This reads to me as an overreaction.
Sure, it's important to be vigilant about the permissions you give apps, but it's also important to understand the underlying OS and permission layers.
TLDR: If you're concerned about your privacy, upgrade to Android 6.0
There's nothing wrong with Wikipedia letting you manage your Wikipedia account using the app.
They're using the Account Manager API, which is the right way to approach account management on android.
Prior to android 6.0, they need the GET_ACCOUNTS permission to use the account manager.
Wikipedia's FAQ explains:
Note: The app does not store your Wikipedia login credentials on the device, and it does not access any non-Wikipedia accounts on your device, nor any other aspects of your identity.
Note: This permission is only required in Android versions earlier than 6.0 (Marshmallow). For Android 6.0 and above, this permission is not required.
GET_ACCOUNTS is a dangerous permission. That's why google changed the behavior in android 6.0 by:
1. Allowing users to decline specific permissions to apps, instead of the "accept all or none" approach in lollipop and bellow.
2. Allowing apps to manage the account they own without requesting GET_ACCOUNTS.
The Android docs explain this as well:
Note: Beginning with Android 6.0 (API level 23), if an app shares the signature of the authenticator that manages an account, it does not need "GET_ACCOUNTS" permission to read information about that account. On Android 5.1 and lower, all apps need "GET_ACCOUNTS" permission to read information about any account.
Bottom line is: if you're concerned about app permissions (as you should be) - you should be running Android 6.
Wikipedia won't ask you for GET_ACCOUNTS, and you'll be able to manually control permissions other apps receive as well.
TL;DR: Many Android devices don't have the option for arbitrarily upgrading at the user's option. You're limited to OS updates if and when your vendor can be arsed to get around to it.
The versions of Android on which this permission are required are precisely those on which it's a security issue. Ergo: don't use the permission.
Wikipedia's app describes what their intent is. Last time I checked, a large number of software security bugs were the result not of intent but poor execution. Again, applying principle of least privilege avoids this.
You yourself admit this is a dangerous permission.
More generally, there's a whole mess of problems with Android, its security and permissions system, and its app store. I've addressed those in earlier posts to G+, with the upshot being that Google really need to radically re-think where they're going with this and what they want it to be.
I find some attributes of Android hardware compelling. I find the actual environment to be rather a complete clusterfuck.
Last I checked, Google had registered something over 3 billion Android user identities. Relying on that large a population to 1) trust individual software authors with 2) no specific code of conduct or review process and 3) have a high level of familiarity with permissions systems, architectures, and peculiarities of specific releases strikes me as a good working definition of "unreasonable expectations".
The Android 6.0 version is better in some ways, but has its issues. For instance, in Android 6.0 the Internet permission is assumed. For the truly privacy conscious, the best internet is no internet.
There is something 'clean' about building an app without internet access. I created an app with schedule data that's updated every two months. With no need for regular updating, updates are distributed as app updates. The app was created in a weekend: no backend services to create or maintain.
Less than 5% of phones currently run Android 6.x. I don't really think that's a fair "requirement" to give to people, given that many people are otherwise prevented from getting a Marshmallow update not because of the age or model of their phones, but because the carrier has prevented it.
I don't mind if my app accesses geo as long as it doesn't exfiltrate. In a perfect world, only a small subset of an app's data should leave the device.
This ends up being pretty hard to do generically. If a geofence event triggers a network call, has geo information been exfiltrated?
As things are, I don't feel like I'm past having to trust the app author.
I've suggested separately that Google should can the concept of supporting apps and look at what functions it wants to provide, and provide a Free Software framework for supporting that, with a guidance structure specifying what app authors and package maintainers must and must not do.
Last time I used the app it didn't support 'Find in page' or pinching to zoom. The web site is great and just works for what I want to use it for. The only thing that's annoying is that when sections of the article are collapsed 'Find in page' doesn't work (which is obvious, but annoying).
1. Wikipedia is of itself a highly useful online resource, and one of a few that stands almost on its own.
2. Chrome browsers universally suck. They suck in different ways, but they all suck. For the purposes of reading Wikipedia, the Wikipedia app sucks considerably less.
3. Specifically, it's fast and responsive, doesn't keel over, offers a number of features (the next-article preview feature especially) which are useful, and allows me to maintain a tabset that's specific to Wikipedia research rather than The Web At Large. I can download/bookmark specific articles for offline viewing.
4. It is lacking bits. Not being able to access article history, talk pages, and other Wikipedia infrastructure among others. I need to see if it can be Tor routed as well.
This is not an overreaction at all. In fact, with the recent Wikipedia search engine debacal, the chances of these so called necessary permissions being unrelated, or coincidence, is nil and none. Jeez people keep up!
[+] [-] dkopi|10 years ago|reply
TLDR: If you're concerned about your privacy, upgrade to Android 6.0
There's nothing wrong with Wikipedia letting you manage your Wikipedia account using the app. They're using the Account Manager API, which is the right way to approach account management on android. Prior to android 6.0, they need the GET_ACCOUNTS permission to use the account manager.
Wikipedia's FAQ explains: Note: The app does not store your Wikipedia login credentials on the device, and it does not access any non-Wikipedia accounts on your device, nor any other aspects of your identity. Note: This permission is only required in Android versions earlier than 6.0 (Marshmallow). For Android 6.0 and above, this permission is not required.
GET_ACCOUNTS is a dangerous permission. That's why google changed the behavior in android 6.0 by: 1. Allowing users to decline specific permissions to apps, instead of the "accept all or none" approach in lollipop and bellow. 2. Allowing apps to manage the account they own without requesting GET_ACCOUNTS.
The Android docs explain this as well: Note: Beginning with Android 6.0 (API level 23), if an app shares the signature of the authenticator that manages an account, it does not need "GET_ACCOUNTS" permission to read information about that account. On Android 5.1 and lower, all apps need "GET_ACCOUNTS" permission to read information about any account.
Bottom line is: if you're concerned about app permissions (as you should be) - you should be running Android 6. Wikipedia won't ask you for GET_ACCOUNTS, and you'll be able to manually control permissions other apps receive as well.
[+] [-] dredmorbius|10 years ago|reply
The versions of Android on which this permission are required are precisely those on which it's a security issue. Ergo: don't use the permission.
Wikipedia's app describes what their intent is. Last time I checked, a large number of software security bugs were the result not of intent but poor execution. Again, applying principle of least privilege avoids this.
You yourself admit this is a dangerous permission.
More generally, there's a whole mess of problems with Android, its security and permissions system, and its app store. I've addressed those in earlier posts to G+, with the upshot being that Google really need to radically re-think where they're going with this and what they want it to be.
I find some attributes of Android hardware compelling. I find the actual environment to be rather a complete clusterfuck.
Last I checked, Google had registered something over 3 billion Android user identities. Relying on that large a population to 1) trust individual software authors with 2) no specific code of conduct or review process and 3) have a high level of familiarity with permissions systems, architectures, and peculiarities of specific releases strikes me as a good working definition of "unreasonable expectations".
[+] [-] pramodliv1|10 years ago|reply
[+] [-] joelhaasnoot|10 years ago|reply
There is something 'clean' about building an app without internet access. I created an app with schedule data that's updated every two months. With no need for regular updating, updates are distributed as app updates. The app was created in a weekend: no backend services to create or maintain.
[+] [-] butz|10 years ago|reply
[+] [-] AdmiralAsshat|10 years ago|reply
[+] [-] awqrre|10 years ago|reply
[+] [-] awinter-py|10 years ago|reply
I don't mind if my app accesses geo as long as it doesn't exfiltrate. In a perfect world, only a small subset of an app's data should leave the device.
This ends up being pretty hard to do generically. If a geofence event triggers a network call, has geo information been exfiltrated?
As things are, I don't feel like I'm past having to trust the app author.
[+] [-] dredmorbius|10 years ago|reply
Pretty much Debian.
https://plus.google.com/104092656004159577193/posts/2eg1rG6k...
(Caution: harsh language.)
Edit: Updated link. Had the wrong Android rant referenced earlier.
[+] [-] rocky1138|10 years ago|reply
[+] [-] petepete|10 years ago|reply
[+] [-] dredmorbius|10 years ago|reply
1. Wikipedia is of itself a highly useful online resource, and one of a few that stands almost on its own.
2. Chrome browsers universally suck. They suck in different ways, but they all suck. For the purposes of reading Wikipedia, the Wikipedia app sucks considerably less.
3. Specifically, it's fast and responsive, doesn't keel over, offers a number of features (the next-article preview feature especially) which are useful, and allows me to maintain a tabset that's specific to Wikipedia research rather than The Web At Large. I can download/bookmark specific articles for offline viewing.
4. It is lacking bits. Not being able to access article history, talk pages, and other Wikipedia infrastructure among others. I need to see if it can be Tor routed as well.
[+] [-] EazyC|10 years ago|reply
[+] [-] brudgers|10 years ago|reply
[+] [-] dublinben|10 years ago|reply
[+] [-] deleterious|10 years ago|reply