Why So Many Capabilities? (Why does X app use Location, Media, etc.?)

[hopmedic]

One reason is that advertisement SDKs (software developer kits) often require it or the ads won't display. This doesn't mean that location services have to be turned ON for an app - just that if the file that contains the list of capabilities required by the app (which is then reflected to the store) doesn't contain that capability, ads won't display, and developers won't get any money. It bugs the snot out of me as a developer - I don't want people suspicious of my apps because they ask for certain services that I'm not using, simply because the ad control requires it.

All apps that use location services MUST (in order to be certified):
1. Notify the user and ask his permission to use location service on the first time that location services are used (after that, if permission granted, no further prompt needed)
2. Have an easily discoverable way of turning location services off.

Here's one for you - Microsoft's own ad control requires:
ID_CAP_IDENTITY_USER
ID_CAP_MEDIALIB_PHOTO
ID_CAP_PHONEDIALER

Why User Identity? User identity incorporates a "small set of coarse demographics" in order to help improve ad relevance. Why Media Library - Photo? The media library capability is required in case there is a coupon in an ad, you can tap it and save it to the media library for later use. Phone Dialer is because advertisers would want you to be able to tap an ad, see their page, and if they've put a phone number in the ad, tap the phone number to call it (which will prompt a confirmation before dialing).
I use adRotator, an ad control that allows you to not only rotate between ad services (say one service has no ads to serve for a region), but also lets you configure your ad services remotely without putting out an update to the app (it does this by checking for a file on the developer's server, and that file tells it what ads to use). That control requires the above capabilities, but also these:
ID_CAP_IDENTITY_DEVICE
ID_CAP_NETWORKING
ID_CAP_WEBBROWSERCOMPONENT

I can understand the webbrowser component - they wanted to use the common web browser control that we devs can put in our apps, so the ads can display that way. I can understand device identity (a lot more than user identity), because they may not want to show the same ad to the same user more than x times, and the user is most likely going to be using the same device. And networking, of course - how else do you serve an ad. Why doesn't Microsoft's control require that? They must be doing some behind-the-scenes magic that others don't have access to, in order to serve up ads without this capability.

While some ads can be used without location services, if the developer uses location services, and sends that information to the ad provider, the ad provider can serve up more targeted ads. A guy in Bangledesh doesn't want to see an ad for Whataburger, right? Well, he wouldn't anyway, because the phone does tell the service what region it is in.... but if you're in the US, on the West Coast, I'm sure you're not going to care about an ad for Krispy Kreme, right? So a US region phone would use location services to filter out ads that are not applicable to the area (this is done by the advertiser controlling what area he wants his ads to be displayed in - Krispy Kreme saying that they only want their ads shown to the Southeast).

So, yes, there are a lot of apps that use services where you wouldn't think that it is necessary, but this is one reason that often goes unexplained. I hope this helps.

 

[Marc_SP]

Thanks for your explanation Hopmedic.
Although most times the use of a capability is pretty obvious, I think it should be compulsory to include a section in the app page in the store explaining what is each capability used for (at least the main use). Something like:

1. Location: Offer localized ads.
2. Camera: Scan barcodes.
3. Media library: Save scaned barcodes to the phone's photo album.

Do you think that would be a reasoble thing to reduce people's "suspicion level" regarding the use of the capabilities?

 

[hopmedic]

I completely agree. In fact, that is what I have done in my privacy policy. I certainly would not be opposed if Microsoft made this a required entry in the submission process.

Here's my privacy policy:
Privacy Policy

 

[spyridon]

Hi, I came here from the link you provided at Lux o meter app. I wanted to ask you a few things if that's okay.
If an app needs for example access to video and picture libraries as you said for advertisement reasons, if the developer is lets say unethical, can he access my photos and videos ? This is the most important part actually, are these requirements only necessary for Microsoft and accessed only be Microsoft or is it up to the developer about how he will access my personal information? Another thing, if most of the so called absurd requirements are for advertisement reasons why many apps still have the same requirements for their paid app versions ? I have these questions for some time now but no one could or wanted to answer me with straight answers, I was contacting developers but I still waiting for their replies, that made me even more suspicious.

Thanks in advance.

 

[wpguy]

Awesome explanation, and clears much up for me for ad-supported apps.

However, there are a LOT of ad-free apps out there that indicate requiring access to everything from the phone dialer to location to media services, despite the app having nothing to do with dialing, location, or media. I think that is where some of the growing unrest comes from.

