
Android Devices Vulnerability: Baidu Wrote the Code, but Google Made It Possible - pavornyoh
https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made
======
mtgx
> Android’s Permission System Was Broken…

No, it's still is broken until Google starts _enforcing_ the new permission
model on app developers. Until then it's more of a "wouldn't it be nice if all
those developers enabling 20+ permissions for their apps in the past would
just switch to the new model where the users can block many of them?" kind of
thing.

~~~
vilmosi
This is just wrong, what are you talking about.

Even if an old app asks you for 20+ permissions, you can manually disable
every one of them afterwards, if you want.

