Re: Installing web apps

>
> > I agree that the current UI is not great. However, I disagree about
> "everyone" clicking through permission grants. I've done two user studies
> and found that about ~18% of people look at permissions for a given
> installation, and about ~60% look occasionally. We found that most have no
> idea what they really mean -- but that is a separate problem pertaining to
> the presentation. Also, about 20% of people have in the past avoided apps
> that they considered "bad" because the permissions alerted them to
> something that they didn't like.
>
> Did you publish this research somewhere? Would be interested to know your
> sample size and type, response rate, etc.
>

It's in submission, but I can put together a tech report if you are
interested.  Results are from two studies: self-reported data from 308
online Android users (recruited via Admob), and confirmed by an
observational study of 25 Android users in the bay area (selected from a
large pool of Craigslist applicants so that they match the overall Android
population by gender, age, etc.).


> > One thing I've found is that developers often don't understand the
> relationship between Intents and permissions in Android. A common mistake
> is for an app to ask for the READ_CONTACTS permission even though it's
> actually using an Intent to access contacts (which doesn't need the
> permission). Either that, or apps will unnecessarily implement things that
> are already provided via Intents for no particular reason. I think these
> issues could be avoided on the Web by first introducing something that can
> be accessed via WebIntents and only later introducing direct access via
> "permissions", and also making the documentation very clear.
> Do you think this might be a consequence of developers copy/pasting
> permissions? I wonder if anyone has looked into that (might be easy to see
> overlaps or replication across applications).
>

I've found several cases of bad permission behavior being copied and pasted
by developers, although I am sure there are more cases than I found since I
did not originally go out looking for it. (If you check out section 6.3 of
http://www.cs.berkeley.edu/~afelt/android_permissions.pdf I give a few
other examples of common reasons why developers ask for more permissions
than they need.)

Adrienne

Received on Wednesday, 8 February 2012 22:34:50 UTC