On Sun, Aug 22, 2010 at 6:17 PM, Indicator Veritatis <[email protected]>wrote:
> Giving the program permission to write what it cannot read sounds like > a recipe for trouble. If anything, I would expect the finer > granulation of permission to go exactly the other way, i.e. granting > permission to read contacts w/o permission to write them. But we don't > get that either. > I'm not sure what you mean here. Of course you can have a read permission without write. I can think of use cases for reading contacts w/o write permissions, > but they are not THAT compelling. So I can see making it a feature > request, but I can't see expecting a very high priority for it. After > all, it seems Google was more concerned about someone reading your > contacts to get your private information than they were about a > malicious program writing bogus values to your contacts (though I can > see that as an attack vector too). > Please don't make a feature request. The reason for the current situation, as I already said, is that it is very hard to give an application write access without also leaking information about the provider they are writing to. If you can come up with a patch that guarantees write access will not allow any data to leak and contribute it, then it is possible to allow write without read. -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
