On Thursday, February 23, 2012 8:23:38 AM UTC-5, Mark Murphy (a Commons Guy) wrote: > > > Basically looking for why android is designed for explicit permissions > > declaration.. when it can be automatically discovered at compiler time > > or at run time.. > > While the need for permissions could be determined at runtime, if you > would prompt the user for the permission then, you wind up with a > Vista-style "The CPU would like to execute an instruction: allow? > deny?" UX, which is not pleasant. > Yes, but the downside is that a fixed, install-time request requires that all users of the app grant blanket permission for something which the app may want to do rarely, only if optional feature are enabled, etc. Consider an app which is quite useful for interacting with files on the sdcard, but which a minority of users would like to use with external network content as well, or which could optionally integrate with contacts from the address book, but doesn't have to.
As for the various static analysis comments in the thread, in the denial role its quite weak as self-modifying code will hide possibilities from it. As a granting mechanism in the context of the present "everything not explicitly granted is denied" model, it could work in the sense of being secure in that anything too obscure in its construct would not be granted and would simply result in failure (errors or exceptions which would be caught or cause crashes). But I fail to see how this is superior to declaring what you want. Someone who does think it is superior is welcome to package their static analysis algorithm as a tool which will scan your code base and automatically generate a manifest file... > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
