Skip to main content

How To Limit Application Trust

Why is it when I see an application in the Chome Web Store I see a little notice about what permissions the app will have, and I'll see a similar list of permissions before installing an Android application?


Why is it that I don't see something more like this?


Labels:

Comments

Anonymous said…
...Because apps rarely ask for permissions they don't need, and if you could pick and choose which permissions to allow it would break a lot of apps.
10:53 PM
Masklinn said…
doOn the other hand, iOS lets users choose (and edit) on a per-application basis who will or won't get access to location data (sadly, it doesn't extend that customization to other access rights).

Thus iOS applications have to take in account the possibility that they will not be able to access location data, even if they need it.

If Android did the same, developers would have to handle permission issues as well (either by pre-testing and refusing to run or by cooking up recovery scenarios depending on the allowed APIs)
5:04 AM
verte said…
I heartily agree. The one that annoys me the most with its desire for permissions at the moment is google maps. I don't care about all these features: you don't need my personal information at all.

Developers of access control systems seem to ignore the last fifteen years of capability theory and the UI work that came with it - people have worked hard to make this sort of security usable, we know the answers, we just don't bother to develop toward them.
8:51 PM
Post a Comment

Popular posts from this blog

Respect and Code Reviews

Code Reviews in a development team only function best, or possible at all, when everyone approaches them with respect. That’s something I’ve usually taken for granted because I’ve had the opportunity to work with amazing developers who shine not just in their technical skills but in their interpersonal skills on a team. That isn’t always the case, so I’m going to put into words something that often exists just in assumptions.
You have to respect your code. This is first only because the nature and intent of code reviews are to safeguard the quality of your code, so even having code reviews demonstrates a baseline of respect for that code. But, maybe not everyone on the team has the same level of respect or entered a team with existing review traditions that they aren’t acquainted with.
There can be culture shock when you enter a team that’s really heavy on code reviews, but also if you enter a team or interact with a colleague who doesn’t share that level of respect for the process or…
Post a Comment
Read more

On Pruning Your Passions

We live in a hobby-rich world. There is no shortage of pastimes to grow a passion for. There is a shortage of one thing: time to indulge those passions. If you're someone who pours your heart into that one thing that makes your life worthwhile, that's a great deal. But, what if you've got no shortage of interests that draw your attention and you realize you will never have the time for all of them?

If I look at all the things I'd love to do with my life as a rose bush I'm tending, I realize that careful pruning is essential for the best outcome. This is a hard lesson to learn, because it can mean cutting beautiful flowers and watching the petals fall to the ground to wither. It has to be done.

I have a full time job that takes a lot of my mental energy. I have a wife and a son and family time is very important in my house. I try to read more, and I want to keep up with new developments in my career, and I'm trying to make time for simple, intentional relaxing t…
Post a Comment
Read more

CARDIAC: The Cardboard Computer

I am just so excited about this.


CARDIAC. The Cardboard Computer. How cool is that? This piece of history is amazing and better than that: it is extremely accessible. This fantastic design was built in 1969 by David Hagelbarger at Bell Labs to explain what computers were to those who would otherwise have no exposure to them. Miraculously, the CARDIAC (CARDboard Interactive Aid to Computation) was able to actually function as a slow and rudimentary computer. 
One of the most fascinating aspects of this gem is that at the time of its publication the scope it was able to demonstrate was actually useful in explaining what a computer was. Could you imagine trying to explain computers today with anything close to the CARDIAC?

It had 100 memory locations and only ten instructions. The memory held signed 3-digit numbers (-999 through 999) and instructions could be encoded such that the first digit was the instruction and the second two digits were the address of memory to operate on. The only re…
1 comment
Read more