New Permission System Could Make Android Much Less Secure 249
capedgirardeau writes: An update to the Google Play store now groups app permissions into collections of related permissions, making them much less fine grained and potentially misleading for users. For example, the SMS permissions group would allow an app access to both reading and sending SMS messages. The problem is that once an app has access to the group of permissions, it can make use of any of the allowed actions at any time without ever informing the user. As Google explains: "It's a good idea to review permissions groups before downloading an app. Once you've allowed an app to access a permissions group, the app may use any of the individual permissions that are part of that group. You won't need to manually approve individual permissions updates that belong to a permissions group you've already accepted."
How is this a good idea? (Score:5, Insightful)
I don't think it has to be explained why this is a potential problem. So then, it should be explained why this is such a great idea that the problems it creates are insignificant.
Re:Whew (Score:5, Insightful)
Alert! Alert! Sarcasm overuse detected!! (at least I hope that's the case).
Re:How is this a good idea? (Score:5, Insightful)
They should be moving towards a model where you can individually allow or disallow a permission, even if the app says it requires it. But this would cause chaos for all those apps that require 'full internet access' so they can push ads, collect data, invade your privacy, and molest your children.
Well, no. (Score:5, Insightful)
Google wants companies to actually write apps for the Google Play store. If they give end-users too much power over the permissions, they drive companies out of the Google Play store and over to the Apple store.
On the other hand, Google also wants end-users to actually buy these products. By grouping permissions up, they seem innocuous, so users feel less threatened (even though they should feel more threatened) and will buy the stuff.
From a business perspective, this move makes perfect sense. From an educated geek end-user's perspective, it really sucks. But what are you going to do? The world you want to live in does not exist.
Re:How is this a good idea? (Score:4, Insightful)
The absurd permission demands from simple, crappy applications is why I'd love to see a real alternative to Android that doesn't cost Apple prices.
It seems like Cyanogenmod is probably the best alternative available right now.
Re:Well, no. (Score:5, Insightful)
First of all, I'm not going to purchase any of those fancy apps. I'm going to use my smart phone as for phone calls, photographs, maps, and web browsing. While it's truly a waste of a beautiful technology, it's merely inconvenient not to bother with all those invasive programs.
I consider the new security model worse than not having the apps at all.
Re:you should be able to... (Score:2, Insightful)
Xprivacy fixes that (Xposed Framework) (Score:4, Insightful)
I use Xpivacy which is a module add on to Xposed Framework to control permissions now. Have been using it for sometime. Allows using something like the Facebook app without allowing it all of the permissions it thinks it neededs.
Not really sure what Google is thinking though. There needs to be more fine control of permissions not less.
Straw on the camel's back (Score:5, Insightful)
Re:Straw on the camel's back (Score:2, Insightful)
Or they are simply not able to do it. Google is seen by many as the software olymp. When I started developing for Android I was appalled by what a crap system Android really is. Buggy as hell and needlessly difficult to use. Maybe the Android developers are simply overstrained by their own system and needed to simplify it.
Re:Well, no. (Score:2, Insightful)
Don't be a fool. What you just said is similar to saying "Well, we can't give Google root because it violates the sandboxing model" - except Google effectively has root because they wrote the damn operating system.
Root is there for responsible use, and fixing a permission problem is a responsible use. After this latest turn of events, it may be more responsible to install a better permission system than the one Google wants to use.
Another way of putting it: "If Google dummies down permissions, what sandbox runtime model even still remains to throw out the window?"