CyanogenMod has largely been inspired by the community over the years. I don’t need to tell you that some of the best ideas arise from user based suggestions. Steve Kondik, one of the big names behind Cyanogen has taken to Google+ to encourage users to make suggestions about a particular security feature.
Previously, Cyanogen allowed users to block specific permissions for installed apps. Ultimately, it offered users a great amount of control over their own privacy in regards to locally stored data. Unfortunately, the feature was later removed because it just wasn’t optimized correctly. Also, the Cyanogen development community is mainly comprised of app developers who were concerned about the issues caused by the privacy settings.
In its current state, the UX was awful. It was easy to wander into these settings and break things in weird ways that were not obvious at all. The code that was invoked when a permission was revoked would usually just cause the application to crash- if an app asked for your contacts, the framework would say no, and the app would force close. So a solution was implemented which implemented “spoofing”. This would send garbage contacts or other bogus/blank data to an application which requested it. Also implemented was spoofing of other identifying data about the device such as IMEI. I rejected these patches since they create a hostile environment for applications, and that’s not the direction I want to see CM go. My reasoning was confirmed when word of these patches showed up on the blogs and I immediately received quite a bit of backlash from developers who don’t want their apps running in unpredictable environments.
For the most part, Kondik was brainstorming ideas out loud about ways to implement related security features that don’t break the user experience of the platform. He made it abundantly clear that the development of Cyanogen is influenced by those who matter most- the users. That being said, he also encourages everyone to consider the consequences of implementing such features.
I’d love to hear more ideas and maybe we can build them. How can we really improve security and the user experience without a bunch of smoke and mirrors?
If you have any great ideas about how the Cyanogen developers can bring the related functionality back to the platform, head on over to Kondik’s Google+ post to make a suggestion or two.