On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote: > Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit : >>> Android goes somewhat in this direction with its app-security model... >> >> With all due respect, the app-security model on Android is a joke. Everyone >> just clicks through the permissions grant without even reading what's being >> requested, because _every_ app asks for a bunch of permission grants up >> front and won't run until you grant them. Any random game wants permission >> to do arbitrary internet access (as mentioned earlier on this thread, >> already a security hole if you happen to be behind a firewall when you run >> the game), listen to your phone conversations, read your addressbook, etc. >> Perhaps they do have some sort of rarely-used features that require such >> access, but the model forces them to ask for all the permissions >> immediately... and the user is trained to just accept. > > No, no app has yet demanded me my addressbook access and some apps add > advertisement: and hey, I do not need network. > That's the general problem with demanding permissions... I agree it's in > infancy.
Apps on Android are unlikely to request access to your address book because the Android Intents model makes it so that unless you're installing a contacts manager app, there probably is no reason why any app would have access to that. That said, if it did require access, the odds that a user would notice are close to nil. > However this is for an APP download, where you expect some level of trust > (basically the essence of an app store's objective?). I would hesitate to be all too trustworthy. There are plenty of examples of bad stuff getting past the gates. I think we're much better off with a security model that doesn't require you to trust a third party because it's an obvious point of failure. -- Robin Berjon - http://berjon.com/ - @robinberjon