Some have pointed out that the devs of these sorts of apps forgot to turn off the extraneous service access indicators from whatever app template they were using. To me, that just says the dev was too lazy to perform even basic quality control before publishing. Nobody is perfect, but it's not like this is a rare issue either.

 

[hopmedic]

Good questions, guys. I'll do the best I can, but I don't have all the answers, and at the moment I only have time for a quick reply. First, why do paid apps have the same requirements? Well, one reason that has been touched on is devs forgetting to look at and remove requirements that are not needed. Another that comes to mind off the top of my head is that when the app has a trial that is ad-supported, and paying for it removes the ads, the paid version is going to have the same requirements because the code is all the same. When you download the trial version, you are downloading the exact same code as the paid version, but the code inside checks with the Windows Phone Store to see if there is a paid license, and then just enables whatever differences there are between paid and free. To give you an idea, here's a basic how-to:

1. app starts
2. app checks for license
3. if license then turn off ads
4. if license then enable x function or feature​

So you can see, the code is the same, so the requirements are the same. There is not a way for the developer to turn off the requirements in a paid version if they are required in a trial, as the WMAppManifest.xml file cannot be altered by the code, and that is where the capability requirements are listed for the store. Make sense? If a dev has a paid version and a free version, and the free version uses ads and the paid version does not, then it is probably a case where he used the same code, but turned off the ads in the paid version, and didn't think to turn off the capabilities in the

The question of whether the dev can do anything with your pictures is a good one, and right now I don't have an answer, since I have not written an app that uses pictures, so I haven't looked that up. My first gut feeling is that they can't do anything, since my understanding is that they have to use a picker where you select a picture for a certain feature (unless saving - in which case they'd only have write access, not read access), but since I haven't done anything with the media pickers, I could be wrong, and I don't want to say one way or the other without knowing for sure.

EDIT:
I took a quick look to see if there was anything that would come up quickly, and it looks like they've changed the filename where the requirements are stored. Now the capabilities are selected in Package.appxmanifest. When I looked in that file, I found a link to more information about the pictures.
http://msdn.microsoft.com/en-us/library/windows/apps/hh464936.aspx#pictureslibrary

Pictures
The picturesLibrary capability provides programmatic access to the user's Pictures, allowing the app to enumerate and access all files in the library without user interaction. This capability is typically used in photo playback apps that need to access the entire Pictures library.

The file picker provides a robust UI mechanism that enables users to open files for use with an app. Declare the picturesLibrary capability only when the scenarios for your app require programmatic access, and you cannot realize them by using the file picker. For an example of how to access files in a library, see Quickstart: Accessing files programmatically.

So it looks like I was wrong. It also looks like there is more on that page that might interest you.

 

[hopmedic]

Also, keep in mind that the lead post in this thread was written with the WP8.0 SDK in mind. I have not had time to delve into the 8.1 SDK to see what may be different. I do assume that advertising SDKs are still going to require the same or similar capabilities as before, but some of the capability names may have changed.

 

[spyridon]

Thank you for taking the time to reply, really appreciated. My main concerns are still there though and it is only up to Microsoft to make things as clear as possible and protect us final users.
It is not the best thing to know that someone can access you data without you knowing it, but it is even worst that they are doing it with your consent when you agreed to download and use a certain app..

Thanks.

p.s. You said you are a developer but I didn't see you mention anywhere which apps are yours.

 

[John20212]

The best solution would be for the users to be able to configure permissions for apps in the system settings. That kind of works for location requests, by just turning off the location services before running an app that wants them; 90% of the time it does not affect the app functionality.
Same should be possible for all other app permissions, if blocking something breaks the apps functionality than that's fine, but it should be up to the user to decide manually what permissions they grant AFTER installing the app; and not being blocked from even installing the app unless they accept complete data mining by certain apps.

 

[Tepid]

Thanks for this,, I wanted to start a thread about this very topic and think it is important for all user to know.
Dev's and Microsoft need to do a better job overall in vetting these functions and if they are needed, used and how.

From what I read somewhere on the Dev site is that, if the requirement is in the manifest then it must be used in the code
or they wouldn't allow it to get posted, maybe they are so flooded they are skipping this in the App Certification process.

And yes, people should let it be know that if an app appears to have too many requirements that seem unnecessary (and a very very large majority do)
don't install it or buy it.

Note to ALL Dev's, quit being lazy, code your Apps properly and get rid of unnecessary requirements.

such as, there are many apps that have no Ad's in them and are free, but want Proximity and Location and other stuff that the app itself simply is not designed for.

