On Thu, Jul 12, 2012 at 2:11 PM, niko001 <ebs...@gmail.com> wrote: > I think that locking out developers from using APIs (and yes, I know that > it wasn't part of the SDK) for security purposes is an entirely wrong > approach. >
I will respectfully disagree with such a blanket statement. :) If you are just going to say that this is a wrong approach, then why don't we allow apps to do anything they want? Well we don't, because placing restrictions on apps is very important for the quality of the overall user experience and app ecosystem. When we first did Android, we thought that the read logs permission was something that was okay to have on the side of allowing apps to use. Years of painful experience has shown this was wrong. > There are lots of legitimate reasons for reading the system logs at > runtime. I could live with a solution as described by Dianne (granting > access on a per-app basis through the system settings UI), but this should > have been implemented at the same time as the lockdown of the "old" > permission. Just because some developers forget to remove logs containing > sensitive information, everyone else shouldn't be punished for their > mistake. > As I said, the issue is far more than just some apps forgetting to not print sensitive information. It ultimately is a pretty intractable problem to give apps access to the stuff that ends up in the log without opening all kinds of paths for abuse. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
