- From: Adrienne Porter Felt <apf@berkeley.edu>
- Date: Wed, 8 Feb 2012 13:56:48 -0800
- To: Robin Berjon <robin@berjon.com>
- Cc: Paul Libbrecht <paul@hoplahup.net>, Boris Zbarsky <bzbarsky@mit.edu>, public-webapps@w3.org
- Message-ID: <CA+yvPmfMRmp6W_CYQQkvOQRomZX-hHfCeX0ex_JRuFQpFkP3fQ@mail.gmail.com>
> On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote: > > Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit : > >>> Android goes somewhat in this direction with its app-security model... > >> > >> With all due respect, the app-security model on Android is a joke. > Everyone just clicks through the permissions grant without even reading > what's being requested, because _every_ app asks for a bunch of permission > grants up front and won't run until you grant them. Any random game wants > permission to do arbitrary internet access (as mentioned earlier on this > thread, already a security hole if you happen to be behind a firewall when > you run the game), listen to your phone conversations, read your > addressbook, etc. Perhaps they do have some sort of rarely-used features > that require such access, but the model forces them to ask for all the > permissions immediately... and the user is trained to just accept. > I agree that the current UI is not great. However, I disagree about "everyone" clicking through permission grants. I've done two user studies and found that about ~18% of people look at permissions for a given installation, and about ~60% look occasionally. We found that most have no idea what they really mean -- but that is a separate problem pertaining to the presentation. Also, about 20% of people have in the past avoided apps that they considered "bad" because the permissions alerted them to something that they didn't like. > > > > No, no app has yet demanded me my addressbook access and some apps add > advertisement: and hey, I do not need network. > > That's the general problem with demanding permissions... I agree it's in > infancy. > > Apps on Android are unlikely to request access to your address book > because the Android Intents model makes it so that unless you're installing > a contacts manager app, there probably is no reason why any app would have > access to that. That said, if it did require access, the odds that a user > would notice are close to nil. One thing I've found is that developers often don't understand the relationship between Intents and permissions in Android. A common mistake is for an app to ask for the READ_CONTACTS permission even though it's actually using an Intent to access contacts (which doesn't need the permission). Either that, or apps will unnecessarily implement things that are already provided via Intents for no particular reason. I think these issues could be avoided on the Web by first introducing something that can be accessed via WebIntents and only later introducing direct access via "permissions", and also making the documentation very clear.
Received on Wednesday, 8 February 2012 21:57:39 UTC