This is a big pet peeve of mine about Apps.

One would think that we would want to send a message about this and hold their feet to the fire on it.
But, people are too naive in general and don't really care as they post their entire lives on Facebook etc. anyway.

Going forward though, we need to get a deeper understanding of what all the requirements do and are capable of overall.
Hopefully we can get some dev's in this thread to help and explain in more detail.

 

[hopmedic]

p.s. You said you are a developer but I didn't see you mention anywhere which apps are yours.

Search the store for Moonlighter Apps. My apps aren't all that great - I'm a novice doing it on the side, while working full-time and going to school full-time, so I haven't had the time to do the updates lately that I want to do.

From what I read somewhere on the Dev site is that, if the requirement is in the manifest then it must be used in the code
or they wouldn't allow it to get posted, maybe they are so flooded they are skipping this in the App Certification process.

Unless things have changed, this is false. It was so in 7.0, all the way up to my last updates, but that's been a while back. I have mistakenly left too many capabilities in, and had to go back and fix it.

Note to ALL Dev's, quit being lazy, code your Apps properly and get rid of unnecessary requirements.

agreed.

 

[Tepid]

Thanks for clarifying just not sure why some of these then have practically everything used.

Here is a perfect example,,,,

PixAnimator | Windows Phone Apps+Games Store (United States)

appointments
contacts
phone identity
owner identity
video and still capture
location services
music library
photos library
media playback
microphone
data services
phone dialer
push notification service
movement and directional sensor
web browser component

 

[tgp]

The best solution would be for the users to be able to configure permissions for apps in the system settings. That kind of works for location requests, by just turning off the location services before running an app that wants them; 90% of the time it does not affect the app functionality.
Same should be possible for all other app permissions, if blocking something breaks the apps functionality than that's fine, but it should be up to the user to decide manually what permissions they grant AFTER installing the app; and not being blocked from even installing the app unless they accept complete data mining by certain apps.

I generally agree with you here; it would be a good practice (although I personally am not worried about permissions; I always agree without reading anything). However, I'm guessing that only a minuscule percentage of users probably even care about permissions. I know I don't. Given the relatively few people that this would affect, it's probably not worth changing anything or creating more work ATM.

 

[hopmedic]

One of the reasons for all those permissions I could be that of I remember right, the earlier SDKs had them all checked by default. I might be wrong, but that is what memory is telling me. Novice devs, and even experienced ones new to the SDK may not have known to look there and delete unused permissions. Now i think they're all off by default and you have to turn on what you use (or get an error if you use capabilities not called out).

I'm not trying to make excuses, but just point out that there are reasons for the permissions that aren't sinister. I'm an amateur dev, and I've made this mistake, so surely others have as well. I'm sure i haven't invented new ways of screwing up. ;-)

 

[John20212]

I generally agree with you here; it would be a good practice (although I personally am not worried about permissions; I always agree without reading anything). However, I'm guessing that only a minuscule percentage of users probably even care about permissions. I know I don't. Given the relatively few people that this would affect, it's probably not worth changing anything or creating more work ATM.

And that is the problem, people just don't seem to care what happens with their personal data until something goes very wrong and they are compromised or blackmailed or their identity is stolen; sure that is the worst case scenario but it does happen; and if Microsoft is serious [as they claim] about user privacy, then they should do something about educating customers about these permissions and making sure data mining apps don't make it into the marketplace.

 

[tgp]

And that is the problem, people just don't seem to care what happens with their personal data until something goes very wrong and they are compromised or blackmailed or their identity is stolen; sure that is the worst case scenario but it does happen; and if Microsoft is serious [as they claim] about user privacy, then they should do something about educating customers about these permissions and making sure data mining apps don't make it into the marketplace.

The problem is that the average tech user would literally spend months per year reading ToS if all that were agreed to were read. It's realistically impossible. Not to mention most of it is written by attorneys and is therefore unintelligible.

 

[John20212]

The problem is that the average tech user would literally spend months per year reading ToS if all that were agreed to were read. It's realistically impossible. Not to mention most of it is written by attorneys and is therefore unintelligible.

I was talking about app permissions; not ToS or Privacy Policy; but talking of Privacy, take a look here on discussion about Cortana Privacy Issues http://forums.windowscentral.com/wi...o-you-think-wp8-1-cortana-privacy-policy.html

 

[NachiketS]

take a look at this