Linked by Thom Holwerda on Mon 13th Feb 2012 23:51 UTC
Privacy, Security, Encryption "A hybrid solution that takes the best parts of iOS's one-by-one acceptance and Android's expressed and obvious intents seems like a proper model here. In fact, Apple has many of the pieces in place elsewhere." This is a big issue. Nor Android's model (just list a bunch of confusing permissions), nor Apple's model (individual modal dialogs for each permission) is particularly workable - I doubt regular users check them on Android before installing an application, and in the case of iOS, Apple didn't think it was necessary to secure the address book, so every application has access to it without alerting users. Justin Williams proposes a hybrid solution.
Order by: Score:
An anecdote
by thesunnyk on Tue 14th Feb 2012 00:39 UTC
thesunnyk
Member since:
2010-05-21

I was using the Woolworths application, and a particular update (accidentally) required ALL the permissions. Some of these were fairly scary sounding -- making phone calls, looking at account data. I also needed to do the update manually, because the permissions had *changed*.

Not only did I notice it, but so did a lot of others. A lot of their reviews went to 1 star with a lot of swearing about the permissions. Woolworths needed to clarify that this was a programming error and everything would be fixed shortly.

So I think a lot of people actually *do* read this stuff on Android.

Reply Score: 4

RE: An anecdote
by dvhh on Tue 14th Feb 2012 02:45 UTC in reply to "An anecdote"
dvhh Member since:
2006-03-20

I agree that scoring usually raise some warning about an application, But apart from that I guess that permission (like Windows UAC dialogs), are skipped like EULA usually are.

Google should weight old version score down to push these kind of adverse scoring for wrong permission.

Reply Score: 4

RE: An anecdote
by OMRebel on Tue 14th Feb 2012 04:35 UTC in reply to "An anecdote"
OMRebel Member since:
2005-11-14

I will also check permissions of any app I install. If the app requires permissions to somethings that I feel are unnecessary, and then I won't install it. Judging by reviews, plenty of others feel the same way.

Reply Score: 3

RE[2]: An anecdote
by WorknMan on Tue 14th Feb 2012 07:18 UTC in reply to "RE: An anecdote"
WorknMan Member since:
2005-11-13

I will also check permissions of any app I install. If the app requires permissions to somethings that I feel are unnecessary, and then I won't install it. Judging by reviews, plenty of others feel the same way.


Me too, especially when an already installed app wants to change permissions... I look that over very carefully. For all I know, their servers may have gotten hacked and somebody pushed out a malicious version of the app.

Reply Score: 3

RE[3]: An anecdote
by sparkyERTW on Tue 14th Feb 2012 14:37 UTC in reply to "RE[2]: An anecdote"
sparkyERTW Member since:
2010-06-09

"I will also check permissions of any app I install. If the app requires permissions to somethings that I feel are unnecessary, and then I won't install it. Judging by reviews, plenty of others feel the same way.


Me too, especially when an already installed app wants to change permissions... I look that over very carefully. For all I know, their servers may have gotten hacked and somebody pushed out a malicious version of the app.
"

I check the permissions of every single app I install on my Transformer, and in some ways it's taken a little bit of the shine off the tablet experience for me. It's astounding how many apps - put out by companies that most would consider "reputable" - have permissions that, really, they shouldn't need.

For example, I haven't upgraded my Netflix app (and I might even just uninstall it) because the updated permissions allow it to read the system logs... why the hell does Netflix need to know what goes on deep in the bowels of my tablet?!

Part of what bugs me is that there's never any justification given whatsoever. Sure, some permissions I can figure out the developers need it for, but there are also plenty of times I'm scratching my head as to why they need something so unrelated or low-level. But there's nowhere I can go to find out where that decision came from (short of contacting the devs, I suppose).

Reply Score: 2

RE[4]: An anecdote
by WorknMan on Tue 14th Feb 2012 20:42 UTC in reply to "RE[3]: An anecdote"
WorknMan Member since:
2005-11-13

Part of what bugs me is that there's never any justification given whatsoever. Sure, some permissions I can figure out the developers need it for, but there are also plenty of times I'm scratching my head as to why they need something so unrelated or low-level. But there's nowhere I can go to find out where that decision came from (short of contacting the devs, I suppose).


