I can choose not to install an app, but Google prevents me from doing it intelligently, that is, filtering the crappy apps demanding ridiculous permissions. I have to manually click on dozens of them before finding one that does not require, say, Internet access. APEFS (http://www.bs.informatik.uni-siegen.de/forschung/apefs) allowed such filtering, but since Google Play was updated some months ago, it stopped working and was removed. Now I have to resort to F-Droid for free apps, but there are not nearly as many as in Google Play.

Exactly. The Play Store does not allow me to sort by permissions and doesn't display them up-front, making concern about permissions a fruitless endeavor.

Give me a fuzzy-sort option where I can just apply weightings to how much I value out of (1) Permissions, (2) Popularity, (3) Price and (4) Relevance

Yes, exactly. I recently had to look through a dozen flashlight apps to find one that was non-scammy. Finally I found a couple that didn't require Internet access as well as personal information. Sheesh. Maybe I should have just written one myself.

> Have a single fake IMEI number, for example.

How would that work in countries where modifying the IMEI is illegal?

UK law (note prison sentence) http://www.legislation.gov.uk/ukpga/2002/31/section/1

I don't know if this is current US law or not. Here's one example http://thomas.loc.gov/cgi-bin/query/z?c112:S.3186.IS:

The suggestion was making a userspace call to retrieve the IMEI return a fake value, not modifying the IMEI itself. Perfectly legal, although I imagine a great legal battle could be fought over the interpretation of "interfere with the operation of".

I am, however, surprised that MAC spoofing is enough to get you a prison sentence if done on a "mobile wireless communications device".

EDIT: apparently as of a 2006 addendum in the "Violent Crime Reduction Act" even offering to do it for someone else will land you in the clink. Gotta keep those violent hackers off the streets I guess.

That law seems particularly draconian. I assume it's an attempt to criminalise the changing of IMEIs on stolen phones? Reading that is slightly alarming, if only because I wouldn't have even considered that it could be illegal before today. I wonder how many other pieces of legislation I've naively violated?

I don't think android would affect the IMEI that gets sent to the network, and the intent of the law was to allow tracking of phones by IMEI (kinda scary in itself, kinda useful for law enforcement) and to allow stolen phones to be blocked from the network and rendered useless, which AFAICT has had a huge impact on levels of phone theft.

>> But a person does not commit an offence under this section if—

>> (a)he is the manufacturer of the device, or

>> (b)he does the act mentioned in subsection (1) with the written consent of the manufacturer of the device.

Perhaps the manual that comes with your phone could come with a line in the license saying that modifying the IDs for the purposes of stopping apps snaffling data is allowed.

It would modify it on the application level (user apps are sandboxed anyways), but not on the system/telephony level. System would still be aware of what the real IMEI is, just not whatever shady app requesting the permission.

That is one of the more shortsighted laws I have ever read. Or farsighted, depending on your cynicism about surveillance.

I wonder if I generate a UUID on your phone in my app, if you delete the app data does that run afoul of this law?

I think it's really about the IMEI on stolen phones, rather than anything else. And it's in the UK, where there are differences in legal procedure to US. But the DMCA is supposed to be about copyright protection and yet it's being used to keep phones locked to a carrier, so laws with unintended consequences are worrying.