AppOps broken in Android 4.4.2 on rooted phones

December 16, 2013

The recent update (4.4.2) of Android blocked access to the internal AppOps settings, that in earlier versions gave users fine-grained control over the permissions an app had. This allowed a user to accept and install an app and later removed some unwanted access of that app to sensitive data (like location data, contact data or whatever).

Initially it appeared that after rooting your phone, you could regain access to AppOps in Android 4.4.2. But it seems AppOps in Android 4.4.2 is broken.

Today I installed Any.do. It requires access to

  • call phone numbers
  • send SMS messages
  • read approximate location
  • read call log
  • read contacts
  • access calendar
  • read, write, delete USB storage
  • create, add, remove, find or use accounts
  • access NFC
  • full network access
  • Google play billing service
  • view network or WiFi connections
  • vibrate
  • post notification
  • and some more...

When trying to manage the permissions for ANy.do through AppOps, I can only change

  • location
  • read contacts
  • read call log
  • post notification
  • vibrate

This is strange, because for other apps (.e.g Hangouts) I can modify SMS related permissions through AppOps. Some of these permissions have never been used by the app. (This contradict information I read somewhere that the list of permissions AppOps shows to manage grows as the app in question actually accesses the permission - which would kind of defeat the purpose if you could only revoke a permission after an app has used it already once).

I think (but cannot verify) that this behaviour started with Android 4.4.2. At least in previous versions I had the impression I could manage all relevant permissions for an app.

In this form AppOps is unusable. In that sense Google is right to have removed it. In its current form it does not provide the protection so desperately needed.

In case you spot any errors on this page, please notify me!
Or, leave a comment.