For anyone who used Windows Vista, you will be well aware of the frustration that UAC (User Account Control) caused. That permission dialog popped up far too frequently, constantly asking the user for permission to execute a particular task. In theory, it was a good idea: give the user more control over what was allowed to run. The problem was that because the dialog box popped up far too often, people quickly learned to ignore it and blindly click “Allow” whenever it appeared - nullifying any of the security benefits of UAC. Thankfully Microsoft relaxed the pervasiveness of UAC in Windows 7 and it is now a far more useful security tool.
Why did I just spend a paragraph talking about UAC? Because to a certain degree, Apple is facing a similar dilemma with iOS and its permission dialogs. It recently faced scrutiny after it was revealed that a number of apps were accessing a user’s entire address book and even uploading it to their servers – without any user approval. Apple has now pushed back and announced it will soon require user permission for apps to access a user’s Contacts. But will it resemble yet another blue dialog box, just like access to Location, Push Notifications and Twitter already do? If so a user will face a barrage of those dialog boxes, asking for permission, one on top of the other.
It’s after reading Marco Arment’s thoughts on this issue earlier today that I thought I would weigh into the discussion and suggest one idea that may (or may not) be a potential ‘solution’. While there can never be a single solution that will be perfect for everyone (what may be overly cautious for one user may be overly lenient for another) the goal as I see it is to arrive at a solution somewhere in the middle ground; one that achieves an acceptable mix of precaution and freedom.
Essentially, my suggestion is that rather than let users face a stacked barrage of blue permission dialogs, is to flatten them all out on one clear screen when they first launch an app after installation. Users would see a list of what the app would like permission to access and the user would be able to (with one tap) allow all, or individually deny permission for the various databases. Furthermore, with one tap, a user could see a short justification from the developer for why the app is requesting that particular access – giving a little bit more control and peace of mind to the user. If a developer lied on this page it would almost certainly be grounds for expulsion from the App Store. The one final goal of my proposal is that it would also inform the user that these options can be changed the Settings, something many users may not be aware of at the moment.
I myself am not sure this is the best option, because there is one critical weakness. With my design, an app would have to upfront ask for permissions for whatever it might want to access in the future – but as Marco points out, some apps (like Instapaper) require access to something like Location for a minor feature that not everyone would even use (in that case it is to determine if it’s night at the users location, in which case it can switch automatically to dark mode).
If I asked most careful people if Instapaper could have their location, they’d refuse, because there’s no obvious good reason. But if the app asks right when they enable a location-based setting from a screen that shows why it’s asking for their location, they can make a more educated decision. Similarly, if an app doesn’t seem to have a good reason when it asks for Contacts, a skeptical person can decline.
Although to counter that point, I would note that not only can a user choose to individually deny Instapaper access to their location, but if they were curious as to why Instapaper would need access to their location, they could quickly read Marco’s explanation with one tap. Furthermore, my suggestion wouldn’t entirely remove the blue permissions dialog, as an app could ask again for permission later on if access was initially denied but a user is trying to use a feature that requires permission — in that case, the app could trigger the dialog to ask the user permission again.
Accompanying my suggestion would be something similar to Rene Ritchie’s app permission sheet in Settings. It would list all apps that have asked for permissions and you could dive in and edit those original options from when you first installed the app. As for allowing an app to send push notifications, I would probably keep that separate, as its own blue dialog box. My permissions “screen” would be solely dedicated to access permissions, to information that is privately stored on your device. One big benefit of such a permissions screen of course is that Apple could theoretically add more things that require permission to be accessed by apps, without a user becoming too overwhelmed, because such a layout is far better than stacking dialog boxes. Think about access to NFC or perhaps your music library.