I've actually done that before. When I installed the Slacker radio app and saw that it wanted permission to access my contacts, I went to their forums and asked why. I forget what they said, something about sharing a song with friends or some such. But it sounded legit to me, so I went ahead and let it through.

Reply Score: 2

RE[5]: An anecdote
by Soulbender on Wed 15th Feb 2012 06:39 UTC in reply to "RE[4]: An anecdote"
Soulbender Member since:
2005-08-18

The querstion is though, why is this permission *required*? Maybe I dont want to share songs with my friends.
A properly designed application should degrade gracefully to running with less features with less permissions if the feature isn't absolutely necessary.

Reply Score: 3

RE[6]: An anecdote
by WorknMan on Wed 15th Feb 2012 20:00 UTC in reply to "RE[5]: An anecdote"
WorknMan Member since:
2005-11-13

The querstion is though, why is this permission *required*? Maybe I dont want to share songs with my friends.
A properly designed application should degrade gracefully to running with less features with less permissions if the feature isn't absolutely necessary.


There are 3rd party firewall apps that let you deny specific permissions to any app, but I'm not sure there's a way for an application developer to make permissions optional in Android when you install the app. So, this seems like a limitation of the OS.

In addition to making these optional, I'd like to see a small description field by each permission, where the developer can tell you at install time why a specific permission is needed. Of course, they could always lie, but at least they'd have to come up with something that sounded legit.

Reply Score: 2

Irony
by Neolander on Tue 14th Feb 2012 09:49 UTC
Neolander
Member since:
2010-03-08

I think I will just leave this old video here and see what happens...
http://www.youtube.com/watch?v=VuqZ8AqmLPY

Reply Score: 2

RE: Irony
by JAlexoid on Tue 14th Feb 2012 11:16 UTC in reply to "Irony"
JAlexoid Member since:
2009-05-19

The irony there is that that ad only reinforce the blissful ignorance of security by Mac users.

Reply Score: 3

RE[2]: Irony
by Neolander on Tue 14th Feb 2012 13:36 UTC in reply to "RE: Irony"
Neolander Member since:
2010-03-08

To be honest, I'm afraid that only computer geeks take computer security seriously.

A significant part of desktop and laptop users in this world still run a cracked XP as administrator, with automatic updates disabled and IE 6 as their main web browser, and only hardware breakage will possibly make them switch to something else.

Then, on a more "professional" level, we can also think of all these ATMs running NT4 or OS/2, and sticking with the factory-provided PIN code for access to service functions...

Sad truth is, computer security only works on a large scale if you throw it on the newbie's face. The difficult part is to find a way to do so without harming the user experience too much, so that security warnings don't become yet another annoyance that people skim through without reading. UAC-like repetitive Cancel/Allow dialogs are a typical example of failure at this task.

Edited 2012-02-14 13:42 UTC

Reply Score: 2

RE[3]: Irony
by sparkyERTW on Tue 14th Feb 2012 14:27 UTC in reply to "RE[2]: Irony"
sparkyERTW Member since:
2010-06-09

The difficult part is to find a way to do so without harming the user experience too much, so that security warnings don't become yet another annoyance that people skim through without reading. UAC-like repetitive Cancel/Allow dialogs are a typical example of failure at this task.

I agree with you on this point; desensitization to security by things like overactive security prompting is a serious concern. But so is the attitude by many users of alternative platforms such as Mac OS who proclaim that they're perfectly safe because "Macs don't get viruses".

I'm including platforms like Linux and FreeBSD in that statement as well - and I say that as a Linux user. While I do recognize that there is a reduced risk of malware, I always respect that there are perfectly adequate conditions for them to exist. I even treat the age-old advice to "stick with repositories and you're perfectly safe" as a half-truth; those repositories have the potential to be compromised if someone has enough knowledge and determination.

Security by scarcity only works as long as it's felt that the effort expended to create something sinister is more than the potential gain. It's difficult to pinpoint that threshold, and with growing popularity the risk increases every day.

To be honest, I'm afraid that only computer geeks take computer security seriously.

Too true. Too many people simply rely that "Norton will protect me", "Microsoft will protect me", "Apple will protect me", "Google will protect me", etc. And while I understand that nobody can get anything accomplished if they don't at least rely on trusting others, there's a big difference between giving a large corporate entity 100% of your trust or 99% of your trust.

