I think this is particularly an issue with the recent change in Android's flagship messaging app: Hangouts. The recent change is that if you text someone, Android will show the recipient your G+ profile (if you haven't explicitly turned this off). The issue is privacy.
A little background: Earlier this year (or thereabouts), everyone realized that texting (SMS) was a wonderful fallback to someone else not being a member of your social site. "You're on Facebook and want to send a message to someone who's not? Not a problem! We'll just text them...
...but we'll need to see your contact list."
<cue sinister sounding music>
"Oh look! Your friend such-and-such is already on our site! You must be friends so we'll make you friends. Now your estranged relations can know your precise location at all times. You're welcome! :)"
The king of intrusion is RunKeeper. RunKeeper was the darling of the Pebble watch. Pebble worked together with RunKeeper to integrate a client right into the watch. This is great but the problems show up when you look at the permissions that RunKeeper asks for on your phone:
- "Read your contacts" - This is what we were afraid of. RunKeeper wants to know all your contacts. They want to connect you to everyone (that you know) that's using RunKeeper, or invite them if they're not.
- "Find accounts on the device" - In other words, they want your email address. So they can spam you. But only a little. And they'd never sell the address. Unless they went bankrupt.
- "Use accounts on the device" - They want you to give them permission to access the other parts of your Google account - G+, Drive, etc. This is scary and unnecessary for a running app.
Nike+
Nike+ is a very popular running app. The trouble is, it's just another social site where the currency is your last workout and your friends.
- "Add or modify calendar events and send email to guests without owners' knowledge" - Seriously??? This is an allowed permission at all???
- "Read calendar events plus confidential information" - hmm, not sure I want my running app to know that I'm going to that doctor...
- "Read your contacts" - Yes, Nike+ suffers from the same disease as RunKeeper.
Noom CardioTrainer
The Noom exercise app was one of the first Android running apps, going back as far as the G1. Their first product had everything that the best apps have today: recording your run or bike ride on a map, allowing you to download it as GPS data, periodic announcements during the run. When CardioTrainer first came out, the only way you could even download your workout data was to have a special code. Nowadays, it wants to share it with everyone. Here are the permissions that it asks for:
- "Read your contacts" - sigh, it's an epidemic.
- "Read call log" - huh? what is this for?
- "Add or remove accounts", "Use accounts on the phone" - I suspect that this is used to send your run up to Facebook but it's still overbearing.
Apps that got it right:
MapMyRun is another popular running app but here's the worst permission that it asks for:
- "Record audio" - hmm, not sure what it's for but I doubt that they're recording your conversations. I suspect it's used to see if you're on a call or VC or something.
Pebble Bike is a little app written by some guys who wanted to see their bicycle speed on their Pebble watches. It has no ability to export your workout, no history, no reminders, no progress bars, no recorded celebrities telling you to run faster. But it does show you your speed and average pace on the watch, which is cool.
Also, it doesn't ask for any risky permissions.
Summary
In summary, I don't mind an app that wants to share all my runs with the people on Facebook. But if I don't want to do that, I'd still like to use the app. For instance, there aren't many running apps that talk to the Pebble watch. I'd hate to have to give up my friends and family just to do that.
I'm also shocked that any running app would share information that could be used by a stalker (or worse.) Would anyone knowingly give out this information?
- female, looks like she's in her 20's from the profile picture
- reliably runs around Such-and-such Park every Monday evening after dusk
- probably wearing very little clothes
- probably not carrying a self-defense weapon due to the weight
- should be getting too tired to run away around such-and-such o'clock...
