On Thu, Jun 20, 2013 at 10:14 PM, Ivan Padarev <ivanpfitn...@gmail.com> wrote: > Hi I would like to contact android developers, and ask them : > 1.Why an app in order to run will want so much access to so many things, > that are not part of it function????
Because permissions map to gates on the API, so if you use one method guarded by that permission, you need the permission. > 2. Why there is only one accept for all the permissions???? must be > separate for different things and anyway going back to the first > question????? Because separating them would require a redesign of the API that would require dynamic security checks on the app's side, and automatically doing this within the API is non trivial. As an example, what happens if your app uses the internet but you don't want to give it access to the internet? Do you just throw exceptions at those times? Then the app will probably crash.. > 3. Why all the apps must work on background if I don't use them all the > time, but once a week or so and use my RAM without any reason.????? > I want a rule that an app must not work on the background unless permitted > strictly by the user and even to work only when I use them and when I close > the app to stop working at all. I want to have enough free RAM for the > things I use. Also some apps work secretly on background even if they are > marked as "don't work on background" I need someone to fix this. This is incorrect: you are misunderstanding how Android works. The app isn't "running" in the background. It's not typically doing any work. It's just sitting there. The way Android's scheduler works is based on a queue of apps which --- when filled --- get "kicked out" of memory. So you're being overly paranoid about the apps "using your free RAM." If the RAM were low, Android would kick those apps out of memory and free up more RAM, but Android is fundamentally designed to stuff memory full. These aren't "bugs" per se, although (the first two in particular) are definitely design points that could have been changed, the third is more of a misconception about how Android differs from a desktop. By the way, if apps work "secretly" in the background, how do you know they do? The only true way to be in the background and run code is either to: - Start a foreground service, which means you see an icon while that happens. - Start an AlarmManager, which is annoying and shouldn't be done if your app doesn't need it. To make a security policy which says something like "don't work while in the background" you first need to define three things: - What is work, - What is the background, - What is the scheduling policy (when are apps "in the background"?), is it temporally defined, or something else? Kris -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
