I have a bunch of applications installed on my Android phone. Most of them are frequently updated by developers. If the update does not require any new permissions it is installed automatically. So one could expect that after some time my app eco system will “settle” and most of the apps will be updated automatically. Unfortunately this is not what happening. Pretty much every other day I have to go into update manager and approve new updates granting additional permissions.
From that one can conjecture that the apps tend to steadily expand their permissions “footprint”. I guess that makes sense, as new functionality require additional permissions. That would be OK, if Android permission system would not be fundamentally crippled. By that I mean their “all or nothing” permission model. User can either grant all the permissions an app requests or not to use this app at all. For example if some app requires access to my SMS messages for non-essential feature which I would never use anyway, there is no way for me to refuse it to read my messages but still use the app. There are some indications that Android 6.0 “Marshmallow” will finally allow users to grant individual permissions to the app. Until then millions of users mindlessly keep pressing OK granting unnecessary permissions.
