On Wed, Sep 29, 2010 at 1:56 AM, Neil <[email protected]> wrote:
> Geocoder is one class. I think the original post was suggesting a
> permission to use that class without requiring internet permission.
But permissions don't apply to individual classes.
They can apply to Services, Receivers, and so on. Somebody could
implement a geocoding android.app.Service that provides geocoding
functionality to other apps on the device. That Service would itself
need INTERNET permission. Depending on how you factored it, either it
would also need ACCESS_{FINE,COARSE}_LOCATION or its clients would
need it.
It might help or make sense to protect that geocoding service itself
with a new permission, so that only certain apps on the device could
invoke it. That would be akin to a "geocoding-only" permission. Now,
are we sure we can really enforce the soundness of that contract? Are
we sure we can explain it to people clearly?
You simply can't use certain powers on Android without asking the user
if it's ok. If you can, that's a bug. The original poster said: " I
don't want users to think I'm sending their personal information off
when all I need to do is GEOCODE." Well, the fact is, geocoding
involves sending sensitive information (the user's location) to the
internet. So, yeah, somewhere down the line somebody has to ask
permission from the user.
If you ask for special powers, make sure you use them in ways that
users find compelling.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
