I think that the concern that Sam has is that there can be an application that tells the user that it will do (x) with their location information and actually does (n). I don't think we want something analogous to UAC in Windows Vista but a way to determine when an application has broken trust.
Maybe there can be a flag that tells Android to log all api calls (eg, strace) so that someone can take the log and verify that it does what it says it does. Maybe we can write some analysis code that can help assert that an application does what it says it is going to do. Like some malware reverse engineering tools that are out there. I personally don't want to see something like UAC inserted anywhere in Android. More importantly I don't want it on by default. However maybe a middle ground is to enable the end user to say that they don't trust an application any more. Then ask the user if they want to allow this application to communicate with the internet. Just some thoughts. ~Tony On Tue, Dec 2, 2008 at 3:28 PM, Brett Hoerner <[EMAIL PROTECTED]>wrote: > > On Fri, Nov 28, 2008 at 8:16 PM, Sam Hiatt <[EMAIL PROTECTED]> wrote: > > A reasonable security model would allow the user to grant or deny > > access to positional information to specific apps. > > I don't have a G1, but isn't this already possible and enforced? > Applications have to state what special functionality they want to use > in the Manifest: > http://code.google.com/android/reference/android/Manifest.permission.html > > I thought when users installed an app that intended to access the > internet or their location, it asked them if they wanted to grant > permission? > > > Additionally, the user should know if the app > > tagging the photo also tries to post its location to a web server. > > I could be wrong, but that seems rather difficult or impossible. So > you fetch the location and get back an object... then you pull out the > lat / lon as basic numbers, how do you track those in memory? How do > you keep this information tagged so that Android automagically knows > to throw a red flag when that random set of bytes is sent over the > network? > > I don't think you can get more granular than "do I trust this app I'm > installing with my location?". > > Brett >
