On Fri, Oct 1, 2010 at 12:23 PM, Disconnect <[email protected]> wrote:
> I don't think the two problems are necessarily mutually exclusive. Breaking
> up some of the more problematic permissions (such as phone-state) and even
> just describing them better in the warning screen is certainly something
> that should be done.
>
You are welcome to make a contribution here.
> I don't see how toggles (that - in all honesty - many users won't use or
> even see) will lead to devs getting more permissions. I would think the
> opposite, since they'll get more pushback on unnecessary ones. ("I turned
> off accounts and it still worked fine, so why was it trying to read my
> google login??")
>
I guess we just see things differently. I am will to bet though that you
will see a lot of developers go, "hey I can now add all these permissions,
and if users complain I can just tell them to turn off the ones they don't
want." Which means users now get confronted with more permissions for each
app they install, and are now becoming expected to fine-tooth vet those
permissions themselves.
Anyway, it's not worth continuing this discussion; we have different
opinions on this, and talking about it more clearly isn't going to change
them. I'll let you have the last comment if you want.
> Strange as it may be, we agree on the location problem.
>
Contributions welcome.
> I also don't think checkboxes (on the main security/install screen) is the
> right answer at all, or that "every possible permission" needs to be
> togglable. (Although you -could- push the permission count back down by
> making user's approve each one individually. Devs that have too many will
> get a lot of push-back from users not willing to click "ok" 30 times.. As
> fun as it would be it kinda fails the "don't be evil" test.)
> Again though, I think it is complimentary problems/projects - the
> permissions would need a manager interface of some sort, and being able to
> look at a list of apps with SD permissions (for example) and turn some of
> them off seems natural.
>
So, you have the source code, you can code, go and implement this how you
think it should be done. Get it into cyanogen to see how people use it. We
aren't stopping you from pursuing this and showing us that it works well.
Abstract discussion on this topic has become at this point mostly a waste of
time.
Btw, for some perspective on this, when I was first designing the permission
system, I proposed that we show all of the permissions with check boxes to
control them and possibly even make the user go through and explicitly turn
on the dangerous ones they want. (In fact that was originally the purpose
of "dangerous", to be something the user had to explicitly enable.) After a
lot of thought about UX we decided not to do that, and it is a decision I
very much agree with at this point.
--
Dianne Hackborn
Android framework engineer
[email protected]
Note: please don't send private questions to me, as I don't have time to
provide private support, and so won't reply to such e-mails. All such
questions should be posted on public forums, where I and others can see and
answer them.
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
