I think its a great idea to be able to force restrict application permissions. By the very nature of the system, application permissions are restricted -- for example, application A has system level permission only for its own data as well as the data that the OS explicitly makes available. This is by unix user permissions -- each application is granted its own unique user id.
Now to just take that one more step, upon an application request for one of those explicitly granted authorizations, the OS should check the permissions table to check if that UID has authorization to access that particular data. This would be on par with the function of POLICYKIT, which is a Linux authorization control system... http://en.wikipedia.org/wiki/PolicyKit On Apr 27, 7:26 am, Mike Baroukh <[email protected]> wrote: > > One of the things I like most about Android are the security > > features. > > There is no real security. > I bet I can add any permission I want on an apk and 90% users while > install it without taking care. > > I think it would have been more clever to be able to disable permission > when installing or even later. > For example, If an application need internet acces and I don't know why, > I disable only internet access for it. > If later I think there no security issue, I can re-enable this feature. > > It would even be nice nice to be able to, eventually, allow permission > when the application need it, for once or for the whole session. > > finally, the choice should be to the user. > actually, it's the application that choose it wants some rights and it's > android that said "nope, I won't allow you to turn on/off gps". > but finally, the user have no choice ... > > Mike > > madcoder a écrit : > > > Actually, I HIGHLY disagree. User security should be of utmost > > importance. I don't mind clicking 'GPS' in useful switchers, then > > having it open a dialog where I click one more time to prevent apps > > from 'secretly' logging my position. > > > One of the things I like most about Android are the security > > features. Install an app that wants my location? Nope. It wants > > access to my contacts? Heaven forbid! > > > I can understand your point about not liking the extra step required, > > but I feel it's well-worth the security implications. A possible > > compromise might be allowing the user to specify automatic access if > > they don't care about security. > > > Thanks to all the Google engineers for this fix. > > > On Apr 24, 2:16 am, schwiz <[email protected]> wrote: > > >> Just read the android developers blog post stating that in the new > >> firmware programs wont be able to toggle things like GPS on and off, > >> and now developrs only choice will be to open the settings dialog box > >> so the user can manually change the setting. Does anyone else think > >> this will be extremely annoying to the end user? Apps like power > >> manager, that you open for a quick and easy interface too turn these > >> things on and off are no longer going to work? It won't be able to > >> change settings depending on if your phone is plugged in or not? This > >> has got to be the lamest thing I have ever heard. Someone else has to > >> agree with me? > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
