Linked by Thom Holwerda on Tue 10th Jun 2014 19:52 UTC

This system worked fairly well. If an app changed its permission needs, you’d be notified, and could choose whether to accept the update. With the most recent Play Store update, however, users are not told about certain permission changes if they don’t result in the addition of permissions to a new group. Given the sheer breadth of permissions a group now covers, this effectively leaves Android with only 13 permissions. An application can quietly update itself in future, to grant itself access to further permissions within a group, with the user left none the wiser.

Once an app is granted an individual permission within a group, that application has the ability to add any other permissions from the group in a future update, without users being notified of the change.

Oh Google.

Optimist view: Google I/O will bring changes to the permission system wherein the above makes sense. Pessimist view: Google is monumentally stupid.

I'm not an optimist.

Permalink for comment 590517
To read all comments associated with this story, please click here.
RE[4]: It really doesn't matter
by fabrica64 on Wed 11th Jun 2014 11:22 UTC in reply to "RE[3]: It really doesn't matter"
Member since:

If a user clicks yes to every dialog in the Play Store, they will also click yes to every dialog that pops up during use.

So no, it is not.

If a user is presented with a long list of permissions to accept it's more likely to say yes than when asked specific questions like "Do you want to give access to Facebook App to your SMS?"

And, even if a user has said yes to everything, in iOS is simple to disable access to something. In Androind I don't even know if it is possible without the use of additional apps

I think implementation is important for security, and that's what has prevented widespread cryptography on the web, no simple implementation

Edited 2014-06-11 11:24 UTC

Reply Parent Score: 2