Yeah... I agree with that, and I'd like to add that what I would really
like to see is a(n easy) "Monitor this App" setting when you first
install it if it has internet access. How I think it should work is that
if the user wants to monitor the app, every outgoing packet (and maybe
incoming) would be logged and then the user could view what was sent in
the "Manage Applications" section of the settings. That way, it would be
a sure thing that any malicious app would be caught very quickly by some
user and then they should have an easy way to flag it so that it can be
banned from the market (with some kind of review obviously).
Something like that would be a tremendous boost to Android as it would
be perceived (even by the general public) to be very secure.
Brad.
On 28/08/2010 7:12 AM, Zsolt Vasvari wrote:
Let me try this from an end-user perspective. Obviously, the whole
permission feature was designed by a developer and, IMO, it's not a
very good system in a usuability sense.
As an end user, I only care one and ONLY one permission: INTERNET. I
only look for that one permission and the rest is just noise and might
as well not even be shown. Why? Because I know as long as the app
has no way of getting my personal info off my phone, I am good, as far
as I am concerned, the app can read all my passwords and credit card
info it wants, if it cannot do much with it anyhow.
That said, the way the Internet permission is implemented is poor and
doesn't really tell you anything useful on which I can make my
decision on. Currently, if I see "Internet" and need to scan the
other permissions as to what else the app can do and send out to
whomever.
What I would like to see is the Internet permission broken up into:
- Full unrestrictued internet access: This is fine for a replacement
browser, but if anything else requests it, I probably wouldn't install
that app.
- Local network access only (for printing or network management apps.)
- An spelt out protocol/domain list that the app declares it wants to
have access to and nothing else be allowed. This should be the most
appropriate for the majority of the apps.
On Aug 28, 1:46 am, Dianne Hackborn<[email protected]> wrote:
Well, we disagree.
On Fri, Aug 27, 2010 at 10:27 PM, Brad Gies<[email protected]> wrote:
I would argue the opposite :)
One of the handiest features of Windows Firewall is that you have the
option of "Displaying a notification" when it blocks a program, and when the
dialog shows up, you have the option of granting that program access, and
then it never bothers you again.
I do agree that the way it was done in Vista was absolutely horrible... but
a one time "Let this program do this" works VERY WELL, and I think it gets
around all the problems you mentioned.
In my opinion, the lack of this is the single most obvious failing in
Android.
Brad.
On 27/08/2010 5:36 PM, Dianne Hackborn wrote:
I think there is enough evidence that asking permission at time of need
doesn't generally work -- see the MIDP experience, Windows Vista/7 security,
etc. There is a fundamental problem that at the point you ask the
permission, the user is wanting to accomplish some task at hand, and all you
are doing is bugging them.
And it gets much worse when you consider applications being able to run in
the background. Do permission requests pop up on users from the background?
Does a notification get posted that they respond (or not respond) to at
their leisure?
If you have a wall of permissions, the first thing I would suggest is
looking at those and seeing if you can trim it down. In fact, doing things
that make it easier for apps to make use of lots of permissions are to me
counter-productive -- it is a good thing to make lots of permission use a
harder road.
I just had a look through the apps installed on my phone, and the *vast*
majority of them only require a couple permissions. So someone who is using
a large number of permissions is going to stand out from what user's
normally see, as well they should.
From the platform side, we also need to avoid making it easy to have lots
of permissions. We need to be continuing to design the platform to reduce
the permissions that apps need. For example, the window flag to keep the
screen on avoids the need of the power manager permission for most
applications; we should beef up our intent interactions with the contacts
app so applications can work with the user to select and modify applications
through that without using permissions; etc.
Sincerely,
Brad Gies
-----------------------------------------------------------------------
Bistro Bot - Bistro Blurb
http://bgies.com
http://bistroblurb.com
http://ihottonight.com
http://forcethetruth.com
-----------------------------------------------------------------------
Everything in moderation, including abstinence
Never doubt that a small group of thoughtful, committed people can
change the world. Indeed. It is the only thing that ever has - Margaret
Mead
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]<android-developers%2bunsubsĀ[email protected]>
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
Dianne Hackborn
Android framework engineer
[email protected]
Note: please don't send private questions to me, as I don't have time to
provide private support, and so won't reply to such e-mails. All such
questions should be posted on public forums, where I and others can see and
answer them.- Hide quoted text -
- Show quoted text -
--
Sincerely,
Brad Gies
-----------------------------------------------------------------------
Bistro Bot - Bistro Blurb
http://bgies.com
http://bistroblurb.com
http://ihottonight.com
http://forcethetruth.com
-----------------------------------------------------------------------
Everything in moderation, including abstinence
Never doubt that a small group of thoughtful, committed people can
change the world. Indeed. It is the only thing that ever has - Margaret Mead
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
