glu mobile hidden permission

[blaaaa]

I usually don't download games by Glu due to excessive permissions asked by that company.

Today I found a game by Glu that had reasonable permissions (blood and glory legend) so I went ahead and download it.

While I was downloading the game I went to the the page of the game on a desktop computer in the google play store normal web page (not through the google play app on my tablet) and there I saw under the permissions tab, under:

Default
control system backup and restore
Allows the app to control the system's backup and restore mechanism. Not for use by normal apps.

No matter how much I looked for this permission I couldn't find it on the app version of google play.

Here are some of the games that have this permission

Contract Killer: Zombies 2
Frontline Commando
Dragon Slayer
Eternity Warriors 2
Blood & Glory Legend
Contract Killer 2

I compared between the app version to desktop version of the google play store and in all these games didn't have the above permission present in the app version of google play and i guess there are more game like them.

in conclusion this is really annoying. I'm not the kind of person to ban a game company, but be cautious when downloading from Glu and check the permissions in the app version and the desktop version of the google play store.

 

[ExtremeNerd]

There is no such thing as a hidden permission. If they app version is the same, both the desktop and mobile markets will show the same permissions. The reason Google requires apps to list permissions is to ensure as much transparency as possible. If you were to check the app on your phone, I'm sure it would say the same ones.

I typed the above out before checking the market, but wanted to leave it for emphasis. You are correct. It does NOT show up when checked in the play store. I have no clue why. I have never even seen that permission listed. I can't even find it in the Android manifest list of permissions.....

That being said, Glu is developer that has problems accurately documenting their permissions, IMO. I have made it a point to never download any of their games because of it. Sadly, most Android users are not like us. Most people don't know what permissions are, and don't check them.

I'm going to do a bit more digging and try to find out where that permission comes from....

 

[blaaaa]

Thanks for the response and a big Thanks for going into further research

 

[ExtremeNerd]

I went fishing in the Dev guides from Google and came across this. It looks like this permission is used to restore any previous data the app may have had on your device. Say you had downloaded Angry Birds, beat the game, and uninstalled it. If AB left any data on your SD card, that would be considered a "Backup." If you were to ever download the game again, the Restore permission would scan your device looking for that particular backup and automatically restore your data.

In theory, this makes sense, but why is Glu the only one to declare this permission? My personal opinion is they declare as many as possible, not adhering to the programming guidelines. I don't know a ton about Android programming, but I read that just because you declare a permission doesn't mean it has to be used. However, in order for a permission to be used, it must be declared.

Source Link Here

 

[blaaaa]

Update
I noticed that the default permission section of an app is always hidden on the google play app.

I noticed that after a new default permission was added to (I think) all apps and games.

Its seems the the hidden permission is not something Glu Mobile had done but a problem with the Android OS or something.

This a thread I opened about that
Default permissions are hidden on the google play app

Did any one else noticed that ?

 

[jonbonazza]

I am an android developer and I can honestly say that the permission system is not as ideal as we would like. Unfortunatley, there are many developers (mostly game devs) who will load up their permissions with a bunch of different stuff, then only use one or two. The reason for this is that most game devs use what is called an engine that they will use as the basis for multiple games. Rather than modifying the engine for every game, they will just make it as universal as possible. There are better ways to achieve this, but this is the easiest route and thus the one most devs tend to pick.

This makes things very difficult for the users because we cannot accurately asses whether the permissions are just there for the helluvit, or whether they are actually being used, likely for malicious purposes.

Another problem with the current permissions system is the wording of most permissions. Not only the wording, but also the category list and placement. permissions are generally vaguely worded, usually in a negative sense. A great example is the backup/restore permission brought up in this very thread. the permission has all kinds of legitimate uses, but the wording makes it sound very malicious, no matter what it is actually used for. Without context, it's impossible to tell.

These are only but a few of the problems with the current permissions system, something that Google is aware of and claims to be in the process of reworking.

 

[350X]

Google should be the enforcer on this, put dev's earned income from apps ir IAP into escrow for 6months with the powers to give fines for an over reaach of permissions that go into the invasive zone.

 

[jonbonazza]

Google should be the enforcer on this, put dev's earned income from apps ir IAP into escrow for 6months with the powers to give fines for an over reaach of permissions that go into the invasive zone.

That would go against the philosophy of an open system that Google has built Android upon.

 

[350X]

No different then a paypal system, if you spend the money in your account or not 6-12mo later they can take the money back. Same system, say someone goes over the line and a review board say it was intrusive, they could award a %ammount to each person effected.

but it would all be just a threat to keep them inline more.
They should never be a need for it, but its clear there needs to be some sort of downside to pushing the limits or thing will run amuck.

 

[blaaaa]

About wording.

The wording of the explanation of the permissions is also differ between the desktop version and app version of google play

For example

This is how the following permission will be explained on the google play app version

Network communication
Full internet access
Allows an application to create network sockets

This is the desktop version

• Network communicationfull network access
  Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.

This is indeed negative.also longer and a lot more scary if you ask me

 

[jonbonazza]

No different then a paypal system, if you spend the money in your account or not 6-12mo later they can take the money back. Same system, say someone goes over the line and a review board say it was intrusive, they could award a %ammount to each person effected.

but it would all be just a threat to keep them inline more.
They should never be a need for it, but its clear there needs to be some sort of downside to pushing the limits or thing will run amuck.

Right, but paypal doesn't go around preaching "openness" and the such.

 

[jonbonazza]

About wording.

The wording of the explanation of the permissions is also differ between the desktop version and app version of google play

For example

This is how the following permission will be explained on the google play app version

Network communication
Full internet access
Allows an application to create network sockets

This is the desktop version

• Network communicationfull network access
  Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.

This is indeed negative.also longer and a lot more scary if you ask me

"Scary." That's the word I was looking for... Better fit than "negative." Thanks. =)