Android has a lot of nasty corners around stuff like this, which can prevent being both streamlined (accessing all photos does let you optimize for your app, some people want that) and privacy-friendly (for people who don't want that). My personal favorite:
If you don't request camera permission, you can still open the camera with an intent. This is great!
"Give app X direct access to the camera, microphone, and all my photos literally any time it pleases" and "use this camera app I trust instead" are very, very different desires.
Usually I hate the in-app cameras, because they're not optimized for my device. They're usually slower, have no flash control, no zoom, no manual exposure options, etc. I'd almost always prefer to use a dedicated camera app instead.
Because of this permissions decision, if an app wants to bake in a camera thing (nearly every app that might ever touch the camera does, even if e.g. only for a QR code reader or something), I can no longer choose. The app can't open my camera app when it makes sense.
This would be easier to control if Android would allow users an option to see historically what resources the app requested and how it processed them (just list them, used them, processed them).
I'm not sure about recent Android version, but on my 3~4 years old Alcatel with Android v4.3, there is already a rudimentary preference menu listing the last accesses of app to resources (eg "Instagram accessed contact list 3 hours ago"). The menu is not easily accessible, I found it by chance.
That appeared in 4.3, hardly accessible. Was made somewhat more accessible in 4.4 and then was patched out in something like 4.4.1 or so. I presume, some Google exec got to know of it and demanded it removed.
Starting with Android 6, there's the new permission model, meaning that a similar screen is added to the settings of each app, but it doesn't show when an access happened (or at least it does not for me on Android 8.1).
DTEK by Blackberry app can track/notify on foreground and background permissions usage (but there's no data from before you install it). To log how requested data is actually being used by an app doesn't sound possible to me.
Intents are alive and well, but they've been broadly crippled until recently-ish (well. they still are, but at least now you can read/write stuff in a user-defined folder... kinda.). And the fancier stuff is totally broken on a large number of devices. And it's fairly complicated to support all of it and still be backwards compatible for older OSes that don't have it.
But yes! It exists, and most applications could pretty easily use it instead.
But most of it seems to be laziness / misunderstanding. And Android's broadly terrible documentation does not help this at all. E.g. a huge number of apps that want external storage permissions just use it to store external caches outside your system partition, which is very nice for people with an SD card / limited internal space. Many companies don't seem aware that this no longer requires any permissions though - you can store internal and external data in your app-sandboxed folders by default.
Applying this to contacts, too, would also make it somewhat less impossible to use WhatsApp and similar messengers legally.
If you don't know why it's illegal: WhatsApp uploads all of your contacts to their server. Granted that their ToS are not themselves ruled illegal at some point, it is on you to get a written permission from all of your contacts that they are okay with you uploading their data to WhatsApp's servers.
So, unless you block access to all of your contacts or actually ask every single one of your contacts for written permission, it's illegal. With selective contact access, you could at least attempt to only grant access to contacts that you actually did get written permission from, or I don't know, of which you know for sure that they are using WhatsApp, too.
And yes, I do love the thought of hitting on someone in a bar and then pulling out this massive form sheet to ask for their written permission, just so you can ask for their number afterwards.
What legal system are you thinking of? I don't really see myself getting in legal trouble for revealing someone's contact information to a third party. It's a pretty normal thing to do. If I knew your phone number, and somebody else asked me for it, what's stopping me from telling them?
Germany has privacy protection laws and a privacy protection officer warned that 99% of WhatsApp users act illegal by not asking their contacts for permission before giving WhatsApp access to their contact information.
If I don't sue you, yeah. But if you're not sure that I won't have a problem with it, you should better ask me in advance.
In your example, this sounds silly, but it's just not categorically different from examples where it doesn't, like say someone who stalks me asks you for my phone number, or a scam caller does.
At least on iOS I think you can do this from the Photos app itself using the share sheet -> Messenger rather than using Messenger’s send photo button (which requires the app to get photo permissions).
I do agree it would be nice to have “Just once” on pretty much every permission dialog. Apple’s change to mandate an “Only while using the app” on location info after Uber’s location tracking fiasco was a good step in this direction.
They don’t get access to everything on your phone do they? As I remember (and this was years ago) they could ask for the photo dialogue to pop up and you could choose a photo but the app didn’t actually get access to all of them, only the ones you chose.
But they don't have to ask for access to all your pictures. You can ask Android to show the standard picker, get the one picture you've selected and that's it.
Or you can do it the way FB does it, by asking for permission to access all your pictures and build your own non-standard picker...
On the iPhone this was actually fixed in iOS 11. The standard image picker (UIImagePickerController) now runs out of process, and no longer pops up a permission dialog, but instead just gives the app access to only the photo(s) the user selected.
What they're saying is that it should be the user's choice, not the developer's. If I want to run your gallery app with only a handful of the pictures that I have, I should be able to do so.
Because ultimately, developers don't really need to care. Too many users don't understand the implications at all. And if it's for example a messenger that all your friends use, you don't really have much of a choice than to trust it, if you want to talk to your friends.
Heh I don't bother with the app and suffer with the web interface.
Annoyingly I now need to "Request Desktop Site" to use messenger or else it tries to get me to install the app. The artificial friction they're put in place has pushed me ever closer to just deleting my account.
Thank you, I remember using this at some point but forgot it. I'm still probably going to trash my account but this does make it much more tolerable. This and i.reddit.com make life on mobile a bit more pleasant.
Custom ROM's for Android phones had this feature. You get to choose whether to allow once, allow all, deny once or deny all. I haven't used a custom ROM in a long time though so I don't know if they still have it.
"Allow once" is different from "Allow just this one picture". With "Allow once", they can still scrape all your pictures, they just have to do it in one go.
Custom ROMs unfortunately can't really do much to implement the latter, they'd have to break compatibility with the whole Android ecosystem, which Google knowingly built this way.
I mean, Android technically supports it, if the app developer wants to. Then they can send off an "Intent", asking the OS to ask the user to select e.g. one or multiple .jpg and .png files, and then the OS hands those files back to the app.
The problem is that not many users understand the implications of just granting permission, so developers don't really need to care.
And this dialog that Android opens is roundabout the shittiest, least usable piece of software I've seen in a long while, so for an developer it actually can pay off to ask for full permission and then build your own file selector even if you have no malicious intentions.
Others here have mentioned that iOS also supports basically this the same way as Android, though presumably they have not quite managed to make their file picker quite as shitty.
And then, well, browsers have worked like this since forever. So, presumably Firefox OS works/-ed like this, too.
I think the main difference between the two mediums is that email is push-based, while Facebook is pull-based.
With email, you have to explicitly select recipients. You're essentially saying "here are my photos, I think they are relevant to you specifically". The onus is on the sender to figure out what's good for the receiver, and it's considered rude to send many frivolous or irrelevant messages. Think of how you grumble when you unsubscribe from some company's mailing list - this is an example of this social norm.
With Facebook, you say "my photos are here, anyone may look at them if they want". Figuring out whether the content is relevant is now the job of the receiver, not the sender. Facebook's UI is well aligned with this role: unlike email, where you must explicitly download attachments and mark messages as read, on Fb image previews are displayed inline and to never see a message again you must only scroll past it. Advertisements aren't considered intrusive, it's just content from another source that is (in theory) just as easy to ignore. The social dynamic is very different, and so it's used to send a different sort of message than email.
I have 75 relatives on Facebook who live around 3000 miles away from me. If I want to share a photo do I send a mass email to all 75 annoying those who aren’t interested, do I BCC everyone so I get repeated responses (and those responses aren’t shared with anyone else who is interested). Or do I post it on my Facebook feed where those who aren’t interested can ignore it (and it will be gone soon) and those who are can have a conversation around it without getting in everyone else’s way?
Edit: ok maybe around 40, not 75. But point still stands, it’s indirect communication rather than remembering about that cousin of an auntie’s grandparent’s nephew’s sister-in-law that I met ten years ago.
People are strange. My family all have iPhones, we all use iMessage, yet for some reason we have a group chat on WhatsApp which is where my sister and mam share photos of my nieces.
The functionality is no different to iMessage. I don’t know why this happens. It just does.
