The team that wrote the preview portion of the app is a different team to the one that wrote the permission requesting part. They communicate asynchronously (as a team/org, but this probably is reflected in the app's architecture!), which means the outcome is eventually consistent! But you managed to observe one of those inconsistent cases!
“Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization's communication structure.” —Melvin Conway
I've heard this was the secret to AWS's taking off twenty years ago: Bezos told the various teams they can only interact with each other as if they were vendors and customers to each other.
It was formulated a little different. But this was the 2002 mandate:
1. All teams will henceforth expose their data and functionality through service interfaces.
2. Teams must communicate with each other through these interfaces.
3. There will be no other form of interprocess communication allowed: no direct linking, no direct reads of another team’s data store, no shared-memory model, no back-doors whatsoever. The only communication allowed is via service interface calls over the network.
4. It doesn’t matter what technology they use. HTTP, Corba, Pubsub, custom protocols — doesn’t matter.
5. All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
Source: Steve Yegge’s “Amazon understand platforms and Google doesn’t” rant - copy found at https://gist.github.com/chitchcock/1281611 among others, since it was originally posted on Google+ and link-rotted.
Then maybe the default value for "permission to access photos" should be no, so they can only start accessing them after you give them permission. But yeah, with stuff like this it's always "opt-out", never "opt-in", unless someone forces them to...
The team that wrote the preview portion just accessed the photos with elevated permissions if permission wasn’t granted yet? That doesn’t make any sense
Google Photos is not a mobile app. Google Photos is a SaaS webapp that happens to have a companion app for Android. Whatever OS-level settings affect the Android app itself, they have no bearing on what Google Photos the SaaS can or cannot do.
it's very easy to imagine the scenario where this happens.
Those photos may have already been uploaded to google's web servers (from my understanding, this happens with google photos by default?), from which a preview has been generated. The permission is at the android app level, and is requested at some point to ensure that the permission model is respected from the POV of the user. I can imagine the permission request being out of sync!
