On 08/29/2010 09:27 PM, Dianne Hackborn wrote:
On Sun, Aug 29, 2010 at 6:25 AM, Jonas Petersson <jonas.peters...@xms.se
<mailto:jonas.peters...@xms.se>> wrote:
On 08/29/2010 03:05 PM, Mark Murphy wrote:
[ Problems with permissions using Evernote as an example ]
http://code.google.com/p/android/issues/detail?id=6266
This comes up fairly regularly, and I am very opposed to it. I honestly
see this as resulting in a worse situation for normal users. If such a
facility is available, developers then have an excuse for not being
careful with their permissions -- "hey if the user doesn't like it, they
can turn them off." So what this likely ends up doing is putting the
responsibility on the user to make the developer's app reasonable. I
only see this as ended up a crummy situation for all of the non-geek
users. (The geeky users of course love it because they can fiddle with
every app they install to tweak it to be just how they want the
permissions. Bully for them, and that would be fine, but if it harms
the experience for everyone else it's not a desirable approach.)
I'd like to think of this in a similar way to the App2SD feature - it
certainly isn't trivial and it has drawbacks, but the benefits are there
to use for those who want it. Similar to App2SD flags it would be ideal
to also be able to disable some features by default and only let
advanced users turn them on. For a developer with limited resources
(aren't we all?) a single application with such options is a LOT easier
to maintain than to pollute the Market with several variations of the
same app.
I can't spend much more time on this discussion, but it comes down to
this: security is hard, designing apps that are secure is hard, but it
is worth the effort. Generally I see these requests as boiling down as
a way to avoid the hard issues. From the start when we were designing
Android we wanted to deal with security head-on without falling on the
easy way out. Ultimately this makes the platform much stronger.
Sorry to drag on, but my primary point is not security being hard (which
indeed is very much true), but trying to satisfy many different use
cases with limited resources and a minimum of Market pollution. I'd
happily put a single APK on the Market and somehow make it possible for
the user to select from what appears to be 3+ different versions of my
app before even electing to download.
Specifically, my "Inventory" application *CAN* be used with ALL
permissions turned off - it would be marginally better than using a
piece of paper IMHO, but if all you are after is keeping track of WHEN a
particular barcode was scanned certain users (probably few) would still
be satisfied. As it currently uses 4 different (and fairly orthagonal)
permissions, I might put 10+ versions of it on Market - that's not going
to happen...
Best / Jonas
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
