The CommonsBlog


Evernote, and Why You Need to Think About Permissions

I use Evernote a reasonable amount. I’m not a huge user, but I have several hundred notes on their service entered through their Web interface. I back up those notes using the Windows desktop, fired up once in a while on an XP VirtualBox that I use for tech that’s just gotta gotta gotta be Windows.

I would seem to be the poster child for an Android Evernote user. After all, I travel a fair bit, and scanning receipts and storing them would be rather useful. Plus, I’d have access to all those notes I have on their service.

However, I have not installed the Evernote Android app, for one simple reason: permissions.

The Evernote app requests a fair number of permissions. Some make sense, such as the INTERNET permission (kinda important for a Web service). Some are a bit dubious, such as needing both coarse and fine location data.

Beyond those, they ask for the READ_CONTACTS permission, and that’s where I draw the line. Any application with both INTERNET and READ_CONTACTS can slurp up all my contact data and send it to points unknown.

The thing is, I feel rather confident that there’s nothing the Evernote app can do with READ_CONTACTS that I actually want them doing. There are ways to share notes on Android without needing that permission, such as an ordinary ACTION_SEND request.

So, rather than me being a poster child for an Evernote Android user, the Evernote app is a poster child in its own right.

First, it’s a poster child for permission creep. Evernote either needs to limit their permissions or justify a lot better why they have the permission in the first place. I really have no idea why Evernote needs to read my contacts or know where I am. Not only does their app description on the Market lack any justification, their Web page says even less…and there’s no 325-character limit on teh Intarweb. Evernote needs to sell me on the rationale for those extra permissions, if they expect me to agree to them.

Second, it’s a poster child for the crying need in Android for optional permissions. I really wouldn’t mind that Evernote is asking for those permissions, if I had the ability to say “no”. Some permissions, like INTERNET, Evernote would make mandatory, since their app would be pointless without them. But for fringe features, allowing developers to flag permissions as android:required="false" and allowing users to toggle those permissions would be rather beneficial, IMHO. Developers would check to see if they have the rights to do something before enabling the menu choice or button or whatever to go do it, no different than they should be checking for the existence of third-party apps before firing off activity requests to launch them, or using Criteria to see what location provider to use rather than assuming GPS. Even if the permissions are granted by default on install, and only “power users” turn the optional ones off, it’s a net benefit, at least to those particular users.

In light of Russian Android trojans and the like, we need to make sure that users understand and appreciate the ramifications of permissions that apps request. That isn’t helped by developers who ask for permissions and don’t justify them. Be judicious in your choice of permissions to request, use techniques at your disposal (e.g., optional APK plugins) to minimize the core set of permissions your app needs, and keep tabs on issues like this one to see when optional permissions might appear in Android.