That has come up over and over and over.. The conceptual problem is, even in those systems that do offer veto (eg facebook) it requires an initial "blanket accept" and then a later reduction. Most of the benefit (spam, info gathering, whatever) on a bad app happens immediately, and going back later to reduce or remove permissions has minimal impact.
The direct problem is that google (most frequently hackbod) has come out and said, clearly and repeatedly, that they will not implement it, will not participate in the creation of a proposal/spec, will not accept patches (even on a new api rev) etc.. At the end of the day, lofty security goals aside, google wants to protect advertising revenue and doing that means giving advertisers access. (Personally, I think the vast majority of users won't bother turning off permissions, and for those apps that require it, the devs can use the a API to say "enable advertising permissions or buy the pro version" or further reduce functionality..) On Wed, Jan 26, 2011 at 12:23 PM, Chris Stratton <[email protected]> wrote: > Indeed. Giving users a line-item veto of 3rd party application > permissions is mandatory in today's world. > > On Jan 25, 2:18 pm, Chris Palmer <[email protected]> wrote: > > http://zachholman.com/2011/01/oauth_will_murder_your_children/ > > > > The same problem applies to Android. And, I have come around to > > thinking, so does the solution. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
