Oh wow, can this be used to just create a separate profile for every app? That way I can run Uber or Line without giving them every permission to everything? This is the biggest reason I do not install apps. Every "famous" app requests so many permissions it's just stupid.
And not to mention the weirdness of some of them, like "WiFi Device Information". What's that mean? Access to my WiFi AP names? No thanks. Or just local multicast? Who knows.
EDIT:an "allow for 10 min" option would resolve this
XPrivacy does have the benefit of making it easy to provide realistic-looking fake data, which I believe the CyanogenMod team is against.
While I'm not exactly certain on how Privacy Guard works (I have yet to examine that code base), if a phone returns  for a list of contacts and the application crashes...
In contrast, Android apps demand all of their permissions up front.
With Android, you grant an app access to everything it asks for, or you aren't allowed to install it. This seems obviously inferior to me.
Android's permission-granting model does leave much to be desired, though.
I value my privacy and the privacy of those I have information about on my device over some "feature" that "could be cool" but will almost certainly be exploited. http://news.yahoo.com/android-malware-only-pretends-turn-185...
Intercepting calls before they go out through the main dialer, and instead using some form of VoIP.
Intercepting an incoming SMS that's used for phone number verification, rather than requiring that the user switch to their SMS app and manually enter a code.
For that matter, replacing the SMS app with something better.
Reasonable app backgrounding support for any purpose you can think of, not just for those that Apple has graciously allowed you to do.
Hell, you couldn't even have custom keyboards on iOS until recently.
Apps can also have access to stuff that iOS never allows: e.g. I have a 3rd-party app that backs up my SMS database to Google Drive every night. It can also do backups to Dropbox and a couple other services. With iOS your one and only cloud backup solution for "system related things" is iCloud, and you can't change that.
None of these things require rooting the device. Yes, all of these things can be abused. But I prefer permissiveness that requires a little vigilance on my part over living in a restricted environment.
I use Android because it let's me have defaults. See? Irrelevant statement.
Everyone has different needs, just drop it.
iOS does not require the user to accept all permissions that an app wishes to use, before installing that app. On iOS, you install an app without giving it permission to much, initially, and then the app, when you start it, starts asking for permissions that it needs, as it needs them. You can deny any permission request, and the app still works.
Eg. you can install the Facebook app, and deny it access to read your contact list.
In Android, about 150.
There is no mapping 1:1. Some things iOS does not allow at all (wifi information, sd card access). Some things iOS allows by default, with no way to deny it (internet access).
The iOS approach would not scale, the user would be burried under confirmation dialogs. And that's just the initial confirmation, there has to be UI, when he changes his mind later.
Those, who claim that iOS approach is superior are showing their ignorance, that they newer thought about the way, how the user would set matrix of this amount of permissions with many apps, without getting lost (hint: many are getting lost just in the current system. Imagine, that they would be able to toggle anything. And imagine, what the developers would say about that).
Then I opened the .apk. It asked me for what has to be every permission available on Android. Why would Amazon need access to me Contacts? It even asked specifically for permission to my microphone! What?
Why cannot the installed apps request the permissions they need individually?
Play gets around this by being bundled as a system app initially. And if you have a rooted device you can potentially promote the amazon store to the same status, and so forgo the "unknown sources" switch.
There's also an issue with "leaky abstractions" on android, where some useful features require extremely invasive permissions.
That said, if you want to create a separate profile for Uber or Line, you can already do so on Android 5.0 and above: https://support.google.com/nexus/answer/2865483?hl=en&ref_to...
I think Facebook Messenger, Line, and the like will still have access to all permissions even if you switch to a different user and install the apps there...
That being said, guest mode is really nice on my nexus 5 so my curious friends on iPhone can log in to their google account on my phone as a guest and test drive android.
Note, I have not looked deeply, so maybe it doesn't work like I said. I would not expect multitasking to be very seamless with this method. Also, I know there are some permissions that have "cross-user" abilities, so maybe there is still a way to accidentally allow an app to access your real data.
For example 2048 game has a lot of permission but being a game I don't allow a single one and it still works flawlessly. I would love to see something like this in android as well. But for now users are at the mercy of app developers.
App Ops: https://play.google.com/store/apps/details?id=droidmate.appo...
Also, if your phone isn't rooted, is it really yours?
And, rooting doesn't help the majority of users. Whereas protection from spying would. But Google, perhaps accidentally, seems intent on making permissions less visible and has no problem with devs requesting every permission. And since so many major apps do this, users have no effective recourse.
MS and Apple got this one so much more right.
Almost every app requests too many permissions. Almost every app starts a background process to receive notifications. which are very bad.
Notifications are globally handled by the OS over a single dedicated optimized connection. And then dispatched to the individual applications.
Comes a security concern or conflict, someone's probably going to want access to the whole thing.
If you want me to do "your work" on a phone -- particularly as an employee as opposed to as an independent contractor utilizing their own resources as defined in the contract -- then give me a phone. A hassle, but on the other hand some protection, in exchange for a few additional ounces (phone weight) of prevention, as it were.
