On Sun, Aug 29, 2010 at 6:25 AM, Jonas Petersson <[email protected]>wrote:
> On 08/29/2010 03:05 PM, Mark Murphy wrote: > >> [ Problems with permissions using Evernote as an example ] >> >> What I'd like to see is: >> >> 4. Evernote makes READ_CONTACTS optional. Users see that READ_CONTACTS >> is optional, and those who are concerned about it can go toggle it >> off. Evernote adds an if() statement somewhere in its code to detect >> whether the optional permission was granted and uses that to determine >> whether to enable/disable the button/menu choice/whatever that >> requires READ_CONTACTS. >> > Hallelujah! I couldn't have said it better myself - in fact, I did say it > quite some time age: > http://code.google.com/p/android/issues/detail?id=6266 This comes up fairly regularly, and I am very opposed to it. I honestly see this as resulting in a worse situation for normal users. If such a facility is available, developers then have an excuse for not being careful with their permissions -- "hey if the user doesn't like it, they can turn them off." So what this likely ends up doing is putting the responsibility on the user to make the developer's app reasonable. I only see this as ended up a crummy situation for all of the non-geek users. (The geeky users of course love it because they can fiddle with every app they install to tweak it to be just how they want the permissions. Bully for them, and that would be fine, but if it harms the experience for everyone else it's not a desirable approach.) I can't spend much more time on this discussion, but it comes down to this: security is hard, designing apps that are secure is hard, but it is worth the effort. Generally I see these requests as boiling down as a way to avoid the hard issues. From the start when we were designing Android we wanted to deal with security head-on without falling on the easy way out. Ultimately this makes the platform much stronger. And I should note that when I say security is hard, it is hard for the platform just as well. We spend a tremendous amount of time with every framework feature we design to make it as secure as possible while still providing a good UI. And of course there is ongoing work to be done: providing more mechanisms for apps to do specific things without permissions, continual work to keep the number of permissions as small as possible, etc. No easy ways out. It's worth it. :) -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
