On Tue, Sep 28, 2010 at 9:58 AM, Ryan Mattison <[email protected]> wrote:
> Android needs more refined permissions for web services like > geocoding. > > Let's say I'm using the built in GeoCoder functionality. Why must I > specify the permission internet. I don't want users to think I'm > sending their personal information off when all I need to do is > GEOCODE. 1. How would you enforce the restriction that an app having GEOCODE permission could not talk to arbitrary services/hosts on the internet? For starters, consider remote host authentication, service type identification, and tunneling. 2. How would you ensure that a remote service that claimed to be for geocoding really did that and only that with the data sent to it? 3. How many service type-specific permissions would you create? 4. How would you explain all this to users trying to understand the meaning of this and all the other permissions? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