Just like I don't want to use my own computer to host their work/data. Nope. When the relationship ends, I turn in their equipment and there is no question as to whether all relevant data has been expunged. They have the entire device.
Just like you give me a work computer to do work related tasks on, the same should go for mobile devices.
My employer used to be rather liberal but recently started clamping down on security. They wanted us communicating in the company chat on our phones so we installed the chat app. But now with the security clamp down they want to set security requirements on anything that accesses potentially sensitive information, meaning they want to dictate the security policy used on our personal devices. I told them to go stuff it, if its a choice between no work stuff on my phone and letting them set the policy on my devices, I'll go without access to work stuff. I'm not going to play that game with you, yes I'm willing to be That Guy that takes a stand on this.
The real irony is that my security policy at home is more strict than the one at work, but they conflict somewhat and I'm not willing to reduce my home security to accommodate them.
I'm issued a mobile phone by my employer. Today I don't have any option to "carve out" a niche for my personal activity on my phone. AFAIK they can know anything and everything. Google Play for Work sounds like it would help out here.
Of course, I've worked in security in other companies where employees had their work email and data on their personal devices, and in the event of a security incident we were not allowed to touch their personal devices even though there was work data on it. So it goes both ways.
Does your advice apply when you're only using, say Exchange, as your only entry point (e.g. on iOS devices?) - in this case, all discovery can be done server-side.
I find it hard pressed to think this issue hasn't been covered more rigorously.
Better to be able to hand the device over and say, "Have at it."
Also, if there is some breach of security and a question about whether you facilitated it, through activity or through negligence, better to be able to say/demonstrate to the other party: "It's the organization's device, and the organization's / the organization's IT department's responsibility to maintain it."
Yes, if it's not part of a routine process.
Sudden change of policy in conjunction with other shady events, harder time.
"Google Play for Work allows businesses to securely deploy and manage apps across all users running Android for Work, simplifying the process of distributing apps to employees and ensuring that IT approves every deployed app"
Leaving aside exactly how it's done, the end goal is the same: If I am Example Inc's CTO, I can now have my staff develop Example Inc Android apps that are neither sold on Play store nor side-loaded.
Apple requires running your own App Store server, I'm fairly certain Google will probably make it more cloud centric.
Glad they're finally stepping up on this front.
What Google does is different: the company IT can decide which apps are allowed and they can automate installation, e.g. company xy wants to install Salesforce, Trello, and 5 other apps on company devices in addition to the OS apps.
It could have been called "Google Package Manager for Work."
It makes totally sense. Google Play is a package manager like apt-get, npm, etc. and Play is a nice name which covers many uses case since it's a playful synonym for "start" or "to start something": "start a game", "start a program", "start an app" or "start work"
The term 'package manager' would be to long and is not learned among the mainstream but again it's exactly this, check Wikipedia:
"A package manager or package management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing software packages for a computer's operating system in a consistent manner. It typically maintains a database of software dependencies and version information to prevent software mismatches and missing prerequisites."
Now they had to name an app store for work why not name it "play $anything"?, doesn't matter.
A smiling furry with a turtle neck representing a project named latex.
Even the icon is a stylized version of the mark found on the appropriate button.
Didn't many accountants sneak their private AppleII into the office to run Visicalc rather than having to deal with the mainframe and its admins?
I like my phone, it works for me, but the sheer disconnectedness of it all is really jarring. Things show up in random places, or not at all, (especially media), and there is no "data connectivity" from anywhere to anywhere else, the same text message appears in my GVoice app, my Gmail app, and as a text message in Messaging.
How do you even begin to make a coherent business tool out of that?
The "official" way to deal with this is to go to the Google Voice site and turn of emailing yourself every text. Then install the Hangouts app and enable SMS through Hangouts. Then disable notifications in the Google Voice and Messaging apps.
Result: On phone Hangouts handles texts + voicemail + Google chat, and on desktop GMail (or the Hangouts extension for Chrome) handles them.
At least, that's my understanding of what Google's intended best practice is.
GV integration is not the most seamless perfect experience ever (for example, incoming IP calls go straight to voicemail when I'm on corporate WiFi) but I'm fairly pleased with it.
I can imagine the average business manager type reading that line and thinking "Wha?!"
Right, on a device with a closed source baseband. On a platform where the vendor has shown to install new apps without getting active consent from the user (Google Play Games, Hangouts, Google Now, Play Kiosk) to name a few.
They switched to it because some apps for android "lied" to our exchange server and said that mail was encrypted locally while it was not, passwords would not even be necessary (I think that was solved in Android >4). The Vodafone app caused many people to just stop syncing work related accounts: Not worth the trouble.
A proper window tiler would be even better.
Also the interface needs slim UI controls and slim window decorations, basically a "pro mode" theme-switcher for larger screens and mouse/keyboard users.
