One thing I wish is that there was more granularity to some of the permissions.
I put together a streaming music player for a community radio station, and published it on the market. I want to be able to detect when the phone rings so I can kill the music. In order to do this, I need to request permission to "Read phone state and identity."
Once I've requested this permission, I can gather all this other data:
I can request their IMEI/IMSI, their phone and voicemail numbers, the name of the cell network they're registered on, and the cell site they're talking to. This is too much! At the very least, the "read identity data about your phone service" should be separated from "find out if the phone ringing is or a call is in progress."
There are a large number of apps that request this particular permission. For example, why do Facebook, Amazon Kindle, Yahoo Fantasy Football, and OpenTable need access to this feature? These are all large brands that would suffer some hefty damage if they were found to be surreptitiously pulling user info, so I'm assuming they have a legitimate need for that permission that doesn't involve sniffing data. I want to know more clearly what business they have poking at the telephony manager.
The permissions are grouped under such broad categories to give the user a decent chance of understanding what they mean and getting through the permission dialog in a reasonable amount of time. The permission structure needs to strike a balance between granularity and usability.
It's certainly not ideal but I doubt that users are even paying attention to the permission dialog as it is.
A fun experiment would be to publish an innocuous free app that requests every single permission for no apparent reason. I wonder what percentage of users would actually decline to run it.
Allowing the app to affect the permission UI in any way will probably just end up as a vector for social attacks. You will see a lot of reasons like "You MUST click the Yes button below to complete the installation of ThingyWoo" or "DO YOU WANT FREE HOT SEXY BLAH BLAH? CLICK YES NOW!!!"
You only get a limited amount of space for description in the market, around 300 characters, which really doesn't allow for this and other useful information.
I think they should have separated permissions that could compromise privacy / security from less important permissions, and grouped them by potential impact. Also the user should me able to say "um, no I won't allow you to read the phone state". As it is, the apps are in control, not the user. It is extremely difficult to effectively change the range of permissions now, with such a large body of existing apps.
I don't think it would be extremely difficult; just phase in additional permissions with better granularity. Additionally, add an "ask me every time" permission that pauses the application and displays a confirmation dialog for each request, allowing the user to always accept or reject future requests made by that particular line of code.
I put together a streaming music player for a community radio station, and published it on the market. I want to be able to detect when the phone rings so I can kill the music. In order to do this, I need to request permission to "Read phone state and identity."
Once I've requested this permission, I can gather all this other data:
http://developer.android.com/reference/android/telephony/Tel...
I can request their IMEI/IMSI, their phone and voicemail numbers, the name of the cell network they're registered on, and the cell site they're talking to. This is too much! At the very least, the "read identity data about your phone service" should be separated from "find out if the phone ringing is or a call is in progress."
There are a large number of apps that request this particular permission. For example, why do Facebook, Amazon Kindle, Yahoo Fantasy Football, and OpenTable need access to this feature? These are all large brands that would suffer some hefty damage if they were found to be surreptitiously pulling user info, so I'm assuming they have a legitimate need for that permission that doesn't involve sniffing data. I want to know more clearly what business they have poking at the telephony manager.