I really hope Google fixes Android's broken security model. As the owner & user of an Android device, I should be able to configure feature access on a per-app basis. It's ridiculous that you have to either grant an app all requested access, or just don't install it. You should be able to install it, but choose which features to grant access to and which to deny.
Google was asked for this myriad times. I guess, they won't fix it unless something extraordinary happens (like a huge privacy-related scandal).
Apps on Google Play are throughly infested with ads and analytics and whatever. On desktop we used to call this kind of applications "spyware", frown upon them and let antivirus software block those on sight. On tablets, this is a norm of life.
It won't solve the problem. The default response will be to simply refuse to run at all. And, for an app like facebook, which has the upper hand, it is not a big deal that the user doesn't like it.
What if core features of the app rely on the permissions? Is the onus on the app developer to build checks for permissions or on the user to realize the app isn't working the way it should because they disabled some permissions?
As an Android app developer, I agree with this and it would not be a great burden. Developers would only need to add handling for security exceptions, and, perhaps, an explanatory error message.
It is almost unavoidable that this happens. As Android is used more in enterprise settings, permissions such as access to contact databases would have to be selectively granted, and controlled by mobile device management systems.
It's going to be tough to convince every app developer to have their applications work in those circumstances. I would imagine some permissions which are core to the application would be required. Of course, then we are back at the start when app developers mark all their permissions to be core.
Not sure about that, but Android 5.0 is rumored to use SE Linux (or SE Android I guess), which I believe is based on a more extensive permission model.
I would like to see Apple, Android and Microsoft provide a mechanism where the developers can explain, in their own terms, why they need access to certain permissions. I own an HTC HD7 which is WindowsPhone 7. I remember installing some generic music player app (for the life of me I cannot remember the name of it). It required access to, among other things, my location information. At this point the installation was cancelled and the app deleted from my phone. All I could think was "Why on Earth do you need to know where I am to let me listen to my music?".
If developers were at least given an opportunity to explain to their users why they are requiring certain information, consumers may be more willing to allow access. It seems to me many apps take a "lets grab all the info we can" approach which is extremely off putting.
> I would like to see Apple, Android and Microsoft provide a mechanism where the developers can explain, in their own terms, why they need access to certain permissions.
Note that on iOS permissions are requested to the user at runtime when the app tries to access a restricted capability, which helps understanding the request because it happens in the context of what the user is doing with the app.
Also, each one of them can be accepted or declined separately and turned on or off at a later time.
Unfortunately, what you describe is the ideal case.
A typical case might be:
1. Developer releases free app
2. Users find it useful
3. Developer seeks to monetize, adds some mobile ad network libraries
4. Ad network libraries want the user's location
5. User's who liked the app now find themselves OK'ing a frivolous-seeming permission during an update, or they have to uninstall the app, potentially losing access to some of their own data.
And so we find our developer on the slippery slope. Putting the power to cause those apps to fail when they do dubious things in the user's hands means that developers would be more discriminating about their monetization partners, among other benefits.
The increasing number of permissions that appear to be out of place for this app is exactly why i hit the "force stop" button for the app about a month ago and then went on to hit the uninstall button for it about 3 hours ago.
I would like to continue to use the facebooks messaging features though. however their need to include the read/write/edit your SMS/MMS messages permissions is a serious put off and causes me not to want to install it.
I'm not gonna lie, I like using facebook, but I unplugged it from my phone a while ago and haven't regretted it. Social networking is a fun diversion but a terrible lifestyle.
It's pretty much the only thing left they didn't already require, so no big surprise here. Perhaps it's time to switch to only using the web version on my phone...
Over the past couple of years, I've gone from installing tons of native apps to using almost all web apps. It has worked well for me - in fact, I hardly miss native apps!
This is it, the final call, privacy invading has gone to far.
I'm already wearing at least half a tinfoil hat, now it's time to put it on leave it there.
I have already deleted my facebook account a long time ago and honestly I haven't missed it ... at all!
I encrypt all my hard-drives at home and on my laptop, just because I can.
I have several privacy extensions installed in my browser and I try to avoid using chrome unless it's absolutely necessary.
I still use google search and gmail, but I will migrate away from them in the near future.
I do not want to be the product being sold any more, I don't want anyone to be able to put together a complete profile on me with a few clicks on keyboard.
"The line must be drawn here, this far - no further"
[+] [-] kakuri|13 years ago|reply
[+] [-] drdaeman|13 years ago|reply
Apps on Google Play are throughly infested with ads and analytics and whatever. On desktop we used to call this kind of applications "spyware", frown upon them and let antivirus software block those on sight. On tablets, this is a norm of life.
[+] [-] utopkara|13 years ago|reply
[+] [-] salman89|13 years ago|reply
[+] [-] Zigurd|13 years ago|reply
It is almost unavoidable that this happens. As Android is used more in enterprise settings, permissions such as access to contact databases would have to be selectively granted, and controlled by mobile device management systems.
[+] [-] nrlucas|13 years ago|reply
[+] [-] mtgx|13 years ago|reply
[+] [-] _chrismccreadie|13 years ago|reply
If developers were at least given an opportunity to explain to their users why they are requiring certain information, consumers may be more willing to allow access. It seems to me many apps take a "lets grab all the info we can" approach which is extremely off putting.
[+] [-] micampe|13 years ago|reply
iOS (and OS X) does this: when a permission is requested, the developer can provide a usage description string to explain what that capability will be used for: https://developer.apple.com/library/ios/#documentation/Gener...
Note that on iOS permissions are requested to the user at runtime when the app tries to access a restricted capability, which helps understanding the request because it happens in the context of what the user is doing with the app.
Also, each one of them can be accepted or declined separately and turned on or off at a later time.
[+] [-] Zigurd|13 years ago|reply
A typical case might be:
1. Developer releases free app
2. Users find it useful
3. Developer seeks to monetize, adds some mobile ad network libraries
4. Ad network libraries want the user's location
5. User's who liked the app now find themselves OK'ing a frivolous-seeming permission during an update, or they have to uninstall the app, potentially losing access to some of their own data.
And so we find our developer on the slippery slope. Putting the power to cause those apps to fail when they do dubious things in the user's hands means that developers would be more discriminating about their monetization partners, among other benefits.
[+] [-] mcrmonkey|13 years ago|reply
[+] [-] bsimpson|13 years ago|reply
[+] [-] lazyBilly|13 years ago|reply
[+] [-] jcomis|13 years ago|reply
[+] [-] petepete|13 years ago|reply
https://play.google.com/store/apps/details?id=org.mots.haxsy...
[+] [-] hluska|13 years ago|reply
[+] [-] np422|13 years ago|reply
I'm already wearing at least half a tinfoil hat, now it's time to put it on leave it there.
I have already deleted my facebook account a long time ago and honestly I haven't missed it ... at all!
I encrypt all my hard-drives at home and on my laptop, just because I can.
I have several privacy extensions installed in my browser and I try to avoid using chrome unless it's absolutely necessary.
I still use google search and gmail, but I will migrate away from them in the near future.
I do not want to be the product being sold any more, I don't want anyone to be able to put together a complete profile on me with a few clicks on keyboard.
"The line must be drawn here, this far - no further"
[+] [-] pkhamre|13 years ago|reply
[+] [-] dannyr|13 years ago|reply
This is why Facebook Home does not need any permissions.
https://play.google.com/store/apps/details?id=com.facebook.h...
[+] [-] devd|13 years ago|reply