What if you could privately use an application and manage its permissions to keep ill-intending apps from accessing your data? That’s exactly what Steve Kondik at CyanogenMod—the aftermarket, community-based firmware for Android devices—hopes to bring to the operating system. It’s called Incognito Mode, and it’s designed to help keep your personal data under control.

Kondik, a lead developer with the CyanogenMod team, published a post on his Google Plus profile last week about Incognito Mode. He offered more details on the feature:

I've added a per-application flag which is exposed via a simple API. This flag can be used by content providers to decide if they should return a full or limited dataset. In the implementation I'm working on, I am using the flag to provide these privacy features in the base system: Return empty lists for contacts, calendar, browser history, and messages.

GPS will appear to always be disabled to the running application.

When an app is running incognito, a quick panel item is displayed in order to turn it off easily.

No fine-grained permissions controls as you saw in CM7. It's a single option available under application details. The API provides a simple isIncognito() call which will tell you if incognito is enabled for the process (or the calling process). Third party applications can honor the feature using this API, or they can choose to display pictures of cats instead of running normally.

Every time you install a new application on Android, the operating system asks you to review the permissions the app requests before it can install. This approach to user data is certainly precarious because users can't deny individual permissions to pick and choose what an application has access to, even if they still want to use that app. Incognito Mode could potentially fix this conundrum, enabling users to restrict their data to certain applications.

“This would theoretically allow you to disallow the app from connecting to the Internet, accessing your contacts, using the GPS, etc.” Kondik told Ars in an e-mail. He went on to write that the development of Incognito Mode is largely in response to malware-like features of some applications that have been gathering private data for data mining. “I had been thinking about how we can improve the privacy situation and put the power back in the hands of the user,” Kondik continued. “I proposed ‘Run in incognito mode’ on one of our internal development groups.”

Since not all applications are malicious, users will be able to enable Incognito Mode on a per-app basis. The option will be available within each application’s individual settings. The feature is applied by simply checking off the option in each app’s settings menu. It will hide all personal data—like contacts, call logs, and MMS—from any application that you want to use but don't fully trust. If the app asks for your contacts, for instance, it will retrieve an empty list. If it asks for your location, the system will tell it that GPS is disabled.

Incognito Mode isn't an entirely new concept. An older version of CyanogenMod, CM7, originally had a similar feature that allowed users to revoke permissions from any application. It was popular among users, but its initial implementation was plagued by a few issues. “If you just revoke a permission from an app, the Android system will just crash it when it tries to use a feature that requires that permission," Kondik wrote. "The solution to this was to create fake implementations of the features which are to be revoked. So if an app tried to query your contacts, it would get… something else.”

The implementation in CM7 was also teetering along the line of anonymity as it interacted with other applications, with the code acting somewhat aggressively by returning junk data instead of an empty list for certain queries. It also hid device-specific data that broke some techniques that developers were using to count the number of people using their application.

“Needless to say, we got a lot of pushback on this from app developers who considered it a ‘hostile’ environment to run their apps,” Kondik added. “Since CM is trying to be good citizen of the Android ecosystem, we shelved the feature for later releases.” The feature also required users to manually micromanage the permissions that were granted to an app. "I'm of the opinion that anything that requires excessive configuration is almost always a bad user experience and is only going to be useful to the most technical of users."

Will it ever be available in the Google Play Store as a standalone application for non-rooted Android users? Kondik wrote that it's not too likely. “The way that I've implemented the feature requires changes to the Android framework and the core content providers. It would be difficult, if not impossible, to do this as a standalone app.” He added that the CyanogenMod team must make changes to the code that is responsible for serving the data up to the applications. And this is difficult to do without modifying the base system.

There is some hope that Google might look to CyanogenMod as a model for future versions of its Android operating system. “When it's complete, I do plan to upload it to the Android Open Source Project to see if it gets any traction,” wrote Kondik. “I don't know if Google would be interested in picking a feature like this up, but I think that we've done it in a way which is generally useful.”

Either way, the main goal of a service like Incognito Mode is to get privacy back into the hands of the users. “I think a lot of people have given up on their right to privacy for the sake of convenience, and too many companies are taking advantage of it,” Kondik concluded. “This feature is just a way to take some of that power back.”

Incognito Mode is expected to be available via a nightly build of CyanogenMod 10.1 sometime this week. Kondik added that it won't be included in the stable release, which is currently in the release candidate phase.