There is some misconception in the way Android handles permissions. Let us look at the case of location permission. A user might think that the application would need to use the location permissions (either ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION) in order to actually get the location. But that’s not true.
If an application asks for the WiFi state (ACCESS_WIFI_STATE ) and for an internet access, it can use the skyhook service (which is available for the Android) in order to retrieve the phone’s location. Skyhook provides very accurate location according to WiFi networks, in many urban areas in the U.S., Europe and Asia. The MAC addresses of the WiFi networks are sent to the Skyhook Web service, and the location information is sent back to the application. It is very easy to see how can a user be misled by this situation. The problem here, I think, lies in two different aspects of the Android security framework. From the OS point of view, security is access to resources. Users may have a different view, which boils down to the question is something undesirable had happened. The fact that Android apps are very transparent security wise, might raise false expectations. A little more about it in: I guess that there are many ways to resolve this issue, ranging from technology to usability. Any ideas? Eran. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
