Not to contradict, but... There must ABSOLUTELY BE a way to deny permission requests.
Just because an application ASKS for permissions doesn't mean that they should be granted. This is a question of *trust* and *security*. When you don't know the author of an application, you don't necessarily want it to be able to do things like (access internet *AND* read contact info).... That combination could allow to the application author to steal your contact information... dangerous. Note: this should NOT be a matter of asking for the permission at the time it is needed, it should be a complete restriction of the permission, i.e., go into a permissions management interface, select the particular program, have a list of requested permissions with check boxes allowing you to deny said permissions. If an application crashes due to denied permissions, so be it. Applications should therefore be updated to not crash when permissions are denied. I do this with mine, you'll get a gentle "We're sorry, but this feature doesn't work without XX permission". Right now the only way to do this is to hack the application's manifest prior to install time or edit the /data/system/packages.xml file after install (requires a reboot to take effect since it is loaded in memory -- anybody know a trick to make it refresh this?). Seems pretty simple to me to write an app to edit the packages.xml file.... however, from my understanding, the packages.xml file is a representation of the "current state" of the package manager and is used only at boot-time to re-establish the current state of the package manager... which means that if you change the packages.xml file, then install an application (or do anything that will result in the current state of the package manager changing), the change to packages.xml will be removed due to overwrite, so the very next thing you do after modifying packages.xml is reboot. What we need to be able to do is modify the current state of the package manager and therefore have IT rewrite the packages.xml wrt the modified current state... or just have it refresh its current state based on the packages.xml file on demand, however, this is an ugly approach that could lead to race condition. A note regarding the idea of optional vs mandatory permissions... if you are implementing an optional permission, you could offer a permissions control interface within YOUR APP for itself.... i.e. it would still request the permission, but if within your app you have a checkbox to disable said feature, then that has the same effect as an optional permission. There is really no way to enforce optional vs mandatory permissions on a system level since a nefarious program will request mandatory permissions for its nefarious purposes, which means that on a system/security level, it really has to be a question of all- or-none. On Sep 17, 4:16 am, gjs <[email protected]> wrote: > -1 > > j2me on various platforms has something like this sort of behaviour > when apps are not signed with costly certificates, sometimes endlessly > asking for permission to use the camera, use the network, read and > write to the file system etc etc. It's pain for users to manage and > configure and significant overhead (cost and more coding) for > developers. I think optional permissions would diminish the overall > experience. If you change your mind about some granted permission just > uninstall the app, you can always reinstall it again later. With > Android, as a developer, you generally only request a use permission > if it is actually required and used by the app. A a user you can > always challenge the developer about the use of any permission and > perhaps request alternate versions of the app or use someone else > equivalent app which does not require the permissions you aren't keen > on granting > > Regards > > On Sep 17, 1:51 pm, CB <[email protected]> wrote: > > > I think that it would be a great feature for android to include the > > ability for a user to disable/enable various optional app > > permissions. For example, if my app uses coarse location, but it is > > only used in an optional manner (extra feature), the user could > > disable it. > > > Obviously the app would have to check if the permission had been > > disabled, and the app should be able to specify which permissions it > > requests are optional (and can be disabled) and those that are > > required to function. > > > These permissions hopefully could be disabled at install, or anytime > > (under the settings?)... > > > Just an idea... > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
