- From: Marcos Caceres <w3c@marcosc.com>
- Date: Wed, 8 Feb 2012 22:25:09 +0000
- To: Adrienne Porter Felt <apf@berkeley.edu>
- Cc: Robin Berjon <robin@berjon.com>, Paul Libbrecht <paul@hoplahup.net>, Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
Hi Adrienne, On Wednesday, 8 February 2012 at 21:56, Adrienne Porter Felt wrote: > > > On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote: > > > Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit : > > > > > Android goes somewhat in this direction with its app-security model... > > > > > > > > > > > > With all due respect, the app-security model on Android is a joke. Everyone just clicks through the permissions grant without even reading what's being requested, because _every_ app asks for a bunch of permission grants up front and won't run until you grant them. Any random game wants permission to do arbitrary internet access (as mentioned earlier on this thread, already a security hole if you happen to be behind a firewall when you run the game), listen to your phone conversations, read your addressbook, etc. Perhaps they do have some sort of rarely-used features that require such access, but the model forces them to ask for all the permissions immediately... and the user is trained to just accept. > > I agree that the current UI is not great. However, I disagree about "everyone" clicking through permission grants. I've done two user studies and found that about ~18% of people look at permissions for a given installation, and about ~60% look occasionally. We found that most have no idea what they really mean -- but that is a separate problem pertaining to the presentation. Also, about 20% of people have in the past avoided apps that they considered "bad" because the permissions alerted them to something that they didn't like. Did you publish this research somewhere? Would be interested to know your sample size and type, response rate, etc. > > > > > > > > No, no app has yet demanded me my addressbook access and some apps add advertisement: and hey, I do not need network. > > > That's the general problem with demanding permissions... I agree it's in infancy. > > > > > > Apps on Android are unlikely to request access to your address book because the Android Intents model makes it so that unless you're installing a contacts manager app, there probably is no reason why any app would have access to that. That said, if it did require access, the odds that a user would notice are close to nil. > > One thing I've found is that developers often don't understand the relationship between Intents and permissions in Android. A common mistake is for an app to ask for the READ_CONTACTS permission even though it's actually using an Intent to access contacts (which doesn't need the permission). Either that, or apps will unnecessarily implement things that are already provided via Intents for no particular reason. I think these issues could be avoided on the Web by first introducing something that can be accessed via WebIntents and only later introducing direct access via "permissions", and also making the documentation very clear. Do you think this might be a consequence of developers copy/pasting permissions? I wonder if anyone has looked into that (might be easy to see overlaps or replication across applications).
Received on Wednesday, 8 February 2012 22:25:46 UTC