On Fri, Oct 1, 2010 at 2:59 PM, Dianne Hackborn <[email protected]> wrote:
> On Fri, Oct 1, 2010 at 11:52 AM, Disconnect <[email protected]>wrote: > >> More to the point, "am i on the home screen" or "what is my battery level" >> (both reasonable interpretations of "PHONE_STATE") doesn't translate, to >> most users, into "send my phone number to a third party who's privacy policy >> may not even exist". ( >> http://groups.google.com/group/android-developers/browse_thread/thread/c97c3eb5dcef0519is >> an earlier push about this.) >> > > Absolutely. Improving the permissions the user sees, the granularity > available to apps, etc would all be great improvements. > > Adding check boxes to let the users turn on and off the existing things is > in my opinion *not* an improvement. In fact it is likely a long-term loss > as it helps developers require more permissions and punts in solving the > real problems of permission granularity and display. > > I don't think the two problems are necessarily mutually exclusive. Breaking up some of the more problematic permissions (such as phone-state) and even just describing them better in the warning screen is certainly something that should be done. I don't see how toggles (that - in all honesty - many users won't use or even see) will lead to devs getting more permissions. I would think the opposite, since they'll get more pushback on unnecessary ones. ("I turned off accounts and it still worked fine, so why was it trying to read my google login??") > (And don't bring location into this -- as I have said elsewhere, there are > some thing where it makes a lot of sense for the user to have control, and > location is one of them. Like enabling IMEs and device admins. I would be > happy to see a contribution that adds a UI for the user to control location > access on a per-app basis. It would also be great to extend manage apps to > be able to view apps by things they are doing, such as ordered by last > location access, keeping device awake, etc. This is far different than just > putting check boxes next to every possible permission.) > Strange as it may be, we agree on the location problem. I also don't think checkboxes (on the main security/install screen) is the right answer at all, or that "every possible permission" needs to be togglable. (Although you -could- push the permission count back down by making user's approve each one individually. Devs that have too many will get a lot of push-back from users not willing to click "ok" 30 times.. As fun as it would be it kinda fails the "don't be evil" test.) Again though, I think it is complimentary problems/projects - the permissions would need a manager interface of some sort, and being able to look at a list of apps with SD permissions (for example) and turn some of them off seems natural. > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
