W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: Installing web apps

From: Adrienne Porter Felt <apf@berkeley.edu>
Date: Wed, 8 Feb 2012 13:56:48 -0800
Message-ID: <CA+yvPmfMRmp6W_CYQQkvOQRomZX-hHfCeX0ex_JRuFQpFkP3fQ@mail.gmail.com>
To: Robin Berjon <robin@berjon.com>
Cc: Paul Libbrecht <paul@hoplahup.net>, Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
> On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote:
> > Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit :
> >>> Android goes somewhat in this direction with its app-security model...
> >>
> >> With all due respect, the app-security model on Android is a joke.
> Everyone just clicks through the permissions grant without even reading
> what's being requested, because _every_ app asks for a bunch of permission
> grants up front and won't run until you grant them.  Any random game wants
> permission to do arbitrary internet access (as mentioned earlier on this
> thread, already a security hole if you happen to be behind a firewall when
> you run the game), listen to your phone conversations, read your
> addressbook, etc.  Perhaps they do have some sort of rarely-used features
> that require such access, but the model forces them to ask for all the
> permissions immediately... and the user is trained to just accept.

I agree that the current UI is not great.  However, I disagree about
"everyone" clicking through permission grants.  I've done two user studies
and found that about ~18% of people look at permissions for a given
installation, and about ~60% look occasionally.  We found that most have no
idea what they really mean -- but that is a separate problem pertaining to
the presentation.  Also, about 20% of people have in the past avoided apps
that they considered "bad" because the permissions alerted them to
something that they didn't like.

> >
> > No, no app has yet demanded me my addressbook access and some apps add
> advertisement: and hey, I do not need network.
> > That's the general problem with demanding permissions... I agree it's in
> infancy.
> Apps on Android are unlikely to request access to your address book
> because the Android Intents model makes it so that unless you're installing
> a contacts manager app, there probably is no reason why any app would have
> access to that. That said, if it did require access, the odds that a user
> would notice are close to nil.

One thing I've found is that developers often don't understand the
relationship between Intents and permissions in Android.  A common mistake
is for an app to ask for the READ_CONTACTS permission even though it's
actually using an Intent to access contacts (which doesn't need the
permission).  Either that, or apps will unnecessarily implement things that
are already provided via Intents for no particular reason.  I think these
issues could be avoided on the Web by first introducing something that can
be accessed via WebIntents and only later introducing direct access via
"permissions", and also making the documentation very clear.
Received on Wednesday, 8 February 2012 21:57:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:38 UTC