I am not most users. Strangely, neither are most of the people I know. But we're the ones everybody looks to when they need to buy a computer, know if the web is safe, or clean up the mess when it turns out not to be.
Quit it with the "most users" reasoning, unless your goal in life is to part fools from their money.
Quit it with the "most users" reasoning, unless your goal in life is to part fools from their money.
I don't follow your reasoning, but still:
Listing granular permissions is like throwing up a confirmation dialog before a destructive action: better than nothing, but more often than not gets ignored.
Yes, after that, your friends call wondering why all their data was deleted or why some app is updating their facebook wall. And you tell them to pay attention next time, and they swear they will.
And they don't.
I don't have a better solution, but that doesn't mean that this is the right one.
It doesn't matter if "most users" don't care about this level of information as long as they still click "allow", but it does make difference to the minority that do care. So what's the harm?
If they don't care about the information then it's presence doesn't hurt them.
The problem is lots of calls in the Android API have side-effects or can be used for a variety of reasons. Anytime you have ads for instance, you need internet access. If the app can be moved to the SD card, you need write access to that, and so on and so forth. They're little things but require opening up lots of possibilities.
Yeah I don't really know about Android. The article was really more about web apps.
But granular access controls are nearly impossible to implement in practice. Unix had it right all along: a set of limited users, and root. You're doing well if you can even defend that security boundary, anything in-between tends to be root-equivalent on general purpose systems.
That's ridiculous. The Unix security model doesn't even address untrusted applications, unless you think auto-downloading and running Unix executables would work out well. The situation with web security is terrible and there aren't any "good old days" we can revert back to -- every mainstream OS has done it wrong. Good security is difficult and influences many parts of a system, but if it were a priority for any of the big players, it would have already happened.
A. If it can, then it can send my personal info to outside world. I don't care if it can't gain root access to my phone. My phone's root account is not important, my personal information inside that phone is.
B. If it cannot. Then most of my application is useless because it can't access any information at all. Why don't I add it to "trusted" zone? Because I don't trust it. And I shouldn't have to.
So what do I want? I want it to see my personal data but not being able to send it to anyone.
The reason is that there is no reason to analyze it. There's nothing to do on the screen, and you've already decided you want to download the app (after all, you did press the "Download" button).
Maybe 80% people will still press "Allow" instantly, but at least this makes the 20% other more comfortable.
