Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's already past time that Android had (out-of-the-box) a "don't grant access but make the application think I did"-checkbox.

Essentially, showing fake data to the app if you pick this (eg: no photos, fake contacts, etc).

AFAIK, there are some android apps (and cyanogen) that add this features, but it really needs to be worked on upstream.

This is doubly useful for google, since they can always keep their own apps as "superprivilidged" on google-sponsored phones.



* It's already past time that Android had (out-of-the-box) a "don't grant access but make the application think I did"-checkbox.*

The weird thing is, it does. Or, rather, it's hidden-in-the-box. There's an app called App Ops that can be enabled if you have root access that limits permissions to installed apps - I'm actually not sure if it sends fake data instead but I'm yet to have an app crash from it. But without root it's not usable. Sigh.


It'll be better if there are checkboxes next to each permission, and if the user doesn't grant a certain permission, the app can know.

Older apps targeting older API levels will receive fake data, whereas newer apps will be able to know whether they were actually granted the permission or not.

This would prevent apps (and app developers) from being left in the dark, and would also kill the "all or nothing" permissions model currently in place.


Android starting from 4.4 does have a privacy feature that allows you to control what data out of permissions a particular app can access, on my phone I have turned everything off for everything. P.S. I don't have any google app


"Sorry, but please reenable GPS so SuperFlashlight can function."

Nah.


That would be horrible for normal developers.

People would use it all the time, and then complain that the app doesn't work.

The actual problem is the "all or nothing" security model that needs to be replaced with contextual permissions (like "This app wants to access your photos right now. Allow?", see iOS).

The "all or nothing" model defeats its own purpose by effectively leaving no choice for the user.


CyanogenMOD's PrivacyGuard is pretty close to this, I don't use stock android anymore due to this.


Xiaomi's MiUI has also had this feature for quite some time. They call it the Permission Manager - http://www.androidbeat.com/2014/08/use-permissions-manager-m....


I lost my hope when they removed the "access to the Internet" permission from the list of privileges. Now you take for granted that all apps will try to do that.

I use AFWall+ and CyanogenMod's Privacy Guard to control everything, but it's sad that the data of most people I know may be stolen without their knowledge after they install yet another Subway Surfers-type game or "vintage photo effects" app.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: