Closed Bug 672352 Opened 13 years ago Closed 12 years ago

Explain how Firefox uses permissions in Android Market description

Categories

(Firefox for Android Graveyard :: General, defect, P2)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
All
Android
Type:
defect

Tracking

(blocking-fennec1.0 -, fennec+)

Status:
RESOLVED FIXED
Milestone:
Firefox 11
Tracking Flags:
Tracking Status
blocking-fennec1.0 --- -
fennec + ---

People

(Reporter: mbrubeck, Assigned: jfu)

References

Details

(5 keywords, Whiteboard: [sg:want][no-code]) 

Android applications must request permission at installation time to perform certain activities.  For Firefox, some of these permissions are:

* Fine (GPS) location -- Firefox 4 and later
* Read phone status and identity -- Firefox 8 and later (bug 667980)
* Read contact data -- Not yet landed, possibly Firefox 8 and later (bug 583242)

Some users have already been confused or sent negative feedback about the location permission.  As we add permissions, even more users will think or worry that Firefox is misusing their data.  "Read phone status and identity" is often used for tracking by advertisers, and "contact data" is obviously highly sensitive and users should be reluctant to share it.

Since the permission request is usually encountered within the Android Market app or web site, I think this is the best place to explain to users how Firefox uses these permissions while respecting their privacy.  I suggest adding a paragraph like the following to our Android Market description:

"About permissions: GPS location is used only when you choose to share your location with a web site. Phone state and identity is used only to change settings based on your network speed. Contact data is used only to provide suggestions when filling out forms."  (The last sentence should be added only after bug 583242 ships.)

If we can't make space for all that, then a pointer to our privacy policy might be better than nothing.  However, the Android Market does not allow hyperlinks, so I expect that far fewer people would read it in that case.
Adding Jaclyn

And my perspective:


I think it is good to address the overall topic of security in Android and mobile, which is likely to get even more interest going forward. I think that security can be one of our differentiators in a market where one of our main competitor is a proxy browser and it is good to be talking about it more broadly.

Concerning permissions on Android particularly, it might be that the Android description is not read by a lot of users, but there are a series of other places where we can communicate this: in-product after install or in the menu settings, in "About", on the product page, on SUMO.
If we describe our use of the permissions in our Android Market description, are we barred from making new uses of the data in future versions, even if the new uses are just as privacy-preserving?

In general, Firefox addons are not prevented from abusing these permissions. (Maybe AMO enforces some rules, and pure-JS extensions only get to use our APIs, but that's a lot to explain.) Do we need to mention this?

> GPS location is used only when you choose to share your location with a web site

We might want to present the language list in a different order depending on your country. If you type "Port Washington" into an <input type="-moz-place">, we might want to disambiguate to the one nearest you before submission.

> Phone state and identity is used only to change settings based on your network speed.

"Change settings" is vague. How about "Phone state and identity is used only to detect your network type. Firefox tries to conserve bandwidth on slow & metered connections."

In the future, we might want to mute web page sounds when you're on a phone call, or throttle animations when you're below 20% battery.

> Contact data is used only to provide suggestions when filling out forms.

The word "form" means different things to different people, and it's being used less often on the web now that we have AJAX and JS APIs.
"Mozilla is committed to your privacy. Firefox currently uses scary-sounding permissions only in order to: ..."
Nominating for tracking because this affects marketing deliverables for the Firefox 8 beta and final releases.
tracking-fennec: --- → ?
tracking-firefox8: --- → ?
(In reply to Matt Brubeck (:mbrubeck) from comment #0)
> If we can't make space for all that, then a pointer to our privacy policy
> might be better than nothing.  However, the Android Market does not allow
> hyperlinks[...]

The latest version of the Android Market does make URLs into links, so it is now possible for us to add a link to the privacy policy or other pages with more details.
fwiw, i really like the idea of a wiki/web page somewhere discussing the security/privacy aspects in Fennec (since there are many cool things we are doing that we could promote, DNT, clearing site data and listing what data a site has that i just saw in Nightly's tablet UI, etc.) and linking to the privacy policy as well. 

we could also document caveats around things like SD card usage as well here.
tracking-fennec: ? → ---
tracking-firefox8: ? → ---
Whiteboard: [sg-want]
My proposal is to add a section "Meet your new mobile browser" (to be rephrased) to the new redesigned about:home (see Bug 669166) and to keep it there for a few days after installation or upgrade. That link / button would link to a page that shows (1) new and important features (with links to most recent release notes and to http://www.mozilla.org/en-US/mobile/features/), (2) How Firefox protects your privacy. (2) could describe (a) DNT and related features, (b) have a section "Permissions explained" as requested here. Ian will link potential design proposals to Bug 669166 .
See Also: → 669166
(In reply to Thomas Arend [:tarend] from comment #7)
> My proposal is to add a section "Meet your new mobile browser" (to be
> rephrased) to the new redesigned about:home (see Bug 669166) and to keep it
> there for a few days after installation or upgrade.

My main concern about scary permissions is that users see them (and must agree to them) before installing the browser, so they will prevent some users from installing the browser at all.  If this is indeed a problem, then it can't be addressed post-installation.
tracking-fennec: --- → ?
tracking-firefox8: --- → ?
(In reply to Matt Brubeck (:mbrubeck) from comment #8)
> (In reply to Thomas Arend [:tarend] from comment #7)
> > My proposal is to add a section "Meet your new mobile browser" (to be
> > rephrased) to the new redesigned about:home (see Bug 669166) and to keep it
> > there for a few days after installation or upgrade.
> 
> My main concern about scary permissions is that users see them (and must
> agree to them) before installing the browser, so they will prevent some
> users from installing the browser at all.  If this is indeed a problem, then
> it can't be addressed post-installation.

perhaps we can put a link to this forthcoming page to the description in the Market and kill two birds with one stone ? (perhaps specifying also in the Market description to follow the link for more information about permissions used as well the other things tarend mentioned)
current release on the Android Market also asks for (in addition to the ones mentioned by mbrubeck in the initial bug description) : 

* Storage - Modify/delete SD card contents (i assume this is for moving the app/profile to the SD card if the user wishes to)

* Network communication - Full Internet access (hopefully obvious ?)

* System Tools - Install shortcuts (i assume this is for web apps, both as current and as planned for the future)

the current Beta on the Android Market asks for the same set of permissions also
Whiteboard: [sg-want] → [sg:want]
note:

with flash support pending, we will add new feature requests required by the adobe plugin.
tracking-fennec: ? → +
tracking-firefox8: ? → ---
Hi all,

I'm currently updating the mobile FAQ and thought we could explain some of the scary permissions this section.  Thoughts?

Which of these permissions should be highlighted?
(In reply to Jaclyn Fu from comment #12)
> Hi all,
> 
> I'm currently updating the mobile FAQ and thought we could explain some of
> the scary permissions this section.  Thoughts?
> 
> Which of these permissions should be highlighted?

i think it would be great to put these in the mobile FAQ. IMO, 
'Fine (GPS) location' and 'Read phone status and identity' are the two that are potentially scary to users and need explanation as to why we want them and how we use them. 'modify/delete sd card contents' might be in there too, i assume this is used for writing/modifying profile data stored on the SD card if the user chooses to move the app to the SD card (and possibly saving downloads?). I checked with a friend @ google and they told me this perm is not related to moving the app to the sd card itself, as i thought above.
Less than a day after Firefox Beta 8.0 was released, we are already receiving questions/complaints about the "Phone status and identity" permission.  I really think that we should put something about this in the Market description.
I don't think the description is the place for this information, but do agree that we should address these concerns in a different place.  Michelle, we can work together on a SUMO page? Or it could even be a Wiki page.

I propose adding this link to the description instead including in the copy text since it will detract from overall messaging.  But since users reach the permissions notification as they're installing, I'm not sure if they will go back into the Android Market description to find their answers, I'm guessing they'll do a Google search (where the SUMO article would be found)
Depends on: 691054
I filed bug 691054 to remove the "Phone state and identity" permission.
(In reply to Jaclyn Fu from comment #15)
> I don't think the description is the place for this information, but do
> agree that we should address these concerns in a different place.  Michelle,
> we can work together on a SUMO page? Or it could even be a Wiki page.
> 
> I propose adding this link to the description instead including in the copy
> text since it will detract from overall messaging.  But since users reach
> the permissions notification as they're installing, I'm not sure if they
> will go back into the Android Market description to find their answers, I'm
> guessing they'll do a Google search (where the SUMO article would be found)

the description on the market currently links to http://support.mozilla.com/en-US/mobile#os=android&browser=m7 which has a few FAQs on it. i suggest linking a SUMO article there via a question on permissions perhaps. i'm happy to help with the article also.
(In reply to Jaclyn Fu from comment #15)
> I don't think the description is the place for this information, but do
> agree that we should address these concerns in a different place.  Michelle,
> we can work together on a SUMO page? Or it could even be a Wiki page.

Adding a link is fine, as long as it is fairly prominent in the description, and the description text says that the link has to do with permissions.  ("Questions about app permissions? See the FAQ at...")

