On Fri, Feb 1, 2013 at 2:29 PM, Charles McCathie Nevile <
chaals@yandex-team.ru> wrote:
> **
> Right now vendors look at a page and can often heurisitically generate a
> permission request that is either consolidated, or depends on actual usage.
>
A heuristic is fine but, it only goes so far. First of all the incidence of
APIs with restricted use is climbing (due to the ever present fetish of
preventing fingerprinting and other security hazards). And second, the
heuristic can only capture APIs that would be simultaneously initiated
(like pointerlock and fullscreen). Sometimes the necessity of an API (clear
at page start) and the actual use (considerably later) do give a heuristic
no chance.
> One of the patterns clear with Android apps (which use a central dialogue
> like you are proposing) is applications that request a massive number of
> permissions that are irrelevant to their main purpose, and which
> effectively train users to ignore the whole question and click yes. :(
>
And popups solve that problem how? What exactly makes a user less inclined
to just madly mash "yes yes yes" to a series of poups?