Reply Score: 2

RE[4]: Irony
by Neolander on Tue 14th Feb 2012 15:22 UTC in reply to "RE[3]: Irony"
Neolander Member since:
2010-03-08

Yes, disinformation campaigns of the kind "xxx is based on UNIX, so it is invincible" certainly do more harm than good.

After all, scanf() is historically a function of the standard UNIX library, and most Unices used MD5 for password hashing purposes before its vulnerabilities became widely known. Meanwhile, on the Windows side, Microsoft got some nice stuff out of the door in the Vista days (DEP, ASLR, IE sandboxing...), even though they still have lots of past mistakes to correct, some of which they might not want to deal with (such as the excessive use of Trident all over the most critical UI elements).

In the end, I believe that what makes current desktop *nix boxes more secure is only a combination of small market share and higher user education. Give Macs and Linux boxes a larger market share and less computer-literate users, and I bet that in a few years the platform will be an absolute security nightmare. Centralized repositories like the Mac App Store won't help, because their operation requires trusting so much manpower that they will be an easy target for a determined attacker. At worst, they may even serve as a privileged channel to steal credit card information and create massive botnet networks through fake application updates, due to their overreaching nature.

In my opinion, the secure OS of tomorrow must not rely solely on centralized vetting and will also implement strong security checks at the client level. In addition, OS developers will have to cooperate better with developers to reduce the minimal amount of security permissions which an average application requires, so that it is safe to display no warning to the user when installing an harmless soft (video game, office suite, media player...).

This way, security warnings would have much more impact, striking users as something out of the ordinary and highly suspicious. For knowlegeable users who actually want to install something dangerous (drivers, etc...), said security warnings could also be more informative, clearly stating which permissions are required and what is their effect (kind of like what Android does). This would allow one to quickly check that a given piece of software is not allowed to do more than it's supposed to.

Edited 2012-02-14 15:30 UTC

Reply Score: 2

RE[5]: Irony
by moondevil on Tue 14th Feb 2012 19:27 UTC in reply to "RE[4]: Irony"
moondevil Member since:
2005-07-08

Couldn't agree more.

Security only works when you pay attention to it everyday. Yes it hurts, but only that way you can be sure to be safe.

Fact is, any operating system is insecure if you do not take care of it.

Windows can be made as secure as any Unix, and Unix can be as insecure as Windows is usually made to believe.

There are Linux users running as root because sudo is as annoying as UAC (their words not mine).

Plus if you don't run the applications inside a sandbox like SELinux, AppArmor, Mac OS-X Sandboxes, HP-UX Virtual Partitions, among others, an application can always be owned and destroy/use all the $HOME contents.

Reply Score: 2

RE[2]: Irony
by zima on Mon 20th Feb 2012 21:53 UTC in reply to "RE[2]: Irony"
zima Member since:
2005-07-06

A significant part of desktop and laptop users in this world still run a cracked XP as administrator, with automatic updates disabled and IE 6 as their main web browser

Depending on what we see as "significant"* - not really the case for IE6, not anymore: http://gs.statcounter.com/#browser_version-ww-monthly-200807-201202

*but then, it's also possible that part is somewhat greater than 1.5% - but less visible in web stats, used less intensively online (which OTOH would also mean smaller exposure to attack vectors...)

Reply Score: 2

Usually, not always
by Drunkula on Tue 14th Feb 2012 14:11 UTC
Drunkula
Member since:
2009-09-03

I usually look at the permissions (more often than not). Recently I installed a live wallpaper that had far too many permissions for what it did. It read shortcuts, created shortcuts, looked at contacts, etc. I removed it shortly thereafter and deleted the one shortcut it did create. I then rated it 1 star for requiring too much permission though I did praise the artwork/animation. Hey at least I'll be fair!

Reply Score: 1

Comment by skeezix
by skeezix on Tue 14th Feb 2012 17:18 UTC
skeezix
Member since:
2006-02-06

Too bad the author doesn't allow commenting; I wanted to congratulate him on a good article. I love Android's up-front permissions question, but I think that it'd be really handy to turn permissions on and off as needed -- sometimes I'd really love to use an app but it wants to be a bit more free with my data than I'd like, and why couldn't I just turn off certain features?

I'm dreaming up a web app that may or may not allow third-party plugins, and this would be an ideal permission system to use.

Reply Score: 1