> But since users reach the permissions notification as they're installing,
> I'm not sure if they will go back into the Android Market description to
> find their answers, I'm guessing they'll do a Google search (where the SUMO
> article would be found)

Many users - especially most first-time installers - will be coming from the description to get to the install dialog, and will automatically return to the description if they cancel or complete the installation.   This is why explaining permissions in the description is a fairly common practice for Android Market publishers.

Our Firefox Beta reviews are getting hammered by permissions-related complaints at the moment, by the way.
"Read phone state and identity" has been removed from Firefox 8/9/10 (bug 691054).

"Hardware controls: Take pictures and video" has been added in Firefox 9 (bug 659188).

"Your personal information: Read sensitive log data" was added in Firefox 9 because it is required by the Adobe Flash plugin (bug 630007).
Blocks: 630007, 659188, 583242, 667980
No longer depends on: 583242, 667980
Thanks!

Will show up in the Android description as:


For a complete list of features, check out http://mozilla.org/mobile/features/. 

Have questions or need help? Visit http://support.mozilla.org/mobile. 

The Firefox browser works on most Android devices. See if it works on yours: http://www.mozilla.org/mobile/platforms/

Want to know more about the permissions Firefox requests? http://mzl.la/FirefoxPermissions
(In reply to Jaclyn Fu from comment #21)
> Thanks!
> 
> Will show up in the Android description as:
> 
> 
> For a complete list of features, check out
> http://mozilla.org/mobile/features/. 
> 
> Have questions or need help? Visit http://support.mozilla.org/mobile. 
> 
> The Firefox browser works on most Android devices. See if it works on yours:
> http://www.mozilla.org/mobile/platforms/
> 
> Want to know more about the permissions Firefox requests?
> http://mzl.la/FirefoxPermissions

i saw this is live in the Android Market, awesome !

can we (should we) resolve this bug ? we have the SUMO page live and the market linking to it, plus a blog post from mbrubeck that covers the recent 'phone state and identity' change.
I'm OK with closing it out.  Let's continue to monitor if we still get any user feedback.  

Thanks!
Status: NEW → RESOLVED
Closed: 13 years ago
status-firefox8: affected → ---
Resolution: --- → FIXED
Target Milestone: --- → Firefox 7
Two things:

1. Can this be added to the FF beta as well?

2. The permissions page does not talk about the need to access the system log (which is a pretty large concern)
(In reply to Arun from comment #24)
> Two things:
> 
> 1. Can this be added to the FF beta as well?

Arun, do you mean : add the link to the FF beta Android Market description ? i don't see it there so i'm assuming so. 

> 2. The permissions page does not talk about the need to access the system
> log (which is a pretty large concern)

this was added in FF9 which went to Firefox Beta on the Android Market a few days ago - it seems like we need to update the permission page for Beta. "Hardware controls > Take pictures and video" was also added in FF9.

For now, i'm reopening this to get the link added to the Firefox Beta Market page and also to update the SUMO page with the new permissions.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Blocks: 702183
(In reply to Ian Melven :imelven from comment #25)
> (In reply to Arun from comment #24)
> > Two things:
> > 
> > 1. Can this be added to the FF beta as well?
> 
> Arun, do you mean : add the link to the FF beta Android Market description ?
> i don't see it there so i'm assuming so. 

Yes, that's what I meant.
The new Fx9 permissions are covered in the latest version of https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests#os=android&browser=m9

We may be removing most of the new permissions added in Fx9 and Fx10; see bug 702183 and also bug 679966 comment 143.
Blocks: 679966
(In reply to Jaclyn Fu from comment #21)
> Will show up in the Android description as:
[...]
> Want to know more about the permissions Firefox requests?
> http://mzl.la/FirefoxPermissions

This link is still missing in the German localization of the description. Btw, the linked page lists the permission "System Tools - Install shortcuts", which I am not asked for when installing FF 9.0 on my Galaxy Nexus.
We were still tweaking the descriptions - the current en-US description has not been translated to all locales yet
Product: Fennec → Fennec Native
Target Milestone: Firefox 7 → Firefox 11
Assignee: nobody → jfu
Priority: -- → P2
Depends on: 751944
Depends on: 751930
blocking-fennec1.0: --- → ?
Keywords: productwanted
Whiteboard: [sg:want] → [sg:want][no-code]
blocking-fennec1.0: ? → -
Link to permissions has been added to the description copy
I think all the open actions are complete.  Let's open new bugs for any further changes.
Status: REOPENED → RESOLVED
Closed: 13 years ago12 years ago
Resolution: --- → FIXED
Depends on: 857730
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.