At this year’s Devoxx, Google’s Tim Bray gave a thought-provoking keynote which covered several areas but what stood out for me were his comments around writing applications for Android. In summary his message was “give software away and sell a service” and “make it social”.
Giving software away and selling a service is a whole other discussion which I intend to address separately. With regards to making it social, this is fine provided that there is a significant social angle to your application.
Anything we do that involves a social element – playing sport, going out to the theatre or cinema, even attending an evening class – these are all areas where applications can justifiably build in a social element beyond the now-standard “share via” context menu. A fantasy football application that makes it easy to share your team with friends, or a study helper application that lets you interact directly with others on your course through existing social networks. Invariably this means giving the application access to your address book, which is fine provided that the benefit to doing so outweighs whatever risks you perceive.
I am very cautious when installing and updating software: what privileges are required by the application, how sensitive are they, are they central to the application’s purpose? Some cases in point:
Google Docs requires read access to my contacts. Now my sporadic use of Docs doesn’t really benefit from integration with my contacts list, but as the app publisher is Google, I don’t worry unduly about it. Likewise the PayPal application. As a payment processor, PayPal must maintain a high degree of trust with its users, so the fact that it requires access to my contacts does not worry me from a data security angle. LauncherPro is a whole new launcher application which by definition requires access to almost everything you can think of. But as a widely installed application it has built up a level of trust with its users, and this in turn allows me to trust it.
Moving on I have a couple of apps where I have decided that the benefits of the apps outweigh the fact that they require access to my contacts - Any.DO and Catch - both note taking and (potentially) collaboration tools. I use them almost exclusively as personal to-do lists and so far they have done nothing to violate the trust I have placed in them.
Exhibit ‘A’ is RingDroid. Having used RingDroid on my Nexus One I attempted to install it onto my Galaxy Nexus. It wasn’t available (as open source I expect an update will appear eventually), but Ringdroid (Social Edition) is. And it requires not just read access to my contacts, but write access too. The primary purpose of Ringdroid is to let you extract part of an audio file and convert it into a ringtone for your phone. Social networking is not a core feature of this – period. Ringdroid (Social Edition) will not be making an appearance on my phone – ever.
Exhibit ‘B’ is Barcode Scanner which not only requires read and write access to my contacts, but also access to my browser history. I’m scanning a barcode and my primary purpose is to look up prices and reviews. This does not need access to my address book or browser history.
Android allows us to develop separately installable components with their own permissions, so these edge cases can still be made available – but as an option, rather than as part of the core download. I will continue to refuse to install any application requiring address book access where that access is not core to the application’s purpose.
