On Wed, Jan 26, 2011 at 12:28 PM, Chris Stratton <[email protected]> wrote: > On Jan 26, 12:30 pm, Jean-Baptiste Queru <[email protected]> wrote: >> Any such mechanism must include the ability for a developer to say >> that a permission their app is requesting is mandatory and can't be >> disabled. > > No. The device belongs to the user, not to the developer. > > Denial of internet access need not necessarily be presented to the > application any differently than unavailability of internet access or > connectivity to the desired host. >
Making all permissions optional (for the user) doesn't solve the problem, it just moves the arms race one step further. The app will attempt to acquire GPS coordinates, connect to the internet, etc. to test out its permissions and then say "Sorry, grant me my privileges if you want to use me," which doesn't get us anywhere. _Allowing_ for optional permissions does make sense. For instance Ringdroid (when I last checked) asked for internet privileges to allow an optional data collection feature to work. Unfortunately, the Ringdroid developers had no way of stating "this is an optional permission if the user wants to grant it" -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
