gvb

I really like the "NoScript" model of permissions in a browser and wish phone OSes allowed that model. With "NoScript", I block javascript by default but can unblock temporarily or whitelist permanently.

On my Android phone:

* With standard Android, I have to whitelist an application when installing it. I cannot pick which permissions I give it, I cannot control when it can use those permissions, and I cannot remove permissions. Ever.

* With Cyanogenmod, I can restrict permissions fine grained both for permissions and applications. This would be really great if it were usable, but when I try to use it the applications behave very badly (often crashing) if they don't get unfettered permission to use my data.

I would love it if (a) applications behaved well in the absence of permissions (I fault Google for setting expectations of availability that don't require this) and (b) I had a UAC style permission granting mechanism[1] so that I control an application's access to my data and can monitor what it is asking for and when. While it could still "steal" my data (cache it, send it to the borg) any time I gave it permissions, it would at least give me a clue that the application was not trustworthy if (when) it popped up unexpected permission requests.

[1] I cannot believe I said I like Windows UAC dialogs. That will cost me another year in purgatory. :-/

Spittie
I'd love to have it, integrated in the OS and by default as well. Something might be moving, as Google added "App Ops" [1] (hidden by default, but it's there) in Android 4.3, which allow you to revoke permissions from applications.

That said, there are some alternatives to Cyanogenmod's Incognito mode, which should work better.

One is XPrivacy [2], which relies on the XPosed Framework [3]. This is what I'm currently using on my Android phone. You can allow/restrict some permissions by default, and then have a whitelist for certain applications.

Another one is OpenPDroid [4], which requires you to patch your rom (there are some preset for the biggest roms, so usually it's just a matter of a few clicks). I haven't used it, but it should work just like XPrivacy.

XPrivacy and OpenPDroid send blank/fake data instead of blocking applications from using certain APIs, so they cause way less crashes. They even allow you to choose the fake data to provide, so that you can fake, for example, your location.

[1] http://www.androidpolice.com/2013/07/25/app-ops-android-4-3s...

[2] https://github.com/M66B/XPrivacy

[3] http://forum.xda-developers.com/showthread.php?t=1574401

[4] http://forum.xda-developers.com/showthread.php?t=2098156