Skip to main content

How To Limit Application Trust

Why is it when I see an application in the Chome Web Store I see a little notice about what permissions the app will have, and I'll see a similar list of permissions before installing an Android application?


Why is it that I don't see something more like this?


Comments

Anonymous said…
...Because apps rarely ask for permissions they don't need, and if you could pick and choose which permissions to allow it would break a lot of apps.
Masklinn said…
doOn the other hand, iOS lets users choose (and edit) on a per-application basis who will or won't get access to location data (sadly, it doesn't extend that customization to other access rights).

Thus iOS applications have to take in account the possibility that they will not be able to access location data, even if they need it.

If Android did the same, developers would have to handle permission issues as well (either by pre-testing and refusing to run or by cooking up recovery scenarios depending on the allowed APIs)
wleslie said…
I heartily agree. The one that annoys me the most with its desire for permissions at the moment is google maps. I don't care about all these features: you don't need my personal information at all.

Developers of access control systems seem to ignore the last fifteen years of capability theory and the UI work that came with it - people have worked hard to make this sort of security usable, we know the answers, we just don't bother to develop toward them.

Popular posts from this blog

CARDIAC: The Cardboard Computer

I am just so excited about this. CARDIAC. The Cardboard Computer. How cool is that? This piece of history is amazing and better than that: it is extremely accessible. This fantastic design was built in 1969 by David Hagelbarger at Bell Labs to explain what computers were to those who would otherwise have no exposure to them. Miraculously, the CARDIAC (CARDboard Interactive Aid to Computation) was able to actually function as a slow and rudimentary computer.  One of the most fascinating aspects of this gem is that at the time of its publication the scope it was able to demonstrate was actually useful in explaining what a computer was. Could you imagine trying to explain computers today with anything close to the CARDIAC? It had 100 memory locations and only ten instructions. The memory held signed 3-digit numbers (-999 through 999) and instructions could be encoded such that the first digit was the instruction and the second two digits were the address of memory to operate on

The Range of Content on Planet Python

I've gotten a number of requests lately to contribute only Python related material to the Planet Python feeds and to be honest these requests have both surprised and insulted me, but they've continued. I am pretty sure they've come from a very small number of people, but they have become consistent. This is probably because of my current habit of writing about NaNoWriMo every day and those who aren't interested not looking forward to having the rest of the month reading about my novel. Planet Python will be getting a feed of only relevant posts in the future, but I'm going to be honest: I am kind of upset about it. I don't care if anyone thinks it is unreasonable of me to be upset about it, because the truth is Planet Python means something to me. It was probably the first thing I did that I considered "being part of the community" when I submitted my meager RSS feed to be added some seven years ago. My blog and my name on the list of authors at Plan

Statement Functions

At a small suggestion in #python, I wrote up a simple module that allows the use of many python statements in places requiring statements. This post serves as the announcement and documentation. You can find the release here . The pattern is the statement's keyword appended with a single underscore, so the first, of course, is print_. The example writes 'some+text' to an IOString for a URL query string. This mostly follows what it seems the print function will be in py3k. print_("some", "text", outfile=query_iostring, sep="+", end="") An obvious second choice was to wrap if statements. They take a condition value, and expect a truth value or callback an an optional else value or callback. Values and callbacks are named if_true, cb_true, if_false, and cb_false. if_(raw_input("Continue?")=="Y", cb_true=play_game, cb_false=quit) Of course, often your else might be an error case, so raising an exception could be u