't an entirely new concept. An older version of
CyanogenMod, CM7, originally contained a similar feature that allowed
users to revoke permissions from any application. It was popular among
users, but its initial implementation was plagued by a few issues. “If
you just revoke a permission from an app, the Android system will just
crash it when it tries to use a feature that requires that
permission," Kondik wrote. "The solution to this was to create fake
implementations of the features which are to be revoked. So if an app
tried to query your contacts, it would get… something else.”

The implementation in CM7 was also teetering along the line of
anonymity as it interacted with other applications, with the code
acting somewhat aggressively by returning junk data instead of an
empty list for certain queries. It also hid device-specific data that
broke some techniques that developers were utilizing to count the
number of users using their application.

“Needless to say, we got a lot of pushback on this from app developers
who considered it a ‘hostile’ environment to run their apps,” Kondik
added. “Since CM is trying to be good citizen of the Android
ecosystem, we shelved the feature for later releases.” The feature
also required users to manually micro-manage the permissions that were
granted to an app. "I'm of the opinion that anything that requires
excessive configuration is almost always a bad user experience and is
only going to be useful to the most technical of users."

On the topic of if it will ever be available in the Google Play Store
as a standalone application for non-rooted Android users, Kondik wrote
that’s not too likely. “The way that I've implemented the feature
requires changes to the Android framework and the core content
providers. It would be difficult, if not impossible, to do this as a
standalone app.” He added that the CyanogenMod team must make changes
to the code that is responsible for serving the data up to the
applications. And this is difficult to do without modifying the base
system.

There is some hope that Google might look to CyanogenMod as a model
for future versions of its Android operating system. “When it's
complete, I do plan to upload it to the Android Open Source Project to
see if it gets any traction,” wrote Kondik. “I don't know if Google
would be interested in picking a feature like this up, but I think
that we've done it in a way which is generally useful.”

Either way, the main goal of a service like Incognito Mode is to get
privacy back into the hands of the users. “I think a lot of people
have given up on their right to privacy for the sake of convenience,
and too many companies are taking advantage of it,” Kondik concluded.
“This feature is just a way to take some of that power back.”

Incognito Mode is expected to be available via a nightly build of
CyanogenMod 10.1 sometime this week. Kondik added that it won't be
included in the stable release, which is currently in the release
candidate phase.

Florence Ion / Florence is the Reviews Editor at Ars, with a focus on
Android, gadgets, and essential gear. She received a degree in
journalism from San Francisco State University and lives in the Bay
Area.