On Tue, Dec 2, 2008 at 7:23 PM, Teeohenwhy <[EMAIL PROTECTED]> wrote:
> I think that the concern that Sam has is that there can be an application > that tells the user that it will do (x) with their location information and > actually does (n). I don't think we want something analogous to UAC in > Windows Vista but a way to determine when an application has broken trust. Currently an application can say it will access your location, and/or it will access the network, and these two permissions are completely enforced so that if they are not requested (and verified with the user) then they will not be allowed. Unless I am missing something here, we then do already only let the application do what it says to the user it will. What then is being asked for, it sounds like, is some finer-grained permission like "will access your location and the network but not send that information over the network." I doubt there is any way to actually provide such a guarantee for that particular one, so it's probably not worth discussing. Maybe one can come up with requirements that are actually feasible to implement -- such as only access your location while the screen is on. If you have ideas for such things, feel free to think about how to implement them and we'd welcome a good patch to add them. I am a little skeptical about being able to do too much here that actually meets the needs of a significant number of applications and is simple enough to present to users, but I also certainly wouldn't say that the existing set of permissions is perfect as-is; I am sure there are improvements that can be made. -- Dianne Hackborn Android framework engineer [EMAIL PROTECTED] Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them.
