Update 2013-12-13: it turns out this feature was removed in the recent Android 4.4.2 release :(. You can still get it if you install cyanogenmod or if you have a rooted device, but mainstream Android users are out of luck.

To date, there has been no way to run apps on Android with real and reliable privacy controls. Android version 4.3 and higher take a huge step in the right direction, letting users install apps while denying some of the apps' attempts to collect the user's data.

Android was built from scratch to have quite a sophisticated and strongly enforced system of per-app permissions. But many of the privacy-sensitive permissions are poorly delineated and confusing.1 And the way the OS and Google's Play Store worked, users could not install an app but say "no" to that app's demand that it be able to read their address book, track their location, or grab their phone number or IMEI.

This turned out to be the fundamental problem with the previous Android model: installing an app was an all-or-nothing proposition, and there were few practical ways to protect yourself against the apps you'd installed, or even really see what they were up to.

In the early days, that model was at an improvement on its major competitor, Apple's iOS, which didn't even have a permissions model. But after various privacy scandals, Apple started forcing apps to ask for permission to collect data: first location and then other categories, like address books and photos. So for the past two years, the iPhone's app privacy options have been miles ahead of Android's.

This changed with the release of Android 4.3, which added awesome new OS features to enhance privacy protection. You can unlock this functionality by installing a tool like App Ops Launcher. When you run it, you can easily control most of the privacy-threatening permissions your apps have tried to obtain. Want to install Shazam without having it track your location? Easy. Want to install SideCar without letting it read your address book? Done.2

App Ops Launcher app list App Ops Launcher per-app permissions list

App Ops Launcher in action

Despite being overdue and not quite complete, App Ops Launcher is a huge advance in Android privacy. Its availability means Android 4.3+ a necessity for anyone who wants to use the OS while limiting how intrusive those apps can be. The Android team at Google deserves praise for giving users more control of the data that others can snatch from their pockets.

  • 1. To pick just one egregious example, how are users supposed to know what "read phone state and identity" means? Why isn't it split into multiple permissions, one of which is "let the app track me"?
  • 2. There are some app permissions that cannot be controlled in App Ops Launcher yet. For instance, preventing an app from sending and receving network data should be, but is not, possible. The best you can do there is to purchase an Android device that gives you root access, install a firewall tool like DroidWall, and be aware that there are probably still ways for apps to sneak around your firewall.