I haven't read the Privacy Policy, but I pulled up the Spotify settings on my iPhone, and the only permission it has is Background App Refresh, (although I'm not sure if movement sensors would appear in the Settings app).
Is this some still-unreleased version of the app the article is about, or has the privacy policy changed with no changes to the data that Spotify actually accesses?
Speaking of Android and its derivatives prior to the upcoming Marshmallow release (version 6), the permission model was based on all-or-nothing approach ("all" accept all permissions and STFU; "nothing" meaning not installing an app). There's a huge difference between informing user at install-time about all permissions an application requires and (not) knowing when they're used in run-time. In the Android world of cca hundred permissions and this all-or-nothing permission model, overall UX has suffered and caused tension between users and developers. As the latter keep adding features to their apps, sometimes requiring new permissions, some (aware and tech-savvier?) users will not feel comfortable about and even decide to uninstall the app just like some Spotify Android users already have.
In this regard I've had a good experience with Privacy Guard feature on CyanogenMod 11 (based of Android 4.4 KitKat) and later. It allows you to control each app's access to a permission - allowed, ignored (disallowed), or "always ask". The last one triggers a popup whenever an app X wants to user permission Y (e.g. "Skype wants to modify your contacts" - wait what?!) where you can allow or ignorile it, and also set it as a future default to prevent being nagged with the popup. Although I personally very much like the option to opt-in or opt-out, I understand that even Privacy Guard UX is not for everyone. Luckily, you can choose if you need Privacy Guard and activate it per app, or have it automatically activated for every newly installed app with the "always ask" option for each permission.
That's a huge difference in how invasive it feels. But in practice, I'd feel watched if I allowed my music player to see my GPS location up front, but I'm completely happy to let it do so when I activate the run function.
In practice, the app could ask for permission to use the GPS the first time you use the "running" function, and then spy on your location ever after. The difference is in the perceived privacy.
On Android, it's impossible to install the app without granting all the permissions. So if there's a feature to upload your own cover art, then you have to grant it permission to look at all your photos forever or you don't get to use the app. It's terrible.
So basically they made a design decision that was thought to be good for the users privacy and it turned out to be a horrible decision. I can understand the reasoning behind their ìnitial design, but I can't understand why this hasn't just been thrown out and replaced already after it turned out so obviously flawed?
At least they could have deprecated that system and allowed it to work with old apps, while encouraging new apps to use an iOS-like we'll-ask-when-we-need-it kind of system?
You're exactly right. The context is missing. When I install an app and it asks for permission A, B, C, and D, I probably have no idea why, and it's scary.
If I'm using the app and discover a new feature that asks me for permission A, I understand why, and can make a reasonable decision.
The problem is that the granting of permission isn't strictly tried to that particular feature. So if the app asks you for permission A for "reasonable feature 1" it can then use that permission in the background for "unreasonable creepy feature 2" since you've now granted it unilateral permission.
Sure, like I said there is no way for me to know that after they asked for permission to use GPS when I engaged the "Run" function the first time, they won't spy on my location every time I just use the app (apart from the little GPS activity icon perhaps).
But the context of me switching to the "running" feature and then I'm asked if I want to allow the GPS function is enough for me to not feel watched. It's all about context.
Same if the app asked for permission to see your photos (forever) when you use the custom cover art feature.
For a malicious app this makes no difference, but for those apps we (sort of) trust, the context makes all the difference.
I don't have a solution for location, but for photos, it seems like it would be best to require no permission to present a standard control (i.e. UIImagePickerController), but with the API only actually providing any information when the control completes (photo is selected, or control is cancelled). The user selecting the photo is implicit permission.
Permission would be necessary to actually query for media programmatically, which is the real issue. Currently, they are conflated.
For location, I suppose that the "Google Maps is using your location" bar at the top could be expanded and always present when the location permission is enabled. Tapping it would revoke the permission until it is enabled again. This could get annoying though, some apps legitimately do depend on location all the time.
Is this some still-unreleased version of the app the article is about, or has the privacy policy changed with no changes to the data that Spotify actually accesses?