Hacker News new | past | comments | ask | show | jobs | submit login

The author is complaining that "manage your mail" apparently means "We'll copy all your contacts and mail history of all times into our database". The permission dialog only tells you what Google will allow the requesting app to do, not what that app will do with that.

I can't imagine a scenario that would make a "What the app will do with this permission" signal useful against malicious actors, which is the only scenario that matters. In this case, Fleep did exactly what it said it was going to do two dialogs ago anyway (I didn't take the time to copy that down when I tested the flow, but it's something equivalent to "We'll get your recent email correspondence"); the user either didn't understand what was being asked or didn't bother to read every word in the dialog box.

There's only so much defending against users not bothering to read or understand protocols that you can do before you encroach on actual usability. Chrome has already gone as far as to deny access to websites when end-to-end security cannot be guaranteed unless you happen to know the secret pattern of typing "b a d i d e a" at the blocking screen with no UI interaction to indicate anything is happening. This author expressed surprise that it's possible to grant access to their Gmail contents at all, to which the response is "Of course it's possible! That's a really useful capability for extending Gmail beyond the base set of functionality Google enables."

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact