Recently I added usage of the Android Account APIs to my application.
I'm using the user's google account credentials to perform a read
operation from a specific Google site, and consequently, my app
requires the GET_ACCOUNTS and USE_CREDENTIALS permissions.
Surprisingly, I have NOT had a huge amount of push back from users on
the app requiring these permissions, but there has been some. For the
most part, the questions have been "why do you need this, and what
accounts are you asking to use?". Once I provide an explanation, most
user's are satisfied.
One things that occurs to me is that it would be great if we could be
a bit more fine-grained and explicit in our declaration of
permissions. For example, if I could parameterize the permission
request, something like this:
<uses-permission android:name="android.permission.GET_ACCOUNTS"
param="account=google"/>
<uses-permission android:name="android.permission.USE_CREDENTIALS"
param="site=docs.google.com"/>
and have the effect be that I would only be able to retrieve the
"google" account, and only be able to use credentials from that
account on the site docs.google.com, the permission description for
end users could be much more explicit (and thus "less scary").
Obviously this also assumes that there is a reasonable way to
implement these kinds of restrictions. I realize that's big
assumption, but it certainly would improve the overall Account API
experience, IMO.
Dave
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
