Giving the program permission to write what it cannot read sounds like a recipe for trouble. If anything, I would expect the finer granulation of permission to go exactly the other way, i.e. granting permission to read contacts w/o permission to write them. But we don't get that either.
Not having it still sounds to me like a small loss, though. Writing what you cannot read is like painting your windshield black before driving your car out of the driveway. I can do without permissions for doing that. If a program asked for such permissions, I would assume the author was crazy. I can think of use cases for reading contacts w/o write permissions, but they are not THAT compelling. So I can see making it a feature request, but I can't see expecting a very high priority for it. After all, it seems Google was more concerned about someone reading your contacts to get your private information than they were about a malicious program writing bogus values to your contacts (though I can see that as an attack vector too). On Aug 22, 9:06 am, Pinheiro <[email protected]> wrote: > > It is very hard to ensure that someone with write access can't also get data > > back from the provider, so generally no. > > It's a bit lame, imho. According to Google, developers should use the > least permissions possible. But how can we do that if we have to use > READ_CONTACTS to write contacts? Personally, I get suspicious when an > app wants to read my contacts. > > > editor with your data to allow the user to be involved with adding it, using > > SHOW_OR_ADD_CONTACT:http://developer.android.com/reference/android/provider/ContactsContr... > > Thanks, that is a good alternative. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
