Kevin, Have you seen CyanogenMod's permission revocation feature? This topic has been discussed, implemented, rejected, and implemented again. I'm a little surprised that you didn't find this given your effort in writing this message.
http://www.androidpolice.com/2011/05/22/cyanogenmod-adds-support-for-revoking-and-faking-app-permissions/ It'd be nice to see some support for this in AOSP, but that's a serious change in the permission model. Dave On Tuesday, July 24, 2012 10:50:47 AM UTC-7, Kevin wrote: > > If Android implemented a PERMISSION Firewall, it can better allow the > user to control what happens on their mobile device. This would be > similar to how a user can manage their browser settings for individual > websites. If I only want a specific amount of website to be-able to > set cookies, I can do that. I can also control which websites can use > plugins, and even JavaScript. Android needs a similar system for it's > PERMISSION system. > > All the time, I see apps requesting permissions which quiet obviously > I'm spectacle about providing them. Most of the time, I just don't > install the app, due to the permissions being requested are a little > too much for my tastes. > > In the settings on Android, the user can whitelist and black list > permissions for specific apps. Think of how NoScript works, you can > choose to block all, be prompted, or unblock everything. > > Rather than an app crashing when requesting a permission which has > been blacklisted, it should respond back with the appropriate error > message. For an Internet black list for example, it would merely > respond back to the app, saying that there was no network connection > available. The app can then handle this error message like normal. > This will ensure backwards compatibility with old apps. If it's the > first time an app is requesting network access, and if the settings > are set to prompt, then a subtle box will appear asking the user if > they wish to "Allow", "Allow once", or "Block" the attempted > permission. > > I would prefer a rich interface, or at least advanced options for > advanced users. Such as if an app if requesting GPS, what should the > app be provided if I block the request. Examples could include a > random location in my current country(as some apps use GPS for > regional locking or settings). If an app is to send out texts or call > a number, having an "Allow once" button would make it much easier to > understand what the heck the app is using these features for, and if > it should just be blocked entirely. > > If XDA developed such a system into their custom ROMs, I would forever > move over to a 3rd party ROM from XDA and forget about official google > ROMs, as this is a needed security feature in Android or any mobile > device for that matter. This device stores our personal information > for crying out loud, and the way security is handled in Android is > absolutely archaic and needs to change NOW! > > Please Google, or even some third party ROM developer, release some > sort of android patch to make this a reality. If for some odd chance, > a cell phone manufacturer implemented this and left out the rest of > Android, then I will be forever loyal to you, as this is a handset > selling feature. I am sure other consumers will agree that this is > currently a must-have android security feature. If Android is going > to survive against the other mobile OSes out there, it needs to clean > up it's security big time, or consumers may flock over to iOS or even > worse, Windows Phone. Although security issues haven't stopped > Microsoft's flagship OS from selling, so who knows, maybe consumers > don't really care about this security mumbo jumbo, and only us geeks > and privacy advocates do. > > I also give permissions to any Android blog out there to publish an > article about such a system being implemented in Android. However, > please reference this googlegroups.com post and give credit were due. > I'm not entirely sure if this type of security was previously thought > about by someone else, if it was, then why hasn't it been implemented > yet?!?! > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/cHoH232dtHsJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
