WingNews logo WingNews
top | item 43986712

(no title)

coded_monkey | 9 months ago

> As others have also observed, permissions such as MANAGE_EXTERNAL_STORAGE have been rampantly abused in the past, often in horrific ways.

The lack of consideration for this point in this thread scares me. The amount of data that can be taken from a device through a permission like this is likely huge and it’s not just about “protecting users from themselves”. I wouldn’t feel safe enabling it for any app, and while syncing all data on the device sounds very useful, it’s a damned if they do, damned if they don’t scenario for Google.

discuss

order

greatgib|9 months ago

So scary that I don't know how billions of people in the world manage to have the right to use whatever software they want to access "all" the files in the file system of their computers (PC/mac) and that the civilisations have still not yet collapsed...

apitman|9 months ago

Then give me a big fat warning then let me choose.

mvdtnz|9 months ago

Google simply needs to add "I'm an adult" functionality to their phones. I know the author of this app and trust them, I know the functionality I want and I accept the risk because I'm a grown adult and can make my own choices.

izacus|9 months ago

The next API Nextcloud is asked to use it literally that - it asks you, as the user, what files you want Nextcloud to read.

nolist_policy|9 months ago

But why? Just for the odd app that can't be bothered to use the new API?

Even if you trust the app, if there is a vulnerability in there, the Android sandbox provides an additional line of defense. Most apps don't have defenses of their own, the only apps that self-sandbox are web browsers.

zb3|9 months ago

> I wouldn’t feel safe enabling it for any app

Then don't enable it, no need to take away my ability to do so. Granular permissions are good (especially when the app can't reliably know they were refused), providing I have the ultimate control.

> it’s a damned if they do, damned if they don’t scenario for Google.

Did they consider my scenario above - where the app doesn't know it was not granted a permission?

IshKebab|9 months ago

> especially when the app can't reliably know they were refused

That's the problem. Android didn't do this even though it was obviously what is needed. Android apps can easily tell what permissions they have.

I think Google prioritised UX over power and security here. They were presumably scared about people accidentally clicking the "Silently deny" button and then getting confused when the app didn't work. Big missed opportunity.