
A solution to all apps having all permissions on Android - willvarfar
http://williamedwardscoder.tumblr.com/post/13316924653/better-permissions-in-android
======
sumukh1
It's an interesting solution but the problems as you mentioned are pretty
significant.

It's like Apple banning third party analytics and advertising and forcing devs
to use iAds for security reasons.That would not sit well with developers.

What if programs grab screenshots, and then upload them. There are many
different security issues in mobile, and creative solutions that require the
least effort will win out. The way Android prompts me for permissions is
annoying (too many prompts/permissions needed to use the app). iOS isn't much
better either.

~~~
SomeCallMeTim
Really? Android prompts once for permissions, per app, and that's it.

iOS does a per-capability request of the user, at run-time.

To some degree I like that; sometimes an app needs a permission (say, reading
the crash log) in 1% or less of runs. It would be nice to be able to
dynamically request a permission.

If every ad network could push their own (signed!) ad-serving app, then it
wouldn't be TOO bad. The system is in place on Android to ask for another app
to handle a service, after all, so it's just the "auto-install dependencies"
feature that's missing. And that feature is needed by some existing apps
already as well.

I also grab an announcement message when my games start, though, so I can push
out announcements when appropriate. And soon I'm likely to be downloading new
levels in my games. So I wouldn't be able to get rid of INTERNET permission.

The PROBLEM, of course, is that now you've got users downloading an AD app, so
if it wasn't explicit before that it's the ad provider that's tracking your
position, your contacts, etc., then now it is.

This would give a huge advantage to the dominant ad providers, and raise
barrier-of-entry to newer providers, because if a provider is already
installed on 85% of phones, then it's lower-friction to install the app that
uses that provider.

~~~
sumukh1
> Android prompts once for permissions, per app, and that's it.

That's the problem I have with it, I should have been clearer. If I have an
app that I install, and on launch prompts me to give it access to 4 different
things, the only thing I can do is close the app. I can't selectively enable
it.

What could be interesting is Google/Apple being brokers of ads from different
networks. (Not in their best intrest to do that, so it won't happen). Perhaps
a verification system to verify the code as a certified ad framework that
doesn't track you.

~~~
SomeCallMeTim
What I was trying to say is that it asks you prior to install, not on first
run, though I guess that's not really important.

I heard recently that AdMob was going to be serving ads from competing ad
networks, to increase its fill rate; it certainly can be in their best
interests if they take a cut, right? :)

------
X-Istence
This is an interesting proposition, and I like the idea of being able to get
data to be displayed but not give the application access to that data, but I
can also see examples where that would cause everything to look out of place.

What if the app doing the replacement uses one font with a certain font size,
and the app itself uses another font with a certain font size, it will look
out of place. This could make for a jarring user experience.

~~~
willvarfar
Android uis are made from widgets with standardised look and feel.

The app developer would have a good idea what it would look like.

Our framework at uiq had rather more theming etc than android, but still we
were happy with the outcome

------
tomjen3
The problem with Android is that the permissions are too coarse (want to store
a couple hundred megabytes? You need access to the entire card) and there is
no way to select which permits the app gets.

------
scotty79
On semirelated note:

I don't want to grant app access to my actual camera or actual location but
I'd like to install it and feed it with fake data and see how it behaves.

Same with facebook apps and their permissions.

While installing an app where you are presented with permissions required by
the app you should have ability to fake some of them and install the app.

