Permission models in Phone (a leap in Android Marshmallow)
-
I've been watching from early days of smartphones and had quite some concerns about the security model. In Android versions around 3.0 & below, we can simply turn on the location sensor and read the user locations. It doesn't ask for anything from the user. Assassination of people would be so easy with these :). On the subsequent OS versions, they tightened it and the location sensor has to be manually turned ON by the user, in order to let the code read the location. But , if the user turned the sensors on for some other purpose in a different app, Other Apps could make use of this state. No way one could restrict this access to a particular App. So again there's a loop hole. You turn on the sensor to make Uber work, but end up getting Assassinated. And people are always unaware of what security permissions dialog they click on. We hardly look through the list of access requests from the App and choose to proceed. (While installing from Store). This was again a security problem. It was so easily for me to inject an App into any of my friends mobile and access all of their sensitive information. Like I could read all their Bank transactions from SMS, their locations,Call log, Contacts, any time whenever their sensors are turned ON. etc. I got that free ride. (OK I dont do any of these on my friends phone, I try these on my own phone, its just for the thrill of the story :-O ) Now here comes Android M. Now the permission model is completely changed. The developer cannot just get away with the swift check box on the installation time Permission dialog. These are now brought into the App. So the user has to literally answer the dialogs one by one, It's not like a pop-up once & a use it eternally. The guideline is to pop these up only on need. Developer would naturally opt for this in a complex App, as showing a dozen pop-ups at time would make the user get tired and uninstall the App. One bitter things about this, in case if the user clicks on "NO" for the first time, next time the dialog will come up with the option "Never ask again" . This means, you cannot access these features from your App anymore. Unless user goes to the system settings for the App and manually turn on the feature access. App would continue to act crippled till then. And no end user would care do take this strain! The SDK version is 23.0 for Android 6.0/M. If you build you app with this and put it into store, that's it you gotta live with this restrictions. I think you cannot reverse it to lesser SDK version la
-
I've been watching from early days of smartphones and had quite some concerns about the security model. In Android versions around 3.0 & below, we can simply turn on the location sensor and read the user locations. It doesn't ask for anything from the user. Assassination of people would be so easy with these :). On the subsequent OS versions, they tightened it and the location sensor has to be manually turned ON by the user, in order to let the code read the location. But , if the user turned the sensors on for some other purpose in a different app, Other Apps could make use of this state. No way one could restrict this access to a particular App. So again there's a loop hole. You turn on the sensor to make Uber work, but end up getting Assassinated. And people are always unaware of what security permissions dialog they click on. We hardly look through the list of access requests from the App and choose to proceed. (While installing from Store). This was again a security problem. It was so easily for me to inject an App into any of my friends mobile and access all of their sensitive information. Like I could read all their Bank transactions from SMS, their locations,Call log, Contacts, any time whenever their sensors are turned ON. etc. I got that free ride. (OK I dont do any of these on my friends phone, I try these on my own phone, its just for the thrill of the story :-O ) Now here comes Android M. Now the permission model is completely changed. The developer cannot just get away with the swift check box on the installation time Permission dialog. These are now brought into the App. So the user has to literally answer the dialogs one by one, It's not like a pop-up once & a use it eternally. The guideline is to pop these up only on need. Developer would naturally opt for this in a complex App, as showing a dozen pop-ups at time would make the user get tired and uninstall the App. One bitter things about this, in case if the user clicks on "NO" for the first time, next time the dialog will come up with the option "Never ask again" . This means, you cannot access these features from your App anymore. Unless user goes to the system settings for the App and manually turn on the feature access. App would continue to act crippled till then. And no end user would care do take this strain! The SDK version is 23.0 for Android 6.0/M. If you build you app with this and put it into store, that's it you gotta live with this restrictions. I think you cannot reverse it to lesser SDK version la
-
Apple has solved this issue by having a permission section in its device settings. I think that Google will copy that somehow... :-O
Press F1 for help or google it. Greetings from Germany
-
I've been watching from early days of smartphones and had quite some concerns about the security model. In Android versions around 3.0 & below, we can simply turn on the location sensor and read the user locations. It doesn't ask for anything from the user. Assassination of people would be so easy with these :). On the subsequent OS versions, they tightened it and the location sensor has to be manually turned ON by the user, in order to let the code read the location. But , if the user turned the sensors on for some other purpose in a different app, Other Apps could make use of this state. No way one could restrict this access to a particular App. So again there's a loop hole. You turn on the sensor to make Uber work, but end up getting Assassinated. And people are always unaware of what security permissions dialog they click on. We hardly look through the list of access requests from the App and choose to proceed. (While installing from Store). This was again a security problem. It was so easily for me to inject an App into any of my friends mobile and access all of their sensitive information. Like I could read all their Bank transactions from SMS, their locations,Call log, Contacts, any time whenever their sensors are turned ON. etc. I got that free ride. (OK I dont do any of these on my friends phone, I try these on my own phone, its just for the thrill of the story :-O ) Now here comes Android M. Now the permission model is completely changed. The developer cannot just get away with the swift check box on the installation time Permission dialog. These are now brought into the App. So the user has to literally answer the dialogs one by one, It's not like a pop-up once & a use it eternally. The guideline is to pop these up only on need. Developer would naturally opt for this in a complex App, as showing a dozen pop-ups at time would make the user get tired and uninstall the App. One bitter things about this, in case if the user clicks on "NO" for the first time, next time the dialog will come up with the option "Never ask again" . This means, you cannot access these features from your App anymore. Unless user goes to the system settings for the App and manually turn on the feature access. App would continue to act crippled till then. And no end user would care do take this strain! The SDK version is 23.0 for Android 6.0/M. If you build you app with this and put it into store, that's it you gotta live with this restrictions. I think you cannot reverse it to lesser SDK version la
I would really like an option to "allow access this time only" kind of feature. Similar to giving root access to some apps. I mostly give no unnecessary permission to any app on my phone. It is given when I am need it and then I turn it off again.
"You'd have to be a floating database guru clad in a white toga and ghandi level of sereneness to fix this goddamn clusterfuck.", BruceN[^]
-
Apple has solved this issue by having a permission section in its device settings. I think that Google will copy that somehow... :-O
Press F1 for help or google it. Greetings from Germany
Permission section for each App right? Android does list the permissions list for individual Apps, but you cannot control it if the OS is lollipop* & below. You can just view it. I think for Lolipop and after, you can control this.
Starting to think people post kid pics in their profiles because that was the last time they were cute - Jeremy.
-
I would really like an option to "allow access this time only" kind of feature. Similar to giving root access to some apps. I mostly give no unnecessary permission to any app on my phone. It is given when I am need it and then I turn it off again.
"You'd have to be a floating database guru clad in a white toga and ghandi level of sereneness to fix this goddamn clusterfuck.", BruceN[^]
Yeah. Dumb simple apps like Notepad/paint access all your contacts and Call logs, WTH? if you ask the developer/company, why they do, they say they don't do but the pluggins like Analytics/Ad controls and so on do. It's a steal really. And that's how TrueCaller makes biz, you see. Damn
Starting to think people post kid pics in their profiles because that was the last time they were cute - Jeremy.
-
I've been watching from early days of smartphones and had quite some concerns about the security model. In Android versions around 3.0 & below, we can simply turn on the location sensor and read the user locations. It doesn't ask for anything from the user. Assassination of people would be so easy with these :). On the subsequent OS versions, they tightened it and the location sensor has to be manually turned ON by the user, in order to let the code read the location. But , if the user turned the sensors on for some other purpose in a different app, Other Apps could make use of this state. No way one could restrict this access to a particular App. So again there's a loop hole. You turn on the sensor to make Uber work, but end up getting Assassinated. And people are always unaware of what security permissions dialog they click on. We hardly look through the list of access requests from the App and choose to proceed. (While installing from Store). This was again a security problem. It was so easily for me to inject an App into any of my friends mobile and access all of their sensitive information. Like I could read all their Bank transactions from SMS, their locations,Call log, Contacts, any time whenever their sensors are turned ON. etc. I got that free ride. (OK I dont do any of these on my friends phone, I try these on my own phone, its just for the thrill of the story :-O ) Now here comes Android M. Now the permission model is completely changed. The developer cannot just get away with the swift check box on the installation time Permission dialog. These are now brought into the App. So the user has to literally answer the dialogs one by one, It's not like a pop-up once & a use it eternally. The guideline is to pop these up only on need. Developer would naturally opt for this in a complex App, as showing a dozen pop-ups at time would make the user get tired and uninstall the App. One bitter things about this, in case if the user clicks on "NO" for the first time, next time the dialog will come up with the option "Never ask again" . This means, you cannot access these features from your App anymore. Unless user goes to the system settings for the App and manually turn on the feature access. App would continue to act crippled till then. And no end user would care do take this strain! The SDK version is 23.0 for Android 6.0/M. If you build you app with this and put it into store, that's it you gotta live with this restrictions. I think you cannot reverse it to lesser SDK version la
Hi Vunic, I'm not developing for Android, now, but I think the content in this post would be a good basis for a CP article ... I do believe there are lots of folks here either developing for Android now, or considering it for the future. cheers, Bill
«The truth is a snare: you cannot have it, without being caught. You cannot have the truth in such a way that you catch it, but only in such a way that it catches you.» Soren Kierkegaard
-
Hi Vunic, I'm not developing for Android, now, but I think the content in this post would be a good basis for a CP article ... I do believe there are lots of folks here either developing for Android now, or considering it for the future. cheers, Bill
«The truth is a snare: you cannot have it, without being caught. You cannot have the truth in such a way that you catch it, but only in such a way that it catches you.» Soren Kierkegaard
Thanks mate , it's a wonderful idea, you should write. I have had at least a couple dozens of article-worthy subjects while dealing with different projects. But I always doubted my language skills, even after posting this here, I was thinking it's poorly written as it got 0 votes. I think someone took strain to understand what I've written and voted up. lol :). Cheers! Looking for your Android articles!:thumbsup:
Starting to think people post kid pics in their profiles because that was the last time they were cute - Jeremy.