Hey all, Any chance of adding a time domain parameter to location and network access permissions ( this should/will be done at the application level but it feels like if it were built into system level calender or 'event acceptance' dialog the phone would feel more secure...)?
Anyway, reputation can work or some third party vetting like UL... But customer comfort with (and acceptance of) location based services may be better if location/reporting permissions could be viewed and controlled through a calender interface provided by the system. Applications that provide this function will have to be trusted. It's early. On Tue, Dec 2, 2008 at 11:00 PM, jonathan horvat <[EMAIL PROTECTED]>wrote: > There aren't enough security updates in the world to replace user > responsibility and competence...but I see your point. > > On Dec 2, 2008 9:46 PM, "Dianne Hackborn" <[EMAIL PROTECTED]> wrote: > > On Tue, Dec 2, 2008 at 7:23 PM, Teeohenwhy <[EMAIL PROTECTED]> wrote: > > > > I think that the concern that Sam has is that there can be an > application that tells the user th... > > Currently an application can say it will access your location, and/or it > will access the network, and these two permissions are completely enforced > so that if they are not requested (and verified with the user) then they > will not be allowed. Unless I am missing something here, we then do already > only let the application do what it says to the user it will. > > What then is being asked for, it sounds like, is some finer-grained > permission like "will access your location and the network but not send that > information over the network." I doubt there is any way to actually provide > such a guarantee for that particular one, so it's probably not worth > discussing. > > Maybe one can come up with requirements that are actually feasible to > implement -- such as only access your location while the screen is on. If > you have ideas for such things, feel free to think about how to implement > them and we'd welcome a good patch to add them. I am a little skeptical > about being able to do too much here that actually meets the needs of a > significant number of applications and is simple enough to present to users, > but I also certainly wouldn't say that the existing set of permissions is > perfect as-is; I am sure there are improvements that can be made. > > -- > Dianne Hackborn > Android framework engineer > [EMAIL PROTECTED] > > Note: please don't send private questions to me, as I don't have time to > provide private support. All such questions should be posted on public > forums, where I and others can see and answer them. > >
