I agree with all the problems already raised regarding this article. IMHO, it's just scaremongering - and the "research" is from a "mobile security" vendor, so it's self-interested scaremongering at that.
Nonetheless, the Android permission system could use some tweaking. It's essentially unchanged since the platform launched, and I'd say that there's some real-world experience to base improvements on now. For example: - Finer-grained permissions. I have an app which checks for a high- speed data connection before downloading big images (this is a practice recommended by Google, btw). But in order to do so, it needs the state of the cellular system. Which requires the READ_PHONE_STATE permission. Which is presented to the user as "Phone calls: read phone state and identity". Now, my app does NOT read phone identity, but there's no way for the user to know this. - A built-in way to explain why our app wants each permission. I do so in an FAQ on my app's website, but most user's don't go to that effort, and there's no way for them to know it's there unless they go looking for it. - Support for optional permissions, and the ability for users to turn off individual permissions if they so choose. IOW, if your app COULD use a given permission, but can also function without it, it'd be nice if the user could choose to deny just that permission to that app. If you agree that the above items would improve Android, the following open issues could use your support: http://code.google.com/p/android/issues/detail?id=5392 http://code.google.com/p/android/issues/detail?id=6266 http://code.google.com/p/android/issues/detail?id=6600 String On Jun 24, 6:00 am, Chris - Diddo Team <[email protected]> wrote: > Readinghttp://www.pcworld.com/article/199621/20_percent_of_android_apps_can_... > I can't help but feel cheated. > > Undoubtedly the report used permissions to determine the 'security' of > apps: the more dangerous permissions requested = more risk. > > Of course this makes sense, but the report is missing several key > points: > > 1) Android Installer presents these permissions to the user. When > installing iPhone apps, no listing of capabilities are shown. So > users are informed. > > 2) Just having the permissions doesn't mean the app can access the > data (ie the app can only get GPS data if gps is turned on by the > user) > > 3) Most apps allow these features to be turned off (ie location can > be disabled) > > 4) Many times the internet permission is used only for ads, so the > full danger of sharing/distributing this private data is blown > overboard. > > What do you think? -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
