A group of us at Berkeley put together some information that you might find helpful:
- *Frequency stats. * We crawled ~188,000 Android apps (a little over half the Market) to see how often different permissions are requested. - *User opinions.* We ran a MTurk study asking users how upset they would be if an application performed a negative action relating to a certain type of functionality. For example: "How would you feel if an application shared your photos publicly, without asking you first?" is the question pertaining to the risk of a potential "View photo library" capability. We got 3,196 valid responses from a wide variety of people; each person saw 12 of 100 questions so each stat represents about 380 answers. The "User Opinion" column shows the number of people who says they would be "very upset" if a given risk occurred. For many permissions/capabilities, we asked multiple questions about different risks; the spreadsheet I'm sharing shows users' responses for the "riskiest" of the questions. - *Proposal.* Some suggestions about how the capabilities/permissions could be represented to users. Our primary focus is on avoiding standard runtime dialogs and installation warnings. Instead, we think that most things can be handled with notifications, providing ways to "undo" actions (e.g., a long press on your wallpaper lets you set it back to the old wallpaper to undo an application changing your wallpaper), trusted buttons, or various other types of customized UI. I'm a big fan of Lucas's current approach (examining each WebAPI individually and think about specifically how that capability/functionality can be represented to users). https://docs.google.com/spreadsheet/ccc?key=0ArbnZjGhO358dF9WenZMWmVVUENOcWtVM2ZHdjBKQ0E _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security