private-dataThe Electronic Frontier Foundation has criticized Google for removing an experimental tool that allowed Android users to better control the information available to installed apps.

Instead of allowing flashlight apps to monitor their location, or letting ride-sharing apps access their address book, consumers could use the tool to allow these applications to only access the information they truly need to function. The EFF initially praised the feature, calling it a “huge advance in Android privacy.”

Then the tool was removed from the latest version of Android, leading the EFF to write that “users will need to chose between either privacy or security on the Android devices, but not both” by choosing to re-install a previous version of the operating system (making the feature available once again) or keep the latest version installed (granting improved security).

The reality is more nuanced. Firstly, the feature was never officially released, and was only accessible through the installation of third-party apps. Secondly, those who changed app permissions through the tool will have their preferences saved even though it’s been removed from the operating system. The small number of Android users — an app that provided access to the tool has between 5,000 and 10,000 installs — who knew of the tool’s existence will have their existing preferences honored, they simply won’t be able to make additional changes.

But the EFF is right in thinking that Android users should be able to control the ways in which information about their location, activity, or identity are gathered and used. Just recently, the Federal Trade Commission settled with the company behind a popular flashlight app that sold such information to advertisers without its users’ consent. It’s doubtful that it’s the only app to have done so.

Besides showing the problems caused by taking developers at their word, especially in light of the Washington Post’s report on how government agencies use the information they gather, this also shows that disclosures are not enough. Knowing that an app’s developer wants to be able to monitor your location or access your address book is better than not knowing those things, but that doesn’t mean that all developers are honest about the data they’re gathering and how it’s being used. (Again, consider the FTC’s settlement with the flashlight app maker.)

Don’t get me wrong. Learning more about what developers are doing with user data is becoming increasingly important, and it’s certainly a start. But being able to do something about it by disallowing certain information gathering or granting apps specific permissions without allowing them unfettered access to everything on your smartphone would be even better.

Or, put another way: Knowing you’re being spied on is one thing. Being able to do something about it is something else.

Illustration by Brad Jonas