Linked by Thom Holwerda on Tue 10th Jun 2014 19:52 UTC
Google

This system worked fairly well. If an app changed its permission needs, you’d be notified, and could choose whether to accept the update. With the most recent Play Store update, however, users are not told about certain permission changes if they don’t result in the addition of permissions to a new group. Given the sheer breadth of permissions a group now covers, this effectively leaves Android with only 13 permissions. An application can quietly update itself in future, to grant itself access to further permissions within a group, with the user left none the wiser.

Once an app is granted an individual permission within a group, that application has the ability to add any other permissions from the group in a future update, without users being notified of the change.

Oh Google.

Optimist view: Google I/O will bring changes to the permission system wherein the above makes sense. Pessimist view: Google is monumentally stupid.

I'm not an optimist.

Thread beginning with comment 590515
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: It really doesn't matter
by fabrica64 on Wed 11th Jun 2014 10:32 UTC in reply to "RE: It really doesn't matter"
fabrica64
Member since:
2013-09-19

They really don't.


Most of apps require more than it's needed

As do users of other platforms. It's a human problem.


It is, but implementation do matter. Windows UAC was a terrible solution while iOS "privacy" settings is much more effective and, by result, much more secure.

Reply Parent Score: 2

Thom_Holwerda Member since:
2005-06-29

It is, but implementation do matter. Windows UAC was a terrible solution while iOS "privacy" settings is much more effective and, by result, much more secure.


If a user clicks yes to every dialog in the Play Store, they will also click yes to every dialog that pops up during use.

So no, it is not.

Reply Parent Score: 2

fabrica64 Member since:
2013-09-19

If a user clicks yes to every dialog in the Play Store, they will also click yes to every dialog that pops up during use.

So no, it is not.

If a user is presented with a long list of permissions to accept it's more likely to say yes than when asked specific questions like "Do you want to give access to Facebook App to your SMS?"

And, even if a user has said yes to everything, in iOS is simple to disable access to something. In Androind I don't even know if it is possible without the use of additional apps

I think implementation is important for security, and that's what has prevented widespread cryptography on the web, no simple implementation

Edited 2014-06-11 11:24 UTC

Reply Parent Score: 2