I appreciate your feedback. At this time I don't think we don't have time to schedule work for such a feature in the short-term roadmap, but we'd welcome patch contributions.
On Thu, Dec 4, 2008 at 5:18 PM, Sam Hiatt <[EMAIL PROTECTED]> wrote: > > Thanks Dianne for your response. That's great to hear that there is > ongoing work to allow energy resource management! That will be a big > improvement. > > You're right that adding functionality to enable/disable GPS for > specific apps isn't necessarily a security discussion ( and I should > probably post those suggestions on Android-discuss, along with similar > ideas related to enhanced user control over system resources / > permissions). However, how the Android platform manages application > access to the location API is definitely a security issue. > > The existing solution, pretty much a blanket wavier notifying the user > of specific permissions on app install, while a nice foundation for a > secure application framework, it is not enough! The all-or-nothing / > now-or-never approach is completely insufficient. Imagine if > Mozilla's security policy was: "users should rely on website > reputation to ensure safety against XSS attacks. If they are unsure > about the site's credentials then they should disable javascript > before continuing." Wouldn't that be ridiculous? > > Jonathan wrote: > >There aren't enough security updates in the world to replace user > >responsibility and competence...but I see your point. > > That's true, you can't replace user responsibility and competence, but > you can't rely on it either! Moreover, the platform should at least > _allow_ a user to be competent and responsible, for example by giving > them enough control to monitor and control access. The Android > platform should actively strive to protect user privacy and assure > users that it isn't doing anything unexpected with the GPS > capabilities. It should be clear when / which apps are polling GPS. > > I'm really quite surprised that there isn't more discussion around > this topic of managing locational privacy. Frankly, it really ticks > me off when people suggest just turning off GPS to temporarily disable > location services. Not only is it pathetic that that is the only > current solution, but I'm not looking for a workaround. I am > interested in discussion working toward a practical solution to this > shortcoming. If we want more people to adopt Android and all the > awesome future LBS apps then we should make sure to provide a system > that mitigates these concerns. > > I honestly wish that I had the time and familiarity with the source to > be able to contribute a patch, but, well, I'm not. I'd rather spend > my time contributing patches where I do have experience. However, I > realize that contributing code is not the only way to contribute to an > open source project, and so I am trying to do the next best thing by > offering my feedback and discussing concerns. > > I am aware that Locale is working on a developer platform that allows > Android applications to subscribe to its location services so that > that only 1 app, Locale, needs to poll the GPS. I think this is a > brilliant idea. It could provide the necessary layer of security that > would enable managing which apps can see the location, with what > frequency, and even with what precision. But in my opinion Android > users should not be expected to install a 3rd party app to achieve > this functionality, nor should the apps be required to subscribe to a > 3rd party service. Something like this should be integrated into the > Android platform itself. > > Anyway, I look forward to hear what y'all think. > > Sam > > > > > On Dec 3, 3:34 pm, "Dianne Hackborn" <[EMAIL PROTECTED]> wrote: > > Sure, it would be nice to be able to enable/disable GPS for specific apps > > and see which ones are draining your battery, though I don't think this > is > > really a security discussion. We have some ongoing work to address > knowing > > who is using battery, but nothing planning at this point for per-app GPS > > control. Patches are, of course, welcome. :) > > > > > > > > On Wed, Dec 3, 2008 at 11:19 AM, Sam Hiatt <[EMAIL PROTECTED]> wrote: > > > > > Thanks all for your feedback. > > > > > Just to clarify, yes, I know that the user has to grant specific > > > permissions on application install, but that's not good enough at > > > all! Just saying that at some point the app might need to turn on GPS > > > and/or access the network is a good initial precaution, but my point > > > is that you can't stop there. > > > > > Currently if a user wants to ensure that app X isn't the one > > > incessantly polling GPS (and draining out the battery) then his only > > > choice is to either turn off location services completely, for all > > > apps, or uninstall app X? Really, that's just pathetic. > > > > > I think it is a severe shortcoming that Android won't let me > > > temporarily deny GPS permissions to one app, leaving all other apps > > > unaffected. The user should be able to see all apps that have > > > locations privileges and "uncheck" the ones that he's not currently > > > using. > > > > > Additionally, at any point in time the user should be able to look and > > > see which apps are actively using location services. This could be as > > > simple as making the GPS icon in the notification bar "clickable", so > > > that when the user notices it is on he/she can pull down the > > > notification bar, tap the GPS icon and see which app is using it. This > > > would also be an excellent place to notify the user with a simple icon > > > that the specific app also has network permissions especially if it is > > > actively uploading information. > > > > > Does that make sense? Do you all agree? > > > > > Sam > > > > -- > > Dianne Hackborn > > Android framework engineer > > [EMAIL PROTECTED] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support. All such questions should be posted on public > > forums, where I and others can see and answer them. > -- Dianne Hackborn Android framework engineer [EMAIL PROTECTED] Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them.