I don't understand why organizations still want implement an IT paradigm which has done nothing but fail at its primary goal but has held back innovation and made workers miserable.
Personally, i'd rather have the option for google to not read some of my mail.
Seems that Google is full on the "Extinguish" phase with Android.
edit: amazing that I'm being downvoted for stating facts yet nobody replies to me.
It's a platform feature, so it's open source, but there's always a delay between the announcement and the time the code hits the public repositories. It'll be there before too much longer.
It does not work that way. "Many eyes make all bugs shallow" failed to replicate. (I understand this fate is even more common for anecdata than it is for formal studies.)
My guess would be that you were being downvoted for spreading FUD and/or trolling.
Google even stopped open-sourcing new versions of Google Authenticator, which you'd think would be a prime candidate for a full-blown open source project. (And hell, it's a crappy app; there are better GAuth-workalikes available.)
Just a step more into their "Extinguish" phase.
If it does, then it will be possible for a third party to read the stored data.
The one thing you can do is to put the key in a separate hardware device, and have the hardware refuse to make the key directly available, but only do encryption or decryption operations under certain circumstances (e.g. it's audited what's running on the device). This is definitely doable with a TPM on a standard PC, and there are in fact open-source libraries that will handle this for you.
Or better yet, if you have full blown root, what's preventing you from just kinda LD_PRELOAD some code for that process and steal the decrypted data before it gets to the legitimate application? Or take a screenshot.
So I think the point is that Google probably will not allow this to be ran on any ROM that's not signed by some key.
On a PC architecture, the TPM is wired up to the CPU and other parts of the system, such that (for so-called "static root of trust") it gets initialized with a hash of the BIOS at bootup. The legitimate BIOS then adds in a hash of the boot sector, which adds in a hash of the kernel, which adds in a hash of anything the kernel thinks is worth verifying. Only if the final value of this TPM register (called a "PCR") matches up will the TPM allow a stored private key to be unlocked ("unsealed") and used.
Alternatively, for so-called "dynamic root of trust", there's a processor instruction that both clears all processor state (interrupts, paging, etc.) and a particular TPM PCR, and loads in a block of code. If the code is different, the key won't unseal. If someone is intercepting that processor instruction, the PCR won't get initialized correctly, and the key still won't unseal.
So it's mostly up to the kernel to verify everything that could possibly be relevant. (If you're thinking this is a hard engineering task, yes, that's one reason why this isn't in wide deployment, despite the technology all existing.) For instance, it might verify an entire read-only root filesystem, and then set things up so that on the work container or VM, nothing else can be installed, no additional executables or libraries or LD_PRELOADs get loaded, debuggers don't work, etc. In the personal-use container/VM, it can still run a normal OS.
edit: replaced paywalled wsj link
Seriously why hasn't someone made a smart phone that "transforms" into a larger screen form factor when connected to a monitor? I could see Android phones doing this. I could never imagine iOS doing it-- Apple would never cannibalize Mac like that, and iOS is too jailed for anything "real."
Of course apps would have to support it. But those that didn't could pop up in little windows in "desktop mode." That would be fine.
Google should dump ChromeOS -- which I never understood -- and do this instead.
Also, ChromeOS is a functional replacement for Windows + Office: ChromeOS + Google Docs. It comes on hardware (ChromeBooks or ChromeBoxes) which are very cheap but capable, because ChromeOS is very lightweight. These devices are on par, cost wise, with a Windows Terminal - and require even less IT dept. effort to maintain.
It also appears that Synergy allows you to control an Android phone using your PC mouse and keyboard (requires rooting).
http://synergyandroid.sourceforge.net/ (looks like it's in early development)
So, with a Chromecast and Synergy, it may be possible to use a spare screen and your existing keyboard/mouse setup, keeping all your personal email and browsing off your work machine. And you'd only have to plug in USB for power.
It has been done repeatedly. Motorola and Ubuntu come to mind. Both were failures.
I don't want my phone to turn into a desktop. Desktops are all about muscle, massive storage, gigabit connections, etc. Phones are about saving battery life.
Technology has improved significantly in the 3 - 4 years since Motorola made theirs, and Ubuntu's failed as a crowdsourcing campaign. Nothing has been proven.
Samsung, Google, Apple, or Nokisoft (MS+Nokia) could do it.
Maybe in another 5 years, it'll only be a mobile CPU because the power consumption is ramped so far down. Then you could plug in a big cable and get enough power to run full speed, plus your gigabit connection, massive drives, multiple monitors, mouse, keyboard, etc. Heat might be a tougher one to solve though.
Or maybe we'll stick to syncing the data over the cloud instead and keeping the two platforms separate.
I have an Android device with a 12" screen. Android isn't just on phones.
ChromeOS is doing fine in the laptop/netbook form factor. Trying to unify the touch and pointing-device worlds is what made Microsoft late to the party.
It has been possible to install real Linux distros on Android for a while (X and all), with no root required. So you can install and run Android Studio if you so wish. It probably will be slow, but it can be done - today.