— Alan Lepofsky (@alanlepo) June 30, 2014
Two separate incidents prompted my blog post today. The first was a tweet by Alan Lepofsky asking why a Chrome extension was asking for so many seemingly unnecessary permissions. After all, it’s an extension for taking screenshots yet is wants to “access your data on all websites.”
The second was my attempt to install Soundcloud to listen to a few podcasts. Soundcloud is an app which “lets you hear more music & audio” according to their Android Play Store blurb. So why do they need access to not only my identity but also my Contacts and Calendar, two areas of my phone which I really don’t like providing access to. I didn’t install the app for that request alone.
Which leads me to another jab at talking about permissions. I’ve talked about this before, as a way to respect your users, developers should take only the permissions they need. Also, there is a big difference between Apple and Android on this issue as Apple lets apps ask for permissions during use and it’s not an “all or nothing” decision that needs to be made when installing an app. But for Android users it has to change.
Take a look at this article that gives tools on how to optimize “the Mobile Conversion Funnel” yet doesn’t talk about permissions at all. Their funnel model looks like this:
Awareness > App Store Search > Download > First Use > Registration > Usage & Retention
Somewhere between the App Store Search and Download is the significance of content on the app’s Play Store page. Sure, name, logo, screenshots and descriptions should be A/B tested, iterated on and optimized, but so should permissions. What would happen if you didn’t request a certain permission? Would downloads increase? If a specific product feature is tied to this permission, does it make sense to remove that feature? Isn’t it worth testing?
Finally, a note about Android’s grouping of permissions. Last month Android started grouping permissions in an attempt to simplify them to users. Simplification should be a positive thing but I think that Android might have gone too far. For example, in Soundcloud’s case, I’d be willing to allow the app to access my calendar (want to add release dates of upcoming podcasts? Sure!) but I’m not willing to allow access to contacts. Also, I’d like to know why an app needs a certain permission. If the functionality associated with the permission makes sense, I will grant it and download the app.
Bottom line, Android permissions need to be smarter. Permissions granting access to sensitive information need to be emphasized. Things that might end up costing the user money need to be declared up front. Also, tell users what you need the permission for. It can only help.