If Android implemented a PERMISSION Firewall, it can better allow the user to control what happens on their mobile device. This would be similar to how a user can manage their browser settings for individual websites. If I only want a specific amount of website to be-able to set cookies, I can do that. I can also control which websites can use plugins, and even JavaScript. Android needs a similar system for it's PERMISSION system.
All the time, I see apps requesting permissions which quiet obviously I'm spectacle about providing them. Most of the time, I just don't install the app, due to the permissions being requested are a little too much for my tastes. In the settings on Android, the user can whitelist and black list permissions for specific apps. Think of how NoScript works, you can choose to block all, be prompted, or unblock everything. Rather than an app crashing when requesting a permission which has been blacklisted, it should respond back with the appropriate error message. For an Internet black list for example, it would merely respond back to the app, saying that there was no network connection available. The app can then handle this error message like normal. This will ensure backwards compatibility with old apps. If it's the first time an app is requesting network access, and if the settings are set to prompt, then a subtle box will appear asking the user if they wish to "Allow", "Allow once", or "Block" the attempted permission. I would prefer a rich interface, or at least advanced options for advanced users. Such as if an app if requesting GPS, what should the app be provided if I block the request. Examples could include a random location in my current country(as some apps use GPS for regional locking or settings). If an app is to send out texts or call a number, having an "Allow once" button would make it much easier to understand what the heck the app is using these features for, and if it should just be blocked entirely. If XDA developed such a system into their custom ROMs, I would forever move over to a 3rd party ROM from XDA and forget about official google ROMs, as this is a needed security feature in Android or any mobile device for that matter. This device stores our personal information for crying out loud, and the way security is handled in Android is absolutely archaic and needs to change NOW! Please Google, or even some third party ROM developer, release some sort of android patch to make this a reality. If for some odd chance, a cell phone manufacturer implemented this and left out the rest of Android, then I will be forever loyal to you, as this is a handset selling feature. I am sure other consumers will agree that this is currently a must-have android security feature. If Android is going to survive against the other mobile OSes out there, it needs to clean up it's security big time, or consumers may flock over to iOS or even worse, Windows Phone. Although security issues haven't stopped Microsoft's flagship OS from selling, so who knows, maybe consumers don't really care about this security mumbo jumbo, and only us geeks and privacy advocates do. I also give permissions to any Android blog out there to publish an article about such a system being implemented in Android. However, please reference this googlegroups.com post and give credit were due. I'm not entirely sure if this type of security was previously thought about by someone else, if it was, then why hasn't it been implemented yet?!?! -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
