On Sat, Aug 28, 2010 at 7:12 AM, Zsolt Vasvari <[email protected]> wrote:
> Let me try this from an end-user perspective. Obviously, the whole > permission feature was designed by a developer and, IMO, it's not a > very good system in a usuability sense. > Oh my, I so very disagree with this. The current design is *very* much designed for end users. In particular, it is designed for *most* users. Not geeks, like you and me and the others on this thread. In the vast majority of cases when people are unhappy with the way things work, the requests being made are coming from geeks for them to do more geeky things. This thread is no exception. And this is very much an anti-goal. > As an end user, I only care one and ONLY one permission: INTERNET. I > only look for that one permission and the rest is just noise and might > as well not even be shown. Why? Because I know as long as the app > has no way of getting my personal info off my phone, I am good, as far > as I am concerned, the app can read all my passwords and credit card > info it wants, if it cannot do much with it anyhow. > Sorry but you are wrong. When my wife got her Droid and started installing apps, she quickly came to me asking about a game she was installing that said it would read her contact data. She knew what that meant, and wasn't happy about it, and decided not to install the app. In addition, there are so very many good reasons for an app to have access to the internet, that basing all decision on that is ridiculous. So you aren't going to install multi-player games, or an app that lets you post to twitter, or countless other things, or need to have strong faith in any such app because you have no idea what stuff about you it will have access to? We aren't going there. > What I would like to see is the Internet permission broken up into: > > - Full unrestrictued internet access: This is fine for a replacement > browser, but if anything else requests it, I probably wouldn't install > that app. > - Local network access only (for printing or network management apps.) > What does local network access on a cell phone even mean? And how many normal users are even going to really understand what this means? > - An spelt out protocol/domain list that the app declares it wants to > have access to and nothing else be allowed. This should be the most > appropriate for the majority of the apps. > I will claim again that this is another example of designing for geeks. That said... I would like to be able to have a way to enforce that apps can only get to domains they declare they need. In fact, we looked at doing it. You know what? This is hard. It is hard to enforce in the platform (think about domains vs. IP addresses and how the kernel is going to figure out that a particular socket is valid for the app). It is hard to make meaningful (think of the tricks you can make with safe looking domains that redirect elsewhere). It is hard to present to *normal* users in a meaningful way that they can make a good decision about. Of course if you figure out a good implementation of this, I'd be happy to review the patch. My focus right now is on simplifying permissions, giving apps other ways to do things that are safe without requiring permissions, etc. Making things more complex for users is not desired. -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
