Linked by Thom Holwerda on Tue 10th Jun 2014 19:52 UTC

This system worked fairly well. If an app changed its permission needs, you’d be notified, and could choose whether to accept the update. With the most recent Play Store update, however, users are not told about certain permission changes if they don’t result in the addition of permissions to a new group. Given the sheer breadth of permissions a group now covers, this effectively leaves Android with only 13 permissions. An application can quietly update itself in future, to grant itself access to further permissions within a group, with the user left none the wiser.

Once an app is granted an individual permission within a group, that application has the ability to add any other permissions from the group in a future update, without users being notified of the change.

Oh Google.

Optimist view: Google I/O will bring changes to the permission system wherein the above makes sense. Pessimist view: Google is monumentally stupid.

I'm not an optimist.

Permalink for comment 590515
To read all comments associated with this story, please click here.
RE[2]: It really doesn't matter
by fabrica64 on Wed 11th Jun 2014 10:32 UTC in reply to "RE: It really doesn't matter"
Member since:

They really don't.

Most of apps require more than it's needed

As do users of other platforms. It's a human problem.

It is, but implementation do matter. Windows UAC was a terrible solution while iOS "privacy" settings is much more effective and, by result, much more secure.

Reply Parent Score: 2