Hi Adrienne,
On Wednesday, 8 February 2012 at 21:56, Adrienne Porter Felt wrote: > > > On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote: > > > Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit : > > > > > Android goes somewhat in this direction with its app-security model... > > > > > > > > > > > > With all due respect, the app-security model on Android is a joke. > > > > Everyone just clicks through the permissions grant without even reading > > > > what's being requested, because _every_ app asks for a bunch of > > > > permission grants up front and won't run until you grant them. Any > > > > random game wants permission to do arbitrary internet access (as > > > > mentioned earlier on this thread, already a security hole if you happen > > > > to be behind a firewall when you run the game), listen to your phone > > > > conversations, read your addressbook, etc. Perhaps they do have some > > > > sort of rarely-used features that require such access, but the model > > > > forces them to ask for all the permissions immediately... and the user > > > > is trained to just accept. > > I agree that the current UI is not great. However, I disagree about > "everyone" clicking through permission grants. I've done two user studies and > found that about ~18% of people look at permissions for a given installation, > and about ~60% look occasionally. We found that most have no idea what they > really mean -- but that is a separate problem pertaining to the presentation. > Also, about 20% of people have in the past avoided apps that they considered > "bad" because the permissions alerted them to something that they didn't like. Did you publish this research somewhere? Would be interested to know your sample size and type, response rate, etc. > > > > > > > > No, no app has yet demanded me my addressbook access and some apps add > > > advertisement: and hey, I do not need network. > > > That's the general problem with demanding permissions... I agree it's in > > > infancy. > > > > > > Apps on Android are unlikely to request access to your address book because > > the Android Intents model makes it so that unless you're installing a > > contacts manager app, there probably is no reason why any app would have > > access to that. That said, if it did require access, the odds that a user > > would notice are close to nil. > > One thing I've found is that developers often don't understand the > relationship between Intents and permissions in Android. A common mistake is > for an app to ask for the READ_CONTACTS permission even though it's actually > using an Intent to access contacts (which doesn't need the permission). > Either that, or apps will unnecessarily implement things that are already > provided via Intents for no particular reason. I think these issues could be > avoided on the Web by first introducing something that can be accessed via > WebIntents and only later introducing direct access via "permissions", and > also making the documentation very clear. Do you think this might be a consequence of developers copy/pasting permissions? I wonder if anyone has looked into that (might be easy to see overlaps or replication across applications).
