Android Trojan FakeApp masquerading as legitimate

Google Axed Android’s App Ops

One feature that could set Android apart from other mobile operating systems is to deny permissions of individual apps. Doing so would limit functionality of apps and help keep malware in check.

With the release of Android 4.3 (Jelly Bean), Google snuck in what they called App Ops.

App Ops allowed users to turn off some permissions of an app, giving users the ability to deny apps access to SMS, contacts, etc. therefore limiting the app’s access to sensitive areas.

Google decided to yank the tool with its latest update of KitKat, 4.4.2. When KitKat was first released, the tool was buried deep and hard to access.

The search engine giant has since removed it completely; citing potential stability issues and it not being intended for customers.


I’ve always said that one of the major issues with the Android permission model is its all-or-nothing setup. You either accept all permissions requested by an app or you don’t install.

What we’ve ended up with are over-permissioned apps, many taking advantage of this in the form of malware and aggressive ad libraries.

For the most part, App Ops went unnoticed and wasn’t easily accessible, but allowing users the ability to refuse an app to access your contacts, location, or send SMS was pretty cool.

Information coming out about the tool is App Ops was meant to be for development purposes and it getting a customer facing interface was not supposed to happen. Customers weren’t supposed to see or use it, and at the time it wasn’t fully functional.

There were also stability issues with apps whose functionality was limited by App Ops, there needs to be away for developers to design their apps, taking into account a disabled permission.

The Android architecture is continually evolving so I understand them wanting to review its implementation. Rolling it back makes sense if it was buggy and some apps could become unstable, but it sounds like it could be a couple more Android releases if it were to make an appearance.

Google, please just don’t do away with it.

Android users who root their devices have more options. CyanogenMod, for instance, has had Privacy Guard with this type App Ops functionality for some time.

So, if you want to be able to limit the functionality of your apps you can delve into rooting your device and explore the full potential of Android. At your own risk of course.


Armando Orozco

Senior Malware Intelligence Analyst

Faux geek who likes to keep it bland. Experienced in behavioral, PC, and mobile technologies.