[android-developers] Re: How can I find unneeded permission?
You're right Dianne; I misspoke. But it does require someone with a big enough itch to scratch; either directly (someone supporting a large pool of apps) or indirectly (someone with incentive to improve the development tool- chain). I just meant Google as an example of the latter, but any motivated tool hacker could do it. I wish I could step in and say I'll do it since I'm being so noisy about the need. But, unfortunately, neither my immediate need nor my spare time are great enough to justify it. David On Jul 14, 3:29 am, Dianne Hackborn hack...@android.com wrote: On Tue, Jul 13, 2010 at 11:54 AM, deg d...@degel.com wrote: But, I do hope that some toolmeister inside Google sees this thread and picks up the gauntlet someday. You don't need Google to do such things. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: How can I find unneeded permission?
Actually, I can imagine two very common cases: 1) Code or even functionality is changed in an application, possibly in some minor way. The developer does not realize that he has removed the last SDK call using a permission. The permission lingers on in the manifest. It doesn't do much harm, but add minor bloat and maybe scares aways some users. 2) A developer adds a new feature, and does not realize that a permission is needed. Best case, he catches this immediately when testing, but still wastes time and annoyance on an extra compile/ deploy/test cycle. It seems that it would not be too hard to annotate the SDK and and a static permissions check to the build cycle. I can imagine pathological cases, but this should catch 99% of the problems. David On Jul 12, 9:39 pm, TreKing treking...@gmail.com wrote: On Sat, Jul 10, 2010 at 2:26 PM, deg d...@degel.com wrote: (I know that I can remove all permissions and then repeatedly test each code path, reinstating each missing permission that causes the app to malfunction. But, surely, there is a better way!) Actually, I really doubt it. You'd need some tool to evaluate your code, see what SDK functions you are using, and validate that you have the associated permissions, if any. I'm not aware of any such tool nor any reason to make one, save for rare instances like this. --- -- TreKing - Chicago transit tracking app for Android-powered deviceshttp://sites.google.com/site/rezmobileapps/treking -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: How can I find unneeded permission?
On Tue, Jul 13, 2010 at 9:00 AM, deg d...@degel.com wrote: Actually, I can imagine two very common cases: 1) Code or even functionality is changed in an application, possibly in some minor way. The developer does not realize that he has removed the last SDK call using a permission. The permission lingers on in the manifest. It doesn't do much harm, but add minor bloat and maybe scares aways some users. I wouldn't call this common since if you're removing permissions you're likely removing features / functionality which relied on said permission, which is not very likely. 2) A developer adds a new feature, and does not realize that a permission is needed. Best case, he catches this immediately when testing, but still wastes time and annoyance on an extra compile/ deploy/test cycle. You answered your own question. If you're adding a new feature, I would hope you're testing it. Odds are you don't just do one compile / deploy test cycle for any feature you add, so one more to catch a permission you forgot to add, like any other programming error you catch while debugging, is negligible. You'd run into a permission required exception almost immediately while testing and you fix it right then and there. It seems that it would not be too hard to annotate the SDK and and a static permissions check to the build cycle. I really don't think the time it would take to make this happen is worth it versus how much time it would actually save. You seem to think it is, so you are welcome to grab the source code and modify it to make this happen. Good luck. - TreKing - Chicago transit tracking app for Android-powered devices http://sites.google.com/site/rezmobileapps/treking -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: How can I find unneeded permission?
Unfortunately, I'm not going to do this anytime soon; the tradeoff is clearly not worth it within the domain of just my company and our apps. Nor am I likely to persuade you that it's worthwhile; nor you to persuade me. The arguments over static analysis tools are religious and, even after thirty-five years, people are still arguing the pros and cons of lint, in the C world. So, really no more to say on this thread. But, I do hope that some toolmeister inside Google sees this thread and picks up the gauntlet someday. David On Jul 13, 8:45 pm, TreKing treking...@gmail.com wrote: On Tue, Jul 13, 2010 at 9:00 AM, deg d...@degel.com wrote: Actually, I can imagine two very common cases: 1) Code or even functionality is changed in an application, possibly in some minor way. The developer does not realize that he has removed the last SDK call using a permission. The permission lingers on in the manifest. It doesn't do much harm, but add minor bloat and maybe scares aways some users. I wouldn't call this common since if you're removing permissions you're likely removing features / functionality which relied on said permission, which is not very likely. 2) A developer adds a new feature, and does not realize that a permission is needed. Best case, he catches this immediately when testing, but still wastes time and annoyance on an extra compile/ deploy/test cycle. You answered your own question. If you're adding a new feature, I would hope you're testing it. Odds are you don't just do one compile / deploy test cycle for any feature you add, so one more to catch a permission you forgot to add, like any other programming error you catch while debugging, is negligible. You'd run into a permission required exception almost immediately while testing and you fix it right then and there. It seems that it would not be too hard to annotate the SDK and and a static permissions check to the build cycle. I really don't think the time it would take to make this happen is worth it versus how much time it would actually save. You seem to think it is, so you are welcome to grab the source code and modify it to make this happen. Good luck. --- -- TreKing - Chicago transit tracking app for Android-powered deviceshttp://sites.google.com/site/rezmobileapps/treking -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: How can I find unneeded permission?
On Tue, Jul 13, 2010 at 11:54 AM, deg d...@degel.com wrote: But, I do hope that some toolmeister inside Google sees this thread and picks up the gauntlet someday. You don't need Google to do such things. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
