Blog: Mobile App Permissions: Scaring Users and Haunting Developers?
By Joe DeSetto, Emerging Payments Blogger
Please let me use your camera. Do you mind if I browse through your contacts so I know all your family and friends, and can call or text each at my discretion? Have you taken any good photos recently? If so, I’d like to see them, too. By the way, where are you standing, sitting or driving, right this very second and where else have you been today, this week or this month? What music do you like? Rent any interesting movies lately?
To the uninitiated, this eerie paragraph reads like a disturbed love note from a stalker. But these are common requests included in the terms and conditions of many mobile apps, including those that feature mobile payments. Some suggest that intrusive permissions could stall mobile payments adoption. Although most developers aren’t intentionally creepy, users still must contend with these requests for permission if they want to use the app. Leading mobile phone operating systems like iOS and Android are trying various ways to balance putting users in control of what third-party apps are doing on your phones, and with your data, while not scaring everyone away and making every app seem special ordered from NSA programs. Allegedly.
In the Android Market, Google’s approach has been to make third-party developers declare what permissions an app needs to function before the user installs it. This can create a list that is troubling to new customers, and one reason, among many, that significant apps often launch on iOS and build a reputation before going to Android. If you’ve seen nine friends using Path on their iPhones, for example, then Path’s request to access the camera and address book of your Android device might seem less off putting.
In Apple’s App Store, apps don’t list what permissions they need, but instead will prompt a user before they can access a given feature. For example, when you want to add a photo to an editing app to place a funny hat on your cat, the app must prompt you the first time to request permission to use your photo album.
On either platform, it’s really a matter of trust. It is logical that an app can’t use a photo of mine unless I give it permission to scan my photo album. It’s also logical that I can’t add a friend on Venmo to send or receive money if I haven’t added my contacts.
For the vast majority of users, especially in younger demographics, privacy is secondary to user experience—granting permission is just an extra step that doesn’t take much thought. For the vast majority of use cases, this is reasonable, because your data, in a sea of billions of images and billions of video clips and billions of text messages, just isn’t anything a company specifically wants. More likely, your information, even when explicitly shared, is aggregated into patterns and not identifiable to you.
Even though this may be true, the worst case scenario is still alarming to many non-technical users. Yes, if you grant access to your camera, technically it could be used to take a photo without you knowing. If you grant access to your address book, that information can be uploaded and shared and even sold. Other permissions can make calls or send texts on your behalf. But in all cases, malicious use of these permissions is rare.
If you must use an app you don’t trust—or it’s something you can’t remove, for some reason—decline the permissions that make you uncomfortable, or ask the developer hard questions about privacy and data collection. There is nothing more frustrating as a developer than to know a hard-won new customer deleted the app based on a misunderstanding about permissions.
While app permissions may be worrisome to some, and add another hurdle for mobile payments apps in trying to earn the trust of new users, most users will accept these privacy tradeoffs for convenience. Creating an engaging user experience that often needs photos, contacts, GPS and other permissions while protecting personal information will require users and developers to continuously find common ground as these devices evolve to be more capable. Or, depending on whom you ask, creepier. Boo.
Joseph DeSetto is Paybefore’s emerging payments blogger and program director of the Mobile Development Bachelor of Science degree at Full Sail University. He is the author of The Business of Design and previously served as chief technology officer for two mobile startups. If you’d like to comment on this blog post, please join the conversation on our Paybefore LinkedIn Group.
View our other posts here.