<br><div class="gmail_quote">On Wed, Jun 30, 2010 at 7:46 PM, Kevin Reid <span dir="ltr"><<a href="mailto:kpreid@switchb.org">kpreid@switchb.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Jun 30, 2010, at 17:29, Dan Bornstein wrote:<br>
<br>
>> (Is there any way to provide partial permissions to and android<br>
>> application?)<br>
><br>
> Nope. This was debated — at length — within the Android team. In the<br>
> end, the consensus was that partial permission grants would lead to<br>
> two bad things: (a) more apps that asked for unnecessary permissions,<br>
> on the theory that, after all, the user could just turn off the ones<br>
> they don't want; and (b) more bugs for app developers whose apps would<br>
> get run with unexpected permission sets, leading to worse end-user<br>
> experience and more trouble for developers.<br>
<br>
</div>I just recently got an Android phone, and I noticed a particular<br>
example of this: I installed Pandora, which requested access to my<br>
contacts. I assume this is for the 'Share' functionality, but I have<br>
no intent of ever using it and would prefer that the app not have this<br>
information.<br></blockquote><div><br></div><div><div>One very useful suggestion made by Shriram Krishnamurthi was for each requested permission to come with a developers (or attackers) free-form explanation of why they needed the permission. In addition, the user feedback would include "app asks for too much permission for what it provides" and the particular permissions that were inexplicable.</div>
</div><div><br></div><div>This has an advantage over the free form feedback Dan mentioned earlier in the thread because its easier to parse for someone looking for this information and can be used more reliably when ranking apps.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
It would be easy to stub out this functionality in a non-fatal way<br>
(pretend the contact list is empty) -- but then you have the complaint<br>
"why isn't share showing anything?"<br></blockquote><div><br></div><div>I agree this works most of the time but mock stubs can sometimes have unexpected consequences. For example, if you grant an contact list syncing app a mock contact list, does it delete all your contacts upstream?</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I would in general rather have the option of trying apps with low<br>
permissions and then possibly giving them more later, but atypical<br>
user blah blah blah.<br></blockquote><div><br></div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<font color="#888888"><br>
--<br>
Kevin Reid <<a href="http://switchb.org/kpreid/" target="_blank">http://switchb.org/kpreid/</a>><br>
</font><div><div></div><div class="h5"><br>
<br>
<br>
<br>
_______________________________________________<br>
cap-talk mailing list<br>
<a href="mailto:cap-talk@mail.eros-os.org">cap-talk@mail.eros-os.org</a><br>
<a href="http://www.eros-os.org/mailman/listinfo/cap-talk" target="_blank">http://www.eros-os.org/mailman/listinfo/cap-talk</a><br>
</div></div></blockquote></div><br>