Hacker News new | comments | ask | show | jobs | submit login

Think of how many apps you've installed which request permission to a whole laundry list of phone functions.

"Oh, it's reasonable that this app wants access to my text messages, that way when it sends me a confirmation code it can automatically read it."

"Oh, it's reasonable that this app wants access to my mic, maybe it will implement voice chat in a coming update."

"Oh, it's reasonable that this app wants access to my call history and whatnot, that way it can mute itself or pause itself when I get a phone call."

... oh, I guess it's reasonable that if I text, or talk with my phone nearby, about walnuts I'll start seeing targeted ads for walnuts.

If you publish an app you get a lot of negative feedback if you ask for permissions like those without clearly explaining why you need them.

It's getting better, too: Android's new permission model is more granular, like iOS's.

Which is still silly, because a malicious app will just come up with an innocuous reason why they need them.

Oh, and one of the most invasive, the "Phone state", which includes unique IDs and called/calling numbers, is required by nearly everyone under the guise of "Needed to pause when phone call comes in". Which is either completely moronic (what, Android couldn't have a "getIsUserInCall" function) or just shows how busted it is.

It can help against infoleaks caused by third party advertising packages that app makers include.

It's the same on the web, most web sites aren't exactly malicious, they're just (maybe willingly) oblivious about what badness is in their ads.

But yep I garee it's all pretty busted.

Really? There's no way I would install any of those theoretical apps. Hell, I probably wouldn't install any app that requires mic permissions period.

That's the problem though. It's not about you. It's about the average user who doesn't understand all the implications of actions he/she is asked to take or permissions he/she is asked to give to a third party.

It's not about "us" the HN readers. It's about everyone else, and that's what's scary.

Just because I'm a really good driver doesn't mean I won't get into a car crash.

One feature i really like about cyanogenmod is the ability to revoke most privacy related permissions or deploy a dialog when accessed, asking for permission on a case by case basis.

I think it should have been that way from the beginning forcing app developers to handle cases where some permissions aren't granted. It makes for much better visibility when some data is used and to some degree for what.

The next version of Android ("M") does this.

From what I have read so far the new Android M permissions system is still lacking a lot compared to CyanogenMod's Privacy Guard implementation.

Granular permissions shuts down random app developers, but it does nothing to stop the big league: the carriers, Google, and NSA.

One massive concern is the 'secret' second operating system that every phone carries on the baseband modem: http://www.extremetech.com/computing/170874-the-secret-secon...

It's okay, your friends and those you converse with already have.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact