Skip to main content

How To Limit Application Trust

Why is it when I see an application in the Chome Web Store I see a little notice about what permissions the app will have, and I'll see a similar list of permissions before installing an Android application?


Why is it that I don't see something more like this?


Labels:

Comments

Anonymous said…
...Because apps rarely ask for permissions they don't need, and if you could pick and choose which permissions to allow it would break a lot of apps.
10:53 PM
Masklinn said…
doOn the other hand, iOS lets users choose (and edit) on a per-application basis who will or won't get access to location data (sadly, it doesn't extend that customization to other access rights).

Thus iOS applications have to take in account the possibility that they will not be able to access location data, even if they need it.

If Android did the same, developers would have to handle permission issues as well (either by pre-testing and refusing to run or by cooking up recovery scenarios depending on the allowed APIs)
5:04 AM
verte said…
I heartily agree. The one that annoys me the most with its desire for permissions at the moment is google maps. I don't care about all these features: you don't need my personal information at all.

Developers of access control systems seem to ignore the last fifteen years of capability theory and the UI work that came with it - people have worked hard to make this sort of security usable, we know the answers, we just don't bother to develop toward them.
8:51 PM
Post a Comment

Popular posts from this blog

CARDIAC: The Cardboard Computer

I am just so excited about this.


CARDIAC. The Cardboard Computer. How cool is that? This piece of history is amazing and better than that: it is extremely accessible. This fantastic design was built in 1969 by David Hagelbarger at Bell Labs to explain what computers were to those who would otherwise have no exposure to them. Miraculously, the CARDIAC (CARDboard Interactive Aid to Computation) was able to actually function as a slow and rudimentary computer. 
One of the most fascinating aspects of this gem is that at the time of its publication the scope it was able to demonstrate was actually useful in explaining what a computer was. Could you imagine trying to explain computers today with anything close to the CARDIAC?

It had 100 memory locations and only ten instructions. The memory held signed 3-digit numbers (-999 through 999) and instructions could be encoded such that the first digit was the instruction and the second two digits were the address of memory to operate on. The only re…
1 comment
Read more

Interrupting Coders Isn’t So Bad

Here’s a hot take: disrupting coders isn’t all that bad.

Some disruptions are certainly bad but they usually aren’t. The coder community has overblown the impact. A disruption can be a good thing. How harmful disruption might be a symptom of other problems.

There are different kinds of disruptions. They are caused by other coders on your team, managers and other non-coders, or meetings throughout the day.

The easiest example to debunk is a question from a fellow developer. Imagine someone walks over to your desk or they ping you on Slack, because they have “one quick question.” Do you get annoyed at the interruption when you were in the middle of something important? You help out your teammate quickly and get back to work, trying to pick up where you left off. That’s a kind of interruption we complain about frequently, but I’m not convinced this is all that bad.

You are being disrupted but your team, of which you are only one member of the whole unit, is working smoothly. You unstuck …
Post a Comment
Read more

How To Care If BSD, MIT, or GPL Licenses Are Used

The two recent posts about some individuals' choice of GPL versus others' preference for BSD and MIT style licensing has caused a lot of debate and response. I've seen everything as an interesting combination of very important topics being taken far too seriously and far too personally. All involved need to take a few steps back.

For the uninitiated and as a clarifier for the initiated, we're dealing with (basically) three categories of licensing when someone releases software (and/or its code):
Closed Source. Easiest to explain, because you just get nothing.GPL. If you get the software, you get the source code, you get to change it, and anything you combine it with must be under the same terms.MIT and BSD. If you get the software, you might get the source code, you get to change it, and you have no obligations about anything else you combine it with.The situation gets stickier when we look at those combinations and the transitions between them.

Use GPL code with Closed S…
5 comments